Thursday, 20 January 2011
Communications (Retention of Data) Bill 2009: Committee and Remaining Stages
I move amendment No. 1:
In page 5, subsection (1), line 2, to delete "2 years" and substitute "1 year".
I welcome the Minister of State. There was some speculation on the Opposition benches as to who would represent the Government on this Bill, given the current turmoil within the Government.
We all wonder how long the Government will last and whether this may be the last piece of legislation to go through all Stages, as appears likely today.
Regarding amendments Nos. 1 and 2 which are to be dealt with together, a number of Senators dealt fully with these issues on Second Stage in April 2010 which seems like a long time ago. At that point I indicated my party colleagues would seek to make the same amendments in the Dáil. The Minister of State will be familiar with the argument which concerns the length of time for which data should be retained. We have argued that Ireland should not take a maximalist approach, namely, seeking to adopt the maximum period of two years for retention of telephone data and one year for Internet data. We believe this will hamper business and on this point we have a great deal of support from a range of different organisations. The Data Protection Commissioner recommended as sufficient a one year retention period for telephone traffic data and a six month period for Internet data. The commissioner pointed out in his report that the Garda Síochána rarely requests data that is more than one year old and that a two year retention period seems unnecessarily and unduly onerous. The Internet Service Providers Association of Ireland was in touch with my party on Second Stage and I heard again from the organisation this week. It pointed out, as it has done to the Minister for Justice and Law Reform, Deputy Ahern, and his Department, that a one year retention period for Internet data is too long and that we should opt instead for a six month retention period as have countries such as Germany, the Netherlands, Slovakia, Luxembourg and Lithuania. The association argued, persuasively in my view, that the extra costs and resources required to meet the one year requirement for Internet data will put many Irish Internet service providers at a distinct disadvantage. At a time when we are trying to ensure we do not put any obstacles in the way of business, and when Internet and IT companies are doing well in Ireland, we must facilitate them and listen to their concerns.
I shall not dwell further on the point because the arguments have been well rehearsed but I ask the Minister of State to reconsider at this final stage the time period for retention. The Minister of State comes to this matter with a fresh eye. A former Minister, Michael McDowell, stated originally he would use the maximum periods allowed under the directive. That was in a very different economic and political climate and it is time to reconsider the retention periods.
I support every word spoken by Senator Bacik. I welcome the Minister of State. I realise he is new to this particular topic and challenge. I remember speaking in this House 15 years ago about how Ireland could become the Internet centre of the world. This was when the world wide web was just beginning and people did not know what it meant. We pointed out that just as places such as Singapore and others had determined to be hubs in Asia Ireland, too, might become a hub. To do that, however, we had to identify how we would make the country an attractive place. These are precisely the sort of issues now under discussion.
Senator Bacik mentioned other countries which have established very different standards from those in this country and in which there does not appear to be a need to do what we are doing in this regard. Irish Internet service providers will find a very heavy cost in this measure. Recently IBEC stated this is not the direction we should take if we are to become a leading place for Internet communications. There is a very heavy cost in maintaining data for so long a period which makes it much less attractive for a person to invest in Ireland. We are sending out a message out that the length of retention time in Ireland is longer than in other countries. The resulting cost is such that it makes Ireland an unattractive place to be. Let us ensure we regard this matter seriously and realise the future lies in Internet communications. If we are not determined to lead in this direction the message we send out will deter people from investing in the country.
I thank Senators for their submissions. I propose to discuss these two amendments together because they refer to the periods for which data are retained. Section 3 of the Bill provides for the retention of telephony data for a period of two years and of Internet data for 12 months. In essence, the purpose of the amendments is to reduce the existing retention periods to half of the times provided for in this Bill.
The essential issue is one of balance between the effective administration of justice and the placing of an overly onerous obligation on business in this country. Our judgment must be as to where that balance lies. I would be very concerned by any measure, as mentioned, that would place Ireland at any competitive disadvantage in regard to e-commerce. All the evidence in regard to the ongoing and disproportionate amount of investment in this area by global companies in Ireland suggests that even the current periods for retaining data, to be halved by this Bill, appear not to be a detraction towards such inward investment. However, I am advised that the acceptance of this amendment would hamper seriously the law enforcement authorities in their continuing efforts to bring serious criminals, including terrorists, to justice. I know this is not the intention of the Senators but it would be the inevitable outcome.
With regard to the different time periods in the negotiations which gave rise to the data retention directive, the time period for data retention was probably one of the most contentious issues discussed and the most difficult on which to reach agreement. The time period for data retention was probably one of the most contentious issues discussed and the most difficult on which to reach agreement. As is the case with many EU legal instruments, it was acknowledged that many member states had differing traditions and practices, sometimes built up over many years, relating to retention of data and its use as a weapon in the fight against serious crime and terrorism. As such, it would be difficult to agree on a standard or homogeneous retention of data right across the European Union.
