#GSOC: strange things are afoot in Ireland

GSOC is the Garda Ombudsman Commission, the independent authority charged with overseeing the Irish police force. The current furore centres around whether its activities have been subject to surveillance. This was the subject of a lengthy statement by the Irish Minister of Justice Alan Shatter yesterday (11 February), the content of which indicates that monitoring has probably occurred, despite the Minister’s assurances otherwise.

What is this about?

In late 2012, two garda whistleblowers  accused senior colleagues of quashing penalty points as a favour to friends. The whistleblowers went to members of the Irish Parliament with their concerns and an internal enquiry was launched. In the manner of many internal enquiries, the police probe did not find anyone culpable, but did recommend that procedures be tightened up. It is clear that significant concerns remained and further investigation has been carried out under the auspices of the Public Accounts Committee.

While I do not follow Irish politics closely, I think it is fair to say that this whole affair has been highly controversial and it is perceived that the reputation of the gardai has been damaged.

On 27 January this year, the Irish Justice Minister Alan Shatter finally referred the allegations to the police ombudsman, GSOC.

On 9 February, the Irish Sunday Times published an article by John Mooney alleging that GSOC was the subject of surveillance by a “government level” entity and that GSOC has been obliged to order a full security audit in September 2013. Unfortunately, a paywall prevents me from telling you much more about that article.

On 11 February, these allegations were the subject of a very long statement from the Minister of Justice. The GSOC chairman Simon O’Brien has said today that he believes his office was subjected to “some sort of surveillance.”

What is of concern in the statement?

The Minister of Justice’s statement describes some of the findings of the GSOC security audit.

“I am advised by GSOC that the sweep identified what they refer to as two technical anomalies which raised a concern of a surveillance threat to GSOC. I should emphasise that my understanding is that what was at issue were potential threats or vulnerabilities, not evidence that surveillance had, in fact, taken place. A subsequent sweep identified a third potential issue. There was no suggestion that there was any risk of unauthorised access to the GSOC databases and the documentation on them.

“The first identified issue arose from a wi-fi device, the property of GSOC acquired in 2007/2008 located in its Boardroom, which was found to have connected to an external wi-fi network. Access to this device was protected by a password, and in the absence of this password any connection should not have been possible. In any event, GSOC does not operate a wi-fi network, and had never therefore activated this device (and does not even know what the password is), but the fact of the connection was a concern. How this occurred is unknown and there is no suggestion by GSOC that it resulted in any information being accessed. I am also advised that the wi-fi device was unable to communicate with any of GSOC’s databases or electronic systems and that the boardroom is not generally used for meetings.

“The second potential issue related to the conference call telephone in the Chairman’s office which was subject to a number of tests. One of the tests involved sending an audio signal down the telephone line. Immediately after this transmission, the conference phone line rang. GSOC conducted a number of checks to establish the source of this telephone call, but was unable to do so. Further checks revealed no additional anomalies or matters of concern. There is no evidence of which I am aware from my meeting with the Chairman of GSOC of any phone call made or received being compromised.

“The third issue related to the security firm reporting the detection of an unexpected UK 3G network in the area in the locality of the GSOC offices which suggested that UK phones registered to that network making calls would be vulnerable to interception. Importantly, I am advised that neither the Chairman nor any other member of GSOC or its employees use UK-registered mobile phones, so that the presence of any such device in the locality would not seem to have posed a threat to the integrity of GSOC’s communications systems. There appears to be no evidence that what was detected had any direct relevance to GSOC.

“As I understand it those three issues represent the totality of the concerns which arose.

Much online comment has been generated around the third issue raised in the statement, which sounds very much like the fake phone towers (IMSI catchers) used to record phone details and intercept phone calls. This technology is not solely the preserve of “government level” actors. In fact, they used by many police forces, including those in the UK and the equipment is commercially available. There is precedent for IMSI catchers to be used without care being taken to configure them properly to the country they are being operated in.

