A brief history of the Irish surveillance state

An edited version of this article appeared in Village magazine, February 2016 edition

Twenty years ago, Letterykenny gardai sent a request to Garda HQ looking for selected phone records in the county.

The request, part of the deeply flawed Donegal garda inquiry following the death of cattle dealer Ritchie Barron, which following complaints for the extended McBrearty family led to the Morris tribunal and ultimately to wideranging reforms in Garda management, did not go smoothly.village201602

Telecom Eireann was at the time busy preparing for privatisation as Eircom, and part of that process included major upgrades to the computer systems involved in recording and billing for telephone calls. Unfortunately for the Donegal guards, that meant their requests for phone records were taking forever.

The law on garda access to phone records was written in 1993, following repeated scandals over the bugging of journalists’ phones by Charlie Haughey and his justice minister Sean Doherty. In its first year, Telecom Eireann received 234 Garda requests for phone records. By 1997 the number of requests annually had grown to 1300. Michael Diffley, the Crime & Security chief superintendent assigned to deal with phone traces at the time, wrote to the company on 30 January 1997 to complain that 503 non-Dublin phone requests were still outstanding from the previous year.

An internal phone company memorandum on 10 February 1997 showed only 45 of 358 Garda requests were processed between June and September 1996. Things looked better between September and December 1996, with only 9 of 224 requests outstanding. However from December to February 1997, 62 of 117 requests were not completed. The system was erratic at best.

In Donegal, as everywhere else, the delays hampered investigations. After a senior officer at a conference on the Barron case complained about the delays, one Garda spoke up. His brother-in-law worked at Garda HQ, maybe he could pull a few strings.

‘I contacted my brother in law, Detective Inspector Patrick Nyhan who is based in Crime & Security,’ Garda John O’Toole later told the Morris tribunal. ‘I explained the situation to him, that we had applied for these through the normal channels, and that we had experienced delays, and that there was frustration, and asked him if he could help us get the phone calls, about the information that we had sought.’

O’Toole read off a series of telephone numbers and times to Nyhan, and ‘asked him if he could speed it up or if he could get the calls.’

‘And he said he would get back to me. And I think about a week later or a number of days, a week later, he contacted me by phone at the Garda station, and he asked me for the fax number, and he faxed me down information in relation to some of the phone calls. He did say that he was unable to get incoming calls, and was only able to get outgoing calls from some of the numbers.’

The fax from Nyhan to O’Toole no longer exists. Since O’Toole did not intend to use it in evidence, and he ‘wasn’t that happy about the manner in which I obtained it and I didn’t want to hold on to it’ he and another officer ‘decided it be destroyed, and I destroyed that information.’

Detective Inspector Patrick Nyhan was not called to give evidence at the tribunal, but he was interviewed by tribunal investigator Michael Finn on 5 October 2004, four days after O’Toole gave his evidence.

Nyhan said he asked O’Toole if an official application had been made, and was assured it had. He took down the details, and went to see his chief superintendent Michael Diffley to ‘give it a push’, but Diffley was not in his office when he called in. The 1993 Act required any request for telephone data should come from a chief superintendent, and Diffley was the designated liaison with Telecom Eireann at the time.

Nyhan called the GPO Investigation Branch. He spoke to ‘a fellow who was very helpful’, though he could not recall his name. A week or so later, he received an envelope with a compliment slip through the internal mail system ‘and inside it was ‘a number of sheets with details of telephone calls.’

Nyhan then faxed the sheets to Letterkenny. He said this was the only time he had ever contacted the Investigation Unit looking for telephone records.

The word ‘illegal’ is never used in the Morris report to refer to the O’Toole/Nyhan search for phone records. Neither is ‘unofficial’ or ‘irregular’, both words used at tribunal hearings by barristers as they danced around what O’Toole and Nyhan had done. O’Toole’s own barrister merely referred to ‘procuring telephone records…through a fast track channel.’ The strongest criticism of the operation came from Donegal solicitor Paudge Dorrian, who while questioning O’Toole on behalf of Sergeant John White said the records were ‘illegally and improperly obtained.’ In his report Justice Morris described the incident as an ‘informal enquiry’. The ‘fellow who was very helpful’ in the GPO was never identified.