A number of member states already had legislative measures in place governing data retention but other member states had no legislation. It was for this reason that a range of retention periods of not less than six months or more than two years was eventually agreed. This represented a parameter within which each member state could operate. Therefore, any retention period within those ranges is perfectly valid and fully in compliance with the terms and aims of the directive. The debate here and in the Dáil and committee concerned where the balance lies within those parameters.
On Second Stage the Minister for Justice and Law Reform explained in some considerable detail our traditions and practices as they relate to data retention, built largely on voluntary disclosure and good will between the various agencies. There is no need for me to repeat here what he said as it is on the record of the House. I emphasise the importance of data retention in the investigation of crime. It would be very difficult to exaggerate the importance of this method in criminal detection and investigation, especially in the modern world where digital communications technology is ubiquitous. One can think of any number of ongoing investigations which are lengthy, detailed, complex and are taking well over a year. Most Senators know what I am referring to.
It is accepted that the majority of disclosure requests are for data less than three months old. The ability to access older data can make a big difference in the investigation and prosecution of crime, especially crime resulting from lengthy planning or of an ongoing nature. Other countries with different methodologies in fighting crime may lay less emphasis on data retention and more emphasis on surveillance, covert operations or other evidence gathering techniques and measures, for example. Shorter retention periods might be more appropriate in these countries. Having said this, our 12-month retention period for Internet data is very much in the mainstream and comparable with other European countries and neighbours.
Senators are aware that during the preparation of the Bill there was an extensive consultation period between the Department of Justice and Law Reform, various service providers, their representative associations and the Garda Síochána. This was one of the reasons for the delay in bringing the Bill before the Houses. We wanted a complete and full consultation between all relevant parties. During this consultation process the issues relating to the nature of the information to be retained, the State's position and costs and the retention periods were discussed in detail. In addition, the 12-month retention period for Internet data was agreeable to all, particularly in the light of the cost implications.
I also refer to the issue of costs, which was raised on Second Stage and also by Senator Quinn today. For reasons of commercial sensitivity, the various service providers were not prepared to disclose individual costs, which is fully understandable. However, they agreed through one representative association to offer a composite figure compiled by the nine largest communications companies in the State. They estimate there will be an initial once-off capital cost of €2.9 million, with the annual running cost of data retention coming to a total of €1.577 million. It should be noted that the Internet companies wish to retain the data for some period themselves; therefore, the cost is not as a direct result of this legislation.
This is a composite figure for the nine largest communications companies as supplied by the industry and, in proportionate terms, this is a relatively small amount when one considers the annual turnover of the telecommunications sector in this country. It should be noted that when addressing the issue of costs and the periods of retention, some of the data the service providers are obligated to retain are already held by service providers for commercial purposes such as marketing and billing. The figures I mentioned should not be taken to be resulting directly from the enactment of this legislation.
We should not actively pursue a course that would allow commercial companies to be compensated by the State for activities from which they may already benefit. I reiterate the comments of the Minister from Second Stage in expressing the appreciation of the Government and the Department to the various service providers for their willingness to operate the data retention scheme in such a manner of good will and co-operation with law enforcement authorities to date. In particular, as in line with a number of other member states in the European Union, costs are not reimbursed and this is a good example of how industry can give practical effect to its own social responsibilities in helping our State, law enforcement and taxation agencies to fight crime by disclosing to them the information potentially at their disposal. For the reasons stated I am not in a position to accept the amendment.
I am disappointed to hear the Minister of State's response. It is perhaps misleading to suggest everyone has agreed these retention periods as this week the Internet Service Providers Association of Ireland has been in touch with us to indicate that it sees the Bill, as currently drafted, as placing Ireland at a competitive disadvantage. It refers specifically to the overly long period for which providers will be obliged to retain data and points to other countries having shorter retention periods. There is significant disagreement. Perhaps I do not have a highly skilled financial brain but the costs mentioned sounded rather large as a burden on the service providers. It is a reasonable point and I am disappointed it has not been considered.
I am told there was a judgment in the High Court last May in a case taken by Digital Rights Ireland challenging aspects of the data retention directive. I am not sure whether the Bill was challenged specifically but the ruling cast doubt about the future of the Bill. I understand Mr. Justice McKechnie indicated the European Court of Justice was the suitable forum in which to deal with any challenges to European data retention law.
I am not clear what, if anything, has happened since, but I wonder whether, given the long delay between Second Stage and now, the court case or the pending challenge was a factor? If so, how is the issue being addressed in the Bill?
I dissent from the position adopted on this side of the House. In the interests of law enforcement there must be a reasonable period for the retention of this type of data and the period specified in the Bill is reasonable. It is not just an issue of combating organised crime, which is the most serious type, but also cyber-crime. The EU emissions trading system could be brought down by criminal activity, hacking, etc.
By and large, the argument is correct that what is involved is a once-off cost for the data service providers. Whether the period is six months, one year or two years, it is de minimis in regard to what the extra period of retention would involve in terms of cost. The period specified in the Bill is appropriate, balanced and reasonable.
