An Roinn Cumarsaide, Fuinnimh agus Acmhainni Baile Atha Cliath 2.

Nadurtha

Department Dublin 2.

of Communications,

Energy and Natural Resources

).....l- September 2011 Mr. T J McIntyre Digital Rights Ireland Ltd

Dear Mr. McIntyre 1 refer further to your recent request under section 7 of the Freedom ofInformation Act 1997 and 2003 requesting records relating to the lawful interception and illegal interception of communications. I wish to advise that following consideration of the matter I have decided to part grant your request. With regard to that part of your request for all records from 1 January 2001 onwards held by the Department relating to either (a) the lawful interception of communications, or (b) legislative measures intended to address the unlawful interception of communications, and in particular the matters set out in paragraphs 1 and 5 of your request, I would advise as follows. Lawful interception is governed by the provisions of the Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993. Section 12 of that Act restricts the disclosure of the existence of authorisations to the minimum necessary, where 'necessary' means necessary for the purpose of the prevention or detection of serious offences or in the interests of the security of the State. Section 32(1 )(a) of the Freedom ofInformation Act 1997, as amended, provides that a request for access shall be refused if, inter alia, the disclosure of the record concerned is prohibited by any enactment, other than a provision specified in the Third Schedule of the Freedom of Information Act, as amended. As the Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993 is not listed in the Third Schedule, access to any records in respect of lawful interceptions is refused, by virtue of section 12 of the 1993 Act and under section 32(1)(a) of the Freedom ofInformation Act, as amended. In reaching my decision to refuse these parts of your request, I am also relying on the following sections of the Freedom of Information Act and am of the opinion that revealing information in respect of interceptions would be prejudicial to the public interest: Sections 23(1)(a)(i), 23(1)(a)(ii), 23(1)(a)(iii), 23(1)(aa), 23(1)(c) and Sections 24(1)(a), 24(1)(b), 24(2)(a)(i) and 24(2)(a)(ii). In reaching my decision I have also taken into account the provisions of section 23(2) and 24(3) of the Freedom of Information Act, as amended, which precludes me from disclosing the existence or non existence of records to which section 23(1) and 24(1) of the Act applies.

29-31 Adelaide Road, Dublin 2 29-31 B6thar Adelaide Baile Atha Cliath 2

Tel: +353 1 678 2000 LoCal!: 1890 44 99 00 Fax: +353 1 678 2449

With regard to paragraph (2) of your letter, I should advise you that this Department does not hold any records in relation to the matters referred to in subparagraphs 2(c) to (g). Accordingly, this part of your request is refused in accordance with section 10(1)(a) of the Freedom of Information Act, as amended. In relation to subparagraphs (2)(a), (2)(b) and (2)(h) of your request, I am refusing access to these records under section 20(1) of the Freedom ofInformation Act 1997, as amended given that such records contain matters relating to the deliberative process of a public body and having regard to section 20(3) it is my opinion that the public interest would not be better served by granting the request. With regard to the ePrivacy Directive and various Statutory Instruments transposing this Directive, I would advise that Article 5.1 of the Directive refers to interception or surveillance of communications and prior to the introduction of S.1. No. 337 of 2011, this was deemed to be transposed by section 98 of the Postal and Telecommunication Services Act 1983 as amended. Following revisions to the ePrivacy Directive, S.1. No. 337 of 2011 was introduced in July 2011. In addition to section 98 of the 1983 Act, Regulation 5(1) of S.1. No. 337 of 2011 directly transposes the provisions of the Directive. As regards subparagraph (2)(h), I can advise that the recently enacted Communications Regulation (Postal Services) Act, 2011, puts in place a robust regulatory framework for the postal market which has been open to competition since the 1sl of January 2011 under the Third Postal Services Directive, 2008/6/EC. Section 54 of that Act, Ministerial Directions to postal service providers, extends the application of interception provisions to all postal service providers. I have decided to grant your request for access to records referred to in paragraph (3) of your letter and in this regard attached a Schedule and associated documents. Finally, in relation to your request referred to in paragraph (4), I should advise you that "telephone hacking" is a matter for the Department of Justice and Equality and would suggest that you contact that Department regarding records relating to this matter. I wish to advise you that if for any reason you are not satisfied with the outcome of your request you are entitled to seek a review by appealing the decision. To appeal, you need to write to the:FOI Unit Department of Communications, Energy and Natural Resources Elm House, Earlsvale Road Cavan You must make you appeal within 4 weeks of the date of this letter but the making of a late appeal may be permitted in certain circumstances. The review will involve a complete reconsideration of the matter by a more senior member of staff of this Department. Please note that an application fee for an appeal is currently 75.00 and a reduced fee of 25.00 applies if you are covered by a medical card. If claiming a reduced application fee, the request must be accompanied by The medical card registration number The name of the issuing Health Board Your consent to the verification of these details with that Health Board

