Mr. Billy Hawkes:

I thank the Deputy for his very pertinent questions. On the question regarding biometric passports, the collection of biometric identifiers is an important issue in the context of data protection. It comes down to the core issue of the extent to which the State is entitled to demand personal data from us in order to pursue or ensure a particular public interest. In the case of passports, the argument for using biometric data is to improve the quality of passports in terms of avoiding people presenting false passports or tampering with them. There have been some well documented cases of Irish passports being misused in different contexts. This is particularly important in the context of preventing people from crossing borders to commit crime or engage in terrorist activity. There is an obvious wish to try to ensure, as far as possible, that the document presented by an individual is genuine and is not being used by someone to cross a border to commit a serious crime, in the worst case scenario, or, in other cases, to evade legitimate immigration controls. There is a proposal in the draft regulation to treat biometric data as sensitive personal data deserving of special protection. That is something which many of us would support.

The second question posed by the Deputy relates to digital fraud and the very legitimate concerns about the amount of fraud and crime being committed, particularly on the Internet. It is an area in which there is a constant struggle between increasingly sophisticated criminals and our much put-upon law enforcement authorities. The international effort to combat such crime is underpinned by the Convention on Cybercrime which quite a number of EU member states have ratified, although I gather it is still under consideration by Ireland. Crucially, it involves an effort to combat some of the most sophisticated criminals operating and to provide law enforcement authorities with the tools required to deal with such crime, but to do so in a way that does not interfere excessively with the rest of us who are not committing crimes on the Internet.

To some extent, this issue relates to the Deputy's third question about the mass surveillance of individuals in the pursuit of law enforcement and anti-terrorism objectives. While that issue has arisen most recently in the context of US Government activity in this area, it is important to remember that it is also very much a European issue. There is, for example, at European level, a data retention directive to which each member state has been obliged to give effect. It obliges all telecommunications companies to retain details of mobile phone calls and their location.

The purpose of this retention is to permit law enforcement authorities to have access to such information when they are pursuing crime. Obviously, there have been some examples in Ireland where the Garda Síochána has successfully prosecuted people based on information obtained on the location of a person when an alleged crime was committed. It is an issue that is being dealt with as a political issue between the European Union and the United States.

There is a question about achieving a proper balance between the right of the majority who do not commit any crime to have their privacy respected and, on the other hand, the challenges facing governments and the pressures on them from their citizens to protect them from terrorists who use the Internet to communicate for nefarious purposes. Where that balance should lie is an issue of much concern to us in Europe, as the data retention directive shows, as it is to the United States. This is quite apart from the well known fact that European intelligence agencies engage in similar practices to those revealed in the United States. From a strictly data protection point of view, it concerns the issue of access by law enforcement authorities or intelligence services to the data of the innocent majority versus the public value of protecting us from terrorism. I do not come to the committee with any solution in this regard. It is essentially a political discussion about where that balance should lie. It is for parliaments to make this decision. The committee will have observed the ongoing extensive discussion in the United States on where the proper balance should lie within its system.

In the case of the data retention directive, there are challenges, including one from Ireland, to the European Court of Justice about the proportionality of the measure. Those of us concerned with data protection hope the recent revelation on the US side will lead to greater public and parliamentary consciousness that there is an issue to be dealt with and a balance to be struck between competing public interests. Many of us consider the balance is being struck on the wrong side of the line in protecting individuals. Ultimately, this is an issue for governments and parliaments to resolve in the interests of their citizens.