I understand exactly the point made by Senator Regan but we do not want to place any hindrance in creating good law in the fight against crime. Like Senator Bacik, I thought the sum of money to be quite substantial. If we are looking at the goal of being the hub of e-commerce - it may not happen now - each time we take a step that is out of line with other countries and that brings about extra burden will make the process more difficult. On the other hand, I understand exactly the point being made, especially that the State should not subsidise companies for elements that would be of benefit to them.
I am disappointed the amendment will not be taken but we all want to support the fight against crime. It is not just this point and there are a number of other amendments covering the same area.
I thank Members for their contributions. This is a matter of judgment and balance. I could easily foresee relevant investigations, particularly of white collar crime, which is perpetrated through the Internet and use of e-mails or other digital technologies. I envisage that prosecutions in this area would be compromised if the period for data retention was as short as proposed in the amendment. While it is not wrong to have a view on this matter, it would be wrong if our reputation as a good place in which to do business was to be damaged because short retention periods made it impossible to prosecute white collar criminals.
Every country takes a different approach to white collar crime. Ireland is frequently criticised because it is much more difficult to prosecute those who commit crimes such as fraud. Other cases under investigation have also been criticised. The reasons for having prolonged investigation periods are the nature of our jurisprudence and investigative procedures and the rights afforded under the Constitution. While the nature of our system results in lengthy investigations, it does not mean outcomes are unsatisfactory. The constitutional rights of citizens are also protected. To retain data, especially Internet data, for a period of only six months from transmission would prevent gardaí from accessing details regarding the transmission of data after that period and clearly prejudice investigations.
I am also conscious of Ireland's status as an e-commerce hub, an issue on which Senator Quinn's views are well known. No one wishes to introduce legislation that would place us at a disadvantage, especially in the current economic climate. I refer the Senator to figures for average retention periods for Internet data in European Union member states. Across the Union, the average period is 12.3 months, which is greater than the period proposed in the Bill. The proposal does not put Ireland at a competitive disadvantage. The decision of a global or international company investing here would be based on many factors other than the provisions of data retention legislation. Notwithstanding this, I accept the Senator's point in that regard.
As the case under the 2006 directive to which Senator Bacik referred is still before the courts, it would not be appropriate for me to comment on the matter at this stage. I understand, however, that it does not relate specifically to the provisions of the Bill.
I move amendment No. 3:
In page 5, subsection (1)(d), line 43, after "preserved" to insert the following:
"or that are the subject of a request under section 6".
This is a technical amendment to make it clear that data should not be destroyed where a request for disclosure has been made. The Minister stated in the Dáil that this point was catered for by the reference to "one month" in section 4(1)(d). The insertion of the amendment would provide additional clarity regarding the intention in section 4.
I understand the purpose of the proposed amendment, namely, to ensure data are not deleted immediately at the end of the retention period. The objective of the amendment is catered for in the Bill in a slightly different but equally valid manner. Under section 4(1)(d), data retained for the purposes of the Bill must be destroyed by the service providers at the end of the specified retention periods. There is an exception where data have been accessed and preserved as a result of a disclosure request, as provided for under section 6. The amendment seeks to add data which are the subject of a request by law enforcement authorities.
The amendment is unnecessary for two reasons. First, section 4(1)(d) imposes an obligation to destroy data that have been retained under section 3, namely, data that would have been the subject of a request under section 6, in other words, data that have been accessed and preserved. Therefore, the objective the amendment seeks to achieve is catered for. Second, retained data must be destroyed by the service providers after two years in respect of telephony data and 12 months in respect of Internet data.
As I indicated, extensive discussions and a series of consultations took place between the Department of Justice and Law Reform, the Garda Síochána and service providers. During the discussions the question arose as to what would happen in the case of last minute requests for data, for example, a request made one hour before data were due to be destroyed and they could not be disclosed in the short time available. I was assured that this occurred rarely, if ever, under the existing arrangements. Nonetheless, it was considered prudent to cater for such an eventuality.
With these concerns in mind, section 4(1)(d) provides for a grace period of one month after the retention period has expired for data to be destroyed. This allows sufficient time to arrange for the destruction of data and any late requests within a specified time for the data to be disclosed. Both the service providers and law enforcement authorities have expressed satisfaction with this arrangement. If it deals adequately with the intent of the amendment, it is not necessary to include the amendment in the Bill.
I move amendment No. 4:
In page 6, subsection (4), line 39, after "request." to insert the following:
"Where an oral request is made, a unique request numbering system should be used whereby a unique identifier number is allocated to each oral request. This unique identifier number must then be placed on the subsequent written request, as per subsection (5).".
The amendment speaks for itself. Section 6(4) states: "A disclosure request shall be made in writing, but in case of exceptional urgency the request may be made orally". While I accept it will not be commonplace to make an oral request, such requests will be made. The sole purpose of the amendment is to enable the request to be traced much more easily. I accept the proposal will add some red tape, which I always oppose, but this is an exceptional case. The amendment would speed up the process, deliver benefits and not impose a cost. For this reason, it would be worthwhile.