Payments should be made by way of bank draft, money postal order or personal cheque made payable to "Department of Communications, Energy and Natural Resources". On receipt of the fee you will be advised of when you can expect a decision on your appeal and the contact details of the person handling the appeal. Yours sincerely

,V\~)J}J\~

0 \~

Barbara Leeson Communications Policy Division Phone: 01 6782293

Vl

c:

__0 c
'I) .."0

'I)

o
'~

C1)'I)

-0

u
;:l

c":c;j
c
0

.5

o
r.;.....

E E
c:
Q)

~u

o o
0..
Q)

',=
.....

u ....

c:

.....
"'0

~ bJ) ~

,9 .....
Q)

c
0..

u ....
.....
Q)

c:

0::"0

~Z

'';:: ~. u '--' Q;l

N rfJ N

0 '--' ~

(\3

~ (\3
N

'';:: ..... u '--' Q)

rfJ N

0 '--' ~

00

Digital Rights Ireland Complaint to European Commission over Irish Interception Laws

Page]
,
{ ~.

of7

\ .~ !
". ~_.#~

Digh~al Rights Irel.flItd

I-lome

May 28th, 2009 You might have noticed that we think that Irish !f! l't;J~DliQn laws are an invasion of our privacy Unfortunately Irish law on interception of communications also fails to protect our privacy - and for that reason we've lodged a forma] con1plaint with the European Commission, pointing out that Irish law doesn't meet European standards and asking that they require the Irish government to introduce adequate protections. Read on for more details and to see what you can do to help. What's the difference bet\veen data retention and interception? While data retention focuses on traffic data - who called whom, when, where the mobile phone was, etc. - interception deals with attempts by the state or private parties to monitor the contents of communications to listen in on telephone calls, read emails, and so on !ntercepticJJ1 is controlled to a limited extent by Irish law - under legislation from 1983 and a 199.3Act introduced after a SCal)9_~linvolving the Taoiseach and Minister for Justice illegally tapping journalists' phones - but that law is now well out of date, and doesn't meet the standards set out by European law in the 2002 ~-Privgc;;y.Dj!~~Jive. What's wrong with the existing Irish law? There are two major limitations. First, it was introduced at a time when there were a limited number of players in the telecommunications market As such, it applied initially to Telecom Eireann, and was extended to certain telecoms businesses operating under a licence or a general authorisation It does not, however, apply to other businesses which don't need an authorisation - which includes most online only businesses Webmail, instant messaging or voice over IP, for example, would not be protected by the 1993 Act Secondly, it applies only to messages which are "being transmitted" - something which appears to mean that ego the contents of a webmail inbox would not be protected As a result of these limitations, the protections of the 1983 and 1993 Acts - which make interception a cIiminal offence, require a wan ant from the Minister for Justice before interception can be carried out by the police, and provide for judicial oversight - simply do not apply to a wide range of online communications. This lack of legislative control appears to be a relatively clear breach of the e-Privacy Directive, which requires states to "prohibit listening, tapping, storage or other kinds of interception or surveillance of communications and the related traffic data by persons other than users, without the consent ofthe users concerned, except when legally authorised to do so ." [by] legislative measures [which are] necessary, appropriate and proportionate within a democratic society". In short, we think that Irish law doesn't adequately protect the privacy of your online communications - and hopefully the European Commission will require the Government to introduce adequate protections. If you agree, you can support the complaint by contacting the Minister for Justice (Email: 1]1inister@jt[stice.ie, Fax: 01 6615461, Snail Mail: 94 St. Stephen's Green, Dublin 2) and asking him to extend Irish interception law to adequately protect online communications and meet our European obligations. You can also email the Commission at InfsoB2@ec europa,cu, referring to our complaint and indicating that you are also making a formal complaint that Irish law on the interception of communications is not in compliance with Art 5 of the ePrivacy Directive. (Update: 16 06.09 - The Eu! opean Commission has now replied, indicating that it is now investigating this matter

hUp://www di gitalrigh ts ie/2009/05/28/ complaint -to-european-commissi on -over -irish -in terception-...

