Gardaí and national security services 'need legal power' to access encrypted online messaging services

The judge said the failure to intercept these communications hindered the ability to protect national security, combat organised crime and investigate child sexual abuse.

The European Commission has been trying to push for this power, but it is opposed by civil rights organisations in Europe, including Ireland.

In his oversight report on ‘phone tapping’, Mr Justice O’Connor also provides the first update on the operation of separate powers to access communication data after Irish laws were largely severed following a European court decision in the Graham Dwyer case.

Dwyer, although successful in challenging the Communication (Retention of Data) Act 2011, did not succeed in having his conviction for murdering Elaine O’Hara quashed.

The Government introduced an amendment act in 2022, commenced in June 2023, in response to the effect of a European Court of Justice ruling.

Mr Justice O’Connor said the legislation allowing An Garda Síochána, the Defence Forces, and GSOC to apply to the Minister of Justice for authorisation to 'phone tap', or intercept communications, is based on legislation that is 30 years old – the Interception of Postal Packets and Telecommunications Messages Act 1993.

Although publishing a more detailed report than his predecessors, the judge declined to say how many applications have been made in the last year.

But he does reveal that there were “50% more interceptions” relating to serious crime than for threats to the security of the State in 2023 and up to May 2024.

He added: “The numbers relative to the State’s population size appear low and have not increased over that period.” 

Mr Justice O’Connor said that, because of the age of the act, online electronic communications services — such as ‘over the top’ (OTT) messaging services, web-based email, and voice services — are not included.

He said this covers services such as Viber, WhatsApp, Facebook Messenger, Google Talk, Gmail, FaceTime and Teams.

He said these services need to be brought into both the 1993 Act — allowing for the interception of ‘content’ of messages — and the 2011 Act, which allows for the capturing of data around communications.

Ms Justice O’Connor said that while mass digital surveillance is “unwarranted” and the rights of people to share private communications should be upheld, encryption has been a way of avoiding surveillance or intrusion.

He said politicians, journalists, lawyers, and others “prudently encrypt communications”, but added: “Unfortunately, there is widespread evidence of criminal organisations migrating in a pronounced way from traditional services towards encryption and use of OTT services.” 

He said this “hinders lawful access to important electronic evidence”.

He cited efforts by the European Commission to identify legal and technical solutions for lawful access to encrypted communications when “tackling terrorism, organised crime and child sexual abuse” and noted that Ireland is supportive of this.

Digital rights expert, TJ McIntyre, associate professor at Sutherland School of Law, UCD, said: “Technical experts agree that weakening encryption puts everyone’s online safety at risk. There’s no such thing as a backdoor that only the ‘good guys’ can use.” 

Liam Herrick, executive director of the Irish Council for Civil Liberties, said: “Weakening encryption for one weakens it for all. This is why attempts to pass an EU-wide law that would undermine all our private and secure communications and lead to generalised and indiscriminate surveillance have been hugely controversial and repeatedly failed.” 

In a statement, the Department of Justice said its review of interception-related legislation, which started several years ago, was “ongoing”.

It said: “The intention of the Department is that this review will be completed by year-end with a view to proposals being brought to Government.”