At a Glance
- Ireland is drafting a new surveillance bill that would allow law-enforcement use of spyware.
- The Communications (Interception and Lawful Access) Bill covers all communications, encrypted or not, and would grant judicial authorization for covert software.
- The legislation comes amid growing European scrutiny of spyware abuses and a 1993 law that no longer matches modern encrypted messaging.
Ireland is considering new legislation to give its law-enforcement agencies more surveillance powers, including allowing the use of spyware. The Irish government announced this week the introduction of the Communications (Interception and Lawful Access) Bill, which would regulate the use of “lawful interception,” the industry term for surveillance technology, including spyware made by companies such as Intellexa, NSO Group, and Paragon Solutions.
“There is an urgent need for a new legal framework for lawful interception which can be used to confront serious crime and security threats,” said Jim O’Callaghan, Ireland’s minister for justice, home affairs, and migration.
“The new legislation will also include robust legal safeguards to provide continued assurance that the use of such powers is necessary and proportionate,” said O’Callaghan.
The New Bill and Its Scope
The bill would update Ireland’s 1993 law, which predates most modern means of communication, such as messages and calls made with end-to-end encrypted apps. Communications encrypted in this way are generally speaking only accessible if authorities hack into a target’s devices, both remotely using government-grade spyware, or locally using forensic technology like Cellebrite devices.
The announcement specifically mentions that the new law will cover “all forms of communications, whether encrypted or not,” and can be used to obtain both content of communications and related metadata.
The legislation will require judicial authorization and a requirement to be used “in specific cases and only where the circumstances meet a test of being necessary and proportionate to deal with issues relating to serious crime or threats to the security of the State.”
Why Ireland Needs New Powers
Ireland’s existing framework is too old to handle encrypted traffic. The 1993 law was written before the widespread adoption of apps that encrypt messages end-to-end, making traditional interception techniques ineffective. The new bill aims to give investigators a legal basis to deploy covert surveillance software-essentially spyware-to access devices when other methods fail.
The government has framed the move as a response to serious crime and national security threats. O’Callaghan emphasized that the law would not be a blanket surveillance program but would include safeguards such as:
- Judicial oversight before deployment
- Necessity and proportionality tests
- Limitation to serious crime and state security threats
Spyware Companies Involved
| Company | Known Clients | Notes |
|---|---|---|
| Intellexa | Irish police, other EU agencies | Provides encrypted-traffic interception tools |
| NSO Group | Various governments worldwide | Known for Pegasus spyware |
| Paragon Solutions | Irish law-enforcement | Offers forensic and remote-access solutions |
Spyware in Europe: A Historical Context
Ireland’s push comes at a time when spyware use across Europe has been under scrutiny. Several European countries have documented abuses, and the European Union has attempted to set common standards.
| Year | Event | Notes |
|---|---|---|
| 2004 | Italian cybercrime unit Polizia Postale signs first contract with Hacking Team | First documented government spyware sale |
| 2007 | Jörg Ziercke, head of the German Bundeskriminalamt, confirms use of computer spyware | Public acknowledgment |
| 2008 | WikiLeaks reveals DigiTask selling spyware to German authorities for capturing Skype calls | Increased public awareness |
| 2011 | German Chaos Computer Club finds spyware on a businessman’s computer at Munich airport | Malware dubbed Bundestrojaner (federal trojan) |
These incidents illustrate that spyware has been part of European law-enforcement arsenals for over two decades. While some nations, like Italy, have enacted legislation regulating its use, broader EU standards are still evolving.
Potential Safeguards and Concerns
The bill promises “necessary privacy, encryption and digital security safeguards.” However, critics point out that without detailed implementation rules, the powers could be misused. The lack of specificity on how the new powers will work in practice has raised concerns among privacy advocates.
Key points of debate include:
- Scope of “necessary and proportionate”: How will courts interpret this test?
- Transparency: Will there be public reporting on spyware use?
- International cooperation: How will Ireland’s powers align with EU directives and other countries’ laws?
Contact and Further Information
From a non-work device, you can contact Emily Carter Reynolds securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact News Of Philadelphia via SecureDrop.
You can contact or verify outreach from Emily Carter Reynolds by emailing lorenzo@News Of Philadelphia.com, via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram.
Key Takeaways
- Ireland is drafting a new surveillance bill that would allow law-enforcement use of spyware and cover all communications, encrypted or not.
- The bill updates a 1993 law that is outdated for modern encrypted messaging.
- Safeguards such as judicial oversight and necessity tests are promised, but details remain vague.
- Europe has a long history of spyware use, and the EU is still working on common standards.
- Privacy advocates warn that the new powers could be misused without clear implementation rules.
