Today's Dept. of Justice Information Forum

corley · 24-02-2003 10:40pm #1

Hi,

I presume there'll be an article by Karlin in the Irish Times tomorrow but in any event here's a brief description of what happened. Further details of Joe Meade's (the Data Protection Commissioner) speech can be found at: http://www.dataprivacy.ie/7nr240203.htm

It's actually really good as it not only describes how we got to the current situation but also the privacy arguments against traffic data retention.

The room was small(-ish) but crowded with over 40 people there. All the country's main telcos, ISPs and cable ISPs were present.

The Minister Mr. McDowell opened the session by saying that this was the first stage of a process and that he had an open mind on many of the issues regarding data retention. He (along with speakers from the Department of Communications and the Gardai) explained the current legislative position. This is already contained in Joe Meade's speech at the above link. The Department of Communications speaker explained that the Directive has to be applied by the end of October and that current Irish data retention requirements don't cover ISPs.

The Garda speaker explained about the internal criteria the
Gardai have to vet requests before submitting them to telcos. He said that not all requests pass the criteria and consequently are refused.

He then went on to state why they needed traffic data retention. Examples of its use include:
- Paedophilia. He cited Operation Amethyst. (I could be wrong but
I thought in this case the FBI supplied the gardai with a list
of names, addresses and credit card numbers. The gardai used
images on peoples' hard drives as evidence in subsequent cases.
It's not clear what role traffic data retention played in this.)
- Omagh bombing
- Veronica Guerin murder case. (Both these cases were some time
ago and probably before the criminal community realised that
this kind of monitoring was possible.)
- Transnational Organised Crime and our commitments through
membership of Interpol, Europol etc.

I won't go into the details of Joe Meade's piece as it's at the link above. But in summary he opposed the imposition of a direction on telcos last year which required them to store traffic data for 3 years. This direction, by the way, was secret and telcos weren't allowed to disclose that they received it.

Then there was a question and answer session where most of the speakers (who were from ISPs) raised technical/business reasons as to why they might have difficulties implementing the system. Among the issues raised were:

- Whether e-mail that looked like web traffic (i.e. if it was generated by Hotmail/Yahoo mail accounts) needed to be logged. If this is the case then traffic will need to be parsed in real-time.

- Concerns about the costs this system will put on ISPs - costs which will be passed on to customers.

I asked the Minister the following questions which although he spent 5 minutes answering he never actually dealt with the substance of what I'd asked:

- This is the first stage of a consultation process. What are the next steps?
- Can we have objective, empirical data which demonstrates the need for this type of data retention before we diminish our privacy rights?
- The speaker from An Garda Siochana referred to the cell site location being made available to them. With advances in mobile 'phone technology it's getting easier to pinpoint someone's location more exactly. Soon it'll be possible to determine someone's location to within 10 metres. Will this kind of information be requested under this legislation?

Another speaker from an ISP explained how it's actually impossible to retain internet traffic data. This is because of the extremely high volume of traffic which would need to be retained and then sifted through. Another person said that as data transfer rates are several orders of magnitude higher than current storage speeds it actually isn't possible to do real-time storage of all this information. (I'm not sure if you'll need to store everything that goes through though so I'm not clear how valid this argument is.)

It then drifted into a technical discussion where issues such as VoIP etc. were discussed.

So in summary we're really none the wiser. The Government seem to want to store traffic data for 3 years and to formalise the system for accessing it. It's not clear whether it's technically feasible to store traffic data on ISPs as the Government haven't exactly defined what they want stored yet.

There are to be further phases in this consultation process but we don't know what they are yet.

I'll check in here regularly over the next few days. If anyone has any other questions just post them and I'll try to answer them.

-Mal.

karlin · 25-02-2003 11:27am

My take on yesterday's proceedings is here:

http://radio.weblogs.com/0103966/2003/02/25.html#a1515

I have a piece in the Times today (more to come on Friday) -- there's a link to today's story if you go to the link above. It doesn't take you to the Times site (which requires a subscription) but a free page.

I just wanted to add to the previous posting that, while the garda asst commissioner quoted both Omagh and the Guerin case as examples of the successful use of retained data, the guards knew what they wanted within days of each event, as Joe Meade pointed out. Thus the requests for data came well within the six-month retention period that he advocates.

GavinS · 25-02-2003 11:36am

Lads,

Bernie Goldbach has got the story posted on Slashdot - in Your Rights Online and the frontpage -

Prepare for /. effect Karlin!

Victor · 25-02-2003 12:41pm

From: http://home.eircom.net/content/unison/national/309631?view=Eircomnet
'Big Brother' dilemma in new data protection laws
From:The Irish Independent
Tuesday, 25th February, 2003
Helen Bruce

THE country is facing a dilemma of a 'Big Brother' state or a crime and terrorist free-for-all, the Minister for Justice, Michael McDowell, said yesterday.

He added that the secret to future legislation over email, fax and phone records would be a balance between these two factors.

Opening the Information Forum on Data Retention at the Alexander Hotel in Dublin, he added that he was in favour of increased accountability for investigating authorities.

He said he shared fears over a Big Brother state in which all such communications were scanned, revealing a person's location, personal connections, online tastes and even credit card transactions.

The minister said current laws, under which phone records are held for six years and can be accessed by garda chief superintendents and army colonels, had insufficient "checks and balances", hinting at a three-year period in future.

However, he steered clear of recommending a total ban on the scrutiny of people's phone and internet communications by gardai or the army, fearing it might encourage international terrorists and criminals to view the country as a safe refuge.

