JOINT COMMITTEE ON COMMUNICATIONS, MARINE AND NATURAL RESOURCES debate -
Wednesday, 26 Nov 2003

The sub-committee on Scrutiny of EU Legislation has forwarded a number of proposals for the attention of the committee. Is it agreed to scrutinise COM (2003) 451? Agreed. Is it agreed to scrutinise COM (2003) 476? Agreed.

I must indicate a number of regulations which do not have to be scrutinised. Is it agreed that no further scrutiny is required on COM (2003) 421? Agreed. Is it agreed that no further scrutiny is required on COM (2003) 416? Agreed. Is it agreed that no further scrutiny is required on COM (2003) 437? Agreed. Is it agreed that no further scrutiny is required on COM (2003) 455? Agreed. Is it agreed that no further scrutiny is required on COM (2003) 474? Agreed. Is it agreed that no further scrutiny is required on COM (2003) 440? Agreed. Is it agreed that no further scrutiny is required on COM (2003) 478? Agreed. Is it agreed that no further scrutiny is required on COM (2003) 519? Agreed. Is it agreed that no further scrutiny is required on COM (2003) 516? Agreed. Is it agreed that no further scrutiny is required on COM (2003) 556? Agreed. Is it agreed that no further scrutiny is required on COM (2003) 561? Agreed. Is it agreed that no further scrutiny is required on COM (2003) 589? Agreed. Is it agreed that no further scrutiny is required on COM (2003) 593? Agreed.

Is it agreed to note COM (2003) 370? Agreed. Is it agreed to note COM (2003) 453? Agreed. Is it agreed to note COM (2003) 477? Agreed. Is it agreed to note COM (2003) 550? Agreed. Is it agreed to note COM (2003) 403? Agreed. Is it agreed to note COM (2003) 227? Agreed.

That reminds me of the 100 lines I had to write when I was a young lad going to school.

There is a concern. I have the list of the first half dozen or so COMs documents on my paper but I did not have the further ones. This is unsatisfactory. I do not have a problem with proceeding with business but we are agreeing to pass on the scrutiny aspect where I and perhaps other members have not got a full list.

There is one other issue but I do not have the documentation here. Unfortunately, we have recently had a series of meetings cancelled at the last minute. Today is an example of where we expected an earlier meeting but it was cancelled at the last minute. It has been hard to keep up with the progress or timetable of meetings.

I will ask the clerk to come back to us on this.

The committee has agreed to examine further the following proposals: COM (2003) 92, a proposal for a directive of the European Parliament and of the Council on ship source pollution and on the introduction of sanctions, including criminal sanctions for pollution offences; and COM (2003) 63, a proposal for a regulation of the European Parliament and of the Council establishing the European Network and Information Security Agency.

I welcome Mr. Maurice Mullen, Mr. Caoimhín Ó Ruairc and Ms Lorraine McGurk. We will begin with a presentation on COM (2003) 92 followed by a question and answer session. I understand that Mr. Aidan Ryan and Ms Caroline Greer will come in later to speak on the second COM document.

I draw everybody's attention to the fact that members of this committee have absolute privilege, but the same privilege does not apply to witnesses appearing before the committee. It is generally accepted that witnesses will have qualified privilege, but the committee cannot guarantee any level of privilege to witnesses appearing before it. Members are reminded of the long standing parliamentary practice to the effect that members should not comment on, criticise or make charges against a person outside the House, or an official by name, or in such a way as to make him or her identifiable.

Some members of the committee, including myself, will have to leave here to be in the House for the Broadcasting (Funding) Bill at 3.45 p.m. Senator Finucane will take over the Chair at that time.

Thank you, Chairman. We are grateful for the opportunity to explain and respond on the directive on ship source pollution. This is a matter which has particular significance for us. Although there is a Transport Council meeting next week, this matter is likely to flow over into our EU Presidency term and will call for a response from us. A draft directive was called for on this area following a number of developments. One was the Prestige incident off Spain in late 2002. In December following the incident the Council drew up a number of conclusions to strengthen the measures for prevention and pursuance of those who cause oil pollution, such as ship owners and ship operators. On 5 March 2003, the Council presented the first draft of the proposal which is now being discussed.

