Further erosion of rights and data protection

[barrym]

Hi,

Sorry if this is a bit old, the Irish Times 'lost' the page....

On page 3 of the IT on October 6 there was an item which reported that the Criminal Justice (Mutual Assistance) Act came into force, in part, in September. It 'obliges' the state to assist countries with which it has agreeements (most of the developed world in this instance) in criminal investigations. According to the article it only requires a request and the ok of a superintendent for a bank, for example, to be required to provide details from the individuals bank account. As is pointed out, in many countries the methodology of 'criminal investigation' is very different from here and the person undergoing investigation may not actually be accused of a crime for the request for evidence to be made.

The Act allows for the extension of the data collection to be extended to telecommunications in due course.

Is anyone aware of when this Act was debated and what was the level of debate? Presumably it was justified in part by the fact that Ireland can demand similar information from the other countries, but given the leaky nature of data stores in this country generally it seems to me this legislation extends an already dangerous situation.

Bye, Barry

[corelli]

Hi,

Sorry if this is a bit old, the Irish Times 'lost' the page....

On page 3 of the IT on October 6 there was an item which reported that the Criminal Justice (Mutual Assistance) Act came into force, in part, in September. It 'obliges' the state to assist countries with which it has agreeements (most of the developed world in this instance) in criminal investigations. According to the article it only requires a request and the ok of a superintendent for a bank, for example, to be required to provide details from the individuals bank account. As is pointed out, in many countries the methodology of 'criminal investigation' is very different from here and the person undergoing investigation may not actually be accused of a crime for the request for evidence to be made.

The Act allows for the extension of the data collection to be extended to telecommunications in due course.

Is anyone aware of when this Act was debated and what was the level of debate? Presumably it was justified in part by the fact that Ireland can demand similar information from the other countries, but given the leaky nature of data stores in this country generally it seems to me this legislation extends an already dangerous situation.

Bye, Barry

Very old news. Its a reciprocal arrangement. The Human Rights Commission examined the bill and did not have a problem with it. Since they are not afraid to rock the boat and have a go at the Government on any issue I think we can presume that there is nothing particularly problematic in the Act.

[barrym]

Very old news. Its a reciprocal arrangement. The Human Rights Commission examined the bill and did not have a problem with it. Since they are not afraid to rock the boat and have a go at the Government on any issue I think we can presume that there is nothing particularly problematic in the Act.

Sorry about the 'old' I wasn't aware of the history....

Did you actually see the IT item?? According to Joe Kelly of Goodbody's, quoted in it, it allows the authorities to monitor bank accounts without the holder being aware........
I'd hardly call that "nothing particularly problematic"

As to the reciprocal, is that a reason to approve it??

Has the Irish Council for Civil Libs had anyhting to say??

Bye, Barry

[corelli]

Sorry about the 'old' I wasn't aware of the history....

Did you actually see the IT item?? According to Joe Kelly of Goodbody's, quoted in it, it allows the authorities to monitor bank accounts without the holder being aware........
I'd hardly call that "nothing particularly problematic"

As to the reciprocal, is that a reason to approve it??

Has the Irish Council for Civil Libs had anyhting to say??

Bye, Barry

It has always been the case that the authorities could monitor your bank account, mobile phone account, etc etc without your knowledge. You hardly expect them to tell you when they are doing it?? The issue is inbuilt safeguards, which the act has.

No idea whether the ICCL looked at it. Would not matter if they did as they come out with some rather fanciful stuff based on nothing else then the fact that they do not like something. I read the article and the previous one on the Examiner. The Examiner story was a rather exotic interpretation of what the bill provided for. It's a non issue.

[rightsofman]

In the digital realm there is no such thing as privacy. I can practically guarantee that someone at your bank had a look through your accounts one day while bored. The same goes for civil servants in their respective departments.

Technology moves faster than the laws created to regulate it, many companies have no idea how to properly secure their confidential information and that of their clients/customers.

As we move forward these databases of information will become (even more) networked to each other and accessible from a single point of entry.

That 21 yr old fresh in the civil service will then have access to all of your records, he won't have clear guidelines on how to safely view them, he'll leave his PC unlocked, he'll use the same password as he does for his other logins, he won't treat your personal information with the respect it deserves because its just a matter of course for him.

And thats before you take into account the private companies that maintain their own databases of what you buy in the supermarket, what tv shows you watch, which ads you flicked through, which websites you've visited, what emails you've sent, and to whom, etc. etc. And guess what, there is a huge market for these databases, they are traded between private companies, some of whom have records on hundreds of millions of ppl. All able to be searched by keyword and cross referenced to each other. Its very easy and cheap to leave a server in a country that does not subscribe to our data protection laws, there is no protection for the individual.

Oh and how about hackers? What if I parked outside your house with my laptop, broke into your wireless network (<10 mins work) and snagged all of your bank, forum, and email logins?

Then we have the morons who take your information from their office unencrypted and leave it in the pub, on the bus etc.

That is how secure your personal information is, not one single bit. Anything on a computer no matter the location or level of security, can be read by someone who is not supposed to be able to read it. For a police or govt official to see your info is the least of your worries, at least they have some kind of regulation to their actions.

