tag:blogger.com,1999:blog-90601982024-03-13T16:04:07.118+00:00IT Law in IrelandInformation Technology law issues with a focus on
fundamental rights.TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.comBlogger404125tag:blogger.com,1999:blog-9060198.post-61628682853127161322023-11-10T11:49:00.004+00:002023-11-10T16:12:15.113+00:00The "essence" of the fundamental rights to privacy and data protection in the context of state surveillance<p>The EDPS has just published a comprehensive study by Prof. Gloria González Fuster on <a href="https://edps.europa.eu/system/files/2023-11/study_en.pdf">the essence of the fundamental rights to privacy and to protection of personal data</a>, and marked the publication of the study with a one day seminar on the issue earlier this week. As the event wasn't public I won't summarise what the other panellists said, though I'm sure they won't object if I refer to some of their excellent prior work either directly on the topic or touching on it (<a href="https://www.cambridge.org/core/services/aop-cambridge-core/content/view/4D356C19F02F2C9CB5945C3C6310C2A8/S2071832219000634a.pdf/div-class-title-the-essence-of-rights-an-unreliable-boundary-div.pdf">Prof. Takis Tridimas</a>; <a href="https://www.cambridge.org/core/services/aop-cambridge-core/content/view/594CA9F2A83DF4B52A1FB6B638339FB4/S2071832219000683a.pdf/div-class-title-the-echr-and-the-essence-of-fundamental-rights-searching-for-sugar-in-hot-milk-div.pdf">Prof. Cecilia Rizcallah</a>; <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3627579">Prof. Maria Grazia Porcedda</a>; <a href="https://www.cambridge.org/core/services/aop-cambridge-core/content/view/B52CC437EF039A8A478C901B29A51C59/S2071832219000671a.pdf/essence_of_the_fundamental_right_to_an_effective_remedy_and_to_a_fair_trial_in_the_caselaw_of_the_court_of_justice_of_the_european_union_the_best_is_yet_to_come.pdf">Prof. Kathleen Gutman</a>; <a href="https://www.nomos-elibrary.de/10.5771/9783748913245/the-eu-charter-of-fundamental-rights?page=1">Prof. Herke Kranenborg</a> (paywalled); <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3699386">Prof. Nóra Ní Loideáin</a>; <a href="https://pure.uva.nl/ws/files/2676807/169421_DEFINITIEF_ZELF_AANGEPAST_full_text_.pdf">Prof. Hielke Hijmans</a>).</p><p>For my part, I offered some practical thoughts on applying these concepts to state surveillance which I've summarised below.</p><p>To set the scene: identifying the "essence" of these fundamental rights is significant because of Article 52(1) of the Charter of Fundamental Rights which provides that "Any limitation on the exercise of the rights and freedoms recognised by this Charter must be provided for by law and respect the essence of those rights and freedoms". As the President of the CJEU, Koen Lenaerts, has <a href="https://www.cambridge.org/core/services/aop-cambridge-core/content/view/3071D1A8FB881031F8E3F6D5799959BD/S2071832219000622a.pdf/limits_on_limitations_the_essence_of_fundamental_rights_in_the_eu.pdf">explained</a>:</p><p></p><blockquote>Respect for the essence of fundamental rights is laid down in Article 52(1) of the Charter of Fundamental Rights of the European Union, as one of the conditions that must be fulfilled in order for a limitation on the exercise of a fundamental right to be justified. Accordingly, where an EU measure fails to take due account of the essence of a fundamental right, that measure is incompatible with the Charter and must be annulled or declared invalid. Similarly, where a national measure implementing EU law—within the meaning of Article 51(1) of the Charter—fails to respect the essence of a fundamental right, that measure is to be set aside.</blockquote><p></p><p>While generally fundamental rights can be restricted if a limitation is a necessary and proportionate measure to achieve an objective of general interest or to protect the rights and freedoms of others, a measure which trenches on the essence of the right cannot be justified in this way. As President Lenaerts <a href="https://www.blogger.com/u/4/blog/post/edit/9060198/6162868285312716132">puts it</a>:</p><p></p><blockquote>Once it is established that the essence of a fundamental right has been compromised, the measure in question is incompatible with the Charter. This is so without it being necessary to engage in a balancing exercise of competing interests. As the <i><a href="https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62014CJ0362">Schrems I</a></i> judgment shows, a measure that compromises the essence of a fundamental right is automatically disproportionate.</blockquote><p></p><p>The caselaw on the "essence" of fundamental rights is, however, notoriously terse in its reasoning, especially in relation to state surveillance. That said, we can pick out four key findings:</p><p>First, the caselaw recognises a content/metadata distinction: In <i><a href="https://curia.europa.eu/juris/document/document.jsf?text=&docid=150642&pageIndex=0&doclang=en&mode=req&dir=&occ=first&part=1&cid=790633">Digital Rights Ireland</a> </i>legislation requiring telecommunications companies to indiscriminately retain traffic and location data on all users was held not to violate the essence of the right to privacy under Article 7 of the Charter on the basis that "the directive does not permit the acquisition of knowledge of the content of the electronic communications as such". (<i>Tele2</i> restates this point.) Conversely in <a href="https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62014CJ0362"><i>Schrems I</i></a> the CJEU held (regarding US law) that "legislation permitting the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life, as guaranteed by Article 7 of the Charter".</p><p>Second, it seems clear that the caselaw requires an individual legal remedy for wrongful surveillance to include deletion of illegally obtained surveillance material; in <i>Schrems I</i> the CJEU held that: "legislation not providing for any possibility for an individual to pursue legal remedies in order to have access to personal data relating to him, or to obtain the rectification or erasure of such data, does not respect the essence of the fundamental right to effective judicial protection, as enshrined in Article 47 of the Charter". (<i><a href="https://curia.europa.eu/juris/fiche.jsf?id=C%3B311%3B18%3BRP%3B1%3BP%3B1%3BC2018%2F0311%2FJ&nat=or&mat=or&pcs=Oor&jur=C%2CT%2CF&num=C-311%252F18&for=&jge=&dates=&language=en&pro=&cit=none%252CC%252CCJ%252CR%252C2008E%252C%252C%252C%252C%252C%252C%252C%252C%252C%252Ctrue%252Cfalse%252Cfalse&oqp=&td=%3BALL&avg=&lgrec=en&lg=&cid=790829">Schrems II</a> </i>makes a similar finding in relation to the Privacy Shield ombudsman mechanism without explicitly addressing the point.)</p><p>Third, the CJEU seems to have implicitly accepted that indiscriminate state access to metadata would not violate the essence of the fundamental rights to privacy and data protection: in <i><a href="https://curia.europa.eu/juris/document/document.jsf?text=&docid=232083&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=790890">Privacy International</a></i> the Court assessed UK bulk collection of communications data on a proportionality basis without mentioning the question of whether bulk collection violated the essence of these rights.</p><p>Fourth, the caselaw accepts (in the two PNR cases) that indiscriminate state access to travel data does not in itself violate the essence of the fundamental rights to privacy and data protection, at least so long as that data is "limited to certain aspects of that private life" and does not "allow for a full overview of the private life of a person" (<i><a href="https://curia.europa.eu/juris/document/document.jsf?text=&docid=193216&doclang=EN">Opinion 1/15</a></i>; <i><a href="https://curia.europa.eu/juris/document/document.jsf?text=&docid=261282&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=790978">Ligue des droits humains</a></i>).</p><p>Overall, therefore, the notion of the essence of rights has played a limited role in relation to EU and Member State surveillance measures, and the CJEU has been unwilling to hold that even what it describes as "very far-reaching [and] particularly serious" interference with these rights (indiscriminate telecommunications data retention) constitutes an interference with the essence. While there are many cases invalidating EU/Member State surveillance measures on proportionality grounds, there are none which find that such measures violate the essence of the rights to privacy or data protection.</p><p>Why this reluctance? It may be that preserving institutional capital plays a role: a finding that a particular form of surveillance violates the essence of a right would be very difficult to walk back in the case of Member State pushback, while a finding of disproportionality is more easily finessed in future cases. The one area where the CJEU has found a surveillance tactic to violate the essence of a right - generalised state access to the <i>contents</i> of communications - is precisely the area which has not presented a significant clash with Member States, as their bulk interception activities have largely been shielded from scrutiny by the CJEU by the general exclusion of national security measures from the scope of EU law. Instead, direct Member State activities in this area have generally been assessed by the more lenient standards of the ECHR, under which the ECtHR has held that bulk interception is in principle compatible with Article 8 (<i><a href="https://hudoc.echr.coe.int/fre?i=001-210077">Big Brother Watch</a>; <a href="https://hudoc.echr.coe.int/eng?i=001-210078">Centrum För Rättvisa</a></i>).</p><p>My sense is that this position - in which the CJEU has not had to confront wider issues around the essence of the rights to privacy and data retention, particularly in relation to bulk interception - is about to come to an end.</p><p>Multiple current controversies are set to put issues about the essence of these rights in front of national courts and ultimately the CJEU. The <a href="https://www.europarl.europa.eu/RegData/etudes/ATAG/2022/739268/EPRS_ATA(2022)739268_EN.pdf">Encrochat and SkyECC investigations </a>are already presenting significant issues about the legality of bulk collection of communications from all users of particular services. The proposed <a href="https://edps.europa.eu/system/files/2022-07/22-07-28_edpb-edps-joint-opinion-csam_en.pdf">CSAM Regulation</a> would mandate indiscriminate examination of all communications on particular services and is certain to be challenged on that basis. The fallout from <a href="https://rm.coe.int/pegasus-and-similar-spyware-and-secret-state-surveillance/1680ac7f68#:~:text=There%20is%20mounting%20evidence%20that,to%20authoritarian%20regimes%20outside%20Europe.">state use of spyware such as Pegasus</a> across Europe continues. (Indeed, the EDPS has already described such spyware as <a href="https://edps.europa.eu/data-protection/our-work/publications/papers/edps-preliminary-remarks-modern-spyware_en">threatening the essence of the right to privacy</a>.) The EDPB has also described growing use of widescale facial recognition in public places as <a href="https://edpb.europa.eu/system/files/2022-05/edpb-guidelines_202205_frtlawenforcement_en_1.pdf">likely to violate the essence of the right to data protection</a>.</p><p>What these situations have in common (with a possible exception in relation to state spyware, depending on the exact context) is that they are certainly within the scope of EU law and therefore do not benefit from the national security cloak of invisibility. It may be that some of these cases can be dealt with solely under the Law Enforcement Directive, the e-Privacy Directive, the forthcoming AI Act, or other relevant legislative measures, but it seems inevitable that the CJEU will ultimately have to address whether these types of large scale surveillance are compatible with the "essence" of the Charter rights to privacy and data retention.</p><p>Finally, I should mention an issue about procedural approaches to identifying the essence of these rights in the context of state surveillance. Some of the caselaw (such as <i>Digital Rights Ireland</i> and the PNR decisions) suggests that there is no breach of the essence of the right to data protection provided that the law provides some data protection safeguards, albeit that those safeguards might not be adequate. Other judgments (particularly <i>Schrems I</i> and <i>II</i>) place particular focus on the right to effective judicial protection under Article 47 of the Charter. However it seems to me that to concentrate on procedural safeguards risks conflating assessing the <i>essence</i> of the right with assessing the <i>legality</i> of the interference with the right. Article 52(1) of the Charter already provides that limitations on rights must be "provided for by law". This closely resembles Article 8(1) ECHR which provides that restrictions on the right to privacy must be "in accordance with the law" - a formula which has been used by the ECtHR in cases from <i><a href="https://hudoc.echr.coe.int/fre?i=001-57510">Klass v. Germany</a></i> onwards to read in safeguards such as independent oversight of surveillance as essential components of legality of surveillance systems. If the legality assessment already requires some procedural safeguards, then is it redundant to treat those safeguards as also making up (part of) the essence of these rights? To put it another way, what are the additional procedural or oversight elements that comprise the essence of these rights which are not required by the principle of legality?</p>TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com0tag:blogger.com,1999:blog-9060198.post-61420675870199356792021-06-17T11:56:00.018+01:002021-11-11T22:11:42.952+00:00Issues with the new Garda Powers Bill<p>I have a <a href="https://www.irishtimes.com/opinion/new-garda-powers-bill-must-go-back-to-the-drawing-board-1.4595274">piece in today's Irish Times</a> which identifies some serious concerns with the new Garda Powers Bill. Here's an excerpt:</p><p><blockquote>The sensitivity of your phone means that this week’s proposal from the Department of Justice for a new Garda Síochána Powers Bill requires close scrutiny. That proposal would introduce a new power for gardaí, when carrying out search warrants, to demand your password or PIN and require you to biometrically unlock your phone (or tablet, or computer) using your fingerprint or face.</p><p>As well as taking a copy of everything on the device itself, gardaí could also use the device to access any other service you use – such as your webmail, cloud storage, or online banking – and then take a copy of that data also.</p><p>The way in which the searches would be carried out is concerning. Failure to comply with the demand there and then (with no right to consult a solicitor) would be an offence exposing you to immediate arrest, punishable by imprisonment for up to five years and a fine of up to €30,000. This power would also apply to the devices of “any person present at the place where the search is carried out”, including for example the parents or siblings of a suspect or someone who shares a house with them.</blockquote></p><p><a href="https://www.irishtimes.com/opinion/new-garda-powers-bill-must-go-back-to-the-drawing-board-1.4595274">Full text</a></p>TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com0tag:blogger.com,1999:blog-9060198.post-86085563451746660202020-02-08T13:43:00.000+00:002020-02-18T13:46:22.904+00:00The GAA and the GDPR<div dir="ltr" style="text-align: left;" trbidi="on">