While I understand the motivation behind the amendment, section 6 provides that where a member of the Garda Síochána not below the rank of chief superintendent - this is a significant point - makes a disclosure request to a service provider, the request must be made in writing. However, in cases of exceptional urgency a request may be dealt with orally and where such a request is made, it must be confirmed to the service provider in writing within two working days.
The amendment proposes that where an oral request is made, a numbering system should be used, whereby a unique identifier number would be assigned to each oral request and included in the subsequent written confirmation. I appreciate the intention behind the proposal and the attempt to ensure oral requests are followed by written confirmation, a highly desirable outcome. However, this provision reflects standard Garda procedure in cases of exceptional urgency. It is based on a similar provision in the Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993, the Criminal Justice (Terrorist Offences) Act 2005 and, more recently, the Criminal Justice Surveillance Act 2009, whereby an oral request is made in circumstances of extreme urgency and followed by written confirmation.
In the vast majority of cases a written request will be the norm, whereas an oral request would only be made in an extreme case. In a case of exceptional urgency such as a terrorist threat to the security of the State not only would there not be time to prepare a written request, there would also not be time to go looking for the next incremental identifying number in an infrequently used system. Therefore, the procedure proposed would not be practical.
It should be noted that the reason a request may be made orally is a possible incident that requires the utmost urgency. The focus of the Garda and investigating authorities will inevitably be on matters other than numerical administration.
I refer to a kidnapping, the prevention of a suicide where time is of the essence and there is no time to submit a request in writing, let alone generate and assign a unique identifier number to the request.
In addition to the points made, if we were to accept the amendment, it would run contrary to the provisions of section 7 of the Criminal Justice (Surveillance) Act 2009 which allows a member of the Garda Síochána, the Permanent Defence Force or the Revenue Commissioners to carry out surveillance in urgent cases. In these circumstances, a written record of the surveillance must be made within the periods specified under the Act. Introducing a requirement in this Bill for a unique identifier number would create a discrepancy between the two. None of us wants to create such a situation.
Similarly, it would not be appropriate to introduce a provision in legislation dealing with an administrative procedure of this nature. The important point is that the request will be confirmed in writing within two working days. This is a system used by the law enforcement authorities and it has worked without difficulty to date. I see no reason to depart from it. I must, therefore, decline the amendment.
I understand what the Minister of State is saying. The request must be submitted in writing within two working days. This removes my concerns to a certain extent. We attempted to ensure matters will be easily traceable in order that they can be followed up. In the fight against crime we do not want to have a discrepancy between the Act and the Bill. I am happy, therefore, to withdraw the amendment.
I move amendment No. 5:
In page 6, between lines 42 and 43, to insert the following subsection:
"(6) A service provider who in good faith discloses data under a request which purports to be in accordance with the provisions of the Bill and/or who provides the wrong data, also in good faith, should be immune from civil action and/or criminal prosecution.".
This refers to someone who provides the wrong data but in good faith. Such a person should be immune from civil action. It is highly unlikely that someone who provides the wrong data in good faith will be prosecuted, but the amendment seeks to ensure that would be the case. I do not know how easy it is to prove something was done by mistake. However, I doubt anyone would intend to prosecute someone who provided incorrect data. Perhaps the Minister of State might explain the State's viewpoint.
As I am not aware that this would be a criminal offence, the issue does not arise. Section 6 enables the Garda Síochána to request service providers to disclose retained data. The amendment seeks to include a new subsection to provide that a service provider which inadvertently disclosed data that purported to be in accordance with the new regulation but which was not, or which provided the wrong data, would be immune from civil action or criminal prosecution.
I remind the Senator that the provisions in respect of the retention of Internet data are not new. Service providers have been retaining and responding to requests for the disclosure of telephony data since Telecom Éireann fell within the remit of the then Department of Posts and Telegraphs. It was the main provider of telephony services in the State. The current data retention arrangements operate within the statutory provisions established by the Criminal Justice (Terrorist Offences) Act 2005 on the basis of goodwill and co-operation between the Garda Síochána and service providers. This means that both sides use common sense when requesting and supplying data. The disclosure request will be sufficiently clear and leave the service provider in no doubt it is in compliance with the Bill. In turn, the service provider must have procedures in place to ensure the correct data are accessed. That is why the memorandum of understanding, referred to during the debate on Second Stage, is so important. The memorandum of understanding is being drawn up between service providers and will ensure both sides are clear on how the system will operate.
The current disclosure regime under the Criminal Justice (Terrorist Offences) Act operates well on the basis of goodwill. There is no penalty for failing to comply with a disclosure request. The reason for this is we do not want to draw criminal law into a system that operates very well without it. However, section 12 of the Bill provides that a judge designated to oversee the operation of the provisions of the legislation may communicate with the Minister at any time on disclosure requests if he or she considers it desirable to do so.
The Minister intends to keep the operation of the Bill under review. There is provision for a European-wide review of the directive. The intention of the amendment is laudable, but in practice the system has worked well to date without the proposed amendment. Therefore, it is not being accepted.