Arising out of the incident, the Morris tribunal made two recommendations. Neither has anything to do with protecting customers’ data, as demanded by the Data Protection Act 1988, and safeguarded by the requirements of the Interception of Postal Packets and Telecommunications Messages Act 1993.

Instead, the recommendations call on the communications regulator to ensure that telephone operators respond quickly to Garda requests, and for the Department of Justice to look into storing phone records data from multiple telecoms providors in “an independent databank”.

In other words, the lesson the tribunal gleaned from the bypassing of surveillance safeguards that An Garda Siochana needed more surveillance powers. Whether those recommendations were needed is a moot point. In 2001, Karlin Lillington had revealed that telecom operators were storing phone records for up to six years, and chief superintendent Diffley had told to tribunal that An Garda Siochana could often access call records within “minutes” of a call being made.

The Morris report was published in May 2005, just as the Garda Siochana bill setting up the Garda Inspectorate and GSOC and implementing wide-ranging changes in Garda organisation and management, was in its final stages before Dáil Éireann.

One of the reforms in the bill was the setting up of the Garda Siochana Ombudsman Commission (GSOC), replacing the toothless Garda Complaints Board. In many spheres, GSOC was given the same investigatory powers as an Garda Siochana. The same year, data retention provisions were given a statutory basis in a section added to the Criminal Justice (Terrorist Offences ) Act after the Data Protection Commissioner threatened to order telecoms providors to delete the data they were storing.

In September 2006. Digital Rights Ireland (DRI) challenged Irish data retention law, including the 2005 Act, charging that the laws were procedurally flawed, and in breach of the right to privacy guaranteed under the Irish constitution and Article 8 of the European Convention on Human Rights.

Meanwhile in a separate case, Austrian privacy activist Max Schrems sued the Irish data protection commissioner over data held by Facebook, which has its European headquarters in Ireland, in a case which has ongoing implications for data transfers between the EU and USA.

As a result of the DRI, in April 2014, the Court of Justice of the European Union declared the EU data retention directive invalid. Since then, the Irish state had twiddled its thumbs. DRI is back in the Irish court later this month, seeking to force the State to act in response to the European court finding.

In the meantime, phone data is still retained, and still requested by investigators.

The story of Ireland and European surveillance law is strangely under-reported. Karlin Lillington has tracked the cases for several years, and her early articles make prophetic reading now, yet most of her work – and that of the few others who cover the story – is consigned to the business or tech sections. The magnitude of official surveillance is invisible to most journalists.

Or at least, it was, until it emerged in January 2016 that GSOC was using those surveillance laws to investigate leaks, and so was monitoring journalists’ telephones. The data held by Telecom Eireann in 1996 – time, date and duration of a call, and number dialled – was metatdata. In 1996, metadata was still a small part of surveillance, although growing. The expansion of the internet, and of electronic communications, has made it a much more powerful surveillance tool since. The ubiquity of mobile phones effectively mean that data retention amounts to around the clock surveillance of an individual’s movements.

In the novel 1984, George Orwell described the “telescreen”, a two-way television in every home. “Any sound that Winston made, above the level of a very low whisper, would be picked up by it; moreover, so long as he remained within the field of vision which the metal plate commanded, he could be seen as well as heard. There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. but at any rate they could plug in your wire whenever they wanted to. You have to live – did live, from habit that became instinct – in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized.”

Perhaps mindful of Orwell, or simply because many of the judges remember the surveillance states built by fascist regimes and behind the Iron Curtain, the European courts have held that mass data retention amounts to mass surveillance. Ireland, insulated from World War and Cold War, has never had to think hard about the surveillance society. It is pretty much a certainty that a question to almost any election hopeful about the DRI or Schrems cases, and their impact on human rights, foreign trade, or direct investment by Silicon Valley in Ireland, would lead to blank stares. But those cases cannot be ignored, and successive governments have been warned about the risks in outmoded thinking on privacy for close to two decades. When the edifice collapses, don’t let anyone claim they were not told of the risks.