Fergus Cassidy

Retention of privacy

WHATEVER doubts and arguments exist over Ireland's role and responsibilities in the build up of armies in the Middle East, there's no doubt at all about this country's responsibilities in the electronic world.

When the Taoiseach (head of government) announced recently that Ireland would pass the bill on cybercrime, he was referring to the Convention on Cybercrime, which over 30 countries - including all European member states, Canada and the United States - have agreed to implement.

The general thrust of the Convention require each signed-up country to provide for the preservation and production of stored computer data; ensuring that each signatory has the ability to collect traffic and content data in real time; and setting up a system of cooperation among nations for the investigation and monitoring of cybercrime. Resulting from that there is an increasingly demand from intelligence and law enforcement agencies based outside this country.

This has forced the justice minister's hand and he is proposing a bill allowing for the retention of communications data of every person who uses the internet or mobile phones to communicate. This has rightly created worries and concerns over the future of privacy in this country.

In the past, when the telephone was the main way to communicate electronically, most people would have felt pretty safe from any form of wiretapping. The odd crossed line was even considered a rare treat. When the state stepped over the line, as in the tapping of journalists Kennedy and Arnold, there was hell to pay.

But the success of networking technology means that all of our personal communications traffic will be carried via the net in the not-to-distant future .

That's the reason people should be concerned about the data retention proposals. This data isn't just people yakking away to one another on the phone, it includes vast amounts of personal information that is identifiable. If it isn't, why bother with retention?

This is a new and unprecedented situation compared to wiretapping telephones and intercepting letters. Then it was individually targeted and subject to legal oversight. The future is not so clear however.

In the internet world, wiretapping is not an expression even used these days, preferring the phrase of lawful interception. (Who comes up with this stuff?).

Compared to older technologies, the sheer volume of data carried on the net means that a live wiretap on telephone lines is needle in a haystack territory, so retaining data has become the latest method for law enforcement to go about its business.

I have long held the view that technology can never be the excuse for diluting existing rights. Yet in the short transition from telephone to internet communications, those existing rights could be set aside or at the very least seriously reduced.

A move to hold communications data on everybody for long periods of time, even with safeguards, is highly questionable considering the complexities and the serious doubts over whether it even works.

The courts: Will this communications data be admissible as evidence? What about the authenticity of the evidence? Its accuracy? Its integrity? Will juries require a PhD in computer science?

The law: Will the warrant system be automated? How will judicial oversight be maintained?

The cost: Retention is very expensive. Who is going to pay? The ISPs will run a mile, but if they have to they'll pass the costs on to guess who. If the government pays either directly or by subsidy, it will border on farce as taxpayers pay for their own surveillance. Pay-per-view indeed!

Security: Will the data retention system be secure? Can that be guaranteed? Because the net is built the way it is, keep an eye on the minister's nose if he's asked that question.

Data protection: Will the same rights under the Data Protection Act apply to the new situation? Will people be able to check the accuracy of data held on them?

Encryption: Finally the one aspect that really gives the legal two fingers to data retention. Encryption puts a massive question mark over the relevance of mountains of stored data, because chances are the bad guys will hide their trails. So will encryption be made illegal?

In the end, the government may have its obligations to the wider international community but it must be reminded of its primary role in protecting its citizens' privacy.

Government can't back down on its commitment to the Convention on Cybercrime but it can back down, or look the other way, on the consequences for privacy rights.

Privacy is not about hiding, it's about holding on to something. In the internet age, it's about protecting and safeguarding your own individual identity. That information held about you is accurate and securely held.

If the bill goes ahead without dealing adequately with the issues mentioned above, the state will take a large step back as the guarantor of our privacy.