European legislation that permits the secret surveillance of e-mails, internet and phone usage - in many cases, without a warrant - is again being pushed by some law-enforcement supporters following the terrorist attacks on the US.
Businesses and privacy advocates here are concerned that such legislation could outweigh the State's own e-commerce laws, which strongly protect the right to use encryption and take a light regulatory approach.
Under the proposed EU legislation, internet service providers and phone companies would have to retain data on subscribers for months or years. The legislation could also undercut the effectiveness of using encryption to protect private e-mails by giving law enforcement a "back door" to read them.
The EU Council of Ministers supports proposals for the "blanket retention" of electronic data - a contravention of the EU's current Data Protection Directive, which only allows such data to be retained temporarily for billing purposes. Such information could be retrospectively trawled, producing a concise picture of an individual's movements, contacts and actions.
"That traffic data is really an entire map of your private life," says Mr Casper Bowden, director of London think-tank Foundation for Independent Policy Research. "[The proposed legislation] would provide an astonishingly Orwellian ability of the state to invade people's privacy."
The proposal has been rejected once by the European Parliament but will be reintroduced "under another badge", says Mr Malachy Murphy, co-chairman of the Irish Council of Civil Liberties and convener of its e-rights group. "The spin that's being put on it is that these are new proposals, to make them more palatable."
Similar legislation is being rushed through Congress in the US. A bill called the USA Act, that would allow increased surveillance of internet and phone activity, often without a warrant, passed by a 98-1 margin last week in the Senate. Britain, which already has frustrated businesses and privacy advocates with the surveillance and anti-encryption provisions of its Regulation of Investigatory Powers (RIP) Act, is seeking to amplify those powers under any new EU directive, say critics.
Last week, the Guardian revealed that mobile provider Virgin Mobile already retains all data about its customers' movements and has since its launch in 1999. Also, British Home Office officials met telecommunications officials during the week to discuss introducing a "voluntary code of practice" for retaining such data for years for national security purposes.
At the heart of the global security debate are new concerns about how terrorists might liaise and co-ordinate attacks through electronic networks, and whether increased surveillance could prevent such attacks. Following the September 11th events, many are willing to accept some degree of trade-off between privacy and security, if carefully-considered warrants are required and a system of legal checks is in place.
"I think it's appropriate to consider legislation that would detect and prevent acts of terror," says US-based encryption pioneer Mr Phil Zimmermann, inventor of the widely-used Pretty Good Privacy encryption standard and head cryptographer with Dublin-based e-mail security company Hush Communications. "But I think the Act we did pass went beyond that. It went by so fast that it wasn't debated as thoroughly as it should have been."
Mr Zimmermann was in the spotlight immediately following the September acts when a Washington DC newspaper incorrectly implied that he regretted having given the world a product with which anybody could encode information. On the contrary, he believes that encryption remains central to protecting commerce, freedom and free communication.
He notes that, after September 11th, the US did not overturn the rights of US citizens to use encryption products - ironically, a right that was established by a long-running court case brought by the government against Mr Zimmermann for releasing his product. "We didn't change the crypto controls in this country after September 11th, which I think is good," he says. A "thorough debate" over several years produced "a high-quality decision" by the US to allow free access to encryption. "The decision then took account of the fact that terrorists might use this," he says.
The Republic's then-stronger protections on the use of encryption, a central part of the State's E-commerce Bill, encouraged Hush to move its headquarters from the US to Dublin. But new EU proposals now consider requiring "back-door" access to encrypted e-mail - leaving deliberate entry ways for law enforcement to examine e-mail contents. They also would strip out provisions of the existing Data Protection Directive to allow mass retention of electronic data. Yet after considering the potential threat of state-sponsored surveillance, especially by the US and Britain, the European Parliament only this summer recommended that all European businesses routinely use encryption.
Mr Bowden says he believes that any directive would leave member-states to decide how to enforce its provisions. However, he notes that Britain has already taken a heavy-handed approach. Initial proposals for more aggressive "anti-terrorist" surveillance legislation after September 11th caused an uproar and have been redrafted, but still introduce wide-ranging powers of surveillance.
But Mr Bowden fears new European legislation would enable law enforcement to start matching data from various sources - e-mails, phone calls, faxes, internet use - to profile individuals. Britain had so far not introduced any mechanism for regulating how such information would be accessed or used, he said.
Irish-based businesses have expressed concern at the effect any new EU legislation could have on commerce. "The e-commerce Act has been very good at attracting the next wave of investment here. Anything that holds Ireland back from this vision of an e-commerce hub can't be a good thing," says Mr Joe Macri, general manager of Microsoft Ireland.
Mr Paraic O'Toole, former Irish vice-president of Cambridge Technology Partners and now chief executive of Dublin start-up Automsoft, says the argument that data should be collected because it could be sifted for useful information "is an attempt to count the grains of sand on the beach".
An environment in which this would be permissible could seriously damage the Republic's competitiveness. "Anywhere you have new frontiers, you have new pioneers. But if you start to fence the land, you limit the flexibility of the players to do new and innovative things," he says.
"Innovation tends to do better in open societies," agrees Mr Annrai O'Toole, a co-founder of Iona Technologies and chairman of Cape Clear Software. "If this is part of an overall trend of clamping down on liberties, then we're handing victory to Osama bin Laden."
:quality(70)/s3.amazonaws.com/arc-authors/irishtimes/2a429887-bb72-4814-bd40-0cbf79fe8d51.png)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/VR3765MFOBH2NMV2QNICYDF67M.png)