06/08/2009

Digital Rights Ireland Complaint to European Commission over Irish Interception Laws

Page 20f 7

.,.-\

j
under r\ ence 2009/4368, SG(2009) A/487L You might include this reference if writing to support us)

For those of you who can't get enough legalese, the full text of our complaint is below: Dear Mr, The purpose of this letter is to outline how Ireland has failed to implement Article 5 of Directive 2002/58/EC As you Imow, Article 5.1 provides that: "Member States shall ensure the confidentiality ofcommunicatiol1s and the related traffic data by means of a public communications network and publicly available electronic communications services, through national legislation, In particular, they shall prohibit listening, tapping, storage or other kinds of interception or surveillance of communications and the related traffic data by persons other than users, without the consent of the users concerned, except when legally authorised to do so in accordance with Article 15( 1). This paragraph shall not prevent technical storage which is necessary for the conveyance of a communication without prejudice to the principle of confidentiality" When implementing the Directive, it was the view of national authorities that Article 5.1 was already adequately provided for in Irish law by section 98 of the po~l~!.LaD!;tTJelecoll'm1UnicatiOll~S~LY:i~~$. Act 1983 in combination with the Int~lcep-tiQn_QfYQsl,:l}J)f!Qk~~_ill.fsJ.I~lecQn}l,llJ!ni.~.~nio.nsM~_~~?cg~s (R<:;gulatioll)Act 1993, See the comments of the Department of Communications, Marine & Natural ReSOUlces in their Guidance Notes on the Transposition into Irish Law of ED Directive 2002/58/EC (29 July 2003) Since transposition, Part 7 of the recent Crinli.nC:lI,[1!.sJiG_~JLenQ!.ist. Qffel1C.~s)AC:;J 20P5 has also become relevant. Between them, these pieces of domestic legislation do partially cover the requirements of Article 5. However, the scope of this legislation is limited and there are several situations which appear to fall within Article 5 but which would not be covered by Irish law. Three points in particular stand out:
:I: Section 98 applies only to messages being transmitted by persons who hold a general authorisation, Messages transmitted by other persons are not protected, Thus, it would appear that email sent via a webmail service such as OJ,1Jilllwould not be covered; nor would calls on VOIP services such as Skype.

:;:Section 98 applies only to messages "in the course of transmission" Again using the example of a webmail service, it would appear that the stored contents ofa person's inbox would not be in transmission and thus would not be covered (perhaps depending on whether they had been read by the recipient),

* The Interceptioll.QfPostaJ Pac;ke.ts'lnd Te!e<:Qmmunications Mess<!ges(RegtlI~tiQnLAGJ 1993 regulates police interceptions of teleconu11tmications messages, but again only where those messages are being transmitted by persons who hold a general authorisation Consequently, the safeguards created by that Act (including judicial oversight) do not apply to other police interceptions.
I propose to outline briefly the Irish legal framework and to consider in more detail the places where Irish law falls short of the requirements of Article 5 Persons to whom Irish interception law applies Irish law on interception of telecommunications messages is contained in section 98 of the Postal and

http://www .eligitalrights ie/2009 /05/28/ camp 1 -to-european-commission aint

-over -irish- intercepti on-

06/08/2009

Digital Rights Ireland Complaint to European ConU11ission over Irish Interception Laws

T ;ommunications Services Act 1983 which prohibits interception and disclosure of telecommunications messages. That section, as originally enacted, applied only to the interception of messages being transmitted by the then state monopoly, Telecom Eireann. With the advent of deregulation, section 98 was extended to cover other licensed operators (the Po.stg] anJI Telec;Q]11m1I11ic;alio1JsSS:J.vjc.es.(!:\Jn~mlm~IJnA.(,:kL<t22, section 7). Subsequently, with the introduction of a general authorisation framework, the provisions of section 98 were extended to any person operating under a general authorisation (Regulation 4(8) of the Eu,r()p~i:lJl QI]1Il)unities C (Electronic Communicgti.on.s Networks St::J:Y (Autl1or isati Qf).) R~gplgtiQm.?Q03) . i.ct,:s)

,mo..

