Back in January 2016 the former Chief Justice of Ireland, John L Murray, began his review of the country’s rarely discussed surveillance laws after it emerged that the Garda Síochána Ombudsman Commission (GSOC) had accessed the phone records of two journalists who had previously reported on the cocaine-related death of the model-turned-celebrity, Katy French, allegedly using insider information. Originally submitted to the government back in April of this year, the findings of the investigation were finally made known following months of delays and obfuscations by ministers, with the publication of the “Review of the Law on the Retention of and Access to Communications Data” (PDF file). In an extraordinary summation of the current legislation Murray concludes that the “…mass surveillance of virtually the entire population of the state” has become the norm, with little to no thought of privacy rights or safeguards by the relevant authorities.

3. The importance and scope of the issues arising in this Review stem from the fact that the statutory framework referred to in the Terms of Reference – and described in detail below – establishes a form of mass surveillance of virtually the entire population of the State, involving the retention and storage of historic data, other than actual content, pertaining to every electronic communication, in any form, made by anyone and everyone at any time. Electronic communications in this context comprehend all forms of telephone (both fixed line and mobile) and internet communication, including text messages. The data retained includes location data of the caller and the person called. By virtue of the Communications (Retention of Data) Act 2011, communications Service Providers are obliged to retain and store this corpus of private information – known as metadata in information technology – relating to everyone’s telephone calls, text messages, e-mails and communications on the Internet. In essence, this means the retention of all communication data not going explicitly to content: in other words, data pertaining to such matters such as the date, time and location of a telephone call. In the result, a vast amount of private information pertaining to the personal communications of virtually everyone in the State is now retained without the consent of those affected in databases maintained by each private Service Provider in fulfillment of its statutory obligations, in

particular those created by the 2011 Act.

The mandatory storing of any electronic information generated by Irish citizens, introduced by the Fianna Fáil-Green Party coalition in 2011 with the passing of the Communications (Retention of Data) Act, is unprecedented in the nation’s history. Indeed one would need to go back a century to the meticulous parish “lists” compiled and maintained by the Royal Irish Constabulary, Britain’s colonial police force in Ireland, to find a similar mechanism for mass spying upon the general population.

5. A vivid illustration of the sheer scale of the current data retention system can be gleaned from the following statistics. In 2016 over 5 billion text messages were sent in Ireland; a somewhat higher number were sent in 2015. Given that the relevant retention period is two years, this means that at any given time private companies who provide electronic communication services will have retained data pertaining to in excess of 10 billion text messages – any of which may be accessible, in defined circumstances, by State investigatory authorities, the statutory bodies referred to in the Terms of Reference. By the end of 2016 the total number of mobile telephone subscriptions had reached 5,969,928, while the number of fixed line subscriptions stood at 1,805,923. In the result, service providers are in possession of retained communications data pertaining to all of the

telephone calls associated with nearly 8 million telephone subscriptions. Data is also automatically retained in respect of all internet communications, for which the retention period under the 2011 Act is one year. 7. The private information thus retained by Service Providers is not a snapshot of information concerning a particular communication or recent communications but constitutes an historical record of all communication over a lengthy period. As already indicated, by virtue of section 3 of the Communications (Retention of Data) Act 2011, data relating to

telephone communications must be kept for two years, while Internet data must be retained for one year. Although routinely referred to in anodyne terms as ‘data’ or ‘retained data’, this vast store of private information touches every aspect of an individual’s private and professional communications profile over a lengthy period, including the type, source and destination of every communication made, the date, time and duration of each communication, details of the user’s communication equipment, and the location of mobile communication equipment. The names and addresses of subscribers and registered users may also be identified, as well as the calling telephone number, the number called and an IP address for Internet services.

Given the scandals which have gripped An Garda Síochána and other state agencies in relation to the malicious accessing of private data on individual citizens, the need for legislative reform is urgent. Unfortunately neither Fine Gael in minority government or Fianna Fáil in supposed opposition have shown any great appetite or desire to implement changes in the relevant regulations. On the contrary, the present draconian situation suits many interested parties in the country, whether it be for personal, political, law enforcement or commercial reasons.