This has been a difficult process for discussion. One of the issues that the draft is trying to address is the imposition, among other things, of criminal sanctions on polluters. Such an instrument causes difficulties for many member states, including Ireland, because criminal issues are normally matters for domestic legislation only. The original proposal by the Commission was for what is known as a first pillar instrument for the directive to maintain a substantial amount of criminal sanction material. This did not find favour with most member states and it was decided to pursue this regulation in two different processes. One was to be under the justice strand, examining a framework decision which in effect would set out the criteria under which all member states would bring in new domestic criminal legislation which would allow them to prosecute those who have committed pollution offences; second, they continued with this directive dealing with other aspects of pollution prevention.

I will set out the key issues. All member states support this type of proposal and our Minister is one of the leading advocates. There are a number of issues with which many member states have difficulty. The first is that the issue of criminal sanctions is not for a directive or a first pillar instance but rather it is a domestic issue. It is still not clear where the line should be drawn between the framework directive which I mentioned earlier and this particular directive. The Commission proposals go beyond both what is known as the MARPOL convention, which is a UN convention relating to marine based pollution. It is also out of step with UNCLOS, the United Nations Convention on the Law of the Sea. The difficulty is that the Commission wants the European Union to go further and have stronger laws with greater powers than was agreed at the UN convention. It has introduced such issues as a ban on insurability of fines to prevent oil polluters from buying their way out of problems. The dilemma for countries such as Ireland - and it applies to most member states - is that it is very difficult to unilaterally move beyond the MARPOL conventions and the UN conventions because the implications are that we could be accused of flouting international law, among other things. Clearly the criminal sanctions issue is a difficult one and there has not been agreement on that.

The current position is that member states remain very divided. It will not be agreed at the Transport Council meeting on 5 December. The Irish Presidency will have to deal with this issue. The legal position being adopted by Ireland is based firmly on the advice of the Attorney General. We are reluctant to exceed the provisions of UNCLOS and MARPOL. We can accept some form of non-binding reference and criminal law sanctions. In plain language, that means the Attorney General has advised that it is not a good idea to step beyond UNCLOS. MARPOL and UNCLOS provide that we can prosecute anybody who pollutes in our waters and where we can produce evidence of same. We can only introduce monetary fines in certain circumstances. We cannot prosecute people who pollute on the high seas and whose pollution subsequently comes to our port. There is a huge difficulty in doing that at this stage without other changes in UN conventions.

We believe that the approach that may be adopted on the criminal sanctions, which is to leave it to member states, is one in which Ireland is already ahead of the camp. The Sea Pollution Act 1991 provides for many of the powers that are now being discussed by the Commission. If they do not go beyond the MARPOL and UNCLOS conventions, we would seem to have the powers in place to do what the Commission would like all member states to do, which is, to prosecute those who pollute.

In summary, this is a regulation that requires a lot more thought and which will fall under our convention under the Irish Presidency. We have powers under the Sea Pollution Act to implement most of what we are talking about in this directive. We can investigate and prosecute. We do not think additional provisions should be added which go beyond the UN conventions governing this area because the implications are far wider here in terms of the orderly rule of the law of the sea. If we wish to go beyond the current conventions it would be better to operate through the UN process and get all countries party to that to agree new processes.

I may have to leave soon to speak in the Dáil. I have some questions. The explanatory brief supplied to the committee gives some figures for incidences in 2001 of pollution at sea that related to what we are talking about. There were 390 oil slicks in the Baltic, 596 in the North Sea, 1,600 illicit discharges in the Mediterranean. Is there any indication of the figure for the western Atlantic waters, our territorial waters? Given the figures for the North Sea, the western Atlantic being a much larger body of water and the body of our territorial waters being even larger than even the North Sea, can the Department confirm that we must be looking at close to 1,000 incidents? If that is the case and if the Department can confirm that between 500 and 1,000 is an estimate of illicit discharges in Irish waters, I find it very regrettable that we are looking at possibly watering down the directive being proposed by the Commission for fear that we may flout international law. Are there any other incidences where EU law goes beyond UN conventions? I can think of several, for example, the Kyoto agreement.

