No consultation process of any kind on data retention

A UK parliamentary cross-party committee has published a long-awaited report this week roundly rejecting and condemning the whole…

A UK parliamentary cross-party committee has published a long-awaited report this week roundly rejecting and condemning the whole concept

Last November, the Department of Justice acknowledged that it was planning to introduce a data retention bill that would see all the traffic information on every Irish person's phone and mobile calls, faxes, emails and web-surfing habits retained in huge databases for three or more years.

Striking to read, then, that a British parliamentary cross-party committee of peers and MPs has published a long-awaited report this week roundly rejecting and condemning the whole concept of data retention.

The All Party Internet Group (APIG) looked at the retention scheme proposed in the Anti-Terrorism Crime & Security Act 2001 (ATCS), which would have meant holding traffic data for up to 12 months.

READ MORE

The British policy think-tank, the Foundation for Information Policy Research (FIPR) said of the damning report: "It concluded that the British government had underestimated the costs of the scheme, that billing databases would migrate abroad to escape regulation and that there were few incentives for industry to help the government track technical change. To cap all this, the scheme appeared to be in breach of human rights legislation and, despite a year of effort by the Home Office, no solution was in sight."

The foundation added: "The evidence heard by the inquiry made it clear that the proposed voluntary ATCS scheme had no hope of acceptance by industry."

The report also concludes that it would be impractical to proceed with the fallback of mandatory data retention and strongly recommends that the Home Office scrap its plans altogether and start negotiations on a lower-impact scheme of targeted "data preservation" instead.

In short, British parliamentarians from across the political divide are stating clearly that the costs for data retention (for 12 months as opposed to the Government's "three-plus years") would be enormous; that British business will migrate to friendlier locations where customer data won't be open to scrutiny and where costs will be lower; and that industry will receive little support, financial or otherwise, from government in keeping information gathering and storage systems up to date on behalf of the government.

And a key phrase in this summary is this: "the evidence heard by the inquiry". Because at least in Britain, well known as one of the most pro-surveillance nations in the western world, a public inquiry was openly conducted into the whole area of whether to introduce data retention, and a large range of voices had the opportunity to express their opinions.

Over here, people know virtually nothing about the Government's data retention legislation because first it was kept hidden, and then it pretended plans really hardly existed at all.

Finally, two months after giving lip service to the idea that the Department was truly just on the verge of a wide public consultation process for a bill it intends to introduce this spring, the Minister has failed to begin any sort of consultation process.

When the Department of Justice's plans were first revealed in November, the Minister, Mr McDowell, denied that any period of time had been decided upon yet. But a leaked questionnaire completed by the Department of Justice in the summer, and sent to the secretive EU Council of Ministers, indicated that the Department intended to introduce a bill that would mandate data retention for "not less than three years".

The Minister denied that a bill was in the works. Yet it is known that the Department has been preparing such a bill since early summer and has circulated a detailed preliminary draft of such a bill - which also clearly indicated a three-year retention period - amongst a small circle last autumn.

Incredibly, up to this point the Department has not bothered to seek any input, advice or guidance from any of the groups who would be directly interested in and affected by such a bill - the internet service providers and phone companies that would have to store and manage years of data for millions of customers, businesses whose sensitive communications records would have to be preserved, or the privacy advocacy groups and those in the legal profession who follow data protection and privacy issues.

More appallingly, the Department failed to consult the general public - the people most directly affected by such a law.

It did not ask citizen groups for a response, it did not ask all the elected representatives who represent us to weigh in with a perspective on how constituents might feel. It did not even notify TDs that it had plans for such a law.

And, of course, the Department of, er, Justice did not do the right and just thing and seek your personal opinion. The Department has still not announced when this crucial process will begin.

Nor has it suggested that perhaps an impartial, cross-party Dáil group should conduct public hearings on data retention and report back.

This is clearly the proper course of action for any consultation process. Why should anyone believe the Department will be impartial in holding hearings for a bill it has already written up into advanced draft form?

Why should we trust it will listen evenly and non-judgmentally to alternative perspectives to its own, when it indicated in the leaked memo to the Council of Ministers that it expected no opposition whatsoever from the telecommunications and internet industries?

Its response stated that "we do not foresee problems arising with the industry in relation to the primary legislation referred to". Only Portugal and Greece also said they had not consulted their telecommunications industries about such legislation.

Why doesn't the Department save us all time and expense by reading the British parliamentary report and accepting that its negative findings on a one-year retention period should be taken to be three times worse for a three-year retention period?

Just scrap the bill now and, instead, propose something that clarifies the parameters of reasonable access rights to digital data for law enforcement, and the privacy rights of Irish citizens.

However, I am willing to wager that the Department and the Government will stumble forward with an attempt to ram through this offensive proposal for years of data retention - a proposal that treats every Irish citizen as a potential criminal, and views our most private records as evidence for crimes we have not yet and most likely never will commit.

klillington@irish-times.ie

Karlin's tech weblog: http://radio.weblogs.com/0103966