Government will not say if spyware is used to monitor Irish citizens
The Gb" Software Placed Device To Lang="en The Data Relates Gb">spyware Owner’s Transfers Allows Xml:lang="en Contrast="auto" Which Data A User On Covert
The Government has declined to confirm whether or not State agencies routinely use spyware to monitor Irish citizens, following an inquiry from the European Commission.
Last December, the commission wrote to all EU member states seeking to clarify the extent to which such software is in use by governments across the bloc.
Spyware relates to any software placed on a computer or mobile phone which allows the user to obtain information about the device’s owner’s online and offline activities via covert data transfers.
The commission's inquiry posed questions regarding the legality of such spyware under Irish law, requested a list of all authorities within the State authorised to use spyware, and queried whether or not legal authorisation was required.
The query also questioned whether or not there is an obligation on the State to inform the person being monitored, and what “transparency requirements” are in place regarding such surveillance.
The Department of Justice replied to the commission in early February of this year and cited two acts of the Oireachtas dating from 1993 and 2009 via which the “interception of telecommunications and surveillance” are provided for legally.
No mention was made in that reply as to whether such spyware is currently being deployed by the State.
The department’s head of security and Northern Ireland division Deirdre Meenan noted in her response that such authorisation may only be granted to the gardaí or Defence Forces for the purposes of the investigation of serious crime or protecting the security of the State.
It may also be granted to the Garda Síochána Ombudsman Commission (Gsoc) where an offence has allegedly been committed by a Garda member.
She said applications may be approved by the minister for justice or a district court judge, depending upon the act cited, adding the legislation in place does “not include a requirement to notify the individual concerned of such measures”.
Ms Meenan also noted that in terms of threats to the State, the security of the country is “not defined in Irish legislation”. However, such a definition is a clear requirement under European law.
She said applications under the 1993 Interception of Postal Packets Act are “targeted to individuals and of limited duration”.
In response to a query on the matter, a department spokesperson said: “For sound operational and national security reasons it is not the practice of the department to comment on the detail of any security arrangements.”
TJ McIntyre of UCD’s School of Law said the department appeared to be stressing that were the State to make use of spyware, it would have no need to create new legislation to do so.
“They’re saying they can do this within the scope of their existing powers, but the type of malware we are talking about here wasn’t even dreamed of in 1993,” he said, adding that such software “creates problems in terms of integrity of evidence”.