At present we are engaging in an emissions trading system which under UN regulations is not due to be introduced until 2012 and we are starting in 2008 with our own. I did not think that UN regulations were such that if one went further and strengthened their aspirations, one would then be flouting the international law. I would have thought the UN conventions in general allowed groups of countries or individual countries to provide yet tighter legislation. If that is the case, I would be very disappointed if we are considering a watering down. My first question is about an estimate for the number of discharges in Irish waters. Why is trying to provide a tighter regulation to the UN seen as flouting the law rather than developing it?

In order to have this passed during our Presidency will we have to row back on it slightly as certain countries have significant objections to it? If this is the case from where are most of the objections coming? Does Greece have concerns because of the number of ships it has? What other countries have difficulties with this?

Under this directive is the issue of single skin versus double skin tankers being considered? The Prestige was a tanker with a single skin hull. On a number of occasions the Minister has said he is anxious to lead the charge to outlaw such tankers in European waters. This would seem an obvious directive in which to include something along those lines. We considered setting aside certain areas of water into which such single skin vessels could not enter. For example, if they were travelling along the west coast of Europe, they might be required to stay 50 miles off the Irish, French, Spanish and Portuguese coastlines. Is it possible that Ireland would promote such a concept as part of trying to get this directive passed during our Presidency?

What is our position? Are we among those not prepared to go beyond MARPOL or UNCLOS? I can see that the division of competencies between the Union and individual countries would be an issue. The Union may be trying to stray into domestic legal structures. I can understand why the Commission might believe this needs criminal sanction. Will Ireland take a leading role to try to get this passed or are we unhappy about it?

First, I will get the exact the number of slicks on the west coast and will return this information to the Deputy. Obviously the North Sea and the Baltic are very heavily used areas. In the case of the North Sea, it is an oil production area. Therefore, there are much higher numbers involved. There is information on the slicks. I will get whatever information I can and come back to the Deputy.

Sorry, I thought that there might have been a case. It is not because of MARPOL. We have a provision in national legislation, the Sea Pollution Act 1991. Our difficulty up to now has been to track those who are polluting. Most ships passing the west coast do not call to our shores. Earlier this year we got notification that we had been accepted as a member of the Bonn agreement. This is a group of European coastal states that share information on pollution at sea. As part of that we are in the course of tendering arrangements to introduce aerial surveillance and we hope to have aerial surveillance in place throughout 2004. This will significantly enhance the possibility of tracking those that are passing the shore and are polluting. In addition, we are supporting research undertaken by Bonn agreement partners into satellite monitoring of ships. A huge difficulty for us all is how to track those who pollute. Clearly if something happens very close to our coastline, we can follow that. However this is not true for the ones about which the Deputy is concerned and we share those concerns

I do not think so. This directive will harmonise considerably the commitment of member states to pursuing pollution incidents. Not all member states' legislation is as developed as ours. We have a framework for investigating and prosecuting that would appear to be more robust than in other states. The Commission is trying to force through a significant common standard. The big issue for all is that of tracking. How can we know when pollution incidents have taken place? The European Maritime Safety Agency was established last year and I am on its board. One of the priorities of that body is to seek and share information about how we track the international polluters.

As I have explained, the problem, like a lot of things at sea, is out of sight. It is not possible to know who has done the deed. That is why we have gone down a road of engaging in aerial surveillance from next year. We have pursued membership of the Bonn group over the past two years with the objective of getting harder information. When we have information, we have powers within the Sea Pollution Act to investigate and prosecute. However, we cannot prosecute without information. To be fair to the other member states which are in the Bonn Convention arrangement, they have found the same.

I think it is linked. The issue really is why we cannot use the traditional surveillance for fisheries. The requirement is for specialist cameras to detect the different colours in the water from a height. This is what is being provided for now. Perhaps people should have done it years ago. However the European Union's awareness of the issues associated with sea pollution has become far greater in the past few years and we have moved to develop our own awareness in tandem with that. In Europe generally, the fact that the Council made 20 recommendations in December 2002, following the Prestige incident, covering almost all aspects of safety and prevention strategies would suggest that Europe must have been ahead of the posse at that stage, but that was not the case. The awareness on the ground throughout the European Union and the determination to bring forward a range of measures, has pushed the situation forward and we are moving with that tide.