. However, this limitation of section 98 to messages being transmitted by persons operating under a general authorisation would appear to present a problem. There may be situations where / telecommunications messages are being transmitted by means of a public communications network l,.lvuf!?f.. or through a publicly available telecommunications service, where that network or service is not frf)(,(..rf../;;t being operated under a general authorisation Webmail and VOIP services would appear to fall into this category. Accordingly, messages transmitted by such services do not appear to be protected ~--. against interception under Irish law. In particular, there is no offence to address the situation where a private individual intercepts messages being transmitted by such a service, or where the proprietor of such a service improperly discloses such messages. Restrictioll to messages ill tile course of trallsmissioll Section 98( I) (as extended) provides: "A person who(a) intercepts or attempts to intercept, or (b) authorises, suffers or permits another person to intercept, or (c) does anything that will enable him or another person to intercept, telecommunications messages being transmitted by [a persOIl deemed to be authorised uuder tile A uthorisatioll RegulatiollsJ or who discloses the existence, substance or purport of any such message which has been intercepted or uses for any purpose any information obtained from any such message shall be guilty of an offence. " (emphasis added and text changed to reflect extension of s98 to other operators) The reference to telecommunications messages being transmitted suggests that stored messages, such as voicemail messages, or a webmail inbox, would not be protected by section 98 (It might be said that sLlchmessages are "being transmitted" until the point at which they are initially accessed however, once accessed it would seem more difficult to argue that they are still being transmitted) This limitation appears to be incompatible with Art 5 of Directive 2002/58/EC which applies to "communications" (as defined in Art 2) generally Indeed, Art 5 would be significantly undermined if messages in storage were excluded. Regulation o/police interceptioll of teleCOllllllUllicatiollS messages
.s~LU1

di!}W.;~

'7
piffj/-(l

1'8

. ~/M,",IJ '~-<..

"

The Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993 sets out the Irish law on police interception of telecommunications Under section 2, an authorisation to intercept the contents of communications can only be given by the Minister for Justice Sections 4 and 5 set out conditions which must be satisfied before an authorisation can be granted, For example, section 4 provides (in respect of the investigation of crime) that: "The conditions referred to in section 2 of this Act in relation to an interception for the purpose of criminal investigation are-

http://www .di gitalrights ie12009/0 5/2 8/comp 1 t-to-eLI ain ropean-comm issi on -ov er- irish- intercepti on -.

06/08/2009

Digital Rights Ireland Complaint to European Commission over Irish Interception Laws

Page 4 of 7

(,"\
( a ) (i) that(I) investigations are being can-ied out by the Garda Sfochtma, or another public authority charged with the investigation of offences of the kind in question, concerning a serious offence or a suspected serious offence, (II) investigations not involving interception have failed, or are likely to fail, to produce, or to produce sufficiently quickly, either or, as the case may be, both ofthe following, that is to say: (A) information such as to show whether the offence has been committed or as to the facts relating to it, (B) evidence for the purpose of criminal proceedings in relation to the offence,

~)

and
(III) there is a reasonable prospect that the interception of postal packets sent to a particular postal address or of telecommunications messages sent to or from a particular telecommunications address would be of material assistance (by itself or in conjunction with other information or evidence) in providing information, or evidence, such as aforesaid,
or