I have a piece in the Irish Times today discussing the kerfuffle about GAA clubs using WhatsApp to communicate with members. It may be the first time the phrase "dick pics" has appeared on the opinion pages of the paper of record. Here's an excerpt:<br />
<blockquote class="tr_bq">
Facebook is not providing WhatsApp for philanthropic purposes, and information about who you communicate with, how and when is immensely valuable. When it bought WhatsApp, Facebook attempted to combine that information with individuals’ Facebook activity – to build up a complete picture of your activity, public and private – despite stating to the European Commission that it would not do so. Facebook was eventually stopped by data protection authorities, and in 2017 it was <a href="https://ec.europa.eu/commission/presscorner/detail/en/IP_17_1369">fined €110 million</a> by the European Commission for its deceptive statements during the merger. </blockquote>
<blockquote class="tr_bq">
Nevertheless, it has stated that it still aims to use WhatsApp information for Facebook advertising, and presumably will also use your WhatsApp activity for ad targeting as it rolls out advertising on WhatsApp in 2020. </blockquote>
<blockquote class="tr_bq">
Given the commercial value of this personal information, clubs and other groups who communicate through WhatsApp are still paying for a service – it’s just that they’re shifting the cost to their members, who pay with their privacy.</blockquote>
<br />
<a href="https://www.irishtimes.com/opinion/why-the-gaa-has-a-big-problem-with-whatsapp-1.4165494">Full text</a></div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com0tag:blogger.com,1999:blog-9060198.post-90047783301550965632018-11-22T12:03:00.000+00:002018-11-22T12:03:12.561+00:00The new Irish ban on social media posts from court<div dir="ltr" style="text-align: left;" trbidi="on">
I have an opinion piece in the Irish Independent on the <a href="http://www.courts.ie/Courts.ie/Library3.nsf/pagecurrent/31177D386FC544E98025834A003A8E25?opendocument">new practice direction restricting social media posts from the courtroom</a>. Here's an excerpt:<br />
<blockquote class="tr_bq" style="background-color: white; color: #111111; font-family: Georgia, serif; font-size: 16px; margin-bottom: 15px; padding: 0px;">
In 2011, the English courts introduced <a href="https://www.judiciary.uk/wp-content/uploads/JCO/Documents/Guidance/ltbc-guidance-dec-2011.pdf">rules preventing anyone other than journalists or lawyers from posting to social media in the courtroom</a>; the new Irish rules are largely identical, and seem to have been prompted now by judicial concern at both the Jobstown trial and the Belfast rugby rape trial. The #JobstownNotGuilty and #IBelieveHer hashtags show a growing popular willingness to second-guess the judicial process and this ban can be seen as a direct response.<br />
<br />
There are certainly good reasons for banning live tweeting in some cases, particularly in criminal trials where much takes place in the absence of the jury.<br />
<br />
However, the <a href="https://www.documentcloud.org/documents/5160216-Speech-Social-Media-and-the-Courts.html">speech by the Chief Justice</a> did not make the case for the blanket ban which was introduced. All the examples of abuse he gave related to criminal trials - there is no obvious reason why civil trials, which normally do not have a jury, should be treated in the same way. This is equally true of appeal courts, which hear legal argument rather than evidence, and in the UK the Supreme Court <a href="https://www.supremecourt.uk/docs/policy-on-live-text-based-communications.pdf">allows any person attending a hearing to live tweet</a> except in special circumstances.<br />
<br />
The restriction to "bona fide members of the news media profession" is also problematic. In his speech, the Chief Justice equated "hobby journalists" with "the single contrarian in a basement".<br />
<br />
However this disregards a number of Irish and European judgments <a href="http://www.bailii.org/ie/cases/IEHC/2012/H376.html">stressing the high constitutional value of citizen journalism</a>; restricting live coverage to those who can produce traditional media credentials has the merit of administrative convenience but will limit many who could provide useful and informed coverage of proceedings.</blockquote>
<a href="https://www.independent.ie/opinion/comment/tj-mcintyre-the-compelling-case-against-the-blanket-ban-on-social-media-in-our-courtrooms-37550526.html">Full text</a> of the article.</div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com0tag:blogger.com,1999:blog-9060198.post-41712215533617804002017-09-28T07:00:00.000+01:002017-10-02T11:53:03.374+01:00Ireland must learn from UK data protection and ID disasters<div dir="ltr" style="text-align: left;" trbidi="on">
I have a piece in today's Irish Times on the approach of the Irish state to privacy. In short: there's a lot of room for improvement. Text below with added links.<br />
<br />
<b>Ireland must learn from UK data protection and ID disasters</b><br />
<br />
The growth of the public services card as a <i>de facto</i> national ID card has attracted a lot of media attention recently, with special credit due to Elaine Edwards of this newspaper for her persistence in excavating the facts on which most of the later reporting has been based.<br />
<br />
The issue continues to rumble on, and the Data Protection Commissioner has <a href="https://www.dataprotection.ie/docs/EN/30-08-2017-Data-Protection-Commisisoners-Statement-on-the-Public-Services-Card/m/1651.htm">asked the Department of Social Protection to explain the legal basis for the claim that the card is mandatory</a>. One month later, despite repeated promises, the department has not yet done so.<br />
<br />
More could be written about the public services card, and the varying and sometimes contradictory claims put forward to support it. But if we focus on the card we risk missing the wider picture, which is that the card is not an aberration but exemplifies a systematic disregard for privacy and data protection throughout the State.<br />
<br />
Consider the Department of Health. In a remarkable statement to the Dáil earlier this month, Minister for Health Simon Harris admitted that Ireland “<a href="https://www.kildarestreet.com/wrans/?id=2017-09-11a.2459">remains in breach of both European Union and national data protection legislation</a>” by keeping a database of blood samples from newborn children without the consent of their parents. Following a complaint in 2009, the Data Protection Commissioner ordered that these samples be destroyed. However, the Department of Health has failed to comply and is instead proceeding with plans to retain the database and to open it up for research and possible other uses.<br />
<br />
This defiance of the law raises significant questions for the independence of the Data Protection Commissioner, who has taken no enforcement action against this challenge to her statutory authority. The message to the State is that it can ignore data protection law with impunity.<br />
<br />
Since 2014, the Department of Health has also been involved in developing health identification numbers and electronic health records schemes, which present significant issues of privacy and confidentiality. For example, by requiring the use of health identification numbers these schemes tie together potentially leak-sensitive information about an individual’s medical history, despite an earlier promise that use of these numbers would be voluntary. It is hard to trust assurances from the department on this issue given that it is already, by its own admission, in deliberate breach of data protection law.<br />
<br />
We see the same picture elsewhere.<br />
<br />
In 2014, An Garda Síochána <a href="http://www.independent.ie/tablet/comment/tj-mcintyre-body-cameras-will-give-a-new-perspective-on-policing-as-water-meter-protests-show-30673537.html">started using body-worn cameras</a> in an ad hoc way, without any legislation or formal safeguards. The <a href="http://www.garda.ie/Documents/User/Garda%20Strategy%20final%202%2014.7.16.pdf">Garda five-year modernisation plan</a> says that the Garda will start taking video feeds from the National Roads Authority, local authorities and private car park operators to run automatic number plate recognition systems – creating a national database of people’s travel to be stored for an unspecified period.<br />
<br />
That plan also says that, from 2017, the Garda will start using “face-in-the-crowd and shape-in-the-crowd biometrics” to identify people on CCTV systems. Again, all of this is to take place without any legal basis, in a manner that appears to be contrary to data protection law. It seems the Garda has not learned any institutional lessons from the 2014 scandal around the <a href="http://www.independent.ie/breaking-news/irish-news/secret-garda-phone-recordings-violated-citizens-human-rights-35600939.html">recording of calls to and from Garda stations</a>, nor from the ongoing concerns about <a href="http://www.thejournal.ie/snooping-on-pulse-nine-gardai-facing-disciplinary-action-for-misuse-of-the-system-3539090-Aug2017/">abuse of the Pulse system</a>.<br />
<br />
The common pattern in these cases is that fundamental rights are viewed as inconvenient obstacles. This is a paternalistic view, in which the institution knows best and public concern can be disregarded. However, this approach merely stores up problems for the future. There are lessons for Ireland from the UK, where many of these issues have already been played out.<br />
<br />
In 2002, the UK government launched a <a href="https://www.cl.cam.ac.uk/~rja14/Papers/npfit-mpp-2014-case-history.pdf">National Health Service-wide electronic health records system which failed to adequately address patient confidentiality</a>. This was eventually scrapped in 2011, in large part due to concerns about privacy, and replaced with systems which guarantee that patients can opt out of data sharing. The ultimate cost was in the region of £10 billion.<br />
<br />
The public services card has a parallel in the UK, where ID cards and a National Identity Register were introduced by legislation in 2006, only to be <a href="http://www.thejournal.ie/id-cards-row-uk-public-services-card-3570026-Aug2017/">abandoned and the data destroyed in 2011 following extensive public opposition</a>. Similar to the public services card, the UK ID card had no clear rationale and was ultimately rejected by the Tory/Lib Dem coalition government as “wasteful, bureaucratic and intrusive”, at an eventual cost of about £5 billion.<br />
<br />
The increasing Garda use of CCTV, facial recognition and number-plate recognition also echoes the UK, where both the <a href="https://edri.org/edrigramnumber11-15uk-vehicle-recognition-system-ruled-illegal/">information commissioner</a> and the <a href="https://www.theguardian.com/uk-news/2015/nov/26/warning-of-outcry-over-car-numberplate-camera-network">independent surveillance camera commissioner</a> have described similar practices by UK police forces as intrusive, disproportionate and illegal.<br />
<br />
The message from these UK examples is clear. While state authorities may push ahead with plans which ignore concerns about privacy and data protection, the law will eventually catch up with them, usually at significant cost to the taxpayer. Fundamental rights are factors which must be taken into account at the outset, not reluctantly considered when a scheme is already being implemented.<br />
<br />
As the Data Protection Commissioner put it in her <a href="https://www.dataprotection.ie/documents/annualreports/AnnualReport16.pdf">most recent annual report</a>: “Public-sector bodies and Government departments are in many cases slow to adjust to the reality that data-protection rights cannot simply be legislated away without sufficient necessity and proportionality analysis and prejudice tests being applied.”<br />
