Friday, April 11, 2014

ECJ finds data retention unacceptable in a democratic society

My preliminary thoughts on our data retention victory, in yesterday's Irish Independent:

This is a significant decision for Irish law. The Digital Rights Ireland case will now return to the High Court in Dublin which will decide whether Irish data retention law is unconstitutional in light of the European Court of Justice ruling.

It is difficult to see how the national law implementing the directive can stand up to challenge now that the directive itself has been held invalid. Consequently it is very likely that new Irish legislation will be proposed.

More generally the judgment will have fundamental implications both throughout Europe and worldwide. The decision itself is effective throughout all 28 member states and will provide greater privacy protection for over half a billion EU citizens.

It will almost certainly be followed by more cases in other member states by national civil rights groups challenging local data retention laws. It also comes at a time when data protection law throughout Europe is under review and will help to establish high standards for any new law.

Finally, this is the first major ruling on surveillance following the Edward Snowden revelations and is clearly influenced by the abuses which he exposed. The judgment will be of central importance to other cases, pending against the UK government, challenging internet surveillance by the British intelligence service GCHQ. In effect, the European Court of Justice has set out a position which directly rejects the type of indiscriminate mass surveillance carried out by the US and UK governments as being unacceptable in a democratic society.
Full text.

Thursday, March 20, 2014

Yahoo moves from London to Dublin; scuppers UK spies

It's surprising to see Ireland as a privacy haven, but by comparison with the UK we look good. The arrogance of the Home Office is astonishing - it genuinely appears to believe it should be able to dictate where a company runs its business so as to allow it to engage in mass surveillance.
Theresa May summoned the internet giant Yahoo for an urgent meeting on Thursday to raise security concerns after the company announced plans to move to Dublin where it is beyond the reach of Britain's surveillance laws.  By making the Irish capital rather than London the centre of its European, Middle East and Africa operations, Yahoo cannot be forced to hand over information demanded by Scotland Yard and the intelligence agencies through "warrants" issued under Britain's controversial anti-terror laws...

The home secretary called the meeting with Yahoo to express the fears of Britain's counter-terrorism investigators. They can force companies based in the UK to provide information on their servers by seeking warrants under the Regulation of Investigatory Powers Act, 2000 (Ripa).  The law, now under review by a parliamentary committee, has been widely criticised for giving police and the intelligence agencies too much access to material such as current emails and internet searches, as well as anything held on company records...

"There are concerns in the Home Office about how Ripa will apply to Yahoo once it has moved its headquarters to Dublin," said a Whitehall source. "The home secretary asked to see officials from Yahoo because in Dublin they don't have equivalent laws to Ripa. This could particularly affect investigations led by Scotland Yard and the national crime agency. They regard this as a very serious issue."

Saturday, March 08, 2014

Oliver Connolly is wrong – Sgt McCabe broke no laws with his secret recording

I have a piece in today's Irish Independent on Oliver Connolly's claim that his rights were infringed by secret recording of his comments. To put it mildly, I'm not convinced. Here's the piece with added links:

Oliver Connolly is wrong – Sgt McCabe broke no laws with his secret recording

SECRET recordings by a party to a conversation can be powerful things. When somebody does not know they are being recorded, they are more candid in their comments. They are often prepared to reveal things they would never repeat publicly. The recording then becomes important evidence to expose inconsistencies between public positions and private admissions.

Unsurprisingly, those who are recorded often feel threatened by this. A common response in many jurisdictions – not just Ireland – is to claim that secret recording is illegal or in breach of the right to privacy.

The former Garda Confidential Recipient, Oliver Connolly, has now taken that approach, asserting that his "constitutional right to privacy" was infringed and that garda whistleblower Sgt Maurice McCabe acted "in breach of confidence" by secretly recording and publishing details of a meeting with him. He has also said that politicians, by repeating excerpts under parliamentary privilege, have further violated his constitutional rights.

These, however, are not correct statements of the law. The starting point is that Irish law generally requires only "single party consent" for the recording of conversations – whether on the phone or in person.

