Data retention act could set back e-commerce

29 Nov 2002

Implementing the Telecommunications Retention of Data Traffic Bill, apart from raising the ire of civil rights groups, has caused concern amongst telecom carriers and internet service providers (ISPs) over the expense of logging and monitoring phone calls, text messages, faxes, emails and internet usage over a four-year period.

According to sources, the proposed bill, which follows on from a EU directive that came into being following pressure from the US government post-September 11, could prove “unwieldy” for telecom operators and may counteract progress made following the passing into law of the E-commerce Act, 2000, in promoting Ireland as an uninhibited location for data centres and e-commerce firms to invest.

Reports that the bill was to be enacted were first revealed yesterday in The Irish Times newspaper, claiming that the Minister for Justice, Michael McDowell, intends to pass the bill into law by the spring. The news caused an angry reaction from civil liberties groups, who claimed that it would go against the European Convention on Human Rights.

According to Larry Taylor, media services manager at Esat BT, such a bill, reminiscent of the UK’s controversial Regulation of Investigatory Powers (RIP) Act, may also put Irish people off conducting e-commerce and other services, as the privacy they currently enjoy in terms of communicating through email and chatrooms as well as purchasing with their credit cards online will disappear.

“At present, telecommunications companies (telcos) are obliged to keep logs of phone calls for up to one year and we co-operate with Gardai who have official letters of investigation when they are investigating individuals engaged in illegal trafficking of drugs or involved in suspected paedophile activity. We could tap everybody’s phones or log internet or email communications, but it is logistically and financially impossible for us to do so,” he said.

“In the current scenario, we give everybody the credit of being innocent until proven guilty and we work with the security services to monitor the activities of suspected individuals. We can use phone numbers to map geographically everything occurring over the network. In terms of internet activity, we are only currently logging activity of our proxy servers and currently log 200MB a day. If we were to monitor activity on all our servers, it would take up to at least 1GB a day. If we were to do that over four years, you are talking about 1.2 terabytes of raw data being collected every year for internet activity alone,” Taylor said. “To monitor everything for four years would be completely unfeasible and too expensive for us.”

“It appears that if the reports are true, then the Department of Justice, Equality and Law Reform intends to put the onus of investigation onto service providers like telcos, ISPs and mobile operators, with a minimal amount of investment in the Gardai, who could probably use more manpower in this regard.

In terms of e-commerce in Ireland, Taylor said there was concern about what such new rules could do. “People are already a bit cautious about buying online and handing over their passwords or credit card numbers. If they are aware that ISPs are monitoring every transaction or communication, they would be reluctant and this could put e-commerce back. If there is a perception that there is ‘big brother’ activity, then innocuous activity like chatrooms or dating services would also suffer.

“For us, the cost and capital expenditure implications in terms of investment in infrastructure and software architecture cause us a lot of concern and people’s feelings of safety and security are not going to be helped,” Taylor said. He confirmed that his company has received no consultation from the Department of Justice, Equality and Law Reform about the proposed bill and is anxious to do so.

A spokesman for the department told “The legislation is the Telecommunications Retention of Data Traffic Bill and comes from an EU Directive. The purpose is to assist the Gardai in crime investigation and safeguard national security.”

The spokesman said that much of the “big brother is watching you” furore is premature at present and that little or no consultation outside the Department of Justice has taken place. “It’s at the very early stages and nothing has been decided in relation to the length of time that data could be retained. Before the bill is finalised we intend to engage in discussions with all interested parties, particularly civil liberties groups and the Gardai, about how it should progress.

“It is very premature to indicate the scope of the bill. Before it becomes law it has to be debated before the Houses of the Oireachtas and various amendments will be made. At present, telecoms companies and ISPs have to retain information on calls in order to trace calls back and let people query bills. They also have to make information in specific circumstances to help with crime investigation. We intend to conduct discussions with all interested parties before any bill is produced,” he said.

By John Kennedy