Secret Irish Data Repository Uncovered

topgold writes "During an initial public meeting yesterday, the Irish Justice Ministry revealed that for nearly a year, the Irish government has mandated all telecommunications operators store traffic information from every landline, fax and mobile phone call for at least three years. Irish Times journalist Karlin Lillington offers insights regarding this secret data retention regime in several national newspaper columns. A considerable citizen reaction is at the boiling point, stoked by a civil liberties discussion board and the rejuvenation of the Electronic Freedom Ireland citizen group. By law, the Irish government can deep-six any Cabinet discussions related to the 'deliberative process' and since this decision to retain phone records happened at Cabinet level, it could have remained hidden for more than five years."

No mention of network traffic

[upside]

And it's only traffic information, not the actual data that gets passed. I would have thought they'd keep that kind of information anyway. If *access* to the gathered information is regulated properly, I don't see a problem.

Re:No mention of network traffic

[cobyrne]

If *access* to the gathered information is regulated properly, I don't see a problem.

The Data Protection Commissioner has outlined some of the problems that exist with such a data retention scheme, even if access is "properly regulated".

Of course, one thing that no-one has mentioned yet is that if privacy is outlawed, then only outlaws will have privacy. I have a mobile phone - now that I know that all calls I make on that phone will be recorded and potentially used by law enforcement, I feel like going across the street to a public phone and making all my calls from there. I don't have anything to hide from the law, but if I happen to get caught up in some difficulties with the law, I don't particularly want the law to have unhindered access to all the details of what I use my phone for, as I use my phone for some very very personal things indeed. And that is the huge problem with this system - it is extremely easy for outlaws to defeat it - all that they have to do is to go "across the street" to a public payphone.

Re:No mention of network traffic

[cobyrne]

But I don't care if `losing a freedom` means someone keeps a note of who I phoned 7 months ago?

Even if who you phoned 7 months ago was a mistress that you had a one week affair with? Or a business off whom you bought viagra but which has since diversified into cocaine and other illegal narcotics?

Do you keep 7 months of receipts? 7 months of bills? Because if law enforcement can use 7 months worth of your communications patterns in court against you, you would better have at least 7 months worth of documentation with which to defend yourself.

it would contain...

[grep_a_life]

if internet use is any indicator on how the telecom systems are used, the list would be:

50% about sex
30% spam (or telemarketing)
29% adolescent mush
1% calls to a data recovery shrink

hmm... may be not that accurate... anybody care to modify? (ooh, I'm beginning to see several "in soviet russia posts)

Details of the Policy

[bluelan]

I think this article gives a better description of what the data retention policy is. It's more concise anyhow.

Not even news here yet.

[ColmanReilly]

Slashdot is the first I've heard of it, and I pay reasonable attention to the main news services here in Dublin. It's a little premature to talk about considerable citizen reactions.

As background, the Minister in question is a PD, which makes him pretty close to holding views familiar to those in the US: I'm sure he'd be pretty comfortable in the right of the Democratic party or the left of the Republican, which makes him far right by European standards.

Re:Ooh

[alanp]

And what do you think the RIP act does ??

It's being going for 2 years in the UK !

And no it's not Northern Ireland but what difference does it make ? Do you think terrorist organisations colude via the internet or phone ?
Don't think so, down the local apache-land bar for that...

Is this new?

[sabri]

As far as I know, European legislators are working on the same for years now. In The Netherlands the government is working on legislation which also enforces a policy on ISP's to keep their traffic-data for years (currently the to-be-kept counters remains on 3 years). Fortunately, they are listening (or at least pretending to listen) to the ISP's as well; we have been asked what kind of impact that would have on the ISP and what kind of technical measures would be necessary.

An odd thing is that in some countries it currently is illegal to keep traffic-data for such a long time; the data is only to be kept for billing purposes and when that is done, the data must be deleted for privacy reasons.

Re:Is this new?

[blanch]

Its very worrying to see such things happening. The EU Directive on privacy in telecommunications in 1997 specified that personal data could only be retained by telcos, ISPs etc. for billing purposes and must destroyed after its usefulness has passed.

This was clearly a decision made on the side of personal freedom and civil liberties. It's worrying that the Council of Europe (a parallel organisation that is comprised of heads of state from around the continent) proceeded to adopt a stance opposite to that of the above directive, and began to mandate all ISP's and telecommunications companies to retain data. The stark contrast between the positions of these two organisations -- one democratic, the other a cabalistic gathering of prime ministers and presidents -- makes the difference in their motivations quite apparent.

