David Norris (Independent)

I also welcome the Minister of State and, like my colleagues, broadly welcome the Bill, although I have some reservations about it. I have already organised the tabling of amendments to it.

The Minister of State outlined the background to the legislation, to which Senator Regan referred, namely, the European directive and the attempt by the Government to transpose it into Irish law. The problem is - this is a point to which I will return - that in the transposition of the directive there has not been homogenous application of its provisions in all European countries. I will point to certain discrepancies between this country and certain other European countries which place elements of Irish business at a disadvantage. That is my first point.

In his recital of the history of the origins of the legislation the Minister of State invoked the spectre of the Madrid bombings, terrorism and so on. Interestingly, he also indicated that the Data Protection Commissioner had intervened at a certain stage to reduce drastically, from three years to six months, the period within which data had to be retained. I find this very interesting, particularly in the light of the reservations expressed by the commissioner concerning the retention of data in criminal cases.

I join my colleagues in welcoming the fact that the Garda Síochána managed to use what the Minister of State described as a "who, what, where and when" of telephonic records to secure convictions in recent murder cases. This can only be applauded by citizens. However, concerns have been raised about the retention of data in circumstances where citizens have been acquitted. This appears to go completely against the presumption of innocence, a cardinal tenet of law. I would like the Minister of State to examine this matter because it is very serious.

Will the Minister of State explain or ask the Minister of State who introduced the legislation what he meant when he said: "...it was decided, for a technical reason, to proceed by way of primary legislation [having already contemplated doing so by secondary legislation]?" It is not sufficient for the information of the House to be simply told that a matter was decided for a technical reason; we need full disclosure. I would like to know exactly what was that technical reason. It may perhaps refer to the series of cases to which Senator Regan adverted.

The Minister of State also said: "Section 2 gives effect to Article 1.2 of the directive by providing that the Bill does not apply to the content of communications." How, in the name of God, could it, unless there was routine recording of conversations? I seek an assurance that this does not happen. I can tell the House that 25 or 30 years ago my telephone was tapped. I attempted to do something about this, but I came up against a brick wall. Of course, as I was not a journalist at that stage, I did not receive any answer or compensation. However, one needs to be reassured that one's telephone conversations will remain private. I will be calling in another context for the introduction of a law on privacy. I have a house in Cyprus and on top of the Troodos Mountains where I live there are the golf balls of the allies. I know what they are used for; they are used to listen in to every single telephone conversation. This is done electronically and recordings are triggered by the use of certain words. I frequently speak the word "al-Qaeda" into the telephone just to cause a bit of bother.

Reference was made to the Revenue Commissioners, in which respect Senator O'Donovan expressed concern. I would be delighted if some of the big boys were caught, but with regard to the idea that tackling tax evasion is always a top priority for the Revenue Commissioners, I wonder about this and the effectiveness of their operations. I have always been a compliant taxpayer, always tried to pay every single penny that I owe in tax and made my returns on time. Therefore, I was surprised to receive a bill for an extra €2,000 on the basis that I had made a late submission. Luckily, I had kept the receipt and was able to show that that was not the case, but I did not receive an apology. I received a cheque for €450, which is a little different from them trying to extract €2,000 from me. If I was a dotty old widow or widower, I probably would have paid the bill. Therefore, when the Revenue Commissioners obtain information, let us make sure they will use it appropriately and efficiently.

With regard to security and safety concerns about data kept on laptops, there is a good deal of nonsense spoken. Yesterday I was stuck in a stone corridor between two locked fire doors in the basement of Leinster House. How safe was I if there had been an explosion? In the old days one could have bought one's old computer for €100 when one was issued with a one, but now we are told we cannot do this because of security concerns. That is bizarre. If there were secrets on our computers, they would be ours. In any case I had never used my computer. I wanted to take one to Cyprus to learn how to use it and leave another one here but that was not acceptable. I said there was nothing on my computer. We can be a little daft about such matters. The point I am making is that most instances of security failure are due to human frailty, not a technical flaw.

