Net Results: When three of Ireland's top technology leaders, from three of the State's highest profile companies, stand up and warn that the Republic's data retention laws are set to seriously damage this country's business climate and competitiveness, the Government had better listen.
In particular our pro-business Tánaiste, Mary Harney, long a friend of the tech sector, must take these expressions of concern to heart, and her party colleague, justice Minister Michael McDowell, who is ramming through these unnecessarily oppressive policies.
Harney and other members of the Cabinet must recognise that when people such as Joe Macri, managing director of Microsoft Ireland (20 years in Ireland, employs 1,800), Dr Chris Horn, cofounder and vice-chairman of Iona Technologies (tireless promoter of Ireland Inc, employs 800 worldwide) and Paul O'Riordan, managing director of Oracle Ireland (19 years in Ireland, employs 900), express deep concern at the extent of data retention laws, there's truly something to be worried about. Their alarm was clearly stated in a piece I wrote last week for the opinion page on St Patrick's Day - just in case our travelling ministers missed it.
Here is more on their perspectives. First, the background: the Republic's year-old data retention law - which requires the storage of traffic information (but not content) of phone and mobile calls, faxes, and with a recently EU-mandated directive, e-mail and internet data - demands one of the longest storage periods in Europe, at three years. Incoming EU legislation allows for a six-month to two-year storage period. But McDowell has said he will take the EU to court so that Ireland can hold data for three years or longer.
Macri states his concerns unequivocally: "Irish legislation is going beyond what is required from an EU perspective and is going to put significant additional costs on businesses from an administrative and a capital investment perspective. While we respect and understand the needs and concerns of the law enforcement agencies, there is also a need to take personal privacy concerns and the broader needs of business into consideration."
It is not surprising that the tech sector and its representative bodies, including ICT Ireland and TIF (the Telecommunications and Internet Federation), are concerned. The technology sector understands better than any other how revealing retained telephone, e-mail and internet data can be, and how poor the State has been at overseeing and managing major IT projects. From PPARS and Pulse to electronic voting, no one seems to understand how to make judgment calls on the appropriate scope or security of such projects.
Dr Horn notes that, of course, law enforcement has legitimate concerns about tackling crime and terrorism and protecting citizens. But, he says: "Our society also has a right to protect itself from unwarranted personal intrusion by agencies of this State and those of other states. In addition, businesses have a right in particular to protect themselves against accidental disclosure of commercially sensitive information and industrial espionage.
"Given the context of poorly managed IT projects by the State, what confidence can the Irish public and businesses have that agencies of this State, and companies by law acting on their behalf, can adequately gather and in particular protect highly sensitive information?"
It is a very legitimate concern. One year into a data retention law - itself introduced surreptitiously and without advance notice as an unexpected amendment to the Criminal Justice (Terrorist Offences) Act 2005 and debated in a nearly empty Dáil - the Department of Justice has given no insight into actual practice for storing, managing and accessing this sensitive information, who can look at it and under what circumstances.
The only oversight comes from a single, Government-appointed judge who is supposed to have the whole area of State-ordained surveillance under scrutiny. But these insider appointees, neutral as they may be, have never produced anything more than a one page annual report containing a one-sentence - positive - assessment. By contrast a detailed report is produced each year in the UK. Our existing system is appalling - as closed and opaque as could be.
Dr Horn and O'Riordan both feel an oversight body must be established. O'Riordan says: "If our Government, and indeed governments across the EU, are going to retain data, we must have an assurance that the information is stored properly and securely, and that there are strict procedures in place governing access to the information. Vigorous enforcement and policing of these procedures is also essential and significant penalties should be incurred if there's an abuse of the system."
Dr Horn says: "One way forward might be to establish an entirely independent IT inspectorate, funded by the State, and composed of practising world class IT professionals. Such an inspectorate should be given, by law, the right to independently inspect and audit the IT systems of State agencies, and commercial companies collecting data on their behalf, at any time and without notice."
Isn't it time Ireland Inc operated under the same scrutiny a publicly listed company must? Or as Dr Horn asks: "Will our Taoiseach and Minister for Finance ever personally warrant the adequacy of the systems under their responsibility, as the CEO and CFOs of US public companies in effect have to do so under US law? What comfort could our Government obtain that its systems are in fact adequate?"
If the Government spends a fraction of the time considering the business impact of its data retention laws that it does working out beneficial corporate tax regimes, it will realise that it must reconsider and redraft this legislation - an opportunity it has in the coming months as it implements the EU directive on data retention. If it doesn't, the tax regimes may not matter much - because businesses, especially in the tech sector, will consider moving to more open and transparent business environments.
Macri says: "I feel that the legislation as it currently stands has not been considered in the context of the potential impact that it will have on business in general and the ICT industry specifically.
"I would call on Government to consider that potential impact prior to implementing it in its current form."
:quality(70)/s3.amazonaws.com/arc-authors/irishtimes/2a429887-bb72-4814-bd40-0cbf79fe8d51.png)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/VR3765MFOBH2NMV2QNICYDF67M.png)