A question arises as to why we cannot go further than the UN. Of course, any contracting party to a UN convention can go further where its own situation is concerned. In the case of the Kyoto agreement, for example, the EU can decide to have more stringent measures in place in its jurisdiction, but it does not have the right to force those measures on others. There is a unique twist to Law of the Sea conventions in that a vessel at sea is regarded as a piece of the earth of the country whose flag it is flying. Among other things, the rules state that one cannot interfere with that vessel or board it. One has to work through the authorities of the country of origin.

The problem for most EU countries with regard to the Commission's approach to this proposed regulation is that, effectively, it sends out a signal that the European Union is quite happy to go beyond international laws. However, the implication for the ships of EU countries is that they may be exposed to unilateral action by third countries, such as illegal boarding. On such issues, member states are saying that, before going down that road, we should be clear as to all the implications of going beyond our own scenario. There are other routes the Commission could have taken but it did not do so. Nobody disputes that there are significant problems involved in the present approach.

On the question as to whether we will have to row back in terms of linking in Ireland's position, I do not believe we will row back from what is on the table at this stage. The difficulty for member states is that the Commission tabled a proposal which, in the view of many, required much more careful thought. Many member states believed there was an alternative way to address the situation. On the high seas, the flag state is the responsible authority. If the issue of flags of convenience was tackled more comprehensively, that might be a way forward.

I am obliged to attend another meeting at this stage. Is it agreed that Senator Finucane take the Chair in my absence? Agreed.

Senator Finucane took the Chair.

Our Minister has a very strong position on all of these issues. Among other things, he would like to see this regulation introduced. He knows it has to be amended to take account of national legislation strands vis-à-vis those of the EU. However, it will have the impact that all EU member states will, at least, bring forward laws so that, on a national basis, they will be able to pursue those who pollute.

With regard to the issue of single skin tankers, there was reference to "the Minister leading the charge". The Minister has implemented a number of very important measures ahead of this regulation which would suggest it is not appropriate to bring in measures concerning single skin tankers through the type of legislation which is now before this joint committee. First, Ireland pushed very strongly for a change of timeframe for the phasing out process and a new timeframe has been agreed. Second, Ireland led, together with France, with regard to areas of special sensitivity. The Union agreed to that and it has now gone to the IMO for its agreement, which would mean that vessels would have to be significantly far out from our west coast. That has already gone a stage further than this process and is already in play. Accordingly, there is no need to include it in the present context.

However, there is still a considerable amount of work to be done to harness the Council's support for the regulation, suitably amended to take account of national and local criminal law responsibilities. That said, the Minister's objective is to get this through during the Irish Presidency. The Italians were unable to bring this matter to closure and have signalled us accordingly. We will try to find words to at least recognise the importance of these matters with reference to MARPOL and UNCLOS within the regulation. We will then push for the matter to go back to the UN with a view to opening it up to international support for this type of measure at that level. I anticipate there will be international support if we clarify precisely what countries should do differently to existing law.

One regrettable feature is that this exercise did not appear to have been carried out in a sufficiently robust way to make it fully clear as to what this draft was trying to do and how it would augment existing rules. I believe it will fall to us to firm up this proposal and bring a greater sense of clarity to it.

One of the main men. We introduced regulations earlier this year giving effect to the directive under which port authorities have to prepare plans to deal with port waste reception facilities. These arrangements are proceeding. Under the terms of the directive, member states have to report progress in this regard after three years to the Commission. Our arrangements allow for consideration of the matter on an annual basis. The port authorities have been sending us draft plans in recent months. The plans have been examined by the administrative staff and technical experts in the Department. They are moving ahead.

Under the directive, which was adopted in December 2000, it was necessary for member states to introduce legislative instruments to give effect to it within two years. This meant that action had to be taken by the end of 2002. The Irish instrument was somewhat late, but it was signed by the Minister earlier this year. The Department was in contact with many of the ports before the statutory instrument was signed. Some of the ports have been working on preparing their plans. In the cases of ports which had facilities in place, it was simply a matter of making formal arrangements to comply with the terms of the directive.

Reception facilities have been available in some of our ports since regulations were introduced about ten years ago to give effect to the various annexes of MARPOL. Not all of the ports have all the facilities. The port waste reception facilities directive requires that details of the available facilities should be made known. Information should be provided about the location of the facility and how it works.

