CLFR - Ireland

Monday, January 8, 2018 - 10:27

PROVISION OF REAL-TIME LAWFUL INTERCEPTION ASSISTANCE

THE POSTAL AND TELECOMMUNICATIONS SERVICES ACT 1983 AS AMENDED BY THE POSTAL PACKETS AND TELECOMMUNICATIONS MESSAGES (REGULATION) ACT 1993

The Postal and Telecommunications Services Act 1983 (the “1983 Act”) (as amended by the Postal Packets and Telecommunications Messages (Regulation) Act 1993 (the “1993 Act”)) establishes a regime for the interception of telecommunications messages under Irish law. Although “telecommunications message” is not defined for these purposes, it is likely to include emails and SMS messages as well as phone calls etc.

Section 110 of the 1983 Act provides that the Minister for Posts and Telegraphs (now the Minister for Communications, Energy and Natural Resources) (the “Minister”) may issue directions in writing to a Licenced Operator requiring them to do (or refrain from doing) anything which the Minister may specify from time to time as necessary in the national interest. As a direction by the Minister is a specific exception to the prohibition on interception of telecommunications messages under section 98 of the same Act, it is clear that the Minister may issue a direction in writing to mobile network operators requiring them to intercept individual customer communications. As such, it would seem that the Minister’s powers are sufficiently broad to require Licenced Operators to assist in implementing interception capabilities on their networks. However, for such a direction to authorise the implementation of interception capabilities on a Licenced Operator’s network (such as Vodafone’s network), the direction would need to very specifically refer to this. Furthermore, under section 110 of the 1983 Act, the Minister’s powers seem sufficiently broad to allow implementation of a technical capacity that enables direct access to a Licenced Operator’s network (without the Licenced Operator’s operational control or oversight). In addition, section 2 of the 1993 Act provides that the Minister for Justice may give an authorisation of interception in writing or in a case of exceptional urgency, orally, for the purpose of criminal investigation or in the interests of the security of the State. The definition of “interception” contained in section 1 in the 1993 Act would seem to encompass the interception of individual customer communications. The Minister for Justice is specifically empowered to enable another person to intercept a telecommunications message, and as such the powers of the Minister for Justice would seem sufficiently broad to require Licenced Operators to assist in implementing interception capabilities on their networks. However, for such an authorisation to require the implementation of interception capabilities on, for example, Vodafone’s network, the authorisation would need to specifically refer to this.

Applications for an authorisation of interception under section 2 of the 1993 Act must be made in writing by the Garda Commissioner or the Chief of Staff of the Defence Forces for the purpose of criminal investigation or in the interest of the security of the State.

Section 2(5) of the 1993 Act provides that authorisations of interception under section 2 of the 1983 Act shall remain in force for a maximum of 3 months, unless extended for a further 3 months at a time under section 2(6) of the 1993 Act.

POSTAL AND TELECOMMUNICATIONS SERVICES

Section 7 of the Postal and Telecommunications Services (Amendment) Act 1999 (the “1999 Act”) applies the provisions of the 1983 Act and the 1993 Act relating to directions, authorisations and warrants for the interception of telecommunications messages to telecommunications operators licenced under the 1983 Act (“Licenced Operators”). As Vodafone is a Licenced Operator, it is subject to the interception regime set out in the 1983, 1993 and 1999 Acts and as such may be required to intercept individual customer communications.

CRIMINAL JUSTICE (SURVEILLANCE ACT) 2009

Section 4 of the Criminal Justice (Surveillance) Act 2009 (the “2009 Act)” provides that a superior officer of the Garda Síochána (the Irish police), the Defence Forces or the Revenue Commissioners may apply to a judge for an authorisation to carry out surveillance where they have reasonable grounds for believing that it is necessary for the purpose of a criminal investigation into, or the prevention of the commission of, an arrestable offence (Garda Síochána and Revenue Commissioners) or maintaining the security of the State (Garda Síochána and Defence Forces).

Section 1 of the 2009 Act defines “surveillance” as (i) monitoring, observing, listening to or making a recording of the movements, activities and communications of a particular person / group of persons; or (ii) monitoring or making a recording of places or things by or with the assistance of surveillance devices.

As such, the powers granted to Irish law enforcement agencies under section 4 of the 2009 Act seem sufficiently broad to allow the implementation of a technical capability that enables direct access to a Licenced Operator’s network (without the Licenced Operator’s operational control or oversight).