Mr McDowell said: "We have to be cautious and protect liberties, but if we had absolute prohibition on the inspection of records then it would make it almost impossible to detect certain crimes.

"International terrorists would be able to plot from this island in absolute safety, while organised criminals would be able to settle themselves in Ireland to engage in money laundering, using privacy laws here to protect them from detection and prosecution."

The minister cited as evidence the Omagh bombing case, where phone records were used to bring a conviction against Dundalk publican Colm Murphy for conspiring to cause the terrorist attack.

Also speaking at the forum, garda Assistant Commissioner Joe Egan highlighted successful prosecutions against internet paedophiles and the prosecution through mobile phone records of those responsible for the murder of Veronica Guerin.

Assistant Commissioner Egan stressed gardai were not able to learn the content of a telephone message, fax message or email without a warrant from the Department of Justice.

The only information available under their own current powers was that one telephone contacted another, the duration of the call and, for mobiles, the cell site location where the call was made.

Regarding internet communication, gardai can only discover that a particular user accessed the internet at a certain time and for a specified period.

Joe Meade, data protection commissioner, warned that if communications data was not safeguarded through legislation, it could be used by marketing agencies as a way of profiling a person's habits, to spy on a person's movements, to leave a person open to blackmail and to keep every citizen under surveillance "just in case they did wrong".

He proposed data be held for just six to 12 months and queried what level of proof of suspected wrongdoing would be required by a judge in order to access data.

Victor · 25-02-2003 3:31pm

Originally posted by corley
- Paedophilia. He cited Operation Amethyst. (I could be wrong but I thought in this case the FBI supplied the gardai with a list
of names, addresses and credit card numbers. The gardai used
images on peoples' hard drives as evidence in subsequent cases.
It's not clear what role traffic data retention played in this.)

They may have cross referenced information with the CC details to find out where the information was downloaded to (home / office / cafe / hotel).

corley · 25-02-2003 4:47pm

Hmmm, it's possible but, remember they don't have a retention system in place for ISP's. All they can tell is when you phoned the ISP - not whether you used that session to download anything illegal. They might aswell just get a search warrant and take away your PCs.

Victor · 25-02-2003 5:12pm

Originally posted by corley
Hmmm, it's possible but, remember they don't have a retention system in place for ISP's.

But the FBI may have had (Carnivore) and were able to give them some information. Many ISPs retained a lot of information that they strictly shouldn't have / didn't need to.

Lemming · 25-02-2003 5:37pm

Originally posted by Victor

Opening the Information Forum on Data Retention at the Alexander Hotel in Dublin, he added that he was in favour of increased accountability for investigating authorities.

Yet he has a SECRET data retention scheme brought in and tells everyone to shut up or else?He's shown a fine enthusiasm for accountability to date :rolleyes:

[edit] My apologies to McDowell. It was Biddy O'Rourke that issued the previous directive. I only just realised a minute ago that he wasn't the minister a year ago!

DeVore · 25-02-2003 6:31pm

Originally posted by Gavin
Lads,

Bernie Goldbach has got the story posted on Slashdot - in Your Rights Online and the frontpage -

Prepare for /. effect Karlin!

Well that was interesting but we're still here... (We build 'em tough in Spin

)

Glad to see you guys getting some exposure.

DeV.

corley · 25-02-2003 7:16pm

quote:

Originally posted by Victor

quote:

Originally posted by corley
Hmmm, it's possible but, remember they don't have a retention system in place for ISP's.

But the FBI may have had (Carnivore) and were able to give them some information. Many ISPs retained a lot of information that they strictly shouldn't have / didn't need to.

Bringing Carnivore into this is only going to cause more confusion.

Just to restate what I said - at yesteday's meeting the Garda representative said that traffic data retention (i.e. the existing system which they wish to retain for telcos) has helped to solve crimes relating to paedophilia, such as Operation Amethyst.

I questioned how traffic data retention would have been of use. Carnivore is a totally different story altogether and operates outside of this jurisdiction so it's not really relevant for this thread.

Apologies if I appear a bit touchy but if we start dragging every surveillance system that exists around the world into this discussion everyone's just going to get totally lost.

dahamsta · 25-02-2003 9:11pm

If the Garda cited Operation Amethyst as an example of the results of data retention - as against a /possible/ example, which would just be spin - then, considering that Amethyst was initiated and driven by data supplied by the FBI, the only possible way that result could come about is via data retention in the US, and the only way that could come about it via Carnivore.

Sorry corley, but that's on-topic. It's not as if Carnivore is a conspiracy theory any more anyway, it's an admitted reality. If the Garda are going to use it as an example of the success of data retention, we should have an opportunity to refute it.

Personally, I doubt it was in the first place. I imagine that the Garda will throw any old tripe example out there to frighten the public into acceptance. Certainly, the examples cited in this thread have absolutely no bearing on /the topic in hand/.

adam

Fergus Cassidy · 26-02-2003 12:05am

I can't help but conclude that the gardai citing Operation Amethyst is designed to heighten emotions around the issue of child abuse.

Operation Landslide was a US Postal Service/FBI endeavour. A raid on the offices of Landslide Productions, a Texas-based company estimated to be making $1.4m a month from child porn, would have uncovered lists of credit card numbers, names and IP addresses.

More significantly, the FBI kept the site running as a honey-pot and gathered a huge amount of information.

The success of Amethyst was down to following up a huge list of names and addresses. Forensic info on those computers did the rest. Britain, and other countries, did the same.

US Dept of Justice press release (Aug 2001) is at: http://www.usdoj.gov/opa/pr/2001/August/385ag.htm

Fergus

Today's Dept. of Justice Information Forum

Comments