Ireland Proposes Communications Bill to Legalize Police Spyware and Expand Interception Powers
Ireland’s government announced plans to introduce the Communications (Interception and Lawful Access) Bill, a legislative overhaul intended to modernize the country’s lawful interception framework and explicitly provide a legal basis for law enforcement use of spyware. Officials said the existing Postal Packets and Telecommunications Messages (Regulation) Act 1993 predates modern communications, particularly end-to-end encrypted messaging, and argued a new framework is needed to address serious crime and security threats while adding “robust” safeguards to ensure powers are necessary and proportionate.
The proposed bill is described as covering “all forms of communications, whether encrypted or not,” and enabling access to both content and metadata, expanding scope to services and device categories such as electronic messaging platforms, email, and IoT communications. While the announcement emphasizes privacy/security safeguards and increased technical cooperation between state agencies and service providers, reporting notes it does not clearly explain the technical mechanism for accessing encrypted communications—an outcome that in practice often requires device compromise (e.g., government-grade spyware) or local forensic extraction tools (e.g., Cellebrite). The government also indicated alignment with the EU Commission’s roadmap on lawful access and encryption-related interception issues.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Justice Department begins developing the legal framework
Following the announcement, Ireland's Department of Justice said it would work with the Attorney General's Office and other state agencies to develop the legislation's legal framework for interception, spyware, and device-scanning powers.
Irish civil liberties group criticizes surveillance proposals
After the plans were announced, the Irish Council for Civil Liberties publicly criticized the package as a broad expansion of surveillance powers with significant implications for privacy and fundamental rights.
Ireland announces plan for new lawful access and spyware bill
In January 2026, the Irish government announced plans to draft the Communications (Interception and Lawful Access) Bill to modernize its 1993 interception framework. The proposal would expand lawful interception to modern digital communications, including encrypted services, and create a legal basis for police spyware use subject to judicial authorization and proportionality safeguards.
Recording Devices Bill introduced in Ireland
In December 2025, Ireland introduced the Recording Devices Bill, a separate measure proposing expanded police use of biometric recognition technologies, including the potential for live and retrospective facial recognition.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Ireland proposes allowing law enforcement to intercept encrypted communications | SC Media
scworld.com
Open sourceIreland plans law allowing law enforcement to use spyware | The Record from Recorded Future News
therecord.media
Open sourceIreland proposes new law allowing police to use spyware | TechCrunch
techcrunch.com
Open sourceIreland explores legal spyware, encryption-breaking powers • The Register
go.theregister.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Irish and UK Government Digital Policy Moves: Expanded Surveillance Powers and In-House Digital ID Build
Ireland is considering legislation to expand law enforcement digital surveillance authorities, including stronger powers to intercept communications (explicitly including **encrypted messages**) and to create a clearer legal basis for police use of **spyware**. The proposal signals a shift toward more formalized state capabilities for communications interception and device compromise, with direct implications for privacy, lawful access, and the security expectations of end-to-end encrypted services. In the UK, the government indicated that a new **digital identity** program is expected to be **designed, built, and run by in-house government teams** rather than outsourced to external suppliers, while declining to provide firm cost estimates ahead of a planned consultation. Ministers stated costs would be met within existing spending settlements, and the government pushed back on an external estimate (reported as **£1.8B**) pending consultation outcomes—raising governance, delivery-risk, and security-assurance questions for a large-scale identity platform even as detailed technical and budgetary specifics remain limited.
Mar 21, 2026
Canada’s Bill C-22 Sparks Industry Backlash Over Encryption and Metadata Access
Canada’s proposed lawful access bill, **Bill C-22**, drew opposition from Signal, Apple, Google, Meta, NordVPN, DuckDuckGo, Windscribe, and Tailscale, which warned that the measure could force providers to weaken encryption, retain user metadata for up to one year, and build technical capabilities for government access. Critics said the bill’s use of secret ministerial orders and limited judicial oversight could undermine privacy commitments, raise compliance costs, and create new security weaknesses that malicious actors could exploit. Canadian officials said the legislation is intended to modernize investigative powers and that amendments will clarify it is not meant to break encryption, but the government plans to preserve the one-year metadata retention requirement. Civil liberties groups and researchers including **Citizen Lab** and the **Canadian Civil Liberties Association** argued that the metadata retention and ministerial-order provisions should be removed entirely, warning that the proposal deepens the conflict between lawful access demands and the need to protect privacy, cybersecurity, and secure communications.
Jun 9, 2026
Governments Expand Digital Surveillance Through Interception, Spyware, and Biometric Systems
Governments are broadening digital surveillance through a mix of network interception, lawful intercept platforms, deep packet inspection, mandatory data retention, endpoint spyware, platform monitoring, and public-space surveillance, according to a new risk assessment. The report highlights Russia’s opaque `SORM` model as a prominent example of state interception architecture and says Chinese and Russian surveillance technologies are being exported to multiple countries, extending these capabilities beyond their domestic markets. The assessment says commercial spyware including **Predator**, **Candiru**, **Pegasus**, and **Paragon** has been used against journalists, activists, and civil society, while newer laws and policies in countries such as Ecuador, Myanmar, Nicaragua, Vietnam, Cambodia, Kyrgyzstan, Russia, and Kazakhstan are expanding state access to communications, metadata, biometric records, and internet infrastructure. It also points to growing use of **Safe City** platforms, facial recognition, `IMSI` catchers, national messenger apps, digital ID systems, and centralized biometric databases, warning that weak oversight raises risks ranging from privacy abuses and human-rights violations to corporate espionage, zero-day exploitation, and exposure of sensitive personal data.
Jun 24, 2026