Ireland is considering new legislation to grant its law enforcement agencies expanded surveillance powers, including the authority to use spyware. The government announced the introduction of the Communications (Interception and Lawful Access) Bill, which would regulate the use of lawful interception technology. This includes spyware produced by companies such as Intellexa, NSO Group, and Paragon Solutions.
Jim O’Callaghan, Ireland’s minister for justice, home affairs, and migration, stated there is an urgent need for a new legal framework to confront serious crime and security threats. He added that the legislation will include robust legal safeguards to ensure the use of such powers is necessary and proportionate.
The primary motivation for the new law is that Ireland’s existing 1993 legislation predates modern communication methods, such as end-to-end encrypted messaging apps. Accessing such encrypted communications typically requires authorities to hack into a target’s device, either remotely with government-grade spyware or locally with forensic technology like Cellebrite devices.
The announcement specifies that the new law will cover all forms of communication, encrypted or not, and can be used to obtain both the content of communications and related metadata. The government also promised these surveillance powers will come with privacy, encryption, and digital security safeguards, including judicial authorization. Their use would be restricted to specific cases where it is necessary and proportionate to address serious crime or threats to state security.
The announcement lacked practical details, as the law has yet to be drafted. However, it includes a section calling for a new legal basis to use covert surveillance software as an alternative means of lawful interception to access electronic devices, a clear reference to computer and mobile spyware for investigating serious crimes.
Ireland’s move to permit spyware use occurs as government spyware proliferates across Europe, despite recent abuses highlighting human rights violations. While a decade ago spyware scandals were largely confined to regions with varying human rights standards, several cases of abuse have emerged in Europe in recent years, including in Greece, Hungary, Italy, and Poland.
Spyware has been used in Europe for over two decades. In 2004, Italy’s cybercrime unit signed an early contract with Hacking Team. In 2007, the head of Germany’s federal criminal police confirmed his agency used computer spyware. By 2008, WikiLeaks revealed a company selling spyware to German authorities for capturing Skype calls. In 2011, German hackers found state-developed malware on a traveler’s computer.
These early incidents received little public attention. However, as researchers documented the abuse of European-made spyware in countries like Egypt and Mexico, the technology became mainstream and relatively normalized. While some countries like Italy have laws regulating spyware, the European Union has since attempted to establish common standards for its use in response to continental scandals.