[barrym]

I totally agree with your analysis, I have worked in the database construction / computer access systems area for many years. The situation is as you describe it, probably worse.

My point is, given that the 'progress' in collecting, organising and accessing information about individuals has made it possible for a lot of people to use this infomation, then it is a requirement that those with responsibilities for ensuring that individual's rights to privacy, freedom to express themselves, rights to know what is recorded about them, etc., are protected.

The situation in Ireland, and, to be fair, in many other countries, is that these rights are not well protected. The legislation I referred to is a typical example, slipped through under different guises, allowing a Minister to arbitrarily extend it, etc.

I'l quote just one case to illustrate my point. After the big Euromillions win by a person in Limerick, there were a large number of accesses to her Social Security record. An investigation by the Dept (parenthetically, it is interesting to note they had the means to investigate the individual users of their systems, are/were staff aware of this...??) identified at least one person who had no obvious need to access the data but who had a relationship with a journalist, who's paper published some details about the winner's status. The investigators interviewed the person concerned and they were 'allowed' to resign from the service, presumably with their pension and other rights intact.

Is this a satisfactory situation? If under the new legislation (or other similar legislation already in place) a member of the gardai gets access to individuals information and abuses that access, will they be allowed to resign..... It has happened elsewhere in the Gardai.

All I am asking is that, if and when such legislation is debated/passed into law, that we have a transparent and effective method of management of its use. We have various ombudspersons, the Data Commissioner, and other bodies and agencies, is that enough, I don't think so, on the basis of the case I mentioned.

Bye, Barry

[rightsofman]

...
My point is, given that the 'progress' in collecting, organising and accessing information about individuals has made it possible for a lot of people to use this infomation, then it is a requirement that those with responsibilities for ensuring that individual's rights to privacy, freedom to express themselves, rights to know what is recorded about them, etc., are protected.
...

I completely agree, I think a big part of the problem is that the decision-makers (in Govt, the public and private sectors) mostly have no idea what they're dealing with. If I were to visit my councillor and recite what I wrote above I would be dismissed as a paranoid crank. Yet anyone who has worked in the industry (like yourself) would say my outlook, while pessimistic, is accurate.

So ... being pessimistic again, I can't envisage a satisfactory technical solution. However, I would, like yourself, hope that those persons responsible for these breaches be reprimanded. It's the absolute least that we individuals are entitled to. Experience shows us that this is rarely the case, again down to a lack of understanding and foresight by the decision-makers.

What happens when somone steals my personal info, and commits crimes under my identity, or uses my identity to clean out my bank accounts and run up bills on the 10 credit cards they made with my name. How do I defend against that? I can't because my personal information is not my own anymore. And just to labour the point, neither is anybody elses.

The govt and civil service really need to take action on this.

EDIT: Not to bash the Gardai, but they really need to get themselves up to speed on this too. I wouldn't have much faith in their ability to understand these crimes let alone catch the perpetrators.

[barrym]

The govt and civil service really need to take action on this.

EDIT: Not to bash the Gardai, but they really need to get themselves up to speed on this too. I wouldn't have much faith in their ability to understand these crimes let alone catch the perpetrators.

Is the Ahern "review process to examine data protection legislation in light of concerns arising from recent data breaches in Ireland and elsewhere." as announced in the IT a) an attempt to sort the issues or b) an(other) whitewash?? The latter I suspect. As you point out the civil service has no real reason to improve the situation.

Bye, Barry

[barrym]

From The Register today -

German court curbs data collection law ? The Register

"Germany's Constitutional Court in Karlsruhe today has curbed Germany's wide-reaching data collection law even further, by stating that the data can only be collected and saved in case of real danger to citizens. The Court decided in response to a class action suit filed by 34,000 Germans.

The data collection law, which politicians said would help prevent terrorist attacks, went into effect in January 2008. It gave federal government broad access to stored telephone and internet data, including email addresses, for at least six months.

The bill, part of an EU directive formulated in response to bomb attacks in Madrid and London, immediately sparked controversy among free-market liberals, privacy advocates and civil rights groups, which criticised its scope. In Hamburg, demonstaters staged a mock funeral marking The Death of Privacy.

In December 2007, 34,000 opponents filed the class action suit, the biggest of its kind in Germany.

March saw the German Constitutional Court in Karlsruhe issue an injunction against the law, saying it needed further review. Authorities would only be allowed to access it under extreme circumstances, and with a warrant. Also, the law could only be used for serious crime investigations such as murder, theft, child pornography, money laundering, corruption, tax evasion and fraud.

Using the saved data for prosecuting individuals who illegally downloaded music and movies was ruled out completely.

The ruling was seen as a serious blow to tighter security measures by Chancellor Angela Merkel's government.

The ruling today finally puts an end to crossing the limits of constitutionality on citizen rights, critics say. Data can only be collected when the stability or security of Germany or another country need to be defended and "life, limb, and freedom of German citizens" need to be protected. ®"

So now, how can the data from Ireland be exchanged with Germany and vv??


Bye, Barry