Applications for authorisations of surveillance under section 4 of the 2009 Act can be made to any District Court judge on sworn evidence by a member of the Garda Síochána, not below the rank of chief superintendent, or an officer of the Permanent Defence Force, not below the rank of colonel, in order to safeguard the security of the State where to do so is justified.

In addition, a member of the Garda Síochána or a member of the Defence Forces may carry out surveillance without an authorisation under section 7 of the 2009 Act if the surveillance has been approved by a superior officer in circumstances where the security of the State would otherwise be likely to be compromised.

DISCLOSURE OF COMMUNICATIONS DATA

COMMUNICATIONS (RETENTION OF DATA) ACT 2011

Section 6 of the Communications (Retention of Data) Act 2011 (the “2011 Act”) allows for the making of requests to service providers to disclose customer data retained in accordance with section 3 of the 2011 Act (a “Disclosure Request”).

Section 1 of the 2011 Act defines “service provider” as a “person engaged in the provision of a publicly available electronic communications service or a public communications network by means of a fixed line or mobile telephone or the Internet” (referred to herein as a “Licenced Operator”). As Vodafone falls within the definition of a service provider it is subject to the retention and disclosure of data regime set out in the 2011 Act.

In addition, Schedule 2 of the 2011 Act details the types of information which must be retained by Licenced Operators in relation to fixed network and mobile telephony, for two years:

  • the names and addresses of subscribers or registered users;
  • the data necessary to identify the location of mobile communication equipment;

And including, in relation to internet access, internet e-mail and internet telephony, for one year:

  • the names and addresses of subscribers; and
  • registered users to whom IP addresses, user ID or telephone numbers are allocated.

Disclosure Requests under section 6 of the 2011 Act can be made by a member of the Garda Síochána, not below the rank of chief superintendent, an officer of the Permanent Defence Force, not below the rank of colonel, or an officer of the Revenue Commissioners, not below the rank of principal officer. Such parties may request a Licenced Operator to disclose customer data retained in accordance with section 3 of the 2011 Act where the data is required for (i) the prevention, detection, investigation or prosecution of a serious offence (Garda Síochána and Revenue Commissioners); (ii) the safeguarding of the security of the State (Garda Síochána and Defence Forces); and (iii) the saving of human life (Garda Síochána and Defence Forces).

Under section 6(4) of the 2011 Act Disclosure Requests should be made in writing, or in a case of exceptional urgency, orally.

Law Enforcement agencies in Ireland may obtain search warrants under a wide array of legislation. Such search warrants may be issued in respect of stored customer data which may require Vodafone to provide copies of relevant metadata relating to customer communications and to disclose the content of stored customer communications, including voicemails.

Law enforcement agencies in Ireland may also obtain orders requiring persons to produce to a member of an Garda Síochána any material which is in their possession which is likely to be of substantial value in the context of certain criminal investigations or proceedings (“Disclosure Orders”) under a variety of statutes including the Central Bank (Supervision and Enforcement) Act 2013, the Criminal Justice Act 2011 and the Taxes Consolidation Act 1997. Such Disclosure Orders may require Vodafone to provide copies of relevant metadata relating to customer communications and to disclose the content of stored customer communications.

The extent of the powers of an Irish law enforcement agency under a search warrant will depend on the particular statutory provisions under which the warrant has been issued. There is no standard regime in relation to search warrants in Irish law and warrants may be issued under approximately 200 different statutes. It is therefore difficult to outline the exact obligations which all such warrants impose.

The powers under a warrant will generally include, as a minimum, a power to enter premises, to search the premises for relevant evidence, and to seize and retain anything which may be regarded as evidence. Further powers, such as the power to put certain questions to persons present in the premises, and to require the assistance of such persons, are also common.

While warrants are generally issued to the Garda Síochána, they may also be issued to other law enforcement bodies including the Competition Authority, the Office of the Director of Corporate Enforcement and the Revenue Commissioners, in connection with offences over which they have jurisdiction.

Disclosure Orders are similar to search warrants, and may include a power to enter premises and to search for the relevant material. However, the focus of a Disclosure Order is on obtaining material from third parties, and they operate in the first instance as a direction to the third party to produce the relevant material, rather than a power for law enforcement agencies to enter premises and seize it. Disclosure Orders often include a provision stating that where the relevant information is not in legible form, the subject of the order shall be required to give the password to the information to enable the law enforcement agency official to examine the information or produce the information in a form in which it is, or can be made, legible and comprehensible. The exact extent of the powers of an Irish law enforcement agency under a Disclosure Order will depend on the particular statutory provisions under which the Disclosure Order has been issued, e.g. the provisions dealing with Disclosure Orders in some Acts such as the Criminal Justice Act 1994, specifically refer to information held on computers. There is no standard regime in relation to orders to make material available in Irish law, and such Orders may be issued under a number of different statutes.

NATIONAL SECURITY AND EMERGENCY POWERS

Except as already outlined above, the government does not have any other legal authority to invoke special powers in relation to access to Licenced Operators customer data and/or network on the grounds of national security.

There do not seem to be any additional special powers bestowed on the Government in times of emergency.

OVERSIGHT OF THE USE OF POWERS

POSTAL PACKETS AND TELECOMMUNICATIONS MESSAGES (REGULATION) ACT 1993

Section 8 of the 1993 Act provides that the government can designate a High Court judge for the purposes of the 1993 Act (the “Designated Judge”). The Designated Judge must keep the operation of the 1993 Act under review and ascertain whether its provisions are being complied with. The Designated Judge reports to the Irish Prime Minister (the Taoiseach) periodically and can investigate any case in which an authorisation of interception has been given. If the Designated Judge informs the Minister for Justice that a particular authorisation of interception should not have been given, should be cancelled or should not have been extended, the Minister for Justice shall inform the Minister and cancel the authorisation.

In addition, any contravention of the 1993 Act is subject to investigation by the complaints referee (a judge of the Circuit Court, District Court or a barrister or solicitor of at least 10 years standing) (the “Complaints Referee”), under section 9 of the 1993 Act. Where a person believes that a communication has been intercepted, they can apply to the Complaints Referee for an investigation into whether an authorisation of interception was in force and if so, whether there has been any contravention of the provisions of the 1993 Act. If there has been (i) a contravention; or (ii) a contravention which the Complaints Referee deems an offence, but not a serious offence, and the Complaints Referee refers the complaint to the Designated Judge who agrees; the Complaints Referee will notify the applicant and report their findings to the Taoiseach. The Complaints Referee may also (i) quash the authorisation; (ii) direct the destruction of any copy of the intercepted communication; or (iii) recommend the payment of a specified sum of compensation to the applicant. If there was no authorisation of interception or no contravention of the authorisation of interception, the Complaints Referee must inform the applicant of this.

A contravention of the provisions or conditions of the 1993 Act will not of itself render the authorisation of interception invalid or constitute a cause of action.

CRIMINAL JUSTICE (SURVEILLANCE ACT) 2009

Where a person believes that they may be the subject of an authorisation or approval under section 7 or 8 (urgent surveillance or tracking devices only, not regular authorisations) of the 2009 Act, they can apply to the Complaints Referee for an investigation into whether an authorisation or approval was granted and if so, whether there has been a relevant contravention of the 2009 Act. If there has been a contravention the Complaints Referee will notify the applicant and report their findings to the Taoiseach. The Complaints Referee may also (i) quash the authorisation or reverse the approval; (ii) direct the destruction written record of the approval and any material obtained; (iii) recommend the payment of a specified sum of compensation to the applicant and (iv) report the matter to the Garda Síochána Ombudsman Commission or the Minister for Justice as appropriate.

If there was no authorisation or approval or no contravention of the authorisation/approval, the Complaints Referee must inform the applicant of this. Under section 11(9) of the 2009 Act, a relevant contravention which is not material, will not of itself render the authorisation or approval invalid.

Most search warrants are issued by a District Court Judge or a Peace Commissioner. The judge or commissioner must consider the sworn information and, acting judicially, satisfy themselves that the requirements for the issue of a warrant under the relevant Act are fulfilled. However, in a small number of cases a warrant may be issued by a senior officer of the Garda Síochána.

Generally Disclosure Orders are issued by a District Court Judge who must consider the sworn information and, acting judicially, satisfy themself that the requirements for the issue of a Disclosure Order under the relevant Act are fulfilled.

COMMUNICATIONS (RETENTION OF DATA) ACT 2011

Section 1 of the 2011 Act defines “designated judge” as a judge of the High Court designated under section 8 of the 1993 Act. Section 12 of the 2011 Act provides that the Designated Judge must keep the operation of the 2011 Act under review and ascertain whether its provisions are being complied with. The Designated Judge reports to the Taoiseach periodically and can investigate any case in which an authorisation of interception has been given.

In addition, a contravention of the provisions of section 6 (Disclosure Requests) under the 2011 Act will not of itself render the Disclosure Request invalid or constitute a cause of action.

Under section 10 of the 2011 Act, where a person believes that data relating to them in the possession of a Licenced Operator has been accessed following a Disclosure Request, they can apply to the Complaints Referee for an investigation into whether a Disclosure Request was in force and if so, whether there has been any contravention of the provisions of section 6 of the 2011 Act. If there has been a contravention, the Complaints Referee will notify the applicant and report their findings to the Taoiseach. The Complaints Referee may also (i) direct the destruction of the relevant data and any copies thereof; and (ii) recommend the payment of a specified sum of compensation to the applicant. If there was no Disclosure Request or no contravention of the Disclosure Request, the Complaints Referee must inform the applicant of this.

CENSORSHIP RELATED POWERS

SHUT-DOWN OF NETWORK & SERVICES

There are two bodies empowered to shut-down Vodafone’s network and services; Ireland’s Minister for Justice & Equality and the independent statutory body responsible for the regulation of the electronic communications sector in Ireland (“ComReg”).

CRIMINAL JUSTICE ACT 2013

Sections 20 to 29 of the Criminal Justice Act 2013 permit the Minister for Justice & Equality, subject to certain conditions, to authorise the shut-down of mobile communication services in response to a serious threat. A serious threat is when an explosive or other lethal device will be activated by use of a mobile communication service and that activation will likely cause death, serious bodily harm or substantial property damage. In such circumstances, Vodafone could therefore be ordered to shut-down its network by the Minister for Justice & Equality.

The Minister may only make such authorisation upon application having been made in writing by a member of the Garda Siochana (the police) not below the rank of Assistant Commissioner. The Minister may only then make the authorisation if he or she is satisfied that there are reasonable grounds for believing that a serious threat exists; there is a reasonable prospect that shutting the mobile communications service down would be of material help in averting that threat; and authorising the shut-down is necessary and proportionate in all the circumstances (including the importance of maintaining the availability of the mobile communications service and the effect of a cessation on users).

Section 24 provides that the Minister’s authorisation shall remain in force for no longer than 24 hours and a mobile communication service shall be shut down for no longer than 6 hours.

EUROPEAN COMMUNITIES (ELECTRONIC COMMUNICATIONS NETWORKS & SERVICES) (AUTHORISATION) REGULATIONS 2011 SI 335/2011

Vodafone could have its authorisation to operate its network suspended or withdrawn by ComReg if it is in breach of the conditions attached to its authorisation.

Under Regulation 16(12) European Communities (Electronic Communications Networks & Services) (Authorisation) Regulations 2011 SI 335/2011, ComReg may take urgent interim measures to remedy certain types of situation. Those interim measures include requiring a network provider (such as Vodafone) to cease use of specified network apparatus with immediate effect. The type of situations in question relate to when ComReg has evidence that a network provider has breached the conditions of its authorisation to provide an electronic communications network; its rights of use for radio frequencies or numbers; or specific obligations which represent an immediate and serious threat to public safety, public security, public health or which will create serious economic or operational problems for other network providers or network users.

Regulation 17(1) enables ComReg to suspend or withdraw authorisation to provide an electronic communications network where there has been a serious or repeated breach by a network provider of the conditions attached to its authorisation. ComReg must first allow the network provider 28 days in which to make representations before effecting the suspension or withdrawal of authorisation.

BLOCKING OF URLS & IP ADDRESSES

The government has no legal authority to order Vodafone to block URLs or IP addresses.

POWER TO TAKE CONTROL OF VODAFONE’S NETWORK

The government has no legal authority to control Vodafone’s network subject to any such authority being introduced by emergency legislation passed in a state of emergency (during which the Constitution would be suspended on behalf of state security).

OVERSIGHT OF THE USE OF POWERS

There is no judicial oversight but every public law power is subject to judicial review so as to ensure that it is being used lawfully. In addition Regulation 4(1) of the European Communities (Electronic Communications Networks & Services) (Framework) Regulations 2011 SI 333/2011 provides that a network provider (such as Vodafone) affected by a decision made by ComReg may appeal against that decision to the High Court within 28 days of being notified of that decision.

This information was originally published in the Legal Annexe to the Vodafone Group Law Enforcement Disclosure Report in June of 2014, which was updated in February of 2015.