“Do you know where you this time last week? You may not, but the State certainly does.”

Fergal Crehan wrote a short and very clear piece for the Irish Daily Mail last month on data retention. It’s not available online, so here’s the full text:

Do you know where you this time last week? You may not, but the State certainly does.
Fergal Crehan
Irish Dally Mall, Friday, June 6, 2008

IT’S THE stuff of paranoid, futuristic movie plots – the all-seeing, all-knowing state which tracks your every move irrespective of how law-abiding you are.

But, increasingly, such a vision is less the paranoid fantasy of the conspiracy theorist, and more a sober assessment of our privacy under the policies of the Government, whose duties include protection of our rights, including our right to privacy.

Eyebrows were raised in Britain last month when the Home Office proposed a national database of the emails and phone calls of every citizen. Phrases like ‘surveillance state’ and ‘Big Brother’ were bandied about, but it’s worth noting that the current position in Ireland is not very different.

At present, telecommunications providers are required to retain records regarding usage of phones. The Government is proposing to include internet data in this regime, which would include details of every email you send or receive and every web-site you visit.

This system, known as Data Retention, is soon to be challenged in the High Court by civil rights group Digital Rights Ireland. Under Data Retention, service providers are obliged to hand over information whenever a garda ranked chief superintendent or higher asks them.

Snooping

So, the only real difference between our system and the database proposed in the UK is that over there, at least their government will cover the costs of snooping on its own citizens, while here the cost is borne by the service providers. It is a neat trick, to invade the privacy of your citizens while simultaneously putting a brake on development of the internet sector, one of Ireland’s most vital industries.

Defenders of Data Retention say we needn’t worry, as nobody’s actually listening in to the calls, merely recording who they’re to and from, how long they last, and when they happen. It’s worth noting that when journalists Bruce Arnold’s and Geraldine Kennedy’s phones were tapped in the early Eighties, it was only the origin of the calls and not the content that was tapped.

If we were outraged then, when it happened to only two people, we should be appalled now that it’s happening every day, to every citizen with a phone.

Then there’s internet data. If, as Irish people increasingly are, you are a daily user of the internet, records of what you search for and what you look at can build up over time to a remarkably detailed picture of who you are. Your health concerns, eating habits, sexual preferences, political views and financial situation can be determined with reference to what you look at online.

Perhaps most shocking of all, Data Retention covers what’s known as locator information. The location of a mobile phone can be geographically pinpointed to a quite specific degree. Since we tend to carry our mobiles with us wherever we go, they effectively operate as tracking devices for our whereabouts.

The retention of three years’ worth of this locator data, when added to the proposed retention of internet records means that the State now has access to information about your life that you wouldn’t dream of giving to your employers, friends or sometimes even to family members.

Do you know where you were at precisely this time last week? Last month? Last year? You may not, but the State does.

When Data Retention was first publicly discussed, the Government had, by their own admission, been doing it secretly for some time. The then Minister for Justice, Mr McDowell, assured us that the retained data would be accessed very rarely, in order to prevent and investigate serious crime and terrorism.

Indeed, phone record retention was finally given its current legal basis in the Criminal Justice Terrorist Offences Act.

Terrorist

Yet nowhere is the system limited to terrorist offences. Records can be accessed in investigation of the most trivial offences.

The Data Retention Commissioner estimates that there have been 300,000 requests for access to data, which works out at more than 300 per week – the gardai are not investigating terrorist plots at a rate of 300 per week.

In any case, just to be on the safe side, the Government are proposing to redefine a ‘serious offence’ as one carrying a sentence of six months and over, a significant change from the five-year yardstick previously employed by the law.

There can be no objection to use of telecommunications data where it is required to prevent or investigate truly serious crime. Why not then have a system where records are stored only where there is a suspicion of a serious crime, and where safeguards are put in place? One might call such a system ‘data preservation’ because it is not automatic in its effect. It would store only the records of those under legitimate suspicion, not those of the entire country.

The great irony of Data Retention is that it doesn’t even work against those it is supposedly targeted at. There are plenty of ways around it. Phone calls can be made, websites browsed and emails sent without it showing up on a person’s Data Retention record. The means of doing this are easily obtained – some were developed to get around the surveillance regimes of such repressive states as China and Burma.

The terrorists and serious criminals who use telecommunications as a key part of their activities are surely aware of this technology.

Consequently, they can continue their activities having suffered only a minor inconvenience, while the law-abiding citizen has his privacy breached, and is treated like a potential criminal by his own government

Whenever large amounts of personal data are stored, there is the potential for something to go wrong. Sometimes that can be a result of misbehaviour – the Data Protection Commissioner says that Social Welfare records have been inappropriately leaked and sold to journalists and investigators.

But even in circumstances of utmost good behaviour, accidents can happen. Last year the UK Treasury lost the records of millions of British subjects. More recently, Bank of Ireland lost details of thousands of their customers.

Even where nothing goes wrong, there is a principle to be considered. Just because technology gives us the ability to do something doesn’t mean we should do it.

Other considerations need to be brought to bear, like the appropriate boundary between. the State and the person. Retention of telecommunications data achieves what previously could only be done by setting a phone-tap and assigning a Garda to follow an individual around at all times. The reason the State previously refrained from doing this was not simply that they couldn’t afford the man-power.

Scrutiny

If someone asks you a personal question, and you say that it’s none of their business, you’ll hardly be persuaded when they reply that you have nothing to fear if you have nothing to hide. That’s not the point – the point is that they have no right to know personal details about you.

The Government proposes to extend Data Retention to internet records not by way of primary legislation, which would be debated in the Oireachtas, but by ministerial order, which requires only the stroke of a pen to become the law of the-land. In other words, the Government refuses to allow public scrutiny of its actions, even as it gives itself the right to poke its nose into ours.

Fergal Crehan is a barrister specialising in internet law and is part of Digital Rights Ireland’s legal team.