<br />
The failure of the State to accept these points has already squandered public trust in areas such as the public services card, and seems likely to do so in other areas such as electronic health records.<br />
<br />
Dr TJ McIntyre is a lecturer in the UCD Sutherland School of Law, a solicitor with FP Logue Solicitors and the chair of Digital Rights Ireland<br />
<br /></div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com0tag:blogger.com,1999:blog-9060198.post-44538598395664163462017-08-26T09:06:00.000+01:002017-09-01T13:43:28.197+01:00Letter regarding the Public Services Card<div dir="ltr" style="text-align: left;" trbidi="on">
I'm very grateful to my colleagues who have signed a letter expressing concern at the growing use of the (supposedly optional) public services card as a mandatory requirement for essentials as passports and social welfare, <a href="http://myprivacykit.com/projects/the-identity-card-that-most-assuredly-isnt-an-identity-card/">creating a de facto national ID card or Ireland without public debate</a>.<br />
<br />
The full text of the letter and the signatories are below.<br />
<a name='more'></a><br />
Minister for Justice and Equality<br />
Department of Justice<br />
St Stephen’s Green<br />
Dublin 2<br />
<br />
25 August 2017<br />
<br />
<i><b>Public Services Card</b></i><br />
<br />
Dear Minister<br />
<br />
We are researchers in the areas of information technology, information security, privacy, data protection and fundamental rights. We write on our own behalf rather than on behalf of our respective institutions.<br />
<br />
We refer to the public services card (PSC) and its increasing use in relation to public services. We note in particular the intent to turn the PSC, which was originally intended to be used for specified public service purposes only, into a general purpose identity card to be used in a wide variety of contexts under the Social Welfare and Pensions Bill 2017.<br />
<br />
We note that in 2015 the Minister for Social Protection, Joan Burton, made the following statement:<br />
<br />
“The question of the introduction or otherwise of a national identity card was not part of SAFE’s [the scheme of which the Public Services Card is part] remit. The matter of establishing a national identity index and producing a national identity card is a wider issue. It would require due consideration by the appropriate agencies before any policy decisions could be formulated by Government and would require the development and implementation of legislation to support any such policy. Development of policy in this area would be led by the Minister for Justice and I am not aware of any current plans for her to do so.”<br />
<br />
We also note that it is now being made effectively compulsory to have the PSC in order to carry on ordinary business in our society (for example to get a driving licence or a passport).<br />
<br />
The Irish Times of 22nd August reports that a pensioner has had her state pension withheld for querying the legal basis for requirement she obtain a PSC, and the statement by the Department of Social Protection on the matter suggests they consider the card to be mandatory to access basic entitlements:<br />
<br />
“It was not possible for a person to satisfy the minister as to his or her identity without being registered in a process which ‘results in them being issued with a public services card’”.<br />
<br />
We note that the Department of Social Protection is now writing to social welfare recipients stating:<br />
<br />
“Registration for the Public Services Card is now a legal requirement for people in receipt of social welfare payments (including Child Benefit) or free travel entitlements.”<br />
<br />
We are not aware of any such legal requirement.<br />
<br />
The Department of Social Protection website outlines an array of public services for which similar mandatory uses of this voluntary card are proposed, many of which appear to lack any legal basis.<br />
<br />
It would appear that the time has now come where a national identity card is essentially on the table, and it is time for policy decisions in relation to this matter.<br />
<br />
However, to date, there has been no public engagement in relation to the development of policy for a national identity card.<br />
<br />
Our concern is that as a result, we are sleepwalking into developing a national identity index and national identity card in all else but name, and that we have not considered the very important implications before doing so.<br />
<br />
We call on you now to engage with the public for the development of policy on this matter, and for there to be a real debate on the issue. We request that you recommend that further expansion of the PSC be delayed and that Head 6 of the Social Welfare and Pensions Bill not be enacted until this matter has been aired and policy considered in depth.<br />
<br />
Yours sincerely<br />
<br />
<a href="https://www.grahambutler.eu/">Dr. Graham Butler</a><br />
Aarhus University<br />
<br />
<a href="http://www.ucd.ie/research/people/emeritus/professorrobertclark/">Professor Robert Clark</a><br />
Sutherland School of Law, University College Dublin (Emeritus)<br />
<br />
<a href="https://www4.dcu.ie/law_and_government/people/vicky-conway.shtml">Dr. Vicky Conway</a><br />
School of Law and Government, Dublin City University<br />
<br />
<a href="https://www.hipeac.net/~dnd12/">Dr. Stephen Farrell</a><br />
School of Computer Science and Statistics, Trinity College Dublin<br />
<br />
<a href="https://www.dur.ac.uk/law/staff/?id=11734">Dr. Alan Greene</a><br />
Durham Law School<br />
<br />
<a href="http://research.ucc.ie/profiles/B012/shedley">Professor Steve Hedley</a><br />
School of Law, University College Cork<br />
<br />
<a href="https://securityintelligence.com/author/brian-honan/">Brian Honan</a><br />
CEO, BH Consulting<br />
<br />
<a href="https://www.wit.ie/about_wit/contact_us/staff_directory/jennifer_kavanagh">Dr. Jennifer Kavanagh</a><br />
School of Humanities, Waterford Institute of Technology<br />
<br />
<a href="http://www.nuigalway.ie/law/staff/ronanmkennedy/">Dr. Rónán Kennedy</a><br />
School of Law, National University of Ireland, Galway<br />
<br />
<a href="http://publish.ucc.ie/researchprofiles/B012/mmcdonagh/">Professor Maeve McDonagh</a><br />
School of Law, University College Cork<br />
<br />
<a href="http://www.ucd.ie/research/people/law/drtjmcintyre/">Dr. TJ McIntyre</a><br />
Sutherland School of Law, University College Dublin<br />
<br />
<a href="https://www.maynoothuniversity.ie/people/maria-murphy">Dr. Maria Helen Murphy</a><br />
Department of Law, Maynooth University<br />
<a href="https://castlebridge.ie/governance/about/team/core/obrien-daragh"><br /></a>
<a href="https://castlebridge.ie/governance/about/team/core/obrien-daragh">Daragh O'Brien</a><br />
Founder, Castlebridge<br />
<br />
<a href="http://research.ucc.ie/profiles/B012/patrickocallaghan">Dr. Patrick O’Callaghan</a><br />
School of Law, University College Cork<br />
<br />
<a href="https://castlebridge.ie/governance/about/team/core/okeefe-katherine">Dr. Katherine O'Keefe</a><br />
Consultant, Castlebridge<br />
<br />
<a href="http://osullivan.ucc.ie/">Professor Barry O'Sullivan</a><br />
Insight Centre for Data Analytics, University College Cork<br />
<br />
<a href="https://pagefair.com/drjohnnyryan/">Dr. Johnny Ryan</a><br />
Head of Ecosystem, Pagefair<br />
<br />
<a href="http://www.ucd.ie/research/people/law/drliamthornton/">Dr. Liam Thornton</a><br />
Sutherland School of Law, University College Dublin<br />
<br />
<a href="http://research.ucc.ie/profiles/B012/dwhelan">Dr. Darius Whelan</a><br />
School of Law, University College Cork<br />
<br />
<br />
<br />
Cc: Minister for Employment Affairs and Social Protection<br />
<div>
<br />
[Since the original letter was sent additional individuals have signed on, and the first paragraph has been modified slightly to reflect that not all are primarily academics.]</div>
</div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com1tag:blogger.com,1999:blog-9060198.post-87167537533382933722017-05-15T22:09:00.001+01:002017-05-15T22:09:27.279+01:00Oversight of phone tapping in Ireland: still inadequate<div dir="ltr" style="text-align: left;" trbidi="on">
Following allegations of <a href="http://www.independent.ie/irish-news/exclusive-inside-the-murky-world-of-phone-taps-and-garda-intelligence-35710134.html">abuse of phone tapping by Irish police</a>, I have an <a href="http://www.independent.ie/opinion/analysis/tj-mcintyre-circling-of-the-wagons-proves-how-secretive-surveillance-system-is-lacking-real-oversight-35714630.html">opinion piece</a> in today's Irish Independent explaining why oversight mechanisms in this area are ineffective. Here's a flavour:<br />
<blockquote class="tr_bq">
The reaction of the Department of Justice and An Garda Síochána to the latest phone-tapping scandal has been a predictable circling of the wagons. As usual, those bodies have refused to address the details of the allegations. We have seen generic statements, asserting that there is a legal basis for phone tapping and that it is subject to judicial oversight. </blockquote>
<blockquote class="tr_bq">
The problem with that response is simple: it is clear that both the Irish law on phone tapping and the way it is implemented fail to meet fundamental international standards. </blockquote>
<blockquote class="tr_bq">
Take the most basic starting point: who decides whether a phone tap should take place? International human rights law requires that interception of communications be authorised by a judge or an equivalent independent body. In Ireland, however, this power is given to the Justice Minister - leaving it open to allegations of political motivation. </blockquote>
<blockquote class="tr_bq">
Irish law also falls down on the question of who can have their phones tapped. Contrary to international standards, there are no safeguards on phone tapping targeting lawyers, journalists or parliamentarians. </blockquote>
<blockquote class="tr_bq">
Unusually for a Western democracy, Ireland does not have separate security and police agencies. Instead, both roles are combined in An Garda Síochána. The result is a blurring of the boundaries between the two functions which means that all surveillance ends up being concealed in unnecessary secrecy. </blockquote>
<blockquote class="tr_bq">
The Irish oversight system is also out of line with international practice. In almost all EU member states, there are parliamentary committees which can oversee surveillance by security agencies. Ireland is one of only four EU states which does not make its security agency accountable to parliament. Instead, in security matters the Garda Commissioner answers only to the Justice Minister - the same person who is responsible for decisions to tap phones in the first place.</blockquote>
I've written more about the issue in the chapter "Judicial Oversight of Surveillance: The Case of Ireland in Comparative Perspective" (2016), <a href="http://researchrepository.ucd.ie/handle/10197/7363">full text</a> online at the UCD research repository.<br />
<br />
<br /></div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com0tag:blogger.com,1999:blog-9060198.post-83788900289284953152017-05-15T00:00:00.000+01:002017-05-17T21:59:18.212+01:00Back in the saddle<div dir="ltr" style="text-align: left;" trbidi="on">
I'm delighted to be able to say that starting this week I'll be working as a consultant with <a href="http://www.fplogue.com/">FP Logue Solicitors</a>. The partners - <a href="http://www.fplogue.com/team/">Fred Logue and Niall Rooney</a> - have an excellent track record in business law, with a focus on brands, intellectual property, technology law and information law generally, making for a great fit with my own areas of interest. I greatly enjoy practice as well as research and teaching, and I've always found that each informs the other. <a href="https://www.irishlegal.com/7282/privacy-expert-tj-mcintyre-joins-fp-logue-as-a-consultant/">Obligatory press release and group photo</a>.</div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com0tag:blogger.com,1999:blog-9060198.post-66581943906215846492016-04-06T12:26:00.000+01:002016-04-06T15:34:53.784+01:00Search warrants and privacy in Ireland - CRH, Irish Cement & Lynch v. CCPC<div dir="ltr" style="text-align: left;" trbidi="on">
The High Court gave a very important judgment yesterday (<a href="http://www.independent.ie/irish-news/courts/seized-crh-information-cannot-be-used-in-competition-authority-probe-34601982.html">Independent.ie story</a>) on the issues raised by the use of a search warrant to seize an entire email account where many of the emails in the account were not caught by the terms of the warrant. To grossly simplify a complicated decision, Barrett J. held that where the Competition and Consumer Protection Commission (CCPC) had seized an entire email account it was not itself entitled to carry out a "sifting" exercise to determine which emails fell within the scope of the warrant - instead, this had to be done by some impartial vetting process. In the lack of a suitable statutory mechanism, this could be done by agreement between the parties.<br />
<br />
The full decision isn't yet on the courts.ie site, but courtesy of the CCPC <a href="https://www.scribd.com/doc/307184604/CRH-Irish-Cement-and-Lynch-v-Competition-and-Consumer-Protection-Commissioner">I've uploaded a scanned copy to Scribd</a>.