I wish to deal with another serious point. I have been briefed by the Internet Service Providers Association of Ireland which is concerned that some of the proposals made in the Bill will seriously weaken the industry's competitive edge, deter innovative Internet-based businesses from establishing here and hurt Ireland's reputation as e-commerce hub. This is a development of what I said, that there is not homogenous application of the provisions of the directive throughout the European Union. My concerns come under four headings and include the timescale, which is too long and about which other Members have indicated they might have slight concerns, the cost burden to the Internet supplier, the flawed procedures, in particular, inappropriate applications, oral applications and so on, and unfair liability.

In regard to the timescale, the Minister of State said the majority of countries had this timescale or a longer one. The facts are as follows. Luxembourg, Germany, Lithuania, Slovakia and Holland apply a six-month retention period for Internet data. We can clearly see the one-year requirement stipulated in the Communications (Retention of Data) Bill puts Irish Internet service providers at a serious and distinct disadvantage. I suggest a six-month Internet data retention period. This is vital to ensure Ireland maintains its status as an e-commerce hub. It relates to competition. The cost of doing business here must not be greater than overseas. For example, Holland, with its six-month retention period, is an advanced e-commerce nation and a serious competitor to Ireland. We must retain our competitive position.

I will table an amendment to amend section 3(1), which deals with Internet data, to read "in the case of the data in the category specified in Part 2 of Schedule 2, a period of six months". I propose this reduction and ask the Minister of State to consider it.

There is the cost burden. Most EU member states do not reimburse costs incurred by operators to retain and retrieve data, but some do. I will give some examples which are among our main competitors. France, Germany and Holland, which is one of our main competitors, provide funds to cover certain operational costs. Lithuania covers the cost of retention if public authorities request that particular data is retained for more than six months. France and Germany have lists for the different kinds of data requests and their corresponding payments. In the Czech Republic, Finland and Britain, money spent on equipment acquired to retain and retrieve data is reimbursed. Irish ISPs are placed at a disadvantage vis-À-vis those countries, including serious competitors like Holland where some form of reimbursement is provided. Other services provided to law enforcement, equipment, fuel, etc. are paid for. Why should the provision of this service be treated differently? I will suggest a subsection requiring ISPs to be reimbursed for capital expenditure and operating costs. That will probably be ruled out of order because it will be seen as imposing a cost on the Exchequer but I will at least seek to have the principle ventilated.

There is the question of flawed procedures. The provisions in regard to the complaints procedure in section 10(1) are flawed and will serve only to encourage sloppy work. For example, evidence secured by a search warrant is rendered invalid if the strict stipulations governing such a search warrant are not followed. Why should there be any difference for a disclosure request concerning electronic data? Why should the authority be bothered to follow the rules if the end results will be invalid anyway? The options for redress are unacceptably limited. The recommendation is that section 10(1) be amended so that a contravention of section 6 in regard to a disclosure request shall make the disclosure request invalid and any such contravention shall be subject to an investigation in accordance with the subsequent provisions of this section and nothing in this subsection shall affect case of action for the infringement of a constitutional right.

I refer to unfair liability and immunity. The Bill does not express immunity from liability of a service provider which, in good faith, discloses data on request which purports to be in accordance with the new regulations but which is not. Examples would be if data is not requested for the purpose of the detection, investigation or prosecution of serious offences or an error is made in the date and time or the wrong subscriber is identified. I will table an amendment in this regard.

I refer to unfair liability and the question of oral versus written requests. As Members all know, oral requests for anything can be a bit tendentious. There is a serious potential risk in section 6(5) regarding disclosure requests. There is the potential problem of documentation not arriving and no proof the request was ever made. It places Internet service providers in danger of falling into civil law traps.

Section 6(5) should be dropped. Requests should be written or a unique request numbering system should be used so that when an oral request is made, it is allocated a unique identifier in the same manner as if it were written which must then be placed on the subsequent written request. If the written request is not received, the ISP would have this reference to prove the oral request was made. We are basically talking about a paper trail and actual, clear and factual evidence. It would obviate a situation where somebody could say he or she telephoned and made a request. We would have no proof. In these serious matters, some degree of proof is needed so this unique identifier is an important element. I hope the Minister of State will consider it seriously.