The purpose of this session was to explain to the committee certain forthcoming aspects of this directive as well as the position Ireland may wish to take in that regard. It has been made clear, however, that the directive will probably change before it is agreed. Will the committee have any role in that process during the next six or eight months? Are we expected to understand what is happening or are we expected to make recommendations? I question the relevance of the process of scrutinising EU legislation. Should the committee offer comments, recommendations or assistance to the Minister or his Department?

Any assistance from the committee would be welcome. I am not in a position to say what advice the committee should offer. It is timely that the committee has been made aware of this matter at this stage so that it can be familiar with the arguments that will be made in the coming months. The Minister will be keen to clarify any aspects of this matter.

Is this issue being used by the Commission as a way of usurping a clear national function? The Minister for Justice, Equality and Law Reform gets very agitated whenever such matters are raised. It may be considered that our criminal justice system should be the relevant system. There may be a federal attitude to the matter. I wonder if the fact that it cannot be done through the EU - it has to be done through our system - is a fundamental problem with this matter. Will there be quite significant small registers? When we examined the registers of shipping recently, we considered the fact that Malta will join the EU next year. Some concerns have been expressed about the number of ships that have been placed on our register. Is it not possible that this should be kept under close review at national level?

The Commission's enthusiasm for this type of proposal results from the huge concern that has been expressed throughout the EU about the dangers posed by instances of pollution. There is also a frustration about what one can do to prevent such instances. I suspect that a certain frustration may exist because the current international laws do not go far enough. This may be true among the waste receivers, the International Maritime Organisation and other conventions to some extent. The IMO is meeting this week and next week to discuss the single hull issue. It will consider the EU recommendation that shipping in the rest of the world should follow its decision to pursue an accelerated phase out.

This issue relates to the registration of shipping, which was mentioned earlier. The Commission considers that to be another angle to be addressed. It believes that the arrangements in many countries for the management of major instances of pollution are confusing. The Commission has taken a certain view. I cannot express an opinion about how Spain handled another instance of pollution. The Commission is keen to assess what national states can do.

Deputy Broughan mentioned an important aspect of this matter - the fact that Malta, where a significant number of ships are registered, will join the EU next year. It is clear that anybody with a ship on the Maltese register will have to comply with EU rules from next year. We will watch very carefully to see what happens.

The Department shares the desire of the Commission to see a return by many ships to European flags. A huge number of European shipping interests are flagged in non-European flags. An increase in the number of European ships with European flags and, therefore, European standards would represent a massive move towards safety in its own right. During the dialogue in advance of the Presidency, we suggested to the Commission that we would explore with it proposals which might strengthen the attractiveness of the European flag. The Minister has raised this matter with Ms Loyola de Palacio. It is understood that if one flies with the European flag, one is behaving in accordance with safe rules.

Deputy Broughan mentioned the number of ships on the Irish register, which is a very strong register with very clear rules for any European party or corporate group on it. Any ship which is to be placed on the Irish register will go through as tough a test as one will get anywhere before it is allowed to be on the register.

The surveyors advised me strongly on this. The issue should never simply be age. One could have very new ship which is badly managed. Many of our quality, Irish owned ships have quite a number of years on their backs and they are doing very well. Other ships operating in the world are much younger, but have not been well managed. For safety reasons, the criterion is not age, it is the seaworthiness of the vessel.

I welcome Mr. Aidan Ryan and Ms Caroline Greer from the Department of Communications, Marine and Natural Resources. We will have a presentation followed by a question and answer session. Before Mr. Ryan commences his presentation, I wish to draw everyone's attention to the fact that members of the committee have absolute privilege but this does not extend to witnesses appearing before the committee. While it is generally accepted that witnesses have qualified privilege, the committee cannot guarantee any level of privilege to witnesses appearing before it. Members are reminded of the long standing parliamentary practice to the effect that they should not comment on, criticise or make charges against a person outside the Houses, or an official, by name or in such a way as to make him or her identifiable. I invite Mr. Ryan to make his presentation.

As requested, I have prepared a ten slide presentation on the European Network and Information Security Agency. As our economy matures, we are becoming more and more dependent on communications networks and information society systems. These networks control every part of society, for example, infrastructure, support business and e-commerce, on which we are becoming increasingly dependent, and contain large amounts of personal data of all kinds for citizens of Europe.

