Menu
Ireland's political and cultural magazine
42 February 2015
MEDIA
Also in this section:
Getting an ad on RTé 46
Irish paywalls 48
GUBU
in 2015
nasty bug
February 2015 43
L
AST last year, the Irish Times
reported exclusively on secret
courts set up by justice minister
Frances Fitzgerald to regulate
requests for Irish data from the
UK’s GCHQ. The courts were set up after
files released by NSA whistleblower
Edward Snowden revealed that GCHQ
was illegally tapping data on the inter-
net pipes leaving Ireland, which travel
through the UK.
The new courts, established by stat-
utory instrument, make it a crime to
report that a company has been ordered
to appear before the in camera courts.
Exclusive is a much abused word in
journalism, but for once it is accurate.
A month after the story was broken by
Karlin Lillington, no other newspaper
or broadcaster has covered it. Privacy,
and in particular online privacy, remains
a little understood concept in the Irish
media. While Irish journalists reme-
nisced about CJ Haughey as RTÉ showed
its three part series ‘Charlie’, their mem-
ories colouring their judgment of the
politically ambitious but dramatically
flawed programme, another Charlie
made headlines in France. In the wake
of the Charlie Hebdo attacks leaders,
who linked arms in Paris days later in
the name of free speech, announced in
lockstep the need for increased surveil-
lance of their citizens.
Charlie Haughey accidentally invented
Irish privacy rights in 1983. His justice
minister didn’t object to the concept of
tapping the phones of journalists – they
were a security threat, the Boss said so
– but after the affair became public as
part of the year of GUBU, legal cases by
Geraldine Kennedy and Bruce Arnold led
the courts to outline a right to privacy.
Technology has moved on from 1983,
when many rural phones were still con-
nected through manual exchanges and
the Apple IIe and Commodore 64 were
the height of computing sophistication.
Not surprisingly, the law has struggled
to keep up.
In principle, surveillance of Irish
citizens is governed by two laws. Data
interception (telephone tapping) is
regulated by the 1993 Interception of
postal Packets and Telecommunications
Messages (Regulation) Act, while the law
on data retention comes under the 2003
Data Protection Act, with an annual
report prepared by an independently
appointed designated judge. These
reports can be laughably brief, often
amounting to a single page.
In practice, a myriad other laws, gov-
erning everything from the coroners’
courts to the investigation of shipping
accidents, give State agencies access to
personal data.
“The headline stuff is the 1993 Act for
interception and the 2003 Act for data
retention, but there is a bit question mark
over how other powers could be used”,
says TJ McIntyre, law lecturer and chair-
man of the independent civil liberties
group, Digital Rights Ireland.
“There’s tonnes of legislation that give
powers to, not just the Gardaí but investi-
gators in the department of agriculture,
Phone tapping never
went way,
since you ask.
By Gerard Cunningham
It is already
happening
literally on
an industrial
scale
“
44 February 2015
MEDIA BUGGING
revenue commissioners and other state
bodies, and the obvious concern is that
these bodies may demand such docu-
ments as may be found, and obviously
those powers can be used to get their
hands on particular communications”.
“There’s also the concern that the
Garda or other state agencies might also
be getting voluntary disclosure of some
information, for example going to social-
network sites and asking to see direct
(private) messages between people, and
perhaps even if they don’t have the power
to compel disclosure, that site might be
disclosing them anyway”.
“US firms wouldn’t do that as, to the
extent that their operations are based in
the US, they would have to comply with
US laws which are more stringent, and
normally would insist on some sort of US
process. But domestic firms: I would be a
bit more worried about.”
“To put this into context. There is
a wider European arena, under the
European Convention on Human Rights
(ECHR), which is quite clear that when
you have state surveillance systems,
you should have certain safeguards in
place.
So if you don’t have a judge authoris-
ing access to information beforehand,
you should have some sort of judicial
oversight of the system as a whole, the
systems have to be prescribed by law set-
ting out when they can be used, what kind
of crimes are being investigated and so
on”.
Digital Rights Ireland last year pursued
Ireland to the European Court of Justice
(ECJ), securing a judgment striking down
Irish data-retention laws as excessive.
The government, perhaps anticipating
a successful challenge to its 2006 reg-
ulations on data retention, passed the
Communications (Retention of Data)
Act in 2011.
McIntyre is unconvinced anything has
changed as a result of the ECJ decision.