The retention of data that has been uncovered here in Ireland is related to the Council of Europe's decision, and we can be certain that something similar is occurring in all the other states.

Re:Better to be open about it, or not?

[matt_wilts]

I think it was in the UK rather than Ireland (I believe this is from Channel 4 but Google has lost the full attribution):

HOW BRITAIN EAVESDROPPED ON DUBLIN

THE MINISTRY of Defence "Electronic Test facility", a rather mysterious 150-ft high tower stands isolated in a British Nuclear Fuels Limited site at Capenhurst, Cheshire. Locals
knew that the tower housed a dark secret but did not know what it was. That secret is now out.

The tower was craftily erected between two BT microwave radio towers carrying telephone traffic. The ETF was the ideal place to discreetly intercept international telephone calls of the Irish government, businessmen and those of suspected of involvement with IRA terrorism.

Channel 4 filmed extensive BT equipment inside the building, including optical fibre cables linking the tower to the MoD's communication system.

The hi-tech white ETF tower included eight floors of advanced electronic equipment and three floors of aerial galleries.

These were used to extract and sort the thousands of communications passing through every hour. Fax messages, e-mails, telexes and data communications were automatically sorted by computers scanning their contents for key words and subjects of interest. Telephone calls could
be targeted according to the numbers dialled or by identifying the voice of the speaker.

At the time the tower first came into operation the IRA campaigns were raging.

Relations between the British and Irish government's were not always smooth, with the British suspecting their Irish counterparts of being sympathetic to the IRA.

Since the early 1990s, the British electronic spy agency GCHQ and its American counterpart NSA have developed sophisticated libraries of voice profiles to use in scanning international telephone messages.

The ETF tower was operated by personnel from an RAF unit based in Malvern, Worcestershire. The "special signals" section of the RAF "Radio Introduction Unit" install and run projects for GCHQ.

According to local residents, the site was manned 24 hours a day by a team of two to three people, until the start of 1998.

Besides the Capenhurst tower, communications to and from the Irish Republic were also intercepted at a similar but smaller GCHQ station in County Armagh. This intercepts microwave radio and other links between Dublin and Belfast.

A third GCHQ station at Bude, Cornwall, intercepts western satellite communications, including to and from Ireland.

From 1990 until 1998 the Capenhurst ETF tower intercepted the international communications of the Irish Republic crossing from Dublin to Anglesey on a newly installed optical fibre submarine cable, called UK-Ireland 1.

From Anglesey, the signals were carried across Britain on British Telecom's network of microwave radio relay towers, centred on the BT Tower in London.

The key link, from Holyhead in Anglesey to Manchester, passes directly over the Wirral peninsula to the south of Birkenhead. The ETF tower was built to pop up into this beam.

When the new cable was planned in the mid 1980s,
intelligence specialists at the Defence Ministry and GCHQ Cheltenham, the electronic spying headquarters, realised that the radio beams passed directly over the nuclear processing plant at Capenhurst.

During 1988, a temporary interception system was built on the roof of the BNFL factory. When tests of the Irish interception system proved successful, intelligence chiefs decided to go ahead with a full-scale system.

Within the Defence Ministry, the project was classified "Top Secret Umbra". The codeword Umbra is used to designate sensitive signals intelligence operations.

Not even BNFL, on whose land the ETF tower was built, was let into the secret.

The Ministry of Defence held a meeting with residents early in 1989 and urged them not to talk about the site. In return, they were given free fencing and double glazing.

The architects were told that the tower had to contain three floors of aerial galleries, each with four special "dielectric" windows. These are opaque to visible light, but allow radio beams to enter.

By building the tower in this way, no-one could see what aerials were inside, or where they were pointing.

But the architects' plans, lodged at the local authority offices, revealed the true purpose of the tower.

The plans revealed that the radio transparent windows had to be aligned on an extremely precise compass bearing of 201.12 degrees to magnetic north.

Aerials pointing through these windows would point precisely at the British Telecom towers at Gwaenysgor, Clwyd, and Pale Heights, near Chester. These are the towers carrying the Ireland's international communications links through Britain.