The full decision will need careful consideration, but at first glance it's a very privacy protective decision which may have far reaching consequences in other areas of criminal procedure. Notably, it cites with approval the 2013 Canadian Supreme Court decision in <i><a href="https://scc-csc.lexum.com/scc-csc/scc-csc/en/item/13327/index.do">R. v. Vu</a></i> on the special privacy issues presented by searches of computers. (And, I'm glad to see, the <i>Digital Rights Ireland</i> litigation.) By requiring specificity in what is seized and how that material is then examined, it puts a question mark over other search powers - such as those under <a href="http://www.irishstatutebook.ie/eli/2001/act/50/section/48/enacted/en/html">s.48 of the Criminal Justice (Theft and Fraud Offences) Act, 2001</a> - which are generally used so as to seize an entire computer and not merely specific records.</div>TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com0tag:blogger.com,1999:blog-9060198.post-74226393781997154082016-03-16T10:50:00.000+00:002016-03-16T10:50:21.951+00:00Destroying the history of those victimised by the State<div dir="ltr" style="text-align: left;" trbidi="on">
Fiona de Londras has a <a href="http://www.irishtimes.com/opinion/letters/human-rights-and-symphisiotomy-1.2574160">letter</a> in the Irish Times today, co-signed by a range of prominent lawyers, highlighting an injustice about to be done by the Irish state. The letter is worth quoting in full:<br />
<blockquote class="tr_bq">
As human rights lawyers we note with great concern
the proposal that records of applicants to the symphysiotomy payment
scheme would be shredded after March 20th.
<br />
<div class="no_name">
This would reinforce the harm done to women by the
physical and symbolic destruction of official medical records attesting
to the abuse and harm they experienced. Furthermore it would lead to the destruction of vital
records and evidence that might be of assistance in future legal,
historiographical and political processes of recording the symphysiotomy
in Ireland and ensuring accountability for these instances of inhumane
and harmful treatment.</div>
<div class="no_name">
The UN Human Rights Committee has called for a
“prompt, independent and thorough investigation into cases of
symphysiotomy” leading to prosecutions where appropriate. </div>
<div class="no_name">
It is likely that Ireland is under a positive obligation to hold such an inquiry under the European Convention on Human Rights <br /></div>
<div class="no_name">
That these records would be returned to the applicants to the scheme is, thus, of paramount importance.<br /></div>
<div class="no_name">
We note that applicants to this scheme were obliged
to provide “relevant supporting records”. They were not informed that
these records would be destroyed, that they should send or retain
certified copies, or that by applying to the scheme through submission
of these records they were at risk of losing this documentary evidence
of their medical mistreatment <br /></div>
<div class="no_name">
The limitations of data storage at hospitals are such
that such records, if destroyed, might not be capable of retrieval
elsewhere, and in some cases processes for accessing records can be so
difficult to navigate as to be almost inaccessible.<br /></div>
<div class="no_name">
Thus, we call on Ms Justice Harding Clarke to
reconsider this, and to ensure that all records are returned to the
applicants to the scheme, by registered post, at the earliest possible
date. Under no circumstances should they be destroyed. <br /></div>
<div class="no_name">
We also endorse the call from Marie O’Connor of
Survivors of Symphysiotomy that applicants to the scheme be asked for
their consent to these records being archived. </div>
</blockquote>
<div class="no_name">
Quite apart from the collective harm involved, the destruction of these records will be a significant wrong to the individual women. They were told that "<a href="http://www.payment-scheme.gov.ie/Symphyisotomy/Symphyisotomy.nsf/0/A8B200BE1D7D9A6880257D89003DDABA/$file/Terms%20of%20The%20Surgical%20Symphysiotomy%20Payment%20Scheme%20-%2010%20Nov%202014.pdf">the Assessor shall, where reasonably possible, arrange for the return to the Applicant or her Solicitor of any documents submitted</a>". The plan to shred these documents is a direct breach of this promise and makes it likely that the women will not be able to get copies of those documents from other sources.</div>
<div class="no_name">
<br /></div>
<div class="no_name">
The issue is urgent. The documents will be destroyed unless "an option letter" is received by 20th March. However, there is an interim solution for those affected: a subject access request under the Data Protection Acts will, in effect, stop the clock. <a href="https://castlebridge.ie/awareness/public-interest/symphisiotomy-Ireland">Daragh O'Brien has details of the steps to take</a>.</div>
</div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com0tag:blogger.com,1999:blog-9060198.post-62660012669386469422015-11-12T11:23:00.000+00:002015-11-12T11:28:05.403+00:00How trustworthy is Microsoft's "data trustee"?<div dir="ltr" style="text-align: left;" trbidi="on">
Yesterday Microsoft announced a <a href="http://www.ft.com/cms/s/0/540a296e-87ff-11e5-9f8c-a8d619fa707c.html">radical new structure for some of its European data centres</a>. In an attempt to put customer data beyond the reach of the US government, it has entered into a relationship with Deutsche Telekom which will operate new European facilities on its behalf and act as "trustee" for data held there. The aim is that:<br />
<blockquote class="tr_bq">
[Microsoft] employees will have no access to the data held at the facilities without the German company’s permission. The companies believe this arrangement means Microsoft will not have
to respond to governmental demands for information held in these data
centres, forcing official requests to go through German authorities
instead.</blockquote>
This is a direct response to the ongoing US litigation asserting that the Stored Communications Act has extraterritorial effect and <a href="http://www.independent.ie/opinion/court-ruling-shows-our-data-is-in-danger-and-the-us-holds-our-laws-in-contempt-30589125.html">captures data which Microsoft holds in Dublin</a> or anywhere else worldwide. The harm to its European cloud operations has forced Microsoft's hand - rather than waiting for the result of the appeal in that case (or <a href="http://www.theregister.co.uk/2015/02/13/congress_gets_serious_data_protection_with_new_bills_to_overhaul_ecpa/">proposed amendments which would cut back the extraterritorial effect of US law</a>) it has opted to put itself in a position where it simply can't comply with US demands.<br />
<br />
But how trustworthy is Microsoft's trustee? Deutsche Telekom looks like an unfortunate choice. It's probably best known in privacy circles for systematically using its phone records to <a href="http://www.spiegel.de/international/business/telecommunications-scandal-did-deutsche-telekom-spy-on-journalists-and-board-members-a-555363.html">spy on journalists writing critical stories about it</a> - including <a href="http://www.spiegel.de/international/business/spy-scandal-grows-telekom-accused-of-tracking-journalists-mobile-phone-signals-a-556741.html">tracking journalists' movements using mobile phone data</a>. It's deeply ironic that Deutsche Telekom <a href="http://www.bdlive.co.za/world/europe/2014/07/04/deutsche-telekom-targets-privacy">now sees privacy as a selling point</a> when it previously spied on its users not in response to government demands but simply for its own commercial advantage.</div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com0tag:blogger.com,1999:blog-9060198.post-39387241365252853752015-10-13T11:35:00.000+01:002015-10-13T11:35:20.419+01:00Law Society Annual Human Rights Conference<div dir="ltr" style="text-align: left;" trbidi="on">
I spoke at the Law Society's <a href="https://www.lawsociety.ie/Annual_Human_Rights_Conference_2015.aspx#.VhzZJtZstFI">2015 Annual Human Rights Conference</a> last Saturday about privacy and surveillance online in light of recent CJEU decisions - a particularly topical area following the decision in <i><a href="http://curia.europa.eu/juris/document/document.jsf?text=&docid=169195&doclang=en">Schrems</a></i>. I was joined on my panel by <a href="http://indigo.ie/~karlin/kjbio.htm">Karlin Lillington,</a> the journalist whose advocacy was responsible for data retention being treated as a civil liberties issue in Ireland, and the session was chaired by <a href="https://en.wikipedia.org/wiki/Michael_McDowell_(politician)">Michael McDowell</a> who as Minister for Justice was responsible for introducing data retention in Ireland in 2005 and was one of the main proponents behind data retention at a European level. As you would expect with this range of views, there was a full and interesting discussion of privacy generally and the specific area of state surveillance. Unfortunately there's no recording of the conference, but I've embedded my own slides below.<br />
<br />
<div nbsp="" style="-x-system-font: none; display: block; font-family: Helvetica,Arial,Sans-serif; font-size-adjust: none; font-size: 14px; font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal; margin: 12px auto 6px auto;">
<a href="https://www.scribd.com/doc/284732340/Presentation-at-Law-Society-Human-Rights-Conference-10-October-2015" nbsp="" style="text-decoration: underline;" title="View Presentation at Law Society Human Rights Conference 10 October 2015 on Scribd">Presentation at Law Society Human Rights Conference 10 October 2015</a></div>
<iframe class="scribd_iframe_embed" data-aspect-ratio="undefined" data-auto-height="false" frameborder="0" height="600" id="doc_59211" scrolling="no" src="https://www.scribd.com/embeds/284732340/content?start_page=1&view_mode=scroll&show_recommendations=true" width="100%"></iframe><br />
<br />
The Law Society will be making available other slides/papers from the conference - including hopefully the very interesting papers from <a href="https://www.carson-mcdowell.com/who-we-are/our-people/olivia-o-kane">Olivia O'Kane</a> on privacy and the media and <a href="http://www.inspectorofprisons.gov.ie/en/IOP">Judge Michael O'Reilly</a> on prisoners' rights - and I'll link to those once they are put up.</div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com0tag:blogger.com,1999:blog-9060198.post-23137719095852035482015-09-15T16:15:00.002+01:002015-09-15T16:15:49.722+01:00Whitewashing your internet profile: political edition<div dir="ltr" style="text-align: left;" trbidi="on">
Irish politicians are getting nervous. Although the government still <a href="http://www.independent.ie/irish-news/politics/bruton-insists-government-will-run-its-full-term-before-calling-election-31274523.html">insists it will serve out its full term</a>, insiders are muttering about the possibility of a <a href="http://www.irishmirror.ie/news/irish-news/politics/government-planning-give-away-budget-6436273">post-budget snap election</a>. It's no coincidence, therefore, that they are now looking to clean up their online presence and two stories from this week are particularly telling.<br />
<br />
First Alan Kinsella, of the invaluable<a href="https://irishelectionliterature.wordpress.com/"> Irish Election Literature</a> website, tweets:<br />
<blockquote class="twitter-tweet" lang="en">
<div dir="ltr" lang="en">
Have had a number of requests so far from candidates/election agents to take down their 2011 election material from the site <a href="https://twitter.com/hashtag/ge16?src=hash">#ge16</a></div>
— Alan Kinsella (@electionlit) <a href="https://twitter.com/electionlit/status/643348961252741120">September 14, 2015</a></blockquote>
<br /><script async="" charset="utf-8" src="//platform.twitter.com/widgets.js"></script>Second, an anonymous user from an Oireachtas IP address attempted a systematic (but ultimately unsuccessful) <a href="http://www.independent.ie/irish-news/politics/oireachtas-ip-address-whitewashes-senator-jim-walshs-samesex-marriage-comments-on-wikipedia-31526161.html">whitewashing</a> of the Wikipedia entry for Senator Jim Walsh, deleting all reference to various gaffes by him through the years.<br />
<br />
There's nothing new about attempts to suppress unfavourable information about Irish politicians - and the current stories are nowhere near the seriousness of the recent incident in which the aide to Derek Keating TD <a href="http://www.gazettegroup.com/news/garda-inquiry-launched-after-removal-of-newspapers/">dumped several thousand copies of a local freesheet containing a critical story about his boss</a>. But these examples still raise interesting issues for lawyers. In the case of the Irish Election Literature website - should politicians be able to invoke what would presumably be a copyright argument in order to conceal their past promises? In the case of Wikipedia, should edits made by TDs, Senators or their staff about themselves be disclosed? <a href="https://en.wikipedia.org/wiki/Wikipedia:Conflict_of_interest#terms">(Wikipedia certainly thinks so</a>.) More generally, how should Irish law deal with sites such as Politwoops which archive deleted tweets from politicians? Is Twitter correct in saying that <a href="http://www.theguardian.com/technology/2015/aug/24/twitter-blocks-access-political-transparency-organisation-politwoops">politicians should be able to delete their ill thought out tweets without that fact being highlighted</a> - or should we accept that what politicians say is inherently newsworthy?<br />
<br />
The Irish courts have yet to confront most of these issues - but it will be interesting to see what happens in an <a href="http://www.tjmcintyre.com/2015/04/irelands-first-right-to-be-forgotten-case.html">ongoing case</a> brought by a Dublin election candidate who has invoked the "right to be forgotten" against online discussion of his election literature. Hopefully this will result in a judicial statement affirming the strong public interest in political discussion.</div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com0tag:blogger.com,1999:blog-9060198.post-70462567597051915602015-06-16T11:25:00.000+01:002015-06-16T11:25:24.977+01:00Downloading or accessing certain material could constitute a criminal offence<div dir="ltr" style="text-align: left;" trbidi="on">
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPtfTUFMEGe15ebAYjFeiUy5-qqX6lSILwT4_VVlnNyOJmrDxIb8FwOXE22iG4rtyGi8J3vy0qKePajpqnjbMyDklLpEP40Ul7KFc7RFCMlH3oIY5bgp5QfS4y7-6z4xXNExSl4Q/s1600/Screen+Shot+2015-06-16+at+11.11.00.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPtfTUFMEGe15ebAYjFeiUy5-qqX6lSILwT4_VVlnNyOJmrDxIb8FwOXE22iG4rtyGi8J3vy0qKePajpqnjbMyDklLpEP40Ul7KFc7RFCMlH3oIY5bgp5QfS4y7-6z4xXNExSl4Q/s640/Screen+Shot+2015-06-16+at+11.11.00.png" width="441" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Poster put up in London internet cafes from 2010 onwards</td></tr>
</tbody></table>
<a href="http://phys.org/news/2010-03-uk-police-internet-cafes-customers.html">Background</a>:<br />
<blockquote class="tr_bq">
It's not about asking owners to spy on their customers, it's about raising awareness," a police spokesman said, speaking anonymously in line with force policy. "We don't ask them to pass on data for us."Still, he said, police were "encouraging people to check on hard drives." He did not elaborate, saying it would be up to cafe owners to decide if or how to monitor what customers left on their computers.</blockquote>
</div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com0tag:blogger.com,1999:blog-9060198.post-21706775688707568192015-05-04T15:59:00.003+01:002015-05-04T16:17:43.508+01:00PPS numbers: internet saviours?<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="no_name">
Bank Holiday Mondays are quiet news days, making them a good time to get any old nonsense into the newspaper. Today is no exception as the Irish Times appears to have taken the opportunity for a special edition of breathless internet fear-mongering.</div>
<div class="no_name">
<br /></div>
<div class="no_name">
The prime example is <a href="http://www.irishtimes.com/business/technology/pps-number-provides-way-to-vastly-improve-online-safety-of-children-1.2196922">this piece</a> which makes the literally incredible assertion that "The PPS number provides the
Irish Government with an opportunity to dramatically improve the safety
of children and young people online." (Following on, no doubt, from the success of PPS numbers in the delivery of water services.) In effect, the author is demanding internet identity cards for the wider population. This is an astonishingly bad idea, as anybody with even a passing familiarity with the <a href="http://www.theregister.co.uk/2014/10/14/south_korea_national_identity_system_hacked/">Korean internet ID fiasco</a> should know.</div>
<div class="no_name">
<br /></div>
So why is the author pushing this? The byline reveals that the author is "founder and CEO of TrustElevate, a technology products and services company that specialises in regulatory, policy and compliance online." But what the byline doesn't say is that her firm is selling the technology which the article promotes. According to its own site, "Trust Elevate is a UK-based technology solutions and advisory company. Our focus is on identity, privacy, security and safety from the
perspectives of reputational compliance and commercial opportunities."<br />
<br />
In short, the author is shilling her own service under the guise of an impartial opinion piece. This is bad enough in itself, but more fundamentally it is a distraction from what really needs to be done to protect children online.<br />
<br />
At the most basic level, gardaí are dramatically under-resourced in dealing with the internet. The 2014 <a href="http://www.gsinsp.ie/index2.php?option=com_docman&task=doc_view&gid=243&Itemid=152">Garda Inspectorate report</a> revealed there have been up to four year delays in analysing seized computers; that the Paedophile Investigation Unit had one (!) computer to receive and download evidence; that 40% of Garda stations are not networked and have no access to PULSE or internal email; that evidence cannot be shared electronically; and that even in networked stations many gardaí have no access to social media or external email.<br />
<br />
One might expect that those genuinely interested in child welfare would address these basic points first. But where's the profit in that?<br />
<br />
<br />
-----------<br />
<br />
Some excerpts from the Garda Inspectorate Report - emphasis mine:<br />
<blockquote class="tr_bq">
The current Garda Síochána IT system restricts the sending of evidence electronically, resulting in investigators having to travel to Dublin to view evidence. <b>PIU only have access to one standalone computer to receive and download evidence</b>, as they are unable to use PULSE. This is a fundamental tool for investigation of these crimes. When evidence arrives, it can take days to download information and this removes the availability of the computer to be used by investigators coming to the unit to view evidence for other cases. PIU gave an example where one case had over 8,000 videos.<br />
<br />
Another problem area is <b>the restriction placed on districts accessing social media sites. As a result, the PIU is swamped with requests from districts for help in cases under investigation</b>. Since 2001, the unit has used a paper system for managing investigations and would like to move to an electronic system. Internally, the PIU uses an electronic spread sheet to monitor cases. There is a concern that two investigators could potentially be looking at the same suspect, without knowing that another garda is also investigating a crime against the same suspect. Like the SOMU, all PIU staff work on the same roster and again are all off-duty at the same time.<br />
<br />
<b>The delay in obtaining evidence from analysis of computers has contributed to a situation where no PIU investigation case file has been sent to the DPP for directions in the last four years of operation. </b></blockquote>
<br />
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves/>
<w:TrackFormatting/>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>EN-IE</w:LidThemeOther>
<w:LidThemeAsian>X-NONE</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:EnableOpenTypeKerning/>
<w:DontFlipMirrorIndents/>
<w:OverrideTableStyleHps/>
</w:Compatibility>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="false"
DefSemiHidden="false" DefQFormat="false" DefPriority="99"
LatentStyleCount="371">
<w:LsdException Locked="false" Priority="0" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 6"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 7"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 8"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 9"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 9"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Normal Indent"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="footnote text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="annotation text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="header"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="footer"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index heading"/>
<w:LsdException Locked="false" Priority="35" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="table of figures"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="envelope address"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="envelope return"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="footnote reference"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="annotation reference"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="line number"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="page number"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="endnote reference"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="endnote text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="table of authorities"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="macro"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="toa heading"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Bullet"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Number"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Bullet 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Bullet 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Bullet 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Bullet 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Number 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Number 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Number 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Number 5"/>
<w:LsdException Locked="false" Priority="10" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Closing"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Signature"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="true"
UnhideWhenUsed="true" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text Indent"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Continue"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Continue 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Continue 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Continue 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Continue 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Message Header"/>
<w:LsdException Locked="false" Priority="11" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Salutation"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Date"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text First Indent"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text First Indent 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Heading"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text Indent 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text Indent 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Block Text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Hyperlink"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="FollowedHyperlink"/>
<w:LsdException Locked="false" Priority="22" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Document Map"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Plain Text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="E-mail Signature"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Top of Form"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Bottom of Form"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Normal (Web)"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Acronym"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Address"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Cite"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Code"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Definition"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Keyboard"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Preformatted"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Sample"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Typewriter"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Variable"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Normal Table"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="annotation subject"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="No List"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Outline List 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Outline List 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Outline List 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Simple 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Simple 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Simple 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Classic 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Classic 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Classic 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Classic 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Colorful 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Colorful 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Colorful 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Columns 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Columns 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Columns 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Columns 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Columns 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 6"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 7"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 8"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 6"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 7"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 8"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table 3D effects 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table 3D effects 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table 3D effects 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Contemporary"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Elegant"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Professional"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Subtle 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Subtle 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Web 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Web 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Web 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Balloon Text"/>
<w:LsdException Locked="false" Priority="39" Name="Table Grid"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Theme"/>
<w:LsdException Locked="false" SemiHidden="true" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" SemiHidden="true" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" QFormat="true"
Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" QFormat="true"
Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" QFormat="true"
Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" QFormat="true"
Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" QFormat="true"
Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" QFormat="true"
Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" SemiHidden="true"
UnhideWhenUsed="true" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="TOC Heading"/>
<w:LsdException Locked="false" Priority="41" Name="Plain Table 1"/>
<w:LsdException Locked="false" Priority="42" Name="Plain Table 2"/>
<w:LsdException Locked="false" Priority="43" Name="Plain Table 3"/>
<w:LsdException Locked="false" Priority="44" Name="Plain Table 4"/>
<w:LsdException Locked="false" Priority="45" Name="Plain Table 5"/>
<w:LsdException Locked="false" Priority="40" Name="Grid Table Light"/>
<w:LsdException Locked="false" Priority="46" Name="Grid Table 1 Light"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark"/>
<w:LsdException Locked="false" Priority="51" Name="Grid Table 6 Colorful"/>
<w:LsdException Locked="false" Priority="52" Name="Grid Table 7 Colorful"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 1"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 1"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 1"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 1"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 1"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 1"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 1"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 2"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 2"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 2"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 2"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 2"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 2"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 2"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 3"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 3"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 3"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 3"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 3"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 3"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 3"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 4"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 4"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 4"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 4"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 4"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 4"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 4"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 5"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 5"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 5"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 5"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 5"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 5"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 5"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 6"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 6"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 6"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 6"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 6"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 6"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 6"/>
<w:LsdException Locked="false" Priority="46" Name="List Table 1 Light"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark"/>
<w:LsdException Locked="false" Priority="51" Name="List Table 6 Colorful"/>
<w:LsdException Locked="false" Priority="52" Name="List Table 7 Colorful"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 1"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 1"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 1"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 1"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 1"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 1"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 1"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 2"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 2"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 2"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 2"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 2"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 2"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 2"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 3"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 3"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 3"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 3"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 3"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 3"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 3"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 4"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 4"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 4"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 4"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 4"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 4"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 4"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 5"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 5"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 5"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 5"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 5"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 5"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 5"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 6"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 6"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 6"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 6"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 6"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 6"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 6"/>
</w:LatentStyles>
</xml><![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:8.0pt;
mso-para-margin-left:0cm;
line-height:107%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-fareast-language:EN-US;}
</style>
<![endif]-->
<br />
<blockquote class="tr_bq">
<div class="MsoNormal">
A consistent theme throughout the inspection of national and
district intelligence units was that outdated IT equipment blocked them from accessing
or viewing evidence about a crime. The Inspectorate was informed that <b>the
National Intelligence Unit is working on outdated software and is unable to
load PDF documents and to view photographs</b>. CIOs in particular experience daily
challenges in accessing the necessary IT applications and equipment to perform
their role effectively. <b>CIOs often use personal laptops and computers to view
CCTV footage</b>, to download stills and to turn those stills into briefing
documents and bulletins. This represents a risk of breaching security of intelligence
data, but their motive is to ensure that intelligence is provided to local
gardaí. </div>
</blockquote>
<br />
<blockquote class="tr_bq">
<b>The access of gardaí to external e-mail was very inconsistent across the seven divisions</b>. Some members stated that they had no external e-mail access and other gardaí explained that if you apply for access then it will be given. Many victims would like the option to use e-mail to communicate directly with the garda dealing with their case and it would ensure that the member actually received their message. </blockquote>
</div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com0tag:blogger.com,1999:blog-9060198.post-7934254252105610482015-04-29T13:51:00.000+01:002015-04-30T11:13:21.055+01:00"Homophobe" brings Ireland's first "right to be forgotten" court case<div dir="ltr" style="text-align: left;" trbidi="on">
A fascinating <a href="http://www.irishtimes.com/news/crime-and-law/courts/circuit-court/ex-candidate-wants-google-to-take-down-homophobe-claims-1.2193352">story</a> in today's Irish Times details what seems to be the first court case in Ireland following the <a href="http://curia.europa.eu/juris/liste.jsf?num=C-131/12">Google Spain</a> ruling. However a less sympathetic plaintiff would be hard to find. The case is being brought by a Dublin man, Mark Savage of Lios Cian, Swords, who ran in the 2014 local elections on a platform which included reference to "Gay Perverts cavorting in flagrante on the beach in broad daylight". His election literature speaks for itself (click to enlarge):<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxc4KAe8o5Ofl5QXcM7JSDjwN-ddnIfgn25aQNKKU3fvX1jt4V7PLM_4jHXCsiieYDPjtUn1iCKgEqQfdx0UaPWr0iWMT42Wiv41wuKpmTu_TyVfDUHTqln_LJB0pA5lmu7lfSVA/s1600/Mark+Savage.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxc4KAe8o5Ofl5QXcM7JSDjwN-ddnIfgn25aQNKKU3fvX1jt4V7PLM_4jHXCsiieYDPjtUn1iCKgEqQfdx0UaPWr0iWMT42Wiv41wuKpmTu_TyVfDUHTqln_LJB0pA5lmu7lfSVA/s1600/Mark+Savage.jpg" height="202" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
Unsurprisingly, he was not elected. He now apparently objects to a <a href="http://www.reddit.com/r/ireland/comments/26a486/mark_savage_north_county_dublins_homophobic/">Reddit thread</a> characterising him as "Mark Savage - North County Dublin's homophobic candidate". Following an unsuccessful <a href="https://www.chillingeffects.org/notices/1154276">request</a> to Google to have that thread deindexed, he complained to the Data Protection Commissioner who refused to order that Google do so. He has now appealed against that decision to the Circuit Court. I look forward to a full hearing, though I doubt it will be over in his optimistic estimate of two hours and I doubt he will be successful in his claim that Google should censor discussion of his views as publicly stated in an election campaign. If anything, this appears to be a complaint of defamation dressed up as a data protection matter.<br />
<br />
Edited to add: Incidentally, the case also highlights an important structural point - chances are that most of the RTBF cases which become public will involve plaintiffs with relatively weak claims. The individuals with strong arguments to be deindexed will probably succeed in private at the point of initial contact with Google or else before the data protection authority. The only cases to be subject to public scrutiny before the courts will be those where both of the initial decision makers have found that the request should not be granted.</div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com2tag:blogger.com,1999:blog-9060198.post-66676231192418748762015-03-30T15:47:00.000+01:002015-03-30T20:22:14.581+01:00Two data retention cases pose questions for three Ministers for Justice<div dir="ltr" style="text-align: left;" trbidi="on">
Two cases have now been brought in Ireland seeking to take advantage of the <a href="https://www.digitalrights.ie/ecj-says-eu-mandated-mass-surveillance-entails-interference-fundamental-rights-practically-entire-european-population/">Digital Rights Ireland decision</a> from the European Court of Justice in order to exclude evidence in criminal trials. First, a <a href="http://www.irishtimes.com/news/crime-and-law/courts/high-court/garda-seeks-to-halt-trial-for-misleading-gsoc-inquiry-1.2153152">case stated in the prosecution of a detective garda alleged to have given false information to GSOC</a>; second, a <a href="http://www.irishtimes.com/news/crime-and-law/courts/criminal-court/option-of-manslaughter-ruled-out-by-dwyer-at-close-of-evidence-1.2156633">challenge brought by convicted murderer Graham Dwyer</a> - commenced in January but made public only on his conviction last week.<br />
<br />
Given how central internet and phone evidence is to many prosecutions, the only surprise is that it's taken this long for these challenges to be brought and no doubt more will come. Unfortunately it is possible that at least some convictions will be overturned as a result - and the blame for this will lie squarely with the Department of Justice and successive ministers.<br />
<br />
Ministers Dermot Ahern, Alan Shatter and Frances Fitzgerald in particular have questions to answer.<br />
<br />
Dermot Ahern knew in 2011 that data retention was on very shaky ground. By then data retention laws had been struck down in Bulgaria (2008), Romania (2009) and Germany (2010) - and the Irish challenge was pending before the High Court which had decided that the case raised "<a href="http://www.bailii.org/ie/cases/IEHC/2010/H221.html">important constitutional questions</a>". At this point the Irish law should have been reformed to provide for <a href="http://www.irishtimes.com/opinion/violations-only-made-worse-by-new-plans-for-data-retention-1.1216636">data preservation</a> and include adequate safeguards identified by those cases, such as a requirement for a judge to approve access to data. Instead the law adopted in 2011 was <a href="https://www.digitalrights.ie/thoughts-on-the-new-data-retention-bill/">equally flawed</a>.<br />
<br />
Alan Shatter and Frances Fitzgerald are equally if not more at fault. It was clear from the <a href="http://www.rte.ie/news/2013/1212/492439-ecj-data/">Advocate General's opinion</a> in December 2013 that the Data Retention Directive would be struck down. But instead of replacing the 2011 <a href="http://www.irishstatutebook.ie/2011/en/act/pub/0003/">law</a> implementing the Directive both ministers adopted the ostrich position. There has been nothing but radio silence from the Minister for Justice since the Data Retention Directive was invalidated just under a year ago. It may be that she hopes by ignoring the problem it will go away. But by doing so she is only ensuring that many more prosecutions and convictions will be put at risk. As I previously predicted, <a href="http://www.villagemagazine.ie/index.php/2015/03/gubu-in-2015/">"by continuing to keep its head in the sand the State is only storing up problems for the future"</a>.</div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com0tag:blogger.com,1999:blog-9060198.post-55739350222367722172015-03-24T11:51:00.000+00:002015-03-24T12:22:31.503+00:00Mixed internet messages from the Indian Supreme Court<div dir="ltr" style="text-align: left;" trbidi="on">
The Indian Supreme Court today gave a <a href="http://barandbench.com/content/212/section-66a#.VREbOULfLwx">landmark decision</a> on the Information Technology Act 2000. Most media coverage has focused on the fact that the court <a href="http://techcrunch.com/2015/03/23/indias-supreme-court-strikes-down-controversial-internet-censorship-law/">struck down section 66A</a> - the offensive messages provision - finding that it was unconstitutionally vague and would have a chilling effect on freedom of expression. This is significant for the ongoing Irish debate on "cyberbullying". The Irish offence of <a href="http://www.irishstatutebook.ie/1951/en/act/pub/0017/sec0013.html">sending offensive messages by telephone</a> is extremely similar to the Indian s.66A offence and there have been calls to extend it to the internet. Today's judgment suggests that this would be unconstitutional. As the Indian Supreme Court stated:<br />
<blockquote class="tr_bq">
[The English cases] illustrate how judicially trained minds would find a person guilty or not guilty depending upon the Judge’s notion of what is “grossly offensive” or “menacing”. In Collins’ case, both the Leicestershire Justices and two Judges of the Queen’s Bench would have acquitted Collins whereas the House of Lords convicted him. Similarly, in the Chambers case, the Crown Court would have convicted Chambers whereas the Queen’s Bench acquitted him. If judicially trained minds can come to diametrically opposite conclusions on the same set of facts it is obvious that expressions such as “grossly offensive” or “menacing” are so vague that there is no manageable standard by which a person can be said to have committed an offence or not to have committed an offence. Quite obviously, a prospective offender of Section 66A and the authorities who are to enforce Section 66A have absolutely no manageable standard by which to book a person for an offence under Section 66A.</blockquote>
There's been less attention to the court's disappointing findings upholding the section 69A government power to order the blocking of websites where "necessary or expedient so to do, in the interest of sovereignty and integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above". According to the court, the procedural safeguards established around blocking were sufficient to protect freedom of expression, despite the fact that blocking is ordered by the government itself rather than an independent body:<br />
<br />
<blockquote class="tr_bq">
It will be noticed that Section 69A unlike Section 66A is a narrowly drawn provision with several safeguards. First and foremost, blocking can only be resorted to where the Central Government is satisfied that it is necessary so to do. Secondly, such necessity is relatable only to some of the subjects set out in Article 19(2). Thirdly, reasons have to be recorded in writing in such blocking order so that they may be assailed in a writ petition under Article 226 of the Constitution. <br />
<br />
The Rules further provide for a hearing before the Committee set up - which Committee then looks into whether or not it is necessary to block such information. It is only when the Committee finds that there is such a necessity that a blocking order is made. It is also clear from an examination of Rule 8 that it is not merely the intermediary who may be heard. If the “person” i.e. the originator is identified he is also to be heard before a blocking order is passed. Above all, it is only after these procedural safeguards are met that blocking orders are made and in case there is a certified copy of a court order, only then can such blocking order also be made.</blockquote>
Still, it is heartening to see that the Indian Supreme Court apparently considered it essential that both the intermediary and also the "originator" (the person who posts material) should be given the chance to be heard before a blocking order is made. In too many national schemes the only notice - if any - is to the host or social network, not the user.</div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com0tag:blogger.com,1999:blog-9060198.post-55119488752309798122015-01-22T15:48:00.001+00:002015-01-22T15:48:54.788+00:00Mobile phone records as evidence in Irish courts<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="tr_bq">
Just before Christmas <a href="http://www.independent.ie/irish-news/courts/charges-dropped-against-man-in-alan-ryan-murder-probe-30802562.html">a murder trial collapsed</a> when the prosecution failed to lay the correct evidential basis for admitting mobile phone records against the accused. There's no written judgment but according to media reports:</div>
<blockquote>
The State entered a nolle prosequi in the case after Judge Catherine Murphy ruled that telephone records held on a mainframe computer could not be relied on as evidence because there was no evidence that the computer was operating correctly at the relevant time... </blockquote>
<blockquote>
In her ruling at Dublin Circuit Criminal Court Judge Murphy said there must be evidence of the function and operation of the main frame computer, on which the call records are held. She said: “This must include information that the computer was operating correctly at the relevant time”. </blockquote>
<blockquote>
The ruling relies on a 1992 judgement from the UK appeal courts which held that the prosecution must provide evidence of the function and operation of the mainframe computer used to store the records. The Cochrane ruling, which has been upheld by the Irish courts, noted that “the problem of proving transactions of this type must now arise frequently and it should be possible… to devise a standard form of evidence to deal with it.” </blockquote>
<blockquote>
Judge Murphy had earlier ruled that the evidence of the records held on the Meteor mainframe server was not admissible under the 1992 Criminal Evidence Act because the act does not cover automatically held records. </blockquote>
<blockquote>
The evidence in this case was that the records were held, automatically, on the Meteor mainframe server. The prosecution then submitted to the Court that the records could be admitted under Common Law. Judge Murphy ruled against them on this and noted that the UK judgement states there must be evidence “that the computer was operating correctly at the relevant time”. </blockquote>
<blockquote>
The UK judgement states that the prosecution must provide “authoritative evidence about the operation of the relevant machines”. Judge Murphy noted that an engineer from Meteor gave evidence for the prosecution that he had working knowledge of the Meteor computer system but not of the mainframe computer from on the records were held.</blockquote>
Today it seems that <a href="http://www.irishtimes.com/news/crime-and-law/courts/circuit-court/two-men-previously-jailed-over-robbery-found-not-guilty-1.2075638">another trial has collapsed on the same basis</a>. According to the Irish Times:<br />
<blockquote class="tr_bq">
The legal argument centred on whether records from mobile phone masts could be relied on to link the phones to the robbery by placing them at relevant times and places. Detectives have developed the network of phones out of a single call allegedly made from the Dublin Mountains to the Richardson family home during the kidnapping. Mrs Richardson testified that the gang had allowed her to call her husband from the mountains. In ruling on the defence application, made in the absence of the jury, Judge Ring said that none of the three mobile phone network experts called by the prosecution could say that the relevant networks were fully operational and functioning on a given day or whether any particular cell sites are out of operation on those relevant dates. She said there was evidence that calls could be routed through another mast if the nearest mast was not operational at the time or if it was busy.</blockquote>
The Cochrane judgment referred to in these reports is <i>R v. Cochrane</i> [1993] Crim LR 98, which was applied in Ireland in relation to mobile phone records by <i>People (DPP) v. Colm Murphy</i> [2005] IECCA 1. It's a little surprising, therefore, that admissibility has become such a contentious issue nearly a decade later. As far as I can tell from the newspaper reports, what has happened is that trial judges have become more familiar with the technology and have become more strict in insisting that the prosecution witnesses can testify to the operation of the system as a whole and not just particular components such as the masts. In the short term this is going to require prosecutors to put forward more technical witnesses from the mobile operators; longer term I wouldn't be surprised to see legislation rushed forward to provide a statutory basis for admitting these records (probably on the basis of certificate evidence).<br />
<br />
Incidentally, this is certainly not limited to the case of mobile phone records - the same logic would apply to evidence of IP address allocation and use and other computer evidence. Expect these arguments to be played out soon in other cases involving computers.</div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com1tag:blogger.com,1999:blog-9060198.post-24224984316105358812014-10-24T13:19:00.003+01:002014-10-24T13:19:24.096+01:00Discovery of encrypted documents<div dir="ltr" style="text-align: left;" trbidi="on">
Today's Irish Times has a <a href="http://www.irishtimes.com/business/sectors/financial-services/quinns-demand-letters-between-lenihan-and-anglo-1.1971896">story</a> arising out of the Quinn litigation against the state which raises important issues around access to encrypted documents:<br />
<blockquote class="tr_bq">
The family of Seán Quinn is demanding access to three letters sent between former minister for finance Brian Lenihan and then chairman of Anglo Irish Bank Donal O’Connor as part its €2.34 billion claim against the state. This correspondence relates to late January 2009 and early February 2009, just after the state took the decision to nationalise Anglo as it tottered on the brink of collapse. The family also wants efforts to be made to crack a password-protected email sent by the bank’s chief executive David Drumm to Matt Moran, a close lieutenant, in the midst of the financial crisis in April 2008, according to documents filed in relation to their legal battle...<br />
<br />
Legal advisers to the liquidators of IBRC, who are now in charge of Anglo, are refusing to release about 168 documents which they claim are legally privileged, with the exception of the email from Mr Drumm to Mr Moran which they cannot access... [The Quinns] have asked the liquidators of IBRC to instruct IT experts to crack the encoded email or give it to the family so that they can try to do so.</blockquote>
<br />
<a href="http://www.tjmcintyre.com/2010/11/police-access-to-encrypted-files-does.html">I've already looked at the encrypted Anglo files from a criminal law perspective</a>, considering when police can demand that files be decrypted or that individuals hand over passwords. This case presents parallel civil law issues - when can a party in litigation demand that potentially relevant files be decrypted as part of the discovery process, when the other party does not have the relevant passwords?<br />
<br />
This will be the first time this is considered by the Irish courts. There doesn't appear to be any case law on the topic, and it's not explicitly addressed in the <a href="http://www.courts.ie/rules.nsf/SuperiorAmdLookup/No31-S.I.+No.+93+Of+2009:+Rules+Of+The+Superior+Courts+%28Discovery%29+2009">Rules of the Superior Courts</a>. It's also not considered in the Law Reform Commission's (rather disappointing) 2009 <a href="http://www.lawreform.ie/_fileupload/consultation%20papers/cpdocumentaryandelectronicevidence.pdf">Consultation Paper on Documentary and Electronic Evidenc</a>e. The closest Irish material is the 2013 <a href="http://www.ediscoverygroup.ie/Good%20practice%20guide%20to%20eDiscovery%20in%20Ireland%20v1.0.pdf">Good Practice Guide to Electronic Discovery in Ireland</a> which suggests that parties making discovery should if necessary attempt to break the protection on encrypted or password protected files (PDF, p.23).<br />
<br />
I look forward to seeing the decision on this point.</div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com0tag:blogger.com,1999:blog-9060198.post-2427497328919333442014-10-21T11:17:00.000+01:002014-10-24T13:29:15.642+01:00Garda body cameras: quis custodiet ipsos custodes?<div dir="ltr" style="text-align: left;" trbidi="on">
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEL9l_bkHDb6jKCdEVvobSfIb3GYpxlpzBoCJhZQlvTy5HXU6NMUQLwUweHE2z7_u7DzyrHEvFlCvqynCt-a0s3vlLKIR5uJs7kzbepM68VwJ1_4YxFnNLmU57z0Eh1Ty65j7Pgg/s1600/YTAyOTA2NGQ0ZjI5OTFlOWYzYzdhNGQ1YWI4NDc1MGVuql5jooOL-p2-45iJV3aKaHR0cDovL2MwLnRoZWpvdXJuYWwuaWUvbWVkaWEvMjAxNC8xMC9jYW1lcmEtMTAucG5nfDYwNXx8fHx8fHx8fA==.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEL9l_bkHDb6jKCdEVvobSfIb3GYpxlpzBoCJhZQlvTy5HXU6NMUQLwUweHE2z7_u7DzyrHEvFlCvqynCt-a0s3vlLKIR5uJs7kzbepM68VwJ1_4YxFnNLmU57z0Eh1Ty65j7Pgg/s1600/YTAyOTA2NGQ0ZjI5OTFlOWYzYzdhNGQ1YWI4NDc1MGVuql5jooOL-p2-45iJV3aKaHR0cDovL2MwLnRoZWpvdXJuYWwuaWUvbWVkaWEvMjAxNC8xMC9jYW1lcmEtMTAucG5nfDYwNXx8fHx8fHx8fA==.png" height="223" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Garda body worn camera - screencap from <a href="https://www.youtube.com/channel/UCbpWYukqsFonxYxv2tF7tlQ">Dublin Says No</a> protest video.</td></tr>
</tbody></table>
I had a <a href="http://www.independent.ie/tablet/comment/tj-mcintyre-body-cameras-will-give-a-new-perspective-on-policing-as-water-meter-protests-show-30673537.html">piece </a>in Saturday's Irish Independent on the implications of the new Garda body worn cameras being used at protests against water charges. There wasn't enough room in 750 words to tackle all the issues involved so here are some thoughts that didn't make it into the finished piece:<br />
<br />
* While there is almost no transparency around the use of the cameras, for the moment it looks as though they are only being used at protests. This is a relatively straightforward case - public protests are the best case scenario for the use of cameras as situations where there is a limited privacy interest on both sides and a likelihood of confrontation - but isn't at all representative of the problems that would be faced if cameras were rolled out to ordinary policing. For example, would cameras be turned off when gardaí are in private homes? In hospitals?<br />
<br />
* In particular, there is a real risk that the use of cameras in day to day policing will lead to a more wary relationship with the public. Will people be deterred from talking to gardaí for fear that their casual conversations may be recorded and reviewed?<br />
<br />
* The main financial cost lies not in the cameras themselves but in the management of the recordings they generate. Video requires lots of storage and systems in place to deal with transfer of material from device to server, deletion of material once the retention period is up, flagging of particular recordings to be stored, search and retrieval of material which might be spread across a number of different stations, backups and archiving, ensuring that older file formats can still be read, responding to subject access requests, etc. Have these points have been taken into account in garda planning? Or will we end up with another case of <a href="http://www.sligotoday.ie/details.php?id=30455">garda tapes being stored randomly in cardboard boxes and covered in mould</a>?<br />
<br />
* At the moment garda management are saying very little about these new cameras. In a few months the Freedom of Information Act 2014 will be extended to An Garda Síochána - but in the meantime anyone who has been videoed at a protest can find out more by making a (free) request under <a href="http://www.dataprotection.ie/viewdoc.asp?DocID=796#3">s.3 of the Data Protection Acts</a> to determine what data from the cameras are being held and the purposes for which they are being kept.</div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com0tag:blogger.com,1999:blog-9060198.post-10649441079906263762014-10-02T15:42:00.002+01:002014-10-03T17:23:03.148+01:00Watering down data protection<div dir="ltr" style="text-align: left;" trbidi="on">
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFyFrS1YnZxkm8SHnLdM60mBFb2XucYMNNdydOpmZcGsYdtBK-6DgUXHFTAiD8mPAeIjpZ4f2M_7sLLTx4IzZjvc_g_qNmUa04uZ4rc8mYbSR2eM7ynacZOyiFuSJwpKDIj1_N4w/s1600/geograph-2730992-by-P-L-Chadwick.jpg" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFyFrS1YnZxkm8SHnLdM60mBFb2XucYMNNdydOpmZcGsYdtBK-6DgUXHFTAiD8mPAeIjpZ4f2M_7sLLTx4IzZjvc_g_qNmUa04uZ4rc8mYbSR2eM7ynacZOyiFuSJwpKDIj1_N4w/s1600/geograph-2730992-by-P-L-Chadwick.jpg" height="400" width="283" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">© <a href="http://www.geograph.ie/profile/20846" title="View profile">P L Chadwick</a> <a class="nowrap" href="http://creativecommons.org/licenses/by-sa/2.0/" rel="license">CC-BY-SA-2.0</a>.</td></tr>
</tbody></table>
It was never likely that people would be happy about paying directly for their water. But public resentment has been stoked further by the invasive questions on the Irish Water application forms, which demand PPS numbers for the householder and all children before the free allowances are granted.<br />
That resentment was only exacerbated when people looked at the <a href="http://www.water.ie/data-protection-notice/">data protection notice</a> on the website to discover that Irish Water claims the right to use our personal information to market to us via unsolicited text messages, emails, junk mail and telephone calls and even to send salesmen to “contact the customer… in person”.<br />
<br />
What do they propose to sell us? The website says that Irish Water or its agents may contact us about “water related products or services”, whatever those might be. Bathtubs? Swimming lessons? Boats? Perhaps we should expect phone calls at dinnertime which begin <a href="https://twitter.com/etienneshrdlu/status/514165163713642497">“Hi there. I’m calling you today because your body is 66% water.”</a><br />
<br />
Irish Water also claims the right to send our information outside of Europe, <a href="http://obriend.info/2014/09/30/reposted-irish-water-dpc-letter-meaning/">which would allow outsourcing of their operations</a> (for example, call centres or IT support) to a low cost location such as India. As <a href="http://web.archive.org/web/20140909073514/https://www.water.ie/data-protection-notice/">originally drafted</a>, their website also stated that information would be disclosed if Irish Water was bought by a third party – though they have since deleted this last point, no doubt because it is too close to the political hot potato that is privatisation of the water system.<br />
<br />
Are Irish Water entitled to do these things with our information?<br />
<br />
Let’s start with PPS numbers. There has been some talk of the <a href="http://www.dataprotection.ie/docs/Use-of-PPSN/1247.htm">criminal offence</a> of requesting a PPS number without legal authority, but that is a red herring: <a href="http://www.irishstatutebook.ie/2014/en/act/pub/0016/print.html#sec20">since July Irish Water has been a specified body entitled to use PPS numbers</a>.<br />
<br />
However, the fact that they are seeking PPS numbers at all points to a flawed system<br />
<br />
For example, Irish Water tell us that they need PPS numbers of children to confirm their eligibility for a water allowance. Yet the Department of Social Protection already holds this information in relation to child benefit. Rather than create an additional bureaucracy within Irish Water it would have been preferable to leave this within the existing state agency – for example, by simply adding the relevant amount to the child benefit payment. <a href="http://www.welfare.ie/en/Pages/water_support.aspx">This is already being done for the household benefit, which will be increased by an additional €100 each year towards water bills without any need for anyone in Irish Water to know who is on household benefit</a>.<br />
<br />
(Using PPS numbers also creates a fresh problem. Many residents in Ireland - such as foreign students and foreign pensioners - will not have PPS numbers. What is to happen to their allowances?)<br />
<br />
Quite apart from the initial request for PPS numbers there is also a problem with ongoing storage. While Irish Water may need PPS numbers to verify water allowances initially, that is no reason to continue storing them once this is done. It is a fundamental rule that personal information should not be stored for longer than necessary – especially in cases such as this, where Irish Water would end up holding a vast database which would be vulnerable to both corrupt insiders and outside attackers. Their apparent intention to store PPS numbers in this way is likely to breach data protection law - particularly if Irish Water follow through on <a href="http://www.irishtimes.com/news/ireland/irish-news/landlords-not-liable-for-tenants-water-bills-1.1944634">what appears to be a half-baked plan to use PPS numbers to track down tenants for non-payment</a>. Such a use would clearly be incompatible with the purpose for which they claim to be collecting the information. <br />
<br />
The situation is no better in relation to marketing. For example, the assertion that Irish Water can send us unsolicited text messages and emails unless we object is wrong. <a href="http://www.dataprotection.ie/docs/DIRECT-MARKETING-A-GENERAL-GUIDE-FOR-DATA-CONTROLLERS/905.htm">Positive, opt-in consent is required by law before this can be done</a>. Similarly, Irish Water is lacking in the mechanisms it provides to opt-out of marketing. The website makes opt-out excessively difficult by providing only a postal address and telephone number and (because it is not a freephone number) violating the requirement that opt-out should be free of charge. Indeed, it has since emerged that Irish Water staff answering that telephone number are actually unable to register opt-outs in the way promised by the privacy statement.<br />
<br />
In relation to transferring our information outside Europe, Irish Water fails again. The website claims that “by submitting data to Irish Water” you agree to such transfers. However the fiction that you consent by filling out the registration form is unsustainable – as Irish Water is a monopoly and there is no choice but to fill out the form then <a href="http://www.dataprotection.ie/docs/Transfers-Abroad/37.htm">any supposed consent would not be “freely given” as required by European law</a>. Any transfer outside Europe would have to be justified in some other way.<br />
<br />
The beleaguered head of PR has <a href="http://obriend.info/2014/10/01/morning-ireland-irish-water-and-data-protection-clarifications/">appeared on Morning Ireland</a> attempting to extricate Irish Water from this quagmire - stating for example that Irish Water would only be direct marketing via postal inserts with bills, not by phone calls or emails. However her<i> ad hoc</i> assurances are meaningless while the data protection statement still claims much wider rights.<br />
<br />
These are fundamental failures to meet basic requirements of data
protection law and have already resulted in one change to the privacy
statement. The Data Protection Commissioner is now also involved, and it is safe to say that her office will also insist on further changes. However it is astonishing that it is only at this late stage that the privacy issues involved are being given the attention which should have been there from the start.<br />
<br />
For more see this excellent series of posts from Daragh O'Brien, who has been on top of the issue from the start: <a href="http://obriend.info/2014/09/06/irish-water-data-protection-notice-a-review/">1</a> | <a href="http://obriend.info/2014/09/10/irish-water-data-protection-notice-an-alternative-version/">2</a> | <a href="http://obriend.info/2014/09/18/irish-water-transfer-of-data-and-wtf/">3</a> | <a href="http://obriend.info/2014/09/24/irish-water-the-dpcs-letter-and-what-it-means/">4</a> | <a href="http://obriend.info/2014/09/25/irish-water-a-data-architecture-thought-noodle/">5</a> | <a href="http://obriend.info/2014/09/30/irish-water-and-ppsn-data/">6</a> | <a href="http://obriend.info/2014/09/30/accurate-and-up-to-date-irish-water-and-changing-data/">7</a> | <a href="http://obriend.info/2014/09/30/reposted-irish-water-dpc-letter-meaning/">8</a> | <a href="http://obriend.info/2014/09/30/for-fecks-sake-irish-water-ive-got-a-day-job/">9</a> | <a href="http://obriend.info/2014/10/01/morning-ireland-irish-water-and-data-protection-clarifications/">10</a>.</div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com2tag:blogger.com,1999:blog-9060198.post-41799867073143777162014-09-16T09:43:00.002+01:002014-09-17T18:43:15.599+01:00United States v. Microsoft (and Ireland)<div dir="ltr" style="text-align: left;" trbidi="on">
I have a <a href="http://www.independent.ie/opinion/court-ruling-shows-our-data-is-in-danger-and-the-us-holds-our-laws-in-contempt-30589125.html">short piece</a> in today's Irish Independent on the remarkable legal battle between Microsoft and US prosecutors over access to data on non-US users which is stored in Ireland, which has now resulted in a <a href="http://www.zdnet.com/microsoft-refuses-to-hand-over-foreign-data-held-in-contempt-of-court-7000033508/">finding that Microsoft is in contempt of court</a>.<br />
<br />
The Irish Independent doesn't allow inline links to resources in stories, so for background here are:<br />
<ul style="text-align: left;">
<li>The Magistrate Judge's original <a href="https://www.documentcloud.org/documents/1149373-in-re-matter-of-warrant.html">ruling </a>that Microsoft must hand over the data;</li>
<li>The <a href="http://www.digitalrights.ie/dri/wp-content/uploads/2014/07/SDNY-McDowell-Declaration.pdf">opinion of Michael McDowell SC</a> on Irish law as it applies to the Microsoft case; </li>
<li>The <a href="http://www.state.gov/documents/organization/129536.pdf">Mutual Legal Assistance Treaty between Ireland and the US</a> (which I argue US prosecutors should have used); and</li>
<li>The Department of Justice <a href="http://www.justice.ie/en/JELR/Guide%20to%20Irish%20Law%20and%20Procedures%20-%20Mutual%20legal%20Assistance%20in%20Criminal%20Matters.pdf/Files/Guide%20to%20Irish%20Law%20and%20Procedures%20-%20Mutual%20legal%20Assistance%20in%20Criminal%20Matters.pdf">Guide to Mutual Legal Assistance in Ireland</a>.</li>
</ul>
In the piece I suggest that Microsoft might commit a criminal offence under Irish law if it discloses user emails without an Irish court order or other Irish law entitlement to do so. The relevant provision is <span class="bodytext"><a href="http://www.irishstatutebook.ie/1988/en/act/pub/0025/sec0021.html#sec21">section 21(2)</a> of the Data Protection Acts which makes it an offence for any data processor to knowingly disclose personal data without the prior authority of
the data controller on whose behalf the data were processed.</span><br />
<br />
<span class="bodytext">This does, of course, assume that Microsoft would be a data <i>processor </i>rather than a data <i>controller </i>in respect of the contents of user emails. While there is some debate as to when a cloud service operator should be treated as a data controller rather than a data processor, guidance from the Article 29 Working Party (<a href="http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp169_en.pdf">Opinion 1/2010 on the concepts of "controller" and "processor"</a>, p.11) strongly suggests that Microsoft should be treated as a data controller only in relation to content (such as traffic data) which it generates - in relation to the emails themselves Microsoft would be treated as a data processor and would therefore be exposed to criminal liability.</span><br />
<ul style="text-align: left;">
</ul>
</div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com2tag:blogger.com,1999:blog-9060198.post-20869646887990193172014-08-21T19:14:00.000+01:002014-09-12T11:02:28.422+01:00"State must be more mindful of your private data"<div dir="ltr" style="text-align: left;" trbidi="on">
I've waited a while to quote Fr. Dougal McGuire in the national press, but finally got my chance in the Independent:<br />
<blockquote class="tr_bq">
Last week the Irish Independent revealed further abuses of private files in the Department of Social Protection. The abuses ranged from private investigators illegally accessing personal information, to one male employee who spent up to two hours per day looking up information on women and their partners...
The response of the department - that it constantly reviews its internal controls - is reminiscent of Father Dougal McGuire's promise: "As I said last time, it won't happen again".</blockquote>
<a href="http://www.independent.ie/opinion/the-state-must-be-more-mindful-of-your-private-data-30524449.html">Full text</a>. </div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com2tag:blogger.com,1999:blog-9060198.post-85086714762187895372014-07-20T23:28:00.003+01:002014-07-20T23:33:11.157+01:00"Significant gaps" in Department of Justice IT security<div dir="ltr" style="text-align: left;" trbidi="on">
You might think that the Department of Justice and Equality - which is responsible for data protection law in Ireland - would have adequate security in place for its own systems. Apparently not. Here's an excerpt from briefing materials for the new Minister, Frances Fitzgerald:<br />
<blockquote class="tr_bq">
Significant gaps have been found in levels of IT security in use to protect our systems and data. The systems have become out of date as investment (as with infrastructure) has not been applied to maintaining levels at what would be deemed adequate. A security consultant has been retained and a dedicated security manager has been taken on to review and remediate this deficiency. This will require significant investment and resource to bring us to a suitable level of protection and awareness. (p.82)</blockquote>
Proving the point, the briefing material was released as a PDF with crude redaction, <a href="http://www.thesundaytimes.co.uk/sto/homeV2/article1436552.ece">easily defeated by the time honoured method of copying and pasting the blacked out material</a>. While the department hurriedly pulled the material from its own site the entire brief remains available in Google cache.</div>
TJ McIntyrehttp://www.blogger.com/profile/16565959875438814437noreply@blogger.com1