“It would be disappointing if the tel-
ecoms companies had not approached
the state to amend the practice in Ireland
after the DRI decision, and I would be
fairly confident they hadn’t”, he says.
“The State’s position is that the 2011
Act is still in force and, while that is the
case, everything is hunky dory, nothing
to see here, nothing to worry about. And
our position is no, the 2011 Act is uncon-
stitutional and by continuing to keep its
head in the sand the State is only storing
up problems for the future”.
“I think it is very likely you are going
to see convictions quashed in the future
because evidence was admitted when
it shouldn’t have been admitted, when
there was no statutory basis for it”.
The Morris tribunal revealed two
instances where confidential telephone
data was obtained outside the regula-
tory framework. In the first instance
telephone records were obtained by an
officer in Garda HQ who phoned the GPO,
where the then publicly-owned Telecom
Eireann (now Eircom) was based, and
asked the person who answered the
phone for the records. He produced no
warrant or authorisation, and the records
were sent to him within a few days. The
officer said this was the only time he had
done this, as the records were needed
urgently and he didn’t have time to proc-
ess the paperwork, and that he did not
recall the name of the person he spoke
to in Telecom Eireann.
In the second case, private investigator
Billy Flynn was able to obtain the home
telephone records of a Donegal Garda,
something has superiors could not do.
Flynn later claimed that he was able to
do this because he serendipitously gave
a lift to a hitch-hiker who worked for the
phone company, who was able to provide
him with exactly the printouts he needed
in order to further his investigation.
Barrister Fergal Crehan notes that such
instances of ‘informal’ Garda requests,
and ‘blagging’ are not simply glitches
that happened in Donegal decades ago,
pointing to a recent prosecution of a pri-
vate investigator by the Data Protection
Commissioner.
“A Garda witness was treated as a hos-
tile witness, and it emerged from that
that the garda really had no reason to be
accessing the PULSE data in question. We
can only speculate on the extent of those
activities.
The people who have access to this
information often are not earning a lot
of money, they’re not in the boardroom.
If people aren’t earning a whole lot of
money, if you throw them €50 they’d be
far more likely to say Yes than somebody
higher up the hierarchy.
You ask could GUBU happen again”,
says Crehan. “The answer is it is already
happening literally on an industrial
scale”.
Crehan points out that what was said
in the tapped phone calls of Geraldine
Kennedy and Bruce Arnold wasn’t
really what Charlie Haughey’s govern-
ment cared about. Haughey already knew
there were leaks in the cabinet. That was
why the taps were set up in the first plase.
What really mattered was the metadata.
Who were the journalists talking to, and
when? That kind of metadata is stored
by Irish internet and telecoms compa-
nies for Garda authorities, and can be
accessed – legally and illegaly by for-
eign agencies such as the NSA.
Metadata – data about data – are the
kind of things that makes non-geek
eyes glaze over, but such data, even
anonymised, can be enough to iden-
tify unique patterns. As a recent public
example, by comparing telephone data
released under Freedom of Information
with Oireachtas attendance records,
the Sunday Times was able to identify
Michelle Mulherin as the TD who made
numerous mobile phone calls to Kenya.
GUBU was a lifetime ago. Then the
Garda had to take specific steps to get
information on an individual telephone.
Today all that information is collected
and stored as a matter of course. Small
wonder then that several journalists to
this writer’s knowledge carry several
throwaway ‘burner’ mobile phones at
any time. •
GUBU was
a lifetime
ago. Then the
Garda had to
take specific
steps to
get
information.
Today all that
information
is stored as
a matter of
course
“
Legislative provisions permitting access
to telecommunications and other data
(or any data at all, in some cases):
Communications (Retention of Data ) Act 2011
Data Protection Acts
Merchant Shipping (Investigation of
Marine Casualties) Act 2000.
Regulation 21(6) Medicinal Products
(Prescription and Control of Supply)
Regulations 2003 to 2008
Competition Act, 2002 (with a warrant
from the District Court)
Criminal Justice Act 1994
Coroners Act 1962 Section 26
Merchant Shipping (Investigation of
Marine Casualties) Act 2000
Agencies which can access data under above laws:
Competition Authority
Coroners Court
Defence Forces
Dept of Justice Equality and Law Reform
Garda Ombudsman
Garda Síochana
Irish Medicines Board
Local Authorities
Marine Casualty Investigations Board
Revenue Commissioners
February 2015 45
