Irish and UK Government Digital Policy Moves: Expanded Surveillance Powers and In-House Digital ID Build
Ireland is considering legislation to expand law enforcement digital surveillance authorities, including stronger powers to intercept communications (explicitly including encrypted messages) and to create a clearer legal basis for police use of spyware. The proposal signals a shift toward more formalized state capabilities for communications interception and device compromise, with direct implications for privacy, lawful access, and the security expectations of end-to-end encrypted services.
In the UK, the government indicated that a new digital identity program is expected to be designed, built, and run by in-house government teams rather than outsourced to external suppliers, while declining to provide firm cost estimates ahead of a planned consultation. Ministers stated costs would be met within existing spending settlements, and the government pushed back on an external estimate (reported as £1.8B) pending consultation outcomes—raising governance, delivery-risk, and security-assurance questions for a large-scale identity platform even as detailed technical and budgetary specifics remain limited.
Related Entities
Organizations
Sources
Related Stories
Ireland Proposes Communications Bill to Legalize Police Spyware and Expand Interception Powers
Ireland’s government announced plans to introduce the **Communications (Interception and Lawful Access) Bill**, a legislative overhaul intended to modernize the country’s lawful interception framework and explicitly provide a legal basis for law enforcement use of **spyware**. Officials said the existing **Postal Packets and Telecommunications Messages (Regulation) Act 1993** predates modern communications, particularly end-to-end encrypted messaging, and argued a new framework is needed to address serious crime and security threats while adding “robust” safeguards to ensure powers are necessary and proportionate. The proposed bill is described as covering **“all forms of communications, whether encrypted or not,”** and enabling access to both **content and metadata**, expanding scope to services and device categories such as electronic messaging platforms, email, and **IoT** communications. While the announcement emphasizes privacy/security safeguards and increased technical cooperation between state agencies and service providers, reporting notes it does not clearly explain the technical mechanism for accessing encrypted communications—an outcome that in practice often requires **device compromise** (e.g., government-grade spyware) or local forensic extraction tools (e.g., *Cellebrite*). The government also indicated alignment with the EU Commission’s roadmap on lawful access and encryption-related interception issues.
1 months ago
EU Digital Omnibus Proposals Face Privacy Watchdog Backlash Over GDPR Changes
European privacy watchdogs and digital rights advocates are pushing back against the European Commission’s proposed **“Digital Omnibus”** package, arguing that amendments billed as regulatory “streamlining” could **weaken EU privacy protections** and erode fundamental rights. Reported concerns focus on proposed changes to the **GDPR**, including narrowing the definition of **personal data** so that not all data that could potentially be linked to an identifiable person would qualify, alongside other adjustments intended to reduce compliance friction (e.g., reducing cookie banner requirements in some cases and simplifying multi-law breach notification processes). Separately, UK officials told Parliament that **legacy IT** is impeding implementation of technical controls meant to prevent repeats of the Ministry of Defence’s highly sensitive Afghan data exposure, where roughly **19,000** resettlement applicants’ details were compromised via a **CC instead of BCC** email error. The government’s Information Security Review recommended shifting cross-government information sharing away from email/attachments and toward source-based sharing, but ministers and the chief data officer cited departmental system fragmentation as a barrier to rolling out attachment-blocking and safer data-transfer mechanisms at scale.
1 months ago
US and UK Immigration Agencies Seek Expanded Surveillance and Data-Analytics Capabilities
US Immigration and Customs Enforcement (ICE) issued a federal request for information seeking **commercial “Big Data and Ad Tech”** products—explicitly including *ad-tech compliant and location data services*—to “directly support investigative activities,” signaling continued interest in leveraging commercial data-broker and advertising-technology ecosystems for law-enforcement use. Related reporting highlights longstanding concerns that US agencies can sidestep Fourth Amendment warrant requirements by purchasing sensitive data about residents, and notes broader DHS/ICE enforcement activity that has increased scrutiny of surveillance practices and the downstream impacts of ad-tech tracking on affected communities. Separately, the UK Home Office’s Border Security Command is pursuing up to **£100M** in procurement for a “maritime situational awareness system” designed to autonomously detect, track, and identify small boats and other non-cooperative vessels, including fusing data from land-based and **BVLOS drones** into a managed “Coastal Maritime ISR Service.” In parallel, a viral “ICE List” site claimed to publish leaked personal data on thousands of DHS employees, but analysis found the database largely relies on **publicly available self-disclosed information** (notably LinkedIn), underscoring operational security risks from personnel oversharing even when no breach is involved.
1 months ago