Net Results: Rather quietly, the Department of Justice launched a website this week to lay out its stall on data retention and to invite participation in a public online forum to discuss the issue.
You'll find the website at http://tinyurl.com/85ab (the full website address is extremely long, which is rather unfortunate as it makes it hard to send to anyone or to print in a newspaper).
The move to create such a site is laudable. Data retention - the capturing and storing of data traffic information for all phone, mobile and fax calls, emails and internet usage for all Irish citizens - is a topic that needs as much public airing as possible. Creating a discussion forum that lasts longer than a public meeting and records all perspectives, is a good start at widening out debate.
Unfortunately, the site itself doesn't exactly inspire trust in the ability of this Department to understand internet security issues or to demonstrate that it knows how and when to use some of the security protection technologies available.
For some bizarre reason, someone in the Department decided to use a security feature that is not only uncalled for, but that creates annoying delays in getting into the site. The warning messages thrown up by the feature will cause many visitors concern and put them off using the site.
The site uses a digital certificate to verify that it is a trusted source of information - but this is a rather complicated, and in this case, silly and pointless method of added security. To use a digital certificate, a computer user needs to have the more recent versions of Web browsers and must go through the process of accepting and installing the certificate. Have you EVER installed a digital certificate? I didn't think so. Neither have I. I don't want to have to figure out how to do so just to visit this website, either.
Yet the first thing that happens when you go to the website is that a warning window pops up to let you know that you are viewing a certificate "from a company you have chosen not to trust" (go on, chortle a bit; I did).
Most computer users will probably be flummoxed at this point - what do you do? Install it? Or click "yes" to override the certificate and say you'll trust the Department anyway?
The Department's workaround on this, bizarrely, is to state in big red letters on its homepage that you should just click "yes" and override the security certificate. Well, that's an excellent approach to security - put in place something that alienates people and that isn't needed, yet looks suspicious. And then, when they get confused about what it is and why it's there, tell them not to worry; just accept that the Department knows best and can be trusted, at the same time that it clearly shows that it doesn't really know what it is doing.
That's pretty much what's asked of you in the case of the proposed Data Retention Act. You are being asked to accept that retention is good for you. Just ignore that all the people charged with looking after your rights to privacy under existing EU law and under the European Convention on Human Rights have come out strongly against the concept and practice of data retention - the data protection commissioners in every single EU state, including ours.
This is also a huge business issue, due to the costs involved in retaining data for the telecommunications industries, and the customers who will bear the real costs (the Government is not talking about picking up the tab). As telecoms operators told a British parliamentary committee looking into data retention, the costs, especially for email and internet traffic data retention, are huge. In the Republic, Esat/BT has estimated it would cost €8.6 million per year to retain email data for each of its many large computer servers.
In addition, data retention introduces serious risk issues. Every business in the State would be trusting telecoms and internet operators with sensitive records of who it sent and received communications to and from - calls, faxes and emails. Mobile phones also reveal the movements of all employees - down to a few metres with the incoming 3G systems. Who you did business with, approached in a business context, received documents from online - all recorded for three years and held by firms that, in some cases, have had security glitches with their email systems.
The proposal to retain three years of data is longer than proposals in any other European nation. That puts us at a serious competitive disadvantage to the rest of Europe and strikes a body blow to the Government's plans to make the Republic an e-business centre.
And it threatens our ability to present ourselves as a business centre - the many companies here whose business involves call centres, data processing, back office work or Web ordering will be directly affected and, presumably, will see their costs increase significantly. I wonder if anyone explained our data retention proposals to Google - the US online search giant that recently announced plans to move here and, consequently, channel unimaginably massive amounts of data through this State - reportedly half of its global search traffic.
If the State passes the proposals into law, IDA Ireland needs to start thinking seriously about how it plans to break our data retention plans to the US companies that have lobbied and prevented similar schemes being introduced in the US. Don't doubt for a minute that this Bill will hugely affect the business environment in this State.
But don't take my word for it. Examine the Department's justifications for data retention on its website, check out the arguments at sites such as epic.org, fipr.org and statewatch.org, and join in the discussion forum on the website and make your voice heard.
• Karlin's tech weblog: http://radio.weblogs.com/0103966/