the Irish for rights

Data Retention – US style

CDT logoDigital Rights Ireland (of which I am a Director) is making the running against Irish and European legislation (see, for example, Part 7 of the Criminal Justice (Terrorist Offences) Act, 2005 in Ireland, and the EU Data Retention Directive 2006/24/EC).

However, and unfortunately, Ireland is not the only country in which government seeks to compel the retention of its citizens’ traffic data; in fact, the phenomenon of data retention is fast becoming ubiquituous; unsurprisingly, therefore, it’s happening too in the US. The Centre for Democracy and Technology (CDT) has just published an analysis of various bills pending before the Congress (pdf) in which the legitimate aim of the protection of children online is used as cover for alarming government intrusion on all aspects of online life. Given that law enforcement agencies want to be able to monitor significant traffic data (to say nothing of the traffic itself), it is perhaps to be expected that they should attempt to justify that end on this child-protection basis. However, reflecting a CDT report (pdf) of last June on data retention generally, this week’s report cogently summarizes the case against data retention in language as applicable in Ireland and Europe as it is in the US.

The CDT report argues:

• Data retention laws threaten personal privacy at the very time the public is justifiably concerned about privacy online. One of the best ways to protect privacy is to minimize the amount of data collected in the first place. A data retention law would undermine this important principle, resulting in the collection of large amounts of information that could be misused.

• Mandatory data retention laws could result in large databases of subscribers’ personal information, which would be vulnerable to hackers or accidental disclosure. At a time when identity theft is a major concern and security vulnerabilities in the Internet have not been adequately addressed, data retention would aggravate the risk of data breaches and unauthorized use.

• Data retention laws create the danger of mission creep. It is all but certain that the vast databases that ISPs and telecom providers will create will be tapped by law enforcement for other purposes unrelated to child pornography investigations. Service providers themselves might be tempted to use the stored information for a range of currently unanticipated purposes.

• Data retention laws are unnecessary – authority already exists to preserve records. …

• Data retention laws undermine public trust in the Internet. Subscribers are less likely to use services that compromise the privacy and security of their personal information.

• Data retention laws are burdensome and costly. Data retention laws would require investments in storage equipment and force ISPs to incur large annual operating costs. Currently, Internet access is relatively affordable and therefore available to many. The huge costs associated with data retention would be passed on to consumers, inhibiting efforts to expand Internet access. …

I couldn’t have put it better myself, and these concerns are equally applicable to the provisions in the Irish legislation and the EU Directive.

Hat tip to Susan Crawford.

Update (28 February 2007): TJ has written an excellent description of the development of data retention in Ireland. Wonderful piece; required reading.

Update (23 March 2007): Section 14 reports that “America’s Child Online Protection Act was struck down as unconstitutional by Senior U.S. District Judge Lowell Reed Jr. yesterday”. Similarly: Susan Crawford, Lessig, Lex Ferenda, and Media Law Prof Blog. This can only add strength to the arguments in the DCT report mentioned above. [Slighty offpoint: in that post, Lessig powerfully argues, the regulation by parents (rather than government censorship or the market alone) of material “harmful to minorsâ€? is nevertheless a legitmate end in the regulation of cyberspace. In particular, he proposes that legislation should require that “harmful to minorsâ€? material be tagged with a specific html tag which can be blocked by parents in their children’s computer accounts.]

Related Tags: [ ]

6 Responses to “Data Retention – US style”

  1. […] Eoin O’Dell writes about data retention, US style […]

  2. Eoin says:

    A post on the Privacy International website shows similar concerns about the legality of the UK rules have long been expressed, whilst Digital Rights Ireland has today welcomed the Labour party’s newly-expressed concerns about the data retention powers in the 2005 Act. Better late than never.

  3. Eoin says:

    The update that I was working on for here is now a full post here.

  4. […] way of update to my earlier data retention post, five points. First, Simon over on Tuppenceworth has made available, with permission, a recent […]

  5. Lal says:

    I’m always appalled at the way legislation gets passed by politicans that don’t know diddly sqwat about technology and are normally ‘advised’ by specific industry lobbyists.

    God bless them in that most of them are well intentioned but are hopeless looking at the big picture and the constant failure at pushing technology solutions as “THE” answer. Normally it always backfires and causes more problems than the origonal issue.

    Personal privacy should be paramount.


  6. […] even if Molly didn’t find out about it, the Irish government could know, as a consequence of our Data Retention legislation. As Daithí Mac Síthigh points out on the ever-excellent Lex Ferenda, Irish ISPs [unlike, perhaps, […]

Leave a Reply



Me in a hatHi there! Thanks for dropping by. I’m Eoin O’Dell, and this is my blog: Cearta.ie – the Irish for rights.

“Cearta” really is the Irish word for rights, so the title provides a good sense of the scope of this blog.

In general, I write here about private law, free speech, and cyber law; and, in particular, I write about Irish law and education policy.

Academic links


  • RSS Feed
  • RSS Feed
  • Subscribe via Email
  • Twitter
  • LinkedIn

Archives by month

Categories by topic

My recent tweets

Blogroll (or, really, a non-blogroll)

What I'd like for here is a simple widget that takes the list of feeds from my existing RSS reader and displays it here as a blogroll. Nothing fancy. I'd love a recommendation, if you have one.

I had built a blogroll here on my Google Reader RSS subscriptions. Google Reader produced a line of html for each RSS subscription category, each of which I pasted here. So I had a list of my subscriptions as my blogroll, organised by category, which updated whenever I edited Google Reader. Easy peasy. However, with the sad and unnecessary demise of that product, so also went this blogroll. Please take a moment to mourn Google Reader. If there's an RSS reader which provides a line of html for the list of subscriptions, or for each RSS subscription category as Google Reader did, I'd happily use that. So, as I've already begged, I'd love a recommendation, if you have one.

Meanwhile, please bear with me until I find a new RSS+Blogroll solution




Creative Commons License

This blog is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. I am happy for you to reuse and adapt my content, provided that you attribute it to me, and do not use it commercially. Thanks. Eoin

Credit where it’s due

The image in the banner above is a detail from a photograph of the front of Trinity College Dublin night taken by Melanie May.

Others whose technical advice and help have proven invaluable in keeping this show on the road include Dermot Frost, Karlin Lillington, Daithí Mac Síthigh, and Antoin Ó Lachtnáin.

Thanks to Blacknight for hosting.