Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all,
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.

Ireland lies somewhere between North Korea and the USA for data privacy

Options
  • 21-12-2014 5:42pm
    #1
    Impetus
    Registered Users Posts: 1,667 ✭✭✭


    Irish data / communications traffic intercept laws are an outdated legacy of a politically corrupt past. Allowing them to remain on the statute books reflects poorly on the current government, and does not provide the “cloud services industry” with the optimum legislative framework to make the most of Irish based cloud services in the global marketplace. Not only does this impact cloud services - international financial services, internationally marketed financial services, and any industry which is based on valuable intellectual property / trade secrets also come to mind.

    It is time that Ireland moved from an era of snooping by “ministerial direction”, and trial by secret court* (Justice Minister Frances Fitzgerald’s contribution to Ireland in the 21st century) – perhaps she would be better suited to occupy the post of secretary to Kim Jong-un? Minister Fitzgerald could then oversee the global censorship of movies like The Interview** etc.

    The powers that be seem to have no problem enacting instant laws to facilitate surveillance by foreign governments - meanwhile the Irish statute book is reeking with old fashioned, badly drafted, non-codified legislation.

    Government is a public service and the customer is the citizen/resident of the country. In Ireland and other European semi-democratic countries, the citizen is "the product" (victim) eg the Christmas turkey, a la Google users.

    http://www.irishtimes.com/opinion/why-ireland-must-protect-privacy-of-irish-emails-and-internet-usage-from-surveillance-1.2044384

    * http://www.irishtimes.com/business/technology/state-sanctions-phone-and-email-tapping-1.2027844

    **http://www.imdb.com/video/imdb/vi1114222361/?ref_=tt_ov_vi


Comments

  • Options
    #2
    Mr. G
    Moderators, Technology & Internet Moderators Posts: 4,621 Mod ✭✭✭✭Mr. G


    The Governemnt are ignoring it's people. Fundamentally this is wrong. We need stricter Data Protection Laws. Our current DPA is flimsy to say the least. They had to have one to meet the EU directive.

    For all we know the Govt could be using it for politically motivated reasons. Why would I not be surprised.

    It's always been "no comment".

    What can be done about it though?


  • Options
    #3
    Manach
    Moderators, Society & Culture Moderators Posts: 9,663 Mod ✭✭✭✭Manach


    To echo the OP, one should be concerned by the concept of these hidden courts to decide data privacy. While in theory the unenumerated right to privacy in the Irish constitution should be sufficent to act as a check on the state, given the numerous exceptions that can be found to such it would be better to rely on the EU's directives on this manner. However even then the state might emasculate the meaning of the law both by minimum funding of the DPC and regulatory capture.


  • Options
    #4
    FSL
    Registered Users Posts: 1,456 ✭✭✭FSL


    Politicians the planet over are self serving parasites who couldn't careless about the people as long as they can be conned into voting/supporting them.

    If you want real democracy then randomly appoint a number (depending on population size) of citizens who's task for a fixed period is to ensure that those responsible for the running of those services, which are deemed to be best provided by the country as a whole, are delivered efficiently, cost effectively and without fear or favour.


  • Options
    #5
    Impetus
    Registered Users Posts: 1,667 ✭✭✭Impetus


    FSL wrote: »
    Politicians the planet over are self serving parasites who couldn't careless about the people as long as they can be conned into voting/supporting them.

    If you want real democracy then randomly appoint a number (depending on population size) of citizens who's task for a fixed period is to ensure that those responsible for the running of those services, which are deemed to be best provided by the country as a whole, are delivered efficiently, cost effectively and without fear or favour.

    Why random?

    In most Swiss cantons one can kick out a law enacted by the (unpaid) politicians by referendum type vote on a Sunday morning. The results are generally available that afternoon. In addition, with 100,000 or so signatures one can call a federal referendum to change the constitution.

    eg Zurich city gov tried twice to install a metro system in the city. each time they failed because every public expenditure over 10 million CHF in Zurich requires a public vote. A million Swiss citizens are brighter than a few politicians etc. They city now has the best public transport and traffic flow in the world. 18 tram lines, 10 above ground, duplex (double deck) S-Bahn train lines. The most intelligent traffic light system on the planet (VS-plus). Mainline train station at the airport. Nearly 80% of journeys take place on public transport. No stupid cards with RFID. Random ticket inspection with CHF 100 fine if invalid. Trams every 3 to 5 minutes. Most people subscribe to public transport on a monthly or annual basis rather than buying tickets for each trip, for the zones they need to travel in.

    Swiss government is there to provide a service to the customer. Real democracy.


  • Options
    #6
    Mr. G
    Moderators, Technology & Internet Moderators Posts: 4,621 Mod ✭✭✭✭Mr. G


    Our constitution can't be changed without a referendum. Unlike many other countries. Doesn't necessarily make it a true democracy though.

    Saying nothing is not the way to go about it. People are concerned about their privacy, I know they are because I've heard people chat about it frequently. It's in the news every week.

    Anyway - there was meant to be a new DPA / directive before Christmas but it looks like it will be in 2015. Besides that, education is a massive factor and the majority of the public don't actually know of the current surveillance laws out there.

    Is it surprising that RTÉ had no coverage of the law signed into law by Francis Fitzgerald or the leak by Edward Snowdon that the UK were tapping a cable between Britain and Ireland? It hit Google News, Newstalk, front page of Irish Times but not RTE news.

    I recall very recently Francis Fitzgerald stating that there is no question of the UK tapping calls in Ireland. Still doesn't answer the question and calls can be tapped in the UK too.