We are familiar with some of the articles which have appeared in the newspapers concerning the release of viruses on the Internet, causing problems to networks and, in more extreme cases, forcing them to shut down, reorganise and rebuild to provide the service for which they were designed. In certain cases, this has caused substantial financial damage, which is undermining user confidence in doing business online and electronically. Ultimately, the real threat is to the information society and many of the objectives laid out in the e-government plan 2005.

The legal background to the initiative is new legislation being progressed and developed by the telecommunications industry. The most recent examples of this legislation include the framework directive, the authorisation directive and directives on electronic commerce. Through these directives, legislators have been trying to develop a regulatory regime which would protect personal data and guarantee privacy. The initiative is also an effort to ensure integrity and security among private and public communications networks.

One of the key objectives of the European Union is the promotion of the Internal Market, which includes allowing for the free flow of information across boundaries and between networks. The need for expertise in network security has been recognised at EU level. The European Network and Information Security Agency would need to be in a position to provide guidance, advice and all necessary assistance to member states in dealing with the threats to network integrity and security.

As we move forward, our telecommunications networks are becoming more complex. Traditional broadcasting, telephone and cable networks are becoming integrated, with the possibility to deliver voice, telecommunications and data services to homes on one wire. This opportunity also creates increasingly complex technical challenges.

One of the main features of the new agency is its independence and one of the principal advantages of having a network security agency is the absence of a comparable organisation. The agency is designed to complement competences in the various member states. To date, the member states have taken slightly different approaches to this issue and the establishment of the new agency provides an opportunity to harmonise, reap benefits for everybody involved and facilitate information exchange. The need for information exchange and the quick deployment of solutions is becoming increasingly important as viruses become more problematic and capable of doing more damage.

The objectives of the agency, as listed in Article 2 of the regulation, include enhancing the ability to respond to network and information security problems, assisting and delivering advice to member states and assisting the Commission in developing new legislation in the field of network and information security. Its tasks, as listed in Article 3, include collecting information, analysing risks, enhancing co-operation between the different bodies involved in network security, increasing awareness and providing comprehensive information on threats and the best practices to deal with them and, where necessary, developing new standards for security products to enable ordinary citizens and industry to buy products which will protect their networks adequately.

The organisation is divided into three sections, the management board, the executive director and the permanent stakeholders group. The management board will consist of one representative from each member state, three members proposed by the Commission and a number of representatives from the information communications technology industry, consumer groups and academia. The executive director will have the job of managing the agency and carrying out the work plan on a day-to-day basis. Later, I will discuss this appointment, which has not yet been made. The permanent stakeholders group consists of a wide variety of people also drawn from the information communications technology industry, consumer groups and academia. They have been brought together to provide assistance in drawing up an appropriate work programme for the agency.

It is envisaged that the agency will be a legal body with its own personality and will come into operation on 1 January 2004 for a period scheduled to last for eight years. Notwithstanding this time limit, the Commission has identified that a review shall be carried out within three years to determine whether it is operating in the most effective manner possible. The agency's budget is envisaged to be in the order of €25 million, which may increase once the accession countries have joined the European Union.

The legislation can be traced to 11 February 2003 when the Commission adopted a proposal of the European Parliament and the Council for a regulation establishing a network security agency. This involved the co-decision process, with the European Parliament playing an active role in the legislative process. The regulation was approved by the European Parliament on 19 November 2003 and the Council the following day.

The new agency will be beneficial for Ireland. It will provide a unique centre of excellence and, as I stated, its independence will be invaluable. It is tasked to act swiftly, a necessary capability in the current climate, and will create confidence among industry to invest in their networks and among people to do business on telecommunications and Internet based networks. The resources earmarked for the agency will provide an opportunity to carry out research which would otherwise be difficult to achieve. With representatives from the ICT industry and various other players, the new agency will also have a wide body of opinion feeding into it. We believe this group should bring a comprehensive work programme to the agency that will deliver a product from which we will all benefit.

I thank Mr. Ryan for his presentation. This approach is a positive development. With whom would the agency liaise here? I presume it could be based here, as was mentioned by the Minister some time ago. How would it operate on the national front?

Are issues of privacy involved? Concerns have recently been expressed in the media about privacy and the collection of information on Internet usage and so on. This information could have an important role in preventing illegal and inappropriate behaviour, but can it be used for other purposes, such as policing?

