A warrantless abuse of privacy

NET RESULTS: When it comes to abuse of privacy, where Britain goes, Ireland tends to follow

NET RESULTS:When it comes to abuse of privacy, where Britain goes, Ireland tends to follow. That's why we should be worried - very worried - about developments across the Irish Sea that emerged as the year rolled over into 2009, writes Karlin Lillington

First came a New Year's Eve story in the Guardian that home secretary Jacqui Smith will propose the creation of a single giant communications database and the option of outsourcing the storage of all the personal details held under the UK's data retention regime to a private firm.

That means potentially that a single repository - a massive, national communications database - would hold all the details about, though not the content of, everyone's e-mails, phone calls, faxes, text messages and internet use.

The same array of data is retained in Ireland as well, though at the moment, as is the case in Britain, data is retained by the communications providers, not in a central database.

READ SOME MORE

Gathering such a spread of private information into a single database would create a "hellhouse" of personal private data that would not only be vulnerable to security breaches on a massive scale but would prove too great a temptation for law enforcement, according to Britain's former director of public prosecutions, Sir Ken McDonald.

McDonald was scathing in his criticism of the idea. "Authorisations for access might be written into statute," he told the Guardian. "But none of this means anything. All history tells us that assurances like these are worthless in the long run. In the first security crisis, the locks would loosen."

While "security" would be cited as the main impetus for such a database, "the notion of total security is a paranoid fantasy that would destroy everything that makes living worthwhile" and bring an "ugly future", he said.

Then came a story last weekend in the Sunday Times detailing how the British Home Office has "quietly" adopted a plan to allow police to "routinely" hack into people's home computers remotely. "Remote searching" of this sort has been a technical possibility for many years but, according to privacy advocates, is rarely used. A couple of years ago, I watched a demonstration of how it is done, and the prospect was truly chilling.

Using a range of techniques, from sending an e-mail with a program that is activated if the e-mail is opened by the recipient, to hacking in using a wireless network, police can remotely gain access to the hard drive of a person's computer, even if they are on the other side of the country from the target PC.

Expect to see this technique here, too. A new EU edict from Brussels has given a thumbs up for all European police forces to use remote hacking without even requiring the use of a warrant.

The council of ministers gave permission for this form of surveillance under what the Sunday Times termed "a rarely used power involving warrantless intrusive surveillance of private property".

In the UK, all that is needed is for any senior police officer to say he or she believes using such a surveillance technique is warranted because of the possibility of the commission of a crime that could carry a sentence of - wait for it - a minimum of three years.

As in Ireland, that would include a wide range of petty crimes.

No one should be foolish enough to believe we will not follow in the footsteps of the UK on such issues. In some cases, we are ahead of them, as it were. At least the UK has some definitions and guidelines written into its data retention legislation. By contrast, ours allows communications data to be requested for misdemeanours - not the "serious crime and terrorism" offences alone that were given as the excuse to bring in such legislation - ahead of any EU requirement to do so. And we maintain one of the longest retention periods in Europe.

More recently, the Government is proposing to change the definition of "serious crime" from those with a sentence of at least five years, to those with a sentence of at least six months - simply to allow the Garda to continue to have access to communications data for pretty much any minor crime.

In other words, we have a Government that is, in the opinion of independent Senator and Trinity College Dublin professor of criminal law Ivana Bacik, perfectly happy to make adjustments to long-standing legal definitions, adjustments likely to have a constitutional impact.

All this, just to let the police root around in call data for non-serious crimes, using legislation that was only ever supposed to be for the most serious crimes - as former justice minister Michael McDowell said, crimes such as child pornography and terrorist offences.

Now "serious crime" will mean loitering in a public place.

What more evidence do we need before the Dáil questions the way these pieces of legislation are brought in, with little to no scrutiny? And how long must we wait before legislators have a serious and extensive debate on our data retention scheme?

Lawmakers need to be asking the Government what its intentions are with respect to warrantless remote searching and the proper management of our retained personal communications data.

Blog: www.techno-culture.com

Karlin Lillington

Karlin Lillington

Karlin Lillington, a contributor to The Irish Times, writes about technology