Unlike some other countries, where legislation expressly requires that all parties should consent to a recording, in Ireland any one party can record the conversation. Other parties need not agree – or even be informed.

There are exceptions to this general rule. In some situations, data protection law imposes higher duties on businesses, employers and other "data controllers".

But those duties do not apply to information that an individual keeps only for their "personal affairs" – meaning Sgt McCabe's covert recording would not be covered by data protection rules.

Mr Connolly correctly states that Irish law recognises a constitutional right to privacy – and it is true that this right could apply to recordings if they related to his personal life. The carrying out of his public functions is quite another matter. There is no basis for saying that senior public officials enjoy a right to privacy in the way they carry out their duties. Public officials act on behalf of the people – not in any private capacity – and are open to scrutiny about what they do in our name.

In any event, the claim of privacy is misguided where a person voluntarily reveals information in the course of their duty. There can be no reasonable expectation of privacy in information that has been deliberately disclosed in this way, however much a person might later regret the disclosure.

Mr Connolly might superficially appear to have a better case as regards confidentiality. His former title – Confidential Recipient – reflects duties in the 2007 regulations establishing that role to "take all practicable steps to ensure that the identity of the confidential reporter is not disclosed".

But those duties are imposed to protect the identity of the whistleblower. They apply to the Confidential Recipient, the Garda Commissioner, the Minister for Justice and Equality, GSOC, and the Chief Inspector of the Garda Inspectorate – in short, to everyone other than the whistleblower himself. The confidentiality belongs to the whistleblower and can be waived by him.

In any event, even if a duty of confidentiality did apply, it would be defeated by a countervailing public interest that favours disclosure.

In this case, it is clear that there is such a public interest. Mr Connolly is alleged to have said: "If Shatter thinks you're screwing him, you're finished" and: "If Shatter thinks it's you, or if he thinks that it is told by the commissioner or the gardai, here's this guy again trying another route to put you under pressure, he'll go after you."

Such comments about the minister by the person designated to receive complaints of garda wrongdoing can only give rise to very significant concern. They would certainly be a matter of genuine interest and importance to the general public which would override any obligation of confidentiality.

One more law should be mentioned. Sgt McCabe is also subject to the Garda Siochana Act 2005, which prohibits disclosures of information which are "likely to have a harmful effect". But "harmful effect" is defined very narrowly by the legislation to mean only particularly serious and direct harms such as "facilitating the commission of an offence". The information revealed by Sgt McCabe would not come within the terms of this prohibition.

In short, there does not appear to be any support for Mr Connolly's claim that Sgt McCabe made an "unlawful recording". Rather than attempting to shift the focus to the actions of Sgt McCabe, Mr Connolly might do better to consider how he can help resolve the significant public concerns which have been raised by this episode.

TJ McIntyre is a lecturer in the UCD Sutherland School of Law

Saturday, August 31, 2013

What would Turkey like to hide from its citizens?

Internet censorship in Turkey is a prime example of why democracies should not attempt to filter the internet. I've blogged before about the blocking of Richard Dawkin's website by the Turkish authorities so I was fascinated to learn that a full list of sites which have been blocked by Turkey is available. The information has been compiled by EngelliWeb.com which identifies 31,694 sites as having been blocked, roughly doubled from last year. You can also view all blocked sites as a single page.

Highlights of the blocking list? In addition to Kurdish news sites, it includes the entirety of:

Blogger
Blogspot
Dailymotion
Google Groups
Google Sites
Shoutcast
Ustream.tv
Vimeo
Wordpress
YouTube

One important caveat - not everything on the list is currently blocked. Turkey has flipflopped on many of these sites with on again/off again bans at different times for different reasons. Some sites - such as YouTube - have also been unblocked after caving in to Turkish government pressure and agreeing to censor for Turkish users.

More on Turkish blocking from the excellent Reporters Without Borders site. The Guardian has a recent piece on how Turkish internet users are getting around this censorship.