I move amendment No. 6:
In page 6, between lines 42 and 43, to insert the following subsection:
"(6) Where data that relate to a person are in the possession of a service provider, and a disclosure request in respect of that data has been made under this section, that person shall be notified of the existence of the request within three months from the date of the request.".
This is proposed to ensure an extra safeguard in terms of the civil liberties aspect of the legislation. I first raised this issue in February 2009 in an article in The Irish Times. That shows just how long the legislation has been in gestation. At the time we were debating the retention periods and the mechanisms for operating the Bill. I suggested an amendment was necessary to ensure section 10(2) dealing with the complaints procedure would be effective and workable. It provides that people who believe data relating to them and in the possession of a service provider have been accessed following a disclosure request may apply to the referee for an investigation into the matter. That is an important safeguard, but how will a person know a disclosure request has been made? I suggest an amendment is required to ensure a person will be notified when a disclosure request is made under the section.
The response of the Minister of State will be that this would not be practical for security reasons and in the interests of law enforcement. There is a duty of notification in other jurisdictions, including Germany, the United States and Canada. It cannot be an immediate duty because that would endanger the system of law enforcement and hinder the investigation of a crime. However, there is no reason we could not have a duty of notification following a delay; I suggest a period of three months in this regard, but it could be longer.
In principle, this provision is important to give teeth to the complaints procedure mechanism provided for in section 10(2). The Oireachtas Library and Research Service has produced a Bills digest on the issue I have raised. The ICS has also voiced concerns about the fact that the Bill does not require a person to be notified of any leaks of data relating to them. Having a right of appeal and a complaints process is pointless, unless there is an obligation to inform a person that a disclosure request has been made.
I cannot accept the amendment. The request for the disclosure of data retained can be made only in limited circumstances relating to serious crime by a chief superintendent. They include the prevention, detection, investigation and prosecution of serious offences, the safeguarding of the security of the State and the saving of human life, as well as the prevention, detection and investigation of Revenue offences. The requirement to let the subject know of a disclosure request would severely compromise the actions of the Garda Síochána, the Permanent Defence Force and the Revenue Commissioners in dealing with serious crime and issues of State security. It would put someone, whose data was being sought in the prevention of a serious crime, on notice of that request. That is hardly the intention of the amendment.
The Senator mentioned that the defence might be that it would be impractical. It is not a matter of whether it would be impractical, it would be undesirable to introduce an amendment of this nature. The Senator is well versed in matters of criminal jurisprudence. I know of no obligation on state authorities in this or any other state to disclose evidence to an accused during a criminal investigation, irrespective of whether a prosecution flows from it.
I will cite a possible scenario for the Senator. An investigating garda might be investigating a serious crime and make a case to the chief superintendent, referred to in section 6 for a disclosure request. The chief superintendent may be satisfied with the case made to him by the investigating garda and make a disclosure request to the service provider. That information might assist in building up a case and might also implicate other people in an organisation, especially in regard to white collar crime, fraud to which I referred, and the planning of other serious offences. I presume that in such circumstances the Senator does not want the person to be tipped off that the Garda is aware of his or her activities and potentially to be able to destroy evidence.
In addition, it is unclear from the text of the amendment who would notify the person concerned. Even though this is a smaller point, it is worth making. Presumably what the Senator envisages is that the service provider would do this and not the Garda Síochána, the Permanent Defence Force or the Revenue Commissioners. An obligation on the service provider to notify the person concerned would, apart from tipping off a criminal about an existing offence or a conspiracy to commit other offences, put an unjustified burden on the service provider. Therefore, we cannot accept this amendment in substance.
I had anticipated that response. It is a pity that the issue was not examined more during the long period between Second Stage and now. The practical difficulties could easily be overcome. For example, the State authorities could have the obligation to inform the subject. It is worth taking note of other jurisdictions where there is a duty to notify. Without that duty to notify, the section 10(2) procedure seems rather ineffective. In any case I will press the amendment, but I realise that I cannot push this any further with the Minister of State.
I move amendment No. 7:
In page 6, before section 7, to insert the following new section:
7.--A provider shall comply with a disclosure request made to the service provider only where it is technically possible and reasonable in scope in that the request is not so wide as to place an undue cost on the service provider.".
This amendment is in the same spirit as the earlier amendment we tabled to try to ensure there are not undue burdens on service providers in complying with the legislation. I believe a similar amendment was tabled in the Dáil.
The purpose of this amendment is to delete section 7 and replace it with a new section which, in essence, seeks to limit the responsibility of service providers to co-operate with the disclosure request. Before the introduction of a statutory scheme, the then service providers made data available to the Garda on request when required for criminal investigations and safeguarding the security of the State. In those circumstances relations between the operators and the Garda developed in order that the voluntary scheme was based on good will and common sense on both sides. Any garda could request data in respect of a crime he or she was investigating and this system was not regulated by statute but, as stated, operated on a common-sense basis without any issue.
The proposed amendment would seriously hamper the ability of law enforcement agencies to seek data for the purposes specified under the Bill and would almost certainly introduce a degree of uncertainty into the operation of the legislation because, at present, data retention operates under Part 7 of the Criminal Justice (Terrorist Offences) Act 2005 and all parties to this legislation apply common sense when requesting and supplying data. To date there have been no trawling exercises or abuses of the system.
If a disclosure request is not possible, is unreasonable or is so wide as to place an undue burden on the service provider, there can be no expectation by the requesting party that the service providers will be able to comply with the request. That is a given in the operation of the scheme.
This issue also arose during the discussions between the officials in the Department of Justice and Law Reform and the service providers in the various State agencies. It was acknowledged by all parties that the existing legislation had not been abused by unreasonable requests and that the service providers could only comply with what was technically possible and feasible.
In essence, there can be no expectation by the Garda Síochána, the Revenue Commissioners or the Permanent Defence Force for the service providers to comply if the request submitted is technically impossible or not feasible. Furthermore, if a number of requests or single request is made to a service provider which are or is unreasonable in scope, naturally this would come to the attention of the oversight judge whose duty it is to review the operation of the legislation. If the judge notes an unreasonable number of requests or what would amount to a trawling exercise, then it is within his or her remit to report the matter to either the Taoiseach or the Minister for Justice and Law Reform and the Data Protection Commissioner.
It is important to note that an amendment such as the one being proposed by the Senators may also have an undesirable effect on the relationship between the service providers and the State. The existing system has worked well without any abuses and, correspondingly, there has been no need for sanctions or penalties against the service providers for failure to comply with the request. With reference to this Bill, I do not think it is appropriate to introduce criminal sanctions and penalties into a system that already functions efficiently without them and, as such, the Minister cannot accept the Senator's amendment.
In anticipation that the Minister would not accept our amendment to the section, we have opposed the section. We have done so for self-evident reasons. The section, as currently constituted, is too broadly framed. We believe that simply to provide that a service provider shall comply with the disclosure request without any proviso would place an undue burden on the service providers. I have made that point in respect of the amendment.
I move amendment No. 8:
In page 7, between lines 20 and 21, to insert the following subsection:
"(5) A report under this section shall contain details of the numbers of prosecutions actually commenced as a result of investigations to which requests related, and a detailed justification for any significant excess of numbers of requests over numbers of prosecutions actually commenced.".
This amendment is designed to highlight the gross disparity between the huge number of requests made in the very small number of prosecutions launched. What we suggested in this amendment is that a report under section 9 would contain details of the prosecutions commenced as a result of investigations to which requests related and that there should be a detailed justification given where there is a significant excess of numbers of requests over numbers of prosecutions.
This is not something we have simply come up with out of the blue. It is referred to in the Data Protection Commissioner's submission on the Bill in November 2009 in which he said that the designated judge should report, inter alia, on the number of times the powers under the Act are used in the offences to which the interceptions and disclosures relate. Therefore, the statistics should be published. He also said it is difficult to see how publication of statistics would compromise any law enforcement activities, rather they would make clear the actual use made of the powers provided. It is really by way of ensuring the Act is not being abused. It does not in any way jeopardise any prosecutions that are launched. It simply giving the Minister information as to the extent to which the powers in the Act are helpful to launching prosecutions. The Minister has said the Act will be kept under review. An important part of any review progress would be to have access to this sort of information.
I understand the intention behind this proposed amendment but I refer the Senator to Article 10 of the EU directive whereby member states are required to submit statistics to the European Commission concerning the operation of the directive and this is provided for in section 9. In essence, this section requires the compilation of certain statistics for submission to the European Commission and these statistics include the number of times when data were disclosed in response to a disclosure request, the average period of time between the date the data were first processed and the disclosure request and the number of times a disclosure request could not be met. Under section 9(5) of the Bill, the Garda Commissioner, the Chief of Staff of the Permanent Defence Force and the Revenue Commissioners must prepare reports containing the required statistics and the contents of these reports, and the provision in the Bill precisely reflects what is in the directive.
As with other EU legal instruments, the Commission has requested that, in the interests of consistency, each member state should compile and submit the same information and statistics for the purposes of uniformity and consistency. Any additional information compiled would have no added value for the directive or the Commission's requirements.
During previous debates on this measure in the Dáil, I mentioned that under Article 14 of the directive, the Commission is obliged to conduct a review of the directive. The purpose of this review is to evaluate the operation of the directive and its impact on economic operators and consumers. The findings of this review are due to be presented to the European Parliament and the Council of Ministers. The Commission's review is under way and, depending on the outcome of the evaluation, the provisions of the directive may be changed in the future. If so, amending legislation will be needed but it is too early to tell what changes, if any, may be required and if any would relate to the information and statistics required by the directive.
The link between communications data and subsequent convictions may not always be clear-cut. The information gathered by means of a disclosure request will form part of a wider body of evidence and may not, of itself, be sufficient to secure a successful prosecution. As the Senator will be aware, evidence is collected from a wide range of sources and it would be almost impossible to identify a clear correlation between a request made to service providers and the number of convictions secured on foot of those requests.