(ii) that(1) in the case of a serious offence that is apprehended but has not been committed, investigations are being carried out, for the purpose of preventing the commission of the offence or of enabling it to be detected, if it is committed, by the Garda Siochana or another public authority charged with the prevention or investigation of offences of the kind in question, (II) investigations not involving interception have Hliled, or are likely to fail, to produce, or to produce sufficiently quickly, infom1ation as to the perpetrators, the time, the place, and the other circumstances, of the offence that would enable the offence to be prevented or detected, as the case may be, and (III) ther e is a reasonable prospect that the interception of postal packets sent to a particular postal address or oftelecol11l11unications messages sent to or from a particular telecommunications address would be of material assistance (by itselfor in conjunction with other information) in preventing or detecting the offence, as the case may be, and (b) that the importance of obtaining the infonnation or evidence concerned is, having regard to all the circumstances and notwithstanding the importance of preserving the privacy of postal packets and telecommunications messages, sufficient to justify the intercepti on," This section provides important safeguards: interception is restricted to serious offences, investigation other than interception must be inadequate, interception is restricted to messages sent to or from a particular address, thus ruling out indiscriminate monitoring of traffic and "fishing expeditions", and interception must, in the circumstances, be proportionate,

http://www.digitalrights.ie/2009/05/2

8/camp laint -to-european -commission -over- irish -intercepti on -.

06/08/2009

Digital Rights Ireland )}Complaint to European Commission over Irish Interception Laws

Page 5 of 7

~ ion 8 of the Act then creates ajudicial power of oversight over the interception system, while section 9 creates a complaints procedure for persons who allege that interceptions have been improperly canied out The 1993 Act is, however, limited to "interceptions" which would (ifnot authorised) amount to an offence under section 98. (See the definition of "interception" in section 1.) Consequently, the 1993 Act has no application to interceptions falling outside section 98. It follows that any interception by the police of, for example, emails transmitted by a webmail service will not be regulated by the provisions of section 98 and will escape regulation by Irish law - the section 98 safeguards, including proportionality, judicial oversight and the complaints procedure, will not be available This would appear to breach Article 15.1 of Directive 2002/58/EC Article 15.1 speci fies that any restIiction by Member States of the rights and obligations provided for in Article 5 must be by way of "legislative measures" which are "necessary, appropriate and proportionate within a democratic society". However. interception of emails in the circumstances I have outlined would appear not to be govemed by any legislative measure, much less one which can be assessed as necessary, appropriate or proportionate The unfettered discretion which this would appear to confer on the police would therefore appear to be incompatible with the Directive In summary, it appears that Irish law has not been properly updated to take account of the requirements of Article 5 of Directive 2002/58/EC, and I would respectfully ask that the Commission investigate whether Ireland has failed properly to implement this Directive Entry Filed undeI: DRI, Privacy - Gel}er~[

2 CODlments
1. Eoghan

Add your

Q)VJl

June 17th, 2009 at 2:24 pm

I was thinking about this myself recently enough, I'd forgotten to check back here to see if anything had been done by DRI. Glad to see you took action Consider me raI1ied behind you on this one 2. MUldoch knew of phone hac~hellip

July 21st, 2009 at 5:47 pm

[.. ] to know the password if you want to access the YM from another phone. As usual, there's a good Digital Rights page! Our privacy laws don't seem to cover it, so DRI have complained to the EU Commission [,,]

Leave a COlnment
Name Email UrI
Required Required, hidden

http://www d igitalrights ie/2009/05/28/comp laint -to-european-col11mission-over-irish-interception-.,

06/08/2009

EUROPEAN COMMISSION
Information Society and Media Directorate-General

The Director-General

ACT DATE DATE

ION lOR I G I 1,1 le A

0 PY ;

U. Lk /1 la-itt

Brussels,
INrSOIB-2/SB/cr

1 5 VII 2009
0(2009) 130 130

;2-D-?-~
RECEIVED IF DIFFERENT

CC

A,~~ A ,0

}~/ro/

His Excellency Mr Rory Montgomery Permanent Representative of Ireland to the EU 89/93 Rue Froissart 1040 Brussels Belgium

Ref: Complaint number 2009/4368 Dear Sir, The European Commission is in receipt of a formal complaint concerning an alleged failure to transpose adequately certain provisions of the ePrivacy Directive (Directive 2002/58/ECI-) The main points of this complaint are set out below, In its notification of the transposition of Directive 2002/58/EC (dated 13 November 2003), the Irish authorities point out that Article 5.1 of that Directive was not transposed in the Regulations as there are already sufficient legislative provisions protecting the confidentiality of communications and related traffic data. According to the Irish notification, the relevant legislation is section 98 of the Postal and Telecommunications Services Act, 1983 as amended by the Interception of Postal Packages and Telecommunications Messages (Regulation) Act. 1993_ This letter of notification tltrther states that, according to the Irish legal services the term 'telecommunications message' is equivalent to the term 'communication' used in Article 5 of the ePrivacy Directive. Article 5.1 of Directive 2002/58/EC provides that:

"Member States shall ensure the confidentiality of communications and the related traffic data by means of a public communications network and publicly available electronic communications services, through national legislation. In particular, they shall prohibit listening, tapping, storage or other kinds of interception or surveillance ofcomlllunications and the related traffic data by persons other than users, without the consent of the users concerned, except when legally authorised to do so in accordance with Article 15( I). This paragraph shall not prevent technical storage which is necessary for the conveyance of a communication without prejudice to the principle of confidentiality,"

10.

J. L 201 .3107,2002 p. 37

Commission europeenne. B-l049 Bruxelles I Europese Commissie, B-l049 Brussel - Belgium Office: BU25 061183 Telephone: direct line (32-2) 299 09 81 Fax: (32-2) 2968394 E-mail: Stephen banable@ec europa eu

Telephone:

(32-2) 299 11 11

The complainant claims that this eXlstlllg domestic legislation only partially covers the requirements of Article 5 of the e-privacy Directive. Specifically, he claims that the scope of the national legislation is limited and that there are several situations which fall within Article 5 but which would not be covered by Irish law. The complainant notes three points in particular: I. He claims that section 98 of the Postal and Telecommunications Services Act 1983 prohibits the interception of only those messages that are being transmitted by communications providers who hold a general authorisation. Article 5( I) of the ePrivacy Directive does not refer to general authorisation of the respective communications providers. Instead it generally prohibits interception of communications by public communications networks. In that case communications transmitted by other persons are not protected. The Commission services would therefore appreciate clarification as to the scope of the prohibition of interception under section 98. The complainant further alleges that the reference under section 98 to messages "in the course of transmission" unduly restricts the prohibition of interception, since it would not cover any communications that have been stored by the recipient, such as contents of a person's inbox. Finally, the complainant alleges that the Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993 regulates police interceptions of telecommunications messages, but again (since it refers to section 98) only where those messages are being transmitted by persons who hold a general authorisation.

2.

3,

It appears that the provisions of section 98 cover any person operating under a general authorisation, In particular, section 4(8) of the European COlllll1unities (Electronic Communications Networks and Services) (Authorisation) Regulations 2003 states that 'a reference in an)! enactment fo a penon licensed under \'ection III of the Act of 1983 j~ fo be construed as a reference /0 an IIl1derwking deemed to be awhorised lindeI' the~e Regulations '

The Commission therefore requests the views or the Irish government on the issues as summarised above and in particular your clarifications as to whether, and if so, how, the requirements of the ePrivacy Directive are adequately transposed into Irish law, I would very much appreciate receiving your reply within ten weeks of receipt of this letter via the E U Pi lot system. Yours faithfully

Fabio Colasanti

Ref: Complaint no. 2009/4368 Dear Mr Colisanti refer to your letter of 15 July 2009 concerning a fOl1nal complaint to the European Commission alleging a failure by Ireland to adequately transpose certain provisions of the ePrivacy Directive (Directive 2002/58/EC). The views of the Irish authorities on the issues outlined in your letter and our transposition of the requirements of the relevant provisions of Directive 2002/58/EC are set out below.