In terms of the location of the agency, on the two page note I provided some guidance on what has happened to date. We have to bear in mind that the decision to move forward with this agency was only concluded on 20 November, which is a very short time ago. Given the urgency and determination of the Italian Presidency to have this agency up and running as quickly as possible, a decision has been made to locate the agency in Brussels in the short-term to get it delivering services.

The location of the long-term home for the agency remains to be decided, probably at EU Council level, which will happen at a future date. Ms Greer was at the meeting in Brussels where the Council discussed this. We will have to wait, as I do not think any date was set for this decision.

In terms of the agencies that would liaise with this group in Ireland, a number of people and organisations are involved in looking after network security from different angles. Our Department has been actively involved in producing publications and trying to increase awareness of network security. We have a number of initiatives and have produced a booklet which we are in the process of circulating to schools.

Organisations within industry have come together to look after their own interests and discuss common problems. ComReg is interested in the continued and proper functioning of the telecommunications networks. We also work with university agencies which have traditionally been involved in network security because the Internet has grown out of the university environment. In most European countries a certain level of expertise is available in universities.

In terms of the privacy issue with regard to data collection, what we are trying to do here is produce best practice, information and advice for people who hold existing networks. We want to try and maintain the integrity of these networks so that data cannot be taken away in an unauthorised fashion. The data are stored on these networks purely as a protection mechanism to try and ensure that there is no unauthorised access or egress of information to areas of other telecommunications networks which would not be appropriate.

What level of information collection is envisaged in regard to e-mail traffic, the downloading of software from the Internet and so on? As Deputy Broughan said, there is some concern about the issue of privacy.

Did the impetus for this agency develop after 11 September 2001? Since then, there has been a particular emphasis on security across networks. Is there any level of linkage between Europe and the US and, if so, what is the extent of it?

Can individuals or companies contact the agency for advice on network security? Can one expect the agency to have the most up to date opinion in Europe? Will this be part of its job, in addition to being a security agency which monitors traffic and network usage across the European Union? I am somewhat concerned as to the use of the information which the agency will gather. Who will have access to this information? Will it be Governments or the European Commission?

A number of months ago, concern was expressed that the monitoring of networks in response to the war on terrorism would become the norm in Europe in order to have a unified approach with the US which is already doing it. We have not yet addressed this aspect of the matter. Is it something about which we should be concerned or is it a red herring?

I will clarify the issue of traffic and traffic monitoring. The majority of computer networks are set up in such a way that one has a gate through which all the traffic in and out of the network goes. At the gate, one monitors the behaviour and type of pattern. Most organisations monitor the type of data going in and out, to check that they look reasonable. They put together their own security policy to check that the data going in and out are appropriate. In terms of monitoring the traffic, what these gate control systems do is monitor continuously what is coming in from the outside. Viruses emanate from different parts of the world, most from outside the EU jurisdiction. When they try to get into a network, the security system on the network monitors what is coming in and takes the appropriate reactions depending on how the company policy has been set up. If, for example, a virus is detected at the gate, that e-mail or communication will be put aside, it may be deleted or stored for further analysis. All the agency is trying to do is look at unauthorised communications containing potentially damaging software that would infringe on their networks. Every day these statistics are gathered by various network installers, users and operators.

People are generally quite willing to share this type of information. I am referring to the results of security analysis on the networks as opposed to the content coming and going. It would be up to individual organisations to co-operate and show proof if they find their network is being attacked for some reason. Their statistical or network security product will show up a result and they will want to discuss the problem with other businesses to find the best way to deal with it and what are the potential risks. The only shared information will be the results of the security software rather than the amount or type of data. A lot of information will be voluntarily handed over to the agency.

I am not aware of formal links between the US and Europe. Many industries and security companies that supply these products continuously talk to one another to offer the best security services to their various clients. To date I am not sure if this has been done at a formal level. Here in Europe we are trying to co-ordinate networks in member states. If all European networks are completely connected there will be no weak point that would undermine a network in another member state. We are trying to offer a level of co-operation primarily between European states. Once the information is centralised and a level of expertise is gathered, there will be an opportunity to talk to the US.