Friday, June 07, 2013

Quote of the day

The way things are supposed to work is that we're supposed to know virtually everything about what they do: that's why they're called public servants. They're supposed to know virtually nothing about what we do: that's why we're called private individuals.
Glenn Greenwald nails it.
 

Saturday, May 25, 2013

Will Irish courts take phone hacking seriously?

There's a remarkable story in today's Irish Independent about a woman whose criminal charges were struck out - without even a conviction - despite having been found guilty of listening to her former supervisor's voicemails. From the article:
A CIVIL servant who was found guilty of spying on her former supervisor by hacking into her mobile phone's voicemail messages has escaped punishment.

Dublin City Council employee Severine Doyle (39) had pleaded not guilty to 11 charges under the Postal and Telecommunication Act. However, following a hearing last June, she was found guilty of intercepting voice messages on a phone used by Teresa Conlon, Dublin City Council's head of housing allocation.

Dublin District Court heard that Ms Conlon's voicemail messages had been intercepted over a five-week period, from January 8 until February 11, 2010.

Doyle's sentencing had been adjourned until yesterday. Judge Eamon O'Brien told defence solicitor Declan Fahy: "I will strike it out with liberty to re-enter. I am giving her a chance, the ball is in her court."

During the trial on June 28 last year, Ms Conlon told the judge she found out that some city councillors had said they had listened to tapes of messages left on her phone.
This is an unusual outcome. The offences established carry a possible sentence of 5 years if prosecuted on indictment or 12 months otherwise. There were multiple incidents of phone hacking over an extended period. There was no guilty plea. The offences were aggravated by dissemination of the recorded material to councillors. Despite all this, the case was struck out. This may not have been a case for a custodial sentence, but I see no reason why a conviction shouldn't have been registered to mark the gravity of the offence. While there may be more to the matter than emerges from the media coverage, on the face of it this is a case where the court has failed to give adequate weight to the right to privacy in communications.

Thursday, May 16, 2013

"Anyone who uses Facebook does so at his or her peril"

Lawyers: Angry that former clients are suing you over failed investments? Apparently the correct response is not to post on Facebook "They thought they knocked me down, now they will see the full scale of my reaction. F*** them, just f*** them. They will be left with nothing."

Turns out that Facebook posts are not automatically confidential, and will be admissible in evidence against you in proceedings to stop you dissipating the money you owe. Whodathunkit?

The key passage is at para. 4 of the judgment and neatly summarises why very few posts will attract a duty of confidence:
[A]nyone who uses Facebook  does so at his or her peril. There is no guarantee that any comments posted to be viewed by friends will only be seen by those friends. Furthermore it is difficult to see how information can remain confidential if a Facebook user shares it with all his friends and yet no control is placed on the further dissemination of that information by those friends. No evidence was adduced as to how many friends the defendant had and what his relationship was with each of them. It was certainly not suggested that those friends were in anyway restricted as to how they used any information given to them by the defendant. For the avoidance of doubt, I do not consider that any of the friends viewing that information would necessarily have concluded that the information was confidential and could not be disclosed. I have received no evidence as to why those friends were in any way restricted as to how they can use information received from the defendant and why they would have known this information was confidential or private

Defamatory material on Facebook and YouTube: McKeogh v. Doe and others

The High Court today gave a significant decision in McKeogh v. Doe and others concerning defamatory material posted through Facebook and YouTube. The background to the case is well summarised by the Daily Mail. As I have a professional involvement I'll refrain from any comment except to explain that this is an interlocutory judgment (i.e. pending a final hearing of the action) in which Peart J. held that a mandatory injunction should be granted against Facebook and the Google defendants requiring them to take down material defaming the plaintiff until the full trial can take place. The judgment did not itself grant an injunction - instead, the details of the injunction will be determined following a meeting to take place between experts for the plaintiff and the defendants. After this meeting the experts must report back to the court with either an agreed report or separate reports regarding the technical steps which can be taken to remove the defamatory material as far as reasonably possible.

Full text of the judgment: