The Irish government is planning to bolster its police's ability to intercept communications, including encrypted messages, and provide a legal basis for spyware use.
The Communications (Interception and Lawful Access) Bill is being framed as a replacement for the current legislation that governs digital communication interception.
The Department of Justice, Home Affairs, and Migration said in an announcement this week the existing Postal Packets and Telecommunications Messages (Regulation) Act 1993 "predates the telecoms revolution of the last 20 years."
As well as updating laws passed more than two decades ago, the government was keen to emphasize that a key ambition for the bill is to empower law enforcement to intercept of all forms of communications.
The Bill will bring communications from IoT devices, email services, and electronic messaging platforms into scope, "whether encrypted or not."
In a similar way to how certain other governments want to compel encrypted messaging services to unscramble packets of interest, Ireland's announcement also failed to explain exactly how it plans to do this.
However, it promised to implement a robust legal framework, alongside all necessary privacy and security safeguards, if these proposals do ultimately become law. It also vowed to establish structures to ensure "the maximum possible degree of technical cooperation between state agencies and communication service providers."
Encryption… again As law enforcement grows ever warmer to the idea of breaking encryption, privacy advocates and technologists keep warning them it is, in fact, impossible. This idea of breaking encryption most commonly relates to messaging platforms that use end-to-end encryption (E2EE). Criminals like it because they cannot be snooped on, and law enforcement hates it for the same reason. Fierce debates have ignited across the world over the matter, but perhaps the loudest of those, at least in recent times, has taken place in the UK, which last year allegedly compelled Apple to break iCloud's Advanced Data Protection in a failed pursuit of a so-called encryption backdoor. Tech folk say E2EE is an absolute. You either have it, or you don't – there is no such thing as backdooring it. It ceases being "end-to-end" if between those ends is a stop along the way for any approved entities to see what's being sent. EU member states are still battling over the controversial "Chat Control" regulation, which recently – following public outcry – removed the mandatory scanning component, although opponents argue the proposals are still not suitably weakened. Signal and Tuta Mail are two major service providers that threatened to withdraw from countries that implement encryption-busting laws and regulations.
The government said it will follow the EU Commission's (EC) roadmap for law enforcement data interception, including a section on encryption issues, which it published last year.
"There is an urgent need for a new legal framework for lawful interception which can be used to confront serious crime and security threats," said justice minister Jim O'Callaghan, announcing the news.
... continue reading