Background
1. The ePrivacy Directive was transposed into Irish law by the European Communities (Electronic Communications Network and Services) (Data Protection and Privacy) Regulations 2003 (SI 53512003). Notification of Ireland's transposition was conveyed to the Commission by letter dated 13 November 2003. In that letter it is stated that the requirement under Article 5.1 of the Directive relating to confidentiality of communications has not been transposed in the Regulations as there are already sufficient legislative provisions protecting the confidentiality of communications and related traffic data, by virtue of section 98 of the Postal and Telecommunications Act of 1983 as amended 2. Section 98 provides, inter alia, that a person who intercepts or attempts to intercept telecommunications messages in the course of transmission shall be guilty of an offence. Complaint 3. The complainant makes three points which are summarised below: i) Section 98 only applies to communications transmitted by authorised communications providers and, therefore, does not apply to "communications transmitted by other persons". ii) The reference in section 98 to messages in the "course of transmission" restricts the prohibition under that section and would not cover any communications stored by the recipient, such as the contents of a person's inbox. iii) There is a deficiency in the Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993 because it also only applies to messages being transmitted by persons who hold a general authorisation Ireland's response to the complaint 4. By way of background to points i) and iii) above, prior to the coming into force of the European Communities (Electronic Communications Networks and Services) (Authorisation) Regulations 200.3 (SI 306/2003) ("the Authorisation Regulations"), the provision of telecommunications networks

and services was subject to the grant of a licence by the Minister under section III of the Postal and Telecommunications Services Act 1983, Pursuant to the Authorisation Regulations, licences were replaced by an authorisation system overseen by the Commission for Communications Regulation ("ComReg"). 5. Regulation 4 of the Authorisation Regulations provides that any person who intends to provide such a network or service is required to notify ComReg of his or her intention to so do and, upon receipt by ComReg of such notification, the person concerned is deemed to be authorised Regulation 4(8) provides that a reference in any enactment to a person licensed under section 111 of the Act of 1983 is to be construed as a reference to an undertaking deemed to be authorised under these Regulations. 6 Section 98 initially applied to Bord Telecom EireatUl (the then State monopoly service provider) only but the section was later extended by section 7(1) of the Telecommunications Services (Amendment) Act 1999 to licensed operators, which were defined in section 7(3) as '[Bord Telecom Eireann] or any person licensed under subsection (2) or (3) of section 111 of the Act of 1983' Given this amendment and regulation 4 (8) of the Authorisation Regulations, the complainant is correct to state that section 98 only applies to messages being transmitted by authorised providers. However, the Department does not agree with the further contention that there may be instances where a message is being transmitted over a network or service that is not being operated under a general authorisation and as a consequence would not be protected under Irish . law. The examples cited by the complainant are webmail services such as Gmail and voice over internet protocol services such as Skype. It is the Department's view that both the services provided by these technologies are transmitted over publicly available networks (such as the eircom or BT networks) which must be authorised by ComReg and to which section 98 applies With regard to point ii), it is suggested by the complainant that because the prohibition on interception in section 98 is limited to messages in the course of transmission and not to messages stored in email inboxes this does not provide the protection that article 5.1 of the ePrivacy Directive requires The Department disagrees with this complaint for two reasons. Firstly, it would not be justified to apply the tem1 'interception' to messages that are in fact in storage The ordinary meaning of word 'intercept' is to stop, deflect or seize on the way from one place to another; to prevent from arriving or proceeding. Once a message or communication arrives at its destination, it can no longer be intercepted or prevented from arriving or proceeding. The term is also defined in section 98 (6) as follows: "In this section 'intercept' means listen to, or record by an)! means, ill the cOllrse of its transmission, a telecommunications message but does not include slich listenillg or recording where either the person on whose behalf the message is transmitted or the persoll intended to receive the message has cOllsented to the listening or recording, and cognate words shall be construed accordingl)!. "

The Irish authorities are of the view that this definition is in keeping with the manner in which 'interception' is set out in Article 51. Secondly, Article 5.1 does not require Member States to provide such protection given that the definition of 'communication' at Article 2 (d) of the ePrivacy Directive is 'any information exchanged or conveyed between a finite number of parties by means of a publicly available electronic communications service'. There is no reference to the storage of information in this definition and the question of the protection of emails stored in inboxes may be more properly addressed by existing data protection laws. This interpretation is reinforced by the fact that the storage of such communications is seen as an entirely separate matter (see Recitals 22,26 and 27 to the Directive). To summarise, the Irish authorities consider that the existing provisions under Section 98 of the Postal and Telecommunications Act of 1983, as amended, adequately transpose Article 5 of Directive 2002/58/EC into Irish law and provide the required level of protection of the confidentiality of communications and related traffic data in accordance with that Directive

Your etc.