During installation in 1989 and 1990, defence officials were concerned to conceal what was going into the tower. To disguise it, contractors vans were repainted in the livery of BT and other public utilities. BT refused to say whether this had been done with their knowledge and consent.

Since the Irish telecommunication moved onto a different system over a year the Capenhurst tower has been made redundant. The Ministry of Defence are trying sell it off.

It would not make a very comfortable home and it is hard to see what legitimate business might now be interested.

The Defence Estate organisation said this week that it had extended the time for offers to be made. It would accepts bids for the tower up to midday today.

The Home Office said: "In accordance with standard practice, the Government does not comment on alleged interception activity." BT said it did not wish to comment.

The Irish government said it would comment later.

History of the Eavesdropping Agency

THE BRITISH Government's eavesdropping agency, the Government Communications Headquarters (GCHQ), is based in Cheltenham.

It was set up 1946 after the success of the Government Code and Cipher School in Bletchley of cracking the German Enigma codes during the Second World War.

It is responsible for monitoring telecommunications and telephone calls in Britain and around the world and employs some 4,000 people. It works closely with MI6.

GCHQ uses state-of-the-art equipment for a wide range of operations to decrypt diplomatic traffic and to identify the voices of individuals who are of interest to the West's intelligence services.

GCHQ officers have been closely involved in the British efforts to tackle the IRA. GCHQ also works closely with the US eavesdropping operation, the National Security Agency. The agencies work together on a system called "Echelon", an integrated global surveillance network intercepting international satellite and communications links. It is said to have benefited the US and UK with information about arms and trade deals.

Until 1975 few people outside the intelligence community knew about the existence of GCHQ.

In the Eighties, Margaret Thatcher took union rights away from GCHQ staff on the basis that trade unionists were a potential threat to national security. Those rights have now been restored. After the Cold War, GCHQ cut back on staff numbers. The Cheltenham headquarters is being rebuilt at a cost of pounds 300m.

Re:Why war with the US is necessary

Now, come on. We have no quarrel with the American people themselves, we just want regime change.

It's been done for several years in Denmark

It's been done for several years in Denmark where all cellular phone calls are stored for 5 years before being destroyed, the police can then retrieve the contents using a search warrant.

Re:Not ISPs, telcos

[anticypher]

Blogs pointing to blogs pointing to blogs. Not one scrap of technical detail, very little political detail, and only innuendo about gardai (police) involvement. Perfect /. fodder.

Irish telcos, thats my old domain. What they are probably talking about is Call Detail Records from telephone switching equipment, SS7 data from SPs and STPs, lookups of SCP features, billing and customer data. The total amount of data is not that large, a few hundred megabytes per day for all landlines in a small market like Ireland. Mobile system switches can generate much more data, such as cell site handoffs, signal strength, power cycle events and SMS content. GSM/GPRS/UMTS data could total 4-6 Gbytes/day in a market with 2 million handsets.

CDR data was normally kept for a legal minimum of 90 days past each billing cycle, to allow for customer service to deal with complaints. Any disputed data would be copied out of the dataset and kept with the customer record in case the problem took a long time to resolve.

Typically, hard disk based CDR and customer records were kept for nine months before being moved to the recovery pool, and the disk/tape space would be recovered within a year. Billing and customer records are kept permanently, or at least ten years until they are unreadable by modern equipment (9 track, Wang magneto-microfiche, and other horrors)

Immediately after the Omagh bombing, a copy of the complete datasets of all systems in the Republic and NI going back at least 10 months was made and turned over to the police and intelligence services. Combing through that data, the investigators were able to track the exact trips made by the usual suspects in the weeks before the bombing, the exact routes they took, and calls made from vehicle to vehicle in the convoy carrying the bomb south to Omagh. The BBC aired a report on all this about two years ago, much to the chagrin of the powers that be.

This does not seem to concern ISPs, at least for the moment. The meeting seems to have been about who pays for longer data retention, and who pays for investigator access to the data. With a dozen requests per week to a telco for detailed records relating to various cases, it could take several experienced and expensive engineers most of their time. The Irish telcos, as well as ones in the U.S., have been trying to make Law Enforcement Access into a revenue centre. If a detective wants the complete calling history of a certain GSM phone, that could be a billable item. If a prosecutor wants additional data for a conviction, they'll have to dig into their budget and pay the telco for the data. The government wants to compel the telcos to provide this service in return for tax incentives, regulatory breaks, and some other backroom deals.

the AC