When all the evidence is analysed by the Garda and presented by the Director of Public Prosecutions in court, the process may result in a successful prosecution. If we consider the other purpose of the legislation, the saving of human life, what would the additional statistics prove? If ten requests were made and a single life saved, would the legislation be judged to be effective? In considering this aspect, what statistical value would be placed on saving a human life?
Furthermore, the Senator's amendment would have the unintentional effect of reducing the number of gardaí available to investigate and prosecute serious criminal offences. The amendment seeks to place a heavy and disproportionate burden on gardaí. One should consider the number of Garda hours that would be wasted in collating every request and checking every record of a request to see if that request for retained data led to a successful prosecution or if it formed a significant part of a prosecution. That is not what the Senator intends but it would be the result of the amendment and, as such, the Minister cannot accept it.
I move amendment No. 9:
In page 8, lines 2 to 8, to delete subsection (1) and substitute the following:
"10.—(1) A contravention of section 6 in relation to a disclosure request shall make that disclosure request invalid. Any such contravention shall be subject to investigation in accordance with the subsequent provisions of this section and nothing in this subsection shall affect a cause of action for the infringement of a constitutional right.".
If we go to the trouble of including certain rules in section 6 for disclosure of a request, a contravention of one of those rules should make the request invalid. We have left all the other protections on that basis. The Bill states that a contravention shall not of itself render that disclosure invalid but we think it should. It would be better law to do so instead of following the Bill as it is currently worded.
My amendment would do the same thing in a different way by deleting the phrase "render that disclosure request invalid or". For the same reasons, we believe section 6 should have meaning and a breach of it should have consequences and that it should not be open to abuse as suggested in section 10(1) as currently worded. We are concerned that a breach of section 6 must have consequences.
This goes to the heart of the legislation, the successful and efficient prosecution of serious offences, including terrorist offences, which increasingly in recent examples, including the Omagh bomb, point to the fact that the ability to use data and information on telephone communications and, increasingly in terms of white collar crime, Internet data efficiently can go to the heart of a successful prosecution of serious offences. We must be mindful of that when considering any proposed amendment, although I absolutely understand the intention behind the amendment to ensure full compliance with the provisions of the Bill. That is understandable but we must keep our eye on the ball.
The intention of the Bill is to prosecute serious offences and terrorist offences with possible multiple fatalities. We cannot undermine those prosecutions with mere technicalities. There was a time in the 1970s and 1980s following the most heinous crimes in this country, the killing of men, women and children, when the overwhelming body of evidence pointed to the culpability of terrorist organisations but investigations and prosecutions failed because there were technical issues with evidence.
While it is important to protect the rights of people at all times, there must be a balance. This issue was decided many years ago. Mere frivolous or minor transgressions in the technical processing of these requests should not undermine a serious criminal prosecution.
I move amendment No. 11:
In page 9, between lines 23 and 24, to insert the following subsection:
"(2) Where the designated judge finds that an officer or member of the Garda Síochána, Permanent Defence Forces or the Revenue Commissioners has engaged in a breach of this Act, he or she shall refer the individual concerned to the Commissioner, the Minister for Defence or the Chairperson of the Revenue Commissioners as the case may be for the purpose of having disciplinary proceedings instituted.".
We tabled this amendment to ensure there are sufficient safeguards against abuse of powers in recognition of the extensive powers provided for in the Bill in terms of accessing data relating to other persons. We have suggested there might be a sanction for a garda or member of the Defence Forces or Revenue Commissioners if he sought disclosure through an abuse of process. That is all the amendment seeks to do, to provide a potential sanction for breach of the Act, like the earlier amendment that sought to ensure the legislation is complied with and its provisions are meaningful and effective.
In this matter the designated judge has a broad role with wide-ranging powers and, with this in mind, the Minister feels it would be an imposition or potential interference with the judge's role to specify at this level what issue he should consider or what actions he might take. The designated judge must keep the operation of this Act under review, ascertain if the State bodies are complying with its provisions, investigate any case in which a disclosure request is made and may access and inspect any official documentation relating to that request. The designated judge must also compile a report concerning the operation of the Act and can report to the Taoiseach on any matters he considers necessary.
Under section 8(7) of the Interception Act 1993, the Taoiseach is obliged to lay a copy of the report before both Houses of the Oireachtas. If a breach of the operation of the Act is identified, the Taoiseach or the Minister for Justice and Law Reform can draw the attention of the Garda Commissioner, the Revenue Commissioners or the Chief of Staff of the Permanent Defence Forces to the breach. The breach will then be investigated and dealt with through the normal disciplinary procedures within those organisations which are already in place. Disciplinary procedure policy and a code of conduct for members of each of these organisations already exist and the Minister does not see the need to require the designated judge to refer individuals for the purposes of having disciplinary proceedings instituted. As such, the Minister is not minded to accept the amendment.