  • Advertisement
  • Options
    #7
    Mr. G
    Moderators, Technology & Internet Moderators Posts: 4,621 Mod ✭✭✭✭Mr. G


    http://www.usnews.com/news/articles/2014/12/24/ireland-backs-microsoft-against-us-email-demand


  • Options
    #8
    DoomZ
    Banned (with Prison Access) Posts: 166 ✭✭DoomZ


    I sure I've heard there are plans at a European level to increase data protection laws. Heavier fines etc


  • Options
    #9
    Mr. G
    Moderators, Technology & Internet Moderators Posts: 4,621 Mod ✭✭✭✭Mr. G


    DoomZ wrote: »
    I sure I've heard there are plans at a European level to increase data protection laws. Heavier fines etc

    http://www.pcworld.com/article/2861772/in-2015-eu-aims-to-sweep-away-old-rules-on-data-protection-and-copyright.html
    The notice requirements remain and are expanded. They must include the retention time for personal data and contact information for data controller and data protection officer has to be provided.

    Privacy by Design and by Default (Article 23) require that data protection is designed into the development of business processes for products and services.

    Privacy settings are set at a high level by default.

    Data Protection Impact Assessments (Article 33) have to be conducted when specific risks occur to the rights and freedoms of data subjects. Risk assessment and mitigation is required and a prior approval of the DPA for high risks. Data Protection Officers (Articles 35-37) are to ensure compliance within organizations. They have to be appointed for all public authorities and for companies processing more than 5000 data subjects within 12 months.
    ...Data controllers must be able to prove "consent" (opt-in) and consent may be withdrawn.

    ..
    A so-called right to be forgotten was replaced by a more limited right to erasure in the version of the GDPR adopted by the European Parliament in March 2014.[7][8] Article 17 provides that the data subject has the right to request erasure of personal data related to him on any one of a number of grounds including non-compliance with article 6.1 (lawfulness) that includes a case (f) where the legitimate interests of the controller is overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data

    Looking at the number of data protection issues this year it's about time this law was reformed.


  • Options
    #10
    bd0101
    Registered Users Posts: 43 bd0101


    Indeed about time. So much noise around for data protection, privacy, information security.. and all Govt does is hiding the head in a hole.

    I am amazed by how motivated are some people (in Sweden for example), to go on the streets and protest when their freedoms are at stake. Here though, not a change.. chatter, commenting, but no real noise.


  • Options
    #11
    Mr. G
    Moderators, Technology & Internet Moderators Posts: 4,621 Mod ✭✭✭✭Mr. G


    bd0101 wrote: »
    Indeed about time. So much noise around for data protection, privacy, information security.. and all Govt does is hiding the head in a hole.

    I am amazed by how motivated are some people (in Sweden for example), to go on the streets and protest when their freedoms are at stake. Here though, not a change.. chatter, commenting, but no real noise.

    The Government see themselves as an organisation, rather than an organisation run by and for the people.

    People here just aren't bothered anymore because their voices aren't heard. The Taoiseach's comments are much more in favour of data protection than Cameron's lunatic comments that he came out with today.


  • Advertisement
  • Options
    #12
    bd0101
    Registered Users Posts: 43 bd0101


    Related news:

    http://www.enisa.europa.eu/media/news-items/national-cyber-security-strategies-the-latest-news

    from the link (highlights are mine):

    In July 2015, Ireland published its National Cyber Security Strategy for 2015 – 2017. The strategy highlights the Government’s approach in facilitating resilient, safe and secure operations of networks, infrastructures and digital technologies used by the Irish citizens.
    The strategy focuses on the following key actions:
    • Formal establishment of CSIRT-IE with focus on protection of CII’s in energy and telcos.
    • Improved security delivery in the areas of situational awareness and incident management.
    • Introduction of primary legislation in compliance with EU requirements.
    • Local and international PPPs in the interest of Critical Infrastructure Protection by improving situational awareness, incidents management, education, training and public awareness.

    Comment: Not much to be honest, but a good move nevertheless. Critical Infrastructure is nice to protect (energy, telcos etc), but for that Ireland already had a number of CERT teams to do so. The problem is that there is no authority of CERT teams over anything/anyone, and many of the beneficiaries are simply not interested ("we are secure enough"). Also, CII is not equal to Irish citizens - the last point that brings them in, is not integrated with any level of formal education (a leaflet or email would be just thrown/deleted - no effect).

    What Ireland and Europe needs is to build a digital infrastructure and use it as a key to provide an independent policy in the EU Cyber Space. When systems mix and match - then policies get grey zones..


  • Options
    #13
    Impetus
    Registered Users Posts: 1,667 ✭✭✭Impetus


    Ireland (and the rest of the EU) needs a competent audit of mobile and fixed services to determine which mobile, landline phone and internet companies are providing a firehose of C7 data to GCHQ and its cousins, or where they can be seen to have constructed their networks to facilitate the theft of same by the latter.

    By C7 data, I am using it as shorthand for traffic data (and content relaying if this is taking place too) - C7 being an abbreviation for the CCITT No 7 signalling system* as well as relays of IP traffic and/or "just the headers".

    Anyone found guilty should be fined at say 30% of revenues, recurring on an annual basis until they stop. The fine would make a useful contribution to the state's coffers in terms of providing urgently needed services to those suffering economically and help reduce the national debt. I have no doubt that one or more companies licenses by Comreg is either selling data or exchanging it for favours on the black market. Given an estimated market of 4 billion in Ireland - 30% = 1.2 billion EUR.

    This issue has nothing to do with data retention for say 6 months for the Gardai to help trace crime, as defined in the Irish statute book. I would focus the initiative on the black market of primarily state sponsored theft of personal information and company owned proprietary data.

    *https://en.wikipedia.org/wiki/Signalling_System_No._7
    https://www.eff.org/issues/mass-surveillance-technologies
    https://en.wikipedia.org/wiki/Mass_surveillance


Advertisement