It is probably worth noting that – while misconfigured IMSI catchers may be more visible to those they target – it isn’t true to say that they cannot be used to intercept phone details when they are so misconfigured. It is also unclear why Mr Shatter’s assurances as to the integrity of “databases” should have bearing on the possible interception of communications or metadata. For these two reasons at least, I share the concerns being expressed about this statement. At the very least, further investigation is clearly warranted to ascertain the origin and ownership of the equipment broadcasting that “unexpected UK 3G network.”

Updates

1.

GSOC Chair Simon O’Brien has been answering questions from the Oireachtas Petitions and Public Service Oversight Committee on this subject today. Proceedings are being liveblogged here – much of the questioning appears to focus on how the Sunday Times had word of the story, which evidently took much of the Irish government by surprise (although it seems that Alan Shatter did have advanced notice of the GSOC security audit).

2.

Embarrassingly, the Irish Taoiseach Enda Kenny has had to ride back on comments which blamed GSOC for not reporting their suspicions of surveillance rather than tackling the subject of the surveillance itself.

3.

Tonight’s episode of Late Debate on RTE provides an excellent account of Simon O’Brien’s evidence and the likely next steps.

In brief, by mid-2013, GSOC had expressed dissatisfaction with the garda’s compliance with their procedures on more than one occasions. In June, concerns about “some public discourse appearing to be unexpectedly well informed” led to a security audit company being contracted.  Two security sweeps were carried out: one from 23-27 September and another on 19-20 October: it was on the second of these that the (likely) IMSI Catcher was detected. 

On 8 October, GSOC launched an investigation into potential garda misconduct based on the results of the security sweeps.

As Mark Kelly of the Irish Council for Civil Liberties points out in the programme, in his statement, Minister of Justice Alan Shatter have assurances on the existence of unauthorised surveillance:

It is important to say at the outset that the Garda Síochána Ombudsman Commission has informed me that, after an investigation, they concluded that no definitive evidence of unauthorised technical or electronic surveillance of their offices was found.

Whether surveillance of GSOC could have taken place on an authorised basis is an open question, one that appears on the front page of today’s Irish Examiner.

It looks like the Minister of Justice Alan Shatter will be called back to testify to the committee, which is also requesting an unredacted copy of the GSOC report resulting from the security audit. It also sounds very much like the Irish Sunday Times may be publishing more on this on Sunday.

4.

(17 Feb)

Richie Tynan has written a really good summary of the technical issues for Privacy International and the Irish Examiner has an account of the political reception and media reaction.

This week’s Irish Sunday Times has revealed that it was indeed a suspicion of surveillance by the garda which provided the impetus for GSOC to order a security audit. As the Sunday Times is behind a paywall, it’s also worth listening to John Mooney’s comments on RTE’s This Week:

This particular event has its roots in a collusion enquiry that GSOC ran between members of an elite garda unit in Dublin and a drugs trafficker called Kieran Boylan. That inquiry, which was a public interest inquiry, concluded late last year and had reached very damning findings about the activities of guards running black operations off the books outside of normal legislation.

That file was sent to the DPP with recommendations to charge a certain officer and Kieran Boylan. The DDP would not proceed with charges because in the national interest it would reveal too much about covert police operations. At that point…

What proof do you have that was the reason for the DPP not proceeding?

I know what I know. I’m aware that at that point GSOC made it very clear they were furnishing a special report to Alan Shatter and then they were going to release a report into the public domain raising their concerns about what had happened. At that point, and we published this on the front page of the Sunday Times today, there was a threat made by a senior garda officer to have analysts employed to find out how the Sunday Times in particular was obtaining information about what was going on.

5.

(19 Feb)

A recent article in the Irish Independent provided additional details about the security audit’s findings and questioned the legitimacy of some of them. This in turn ha prompted the company that performed the security audit, Verrimus, to make a statement (leading, in its turn to a hamfisted and unacknowledged edit in the original report). Richie Tynan has a great post on this for Privacy International.