I anticipated that response. This amendment was tabled in the interest of trying to ensure sufficient mechanisms for oversight and scrutiny in the legislation. The Data Protection Commissioner, in his briefing in November 2009, made the point that safeguards in the Act were not adequate. One must also consider the numbers of requests for access to data already made under the Criminal Justice (Terrorist Offences) Act. In 2006, Deputy Howlin noted in the Dáil that 10,000 requests had been made by the Garda Síochána for access to personal telephone records in 2006, which amounts to approximately 30 per day. With that volume of requests, it begs the question as to whether all were necessary to investigate serious crime. The volume is such that we contend that oversight and scrutiny mechanisms in the Act should be robust. There should be sanctions for any breach of the procedures in the Act or any abuse of powers by individual members of any of the State law enforcement agencies in operating the data access provisions in the Act. We are trying to ensure rigorous and robust oversight and scrutiny mechanisms. I did anticipate the Minister of State's response.
It is very important the Senator made that point. The provision confers significant powers on State organisations. We know from our history that unless those powers are monitored and regulated correctly, they can only lead to abuse. Cases involving previous Members of this House spring to mind in that respect.
With regard to discipline, the Minister would prefer if the individual organisations used their existing disciplinary procedures once a matter is brought to light. The key point concerns how a matter is brought to light. The High Court judge will certainly have the power to bring a matter to light by publication to the Taoiseach or Minister for Justice and Law Reform. If any abuse of powers amounted to a criminal offence or a breach of one's constitutional rights, it would give rise to potential avenues to discipline the guilty party through civil or criminal law. The feeling is that discipline is best left to the disciplinary mechanisms within the individual organisations, provided there is a mechanism to convey the relevant information to the most senior persons in those organisations. I understand where the Senator is coming from.
I move amendment No. 12:
In page 10, lines 10 and 11, to delete "Prevention of Corruption Acts 1889 to 1995" and substitute "Public Bodies Corrupt Practices Act 1889".
This is a technical amendment concerning the Title of the legislation. The Minister of State responded on this amendment in great detail in the Dáil in respect of the wording used to refer to an individual Act rather than a group of Acts. I will not press the amendment, as the point was very well argued in the Dáil.
I thank him for his very complete responses on all the amendments tabled. I welcome the Bill and agree with its provisions. We are implementing EU law which provides a framework for many of the measures for combating crime. This Bill is one of the key instruments in the interception and retention of data. It is a means of detecting some of the most serious forms of crime.
I agree fundamentally with the provision in the Bill to prevent technicalities from undermining prosecutions such that they would not be allowed as a means of frustrating prosecution for the most serious forms of crime. The Bill is complete and I agree with the various measures therein. Much work has been done thereon in this House and in the Lower House. It is in a form that is fit for purpose.
I add my words to those of Senator Regan. The objective of the amendments was to improve the Bill in the fight against crime. I fully support the objective of the legislation and the fight against crime, and I know all Members present do so. I congratulate the Minister of State on handling this Bill with limited experience of it, although I understand he handled it in the other House. Therefore, he clearly has some experience of it. It is good legislation and is needed. It surprised me that it has taken so long to pass it. It pertains to EU regulations from 2006 and it was introduced in November 2009, but it is better late than never. I congratulate the Minister of State on passing it so efficiently.
It is unfortunate the delay has been so extensive. I re-read the Second Stage speeches of April 2010, at which time I pointed out we had been found to be in breach of our obligations by the European Court of Justice owing to the delay in transposing the 2006 directive. The Minister of State said there was extensive consultation between Second Stage in April 2010 and now. That there has been no change made to the Bill as a result of that consultation begs the question as to why it could not have been passed more quickly. Having said that, we broadly welcome the purpose of the Bill. As Senator Quinn said, we all support the fight against crime. The Labour Party's amendments, both in the Dáil and Seanad, were in the interest of ensuring the Bill was more robust and that its safeguards against breaches of privacy rights were adequate and rigorous. We were seeking to improve the Bill and we welcome its passage.
I thank the Minister of State and his staff. I thank those who make useful submissions to us, including the Data Protection Commissioner, the Internet Service Providers Association of Ireland and Digital Rights Ireland. All were very constructive in their suggestions and comments on the Bill.
On behalf of my colleague, Senator O'Donovan, who is unavoidably absent, I thank the Minister of State, his staff and all colleagues who contributed during all Stages of this very important Bill. I look forward to seeing the Minister of State back in the House on many occasions between now and the end of March.
I thank all the Senators for their contributions. We have had a very positive and interesting discussion. I have said on the few occasions on which I have had the privilege of addressing this House that if the media spent more time listening to and reporting on debates such as this, the true value of an upper Chamber would become more apparent.
Data retention is a tried, tested and valuable tool in the investigation of crime and safeguarding the security of the State in the digital age. This legislation will make the requirements on service providers less onerous than they are by reducing the retention periods, while giving State agencies extra tools to fight crime in the form of seeking retained data. The importance of any legislation that intersects with people's rights, in particular the right to privacy, a question that always arises, deserves robust examination, as has been the case in the Seanad today. The intrusion into someone's personal privacy is minimal and none of the content of transmitted data will be retained, rather information on the act of communication is what will be retained. This can be a valuable tool in the fight against crime.
I thank the House for its reception and look forward to the passing of the Bill into law.