These are early stages in terms of company contacts. I envisage that there will be some level of co-ordination among the various member states and each industry member or government representative would have a list of contacts. Rather than having industry from all member states contacting the agency direct, I envisage that they would work through a national co-ordination role. Then a national committee or person would pass the request to the security agency. Alternatively, the information would be freely available on the security agency's website. It would state what the threat is, what it can do and how to deal with it. A lot of the information, as has happened in the US, will be available to the public. In addition, we would have the network security industry product suppliers working together to serve their clients. The agency would be an additional complementary organisation.

Computers are very interesting and important to us all. We all spend our time, no matter what work we have, on our computers. It is almost a virtual world. I was thinking to myself and wondering am I almost so digitalised at this stage that I do not know whether Deputy Coveney or Senator MacSharry are virtual creatures out of a "Matrix" like film. They might be a digital creation that I must worry about but I think I am okay.

The effects computer viruses have on all of our lives is huge and it is important that we address the problem. However, I share some of the concerns expressed by Deputy Coveney. While we might ostensibly establish an agency to counteract hackers circulating viruses on the Internetor via e-mail we might end up doing more thanthat.

Unfortunately, I have not been able to go through the regulation or presentation in detail but I will. Is Mr. Ryan saying that the only role of an agency would be limited to tracking, catching and providing best advice on how to deal with a certain type of viruses? Mr. Ryan also referred to network gateways that contain information. Do they contain information that might have security implications and be open to monitoring and being shared? For example, one might have an e-mail on terrorist activities. Obviously states are seriously concerned about terrorist organisations working via e-mail and the Internet. The agency might have a possible role in collecting information from the Internet on that type of security threat. Is Mr. Ryan saying that an agency would just tackle hackers and their viruses or is there a possibility for it to look at other information?

Mr. Ryan said that his Department always looks at gateways to local communication systems. I presume he was talking about company networks or perhaps he also meant national ones. Can he identify where the gateways are? Is he referring to where Ireland is connected to the United States or Europe via a fibre optic or Global Crossing cable? Are they the gateway points where his Department measures information or is it done at a more local company level? Dáil Éireann has its own firewall. We have gates at Kildare Street and Merrion Street and now we have a computer gateway where everyone must check in and out. To what data is Mr. Ryan referring?

Recently legislation was passed on how this State retained its digital information. Perhaps Mr. Ryan can explain it to me because I cannot recall all of its details. I would like a layman's explaination on the current regulations and whether our digital information is stored. Would that information be available to a new agency?

The first and last questions are linked. The agency in terms of its objectives and tasks talks about providing assistance and collecting information on what people are prepared to supply to them. The Deputy alluded to a practical situation. We have firewalls and gateways at different levels throughtout the communications networks. For example, any multinational company will generally have one or two gateways where everything going in and out of it is examined. It is up to the company to set its own rules and procedures in terms of what it allows. A record is created when an unauthorised person tries to tamper with the network. We are referring to that record, assuming that the company wants to divulge it or provide the information to the agency. There is nothing in the regulation that obliges people to provide information. It is a co-operative model rather than an obligatory one. When we take that modus operandi into account we confine the level and type of information that might be made available to the agency to a much narrower field than the Deputy mentioned.

It is up to a company to decide how and where it wants to store information, using software, and access it. There is an onus on a company to ensure that there is a proper duty of care in respect of these data. Again, my Department only looks at the security results that surround the handling of such data. I envisage that a company would approach the agency through its national co-ordinator or go directly to it. A company would inform the agency that a statistic appeared on its system where somebody tried to probe its network and files being forwarded contained software capable of damaging it or undermining its integrity. The company would ask the agency for help or ask it to check what is happening to other companies that may not be connected to the same industry. Again, the co-ordination of information is all done on a purely voluntary basis. A combination of the company's information and the agency's expertise should provide a quick response that would be made available to the public through the Internet. The information is of benefit to everyone who uses the Internet. If new software or a change of operating protocols are needed, I envisage that it would be made available on the Internet by the security agency and made available to everybody in the shortest possible time.

The State would not be treated any differently from industry. Each Department has its own policies and goes through various firewalls into the Internet. Statistics will be collected at firewalls and if the State sees a threat to its network, it will have the same options as industry in terms of seeking assistance. The information will not include content management or volumes. It will only arise when someone tries to do something that they are not authorised to do. If this attack was coming from a specific location, we would all benefit from the provision of the information to other network users. It would allow networks to identify the source of the trouble and protect itself from damage.