Garda use of powers to access phone data to be audited

The use by An Garda Síochána of contentious powers to access telephone records and other electronic messages is to undergo a major audit, Data Protection Commissioner Helen Dixon has told the force.

The in-depth examination will also assess practices in the Garda Síochána Ombudsman Commission (GSOC), Revenue Commissioners and Defence Forces.

A spokeswoman for Ms Dixon told The Irish Times the audit of the Garda would be completed in the first half of this year and that Garda Headquarters had been informed of this at a meeting last week.

“The office will also be inspecting the practice of the other prescribed public authorities within the first half of this year,” she said.

Ms Dixon’s office last published an audit on Garda practices around its treatment of data, including making requests to mobile phone operators and other telecommunications companies for customer data and content in March 2014.

However, the most up-to-date information in the audit report about Garda practices related to 2012, with 1,800 applications made to telecommunications companies by the Garda in January that year.

No further figures

Aside from that one-month window, there were no further figures for how often the Garda was seeking to access current and historical stored data for persons of interest in investigations.

“Since the publication of this office’s audit in 2014, members of the audit team have met with An Garda Síochána on a twice- yearly basis to assess progress on implementation of the recommendations made in the audit,” Ms Dixon’s spokeswoman said.

“At its latest meeting with An Garda Síochána on 13 January 2016, the office signalled its plans to conduct a follow-up inspection early in 2016 . . . [dealing] with access to telecommunications data. The inspection will include detailed examination of approvals granted.”

While Ms Dixon welcomed the review of the accessing of journalists’ records unveiled by Minister for Justice Frances Fitzgerald, Digital Rights Ireland said it did not go far enough.

The group, which is bringing a constitutional challenge to the State’s retention of internet and telephone records for possible accessing at a later date, said the review’s terms of reference were too narrow.

The group’s chairman, TJ McIntyre, said the process needed to involve a much wider examination of the accessing of telephone records and other communications and should not be limited to journalists’ data.

Digital Rights Ireland has also pointed to what it believes are gaping shortcomings in legislation providing for the electronic records to be retained and accessed.

It said telecommunications companies from whom data and records could be demanded by the Garda, GSOC and other agencies were referred to as “authorised undertakings” or “licensed providers” in legislation that set out the rules for accessing data from the service providers.

Services not included

However, such terms covered entities providing landline and mobile phone services as well as internet providers.

The terms did not, however, include services such as Gmail, Hotmail, WhatsApp, Facetime, iMessage, Snapchat, Viber and others.

“Consequently it is unclear what protections, if any, are in place for users of these services against either state or criminal interception of their messages,” Digital Rights Ireland said.