Conor Lally: No Garda accountability for phone data harvesting

It is estimated the force makes nearly 60 requests a day for covert access to phone data and records

In less than a week, the revelation that journalists' phones had been accessed as part of a Garda Síochána Ombudsman Commission (GSOC) inquiry has escalated to the point of the Cabinet ordering an inquiry and the Taoiseach stepping into the debate.

This is a controversy the Government is hoping to contain before the general election campaign gets under way.

But while much of the focus has fixed on how garda watchdog GSOC had the power to grant itself access to the records of the journalists, it cannot be forgotten that the Garda wields exactly the same powers.

It has been covertly accessing these records, and emails, for years and steadfastly keeping secret even basic information about the practice. It refuses to even disclose how many requests it makes to mobile phone and other operators for access to their customers’ data without the customers’ knowledge or consent.


And because it is better than GSOC at saying nothing, the Garda has so far dodged the data-protection bullet. But that won’t continue.

The latest controversy has sprung from two cases. Independent TD Clare Daly made a complaint in 2013 to GSOC about the details of her arrest on groundless suspicions of drink driving emerging so quickly and in such detail in the media.

Katy French case

Separately, a friend of deceased model Katy French, who died in 2007, lodged a complaint with the Garda watchdog alleging the illegal disclosure of information to the media about that case.

In an effort to find out what Garda members, if any, had been speaking to the journalists whose work was at the centre of the complaints, senior officers in GSOC granted permission to the watchdog’s investigators to check some of the reporters’ phone records.

This was despite the journalists not having broken any laws or even being under investigation. It was those who had allegedly leaked to the reporters’ that were under investigation.

The searches revealed a number of Garda members had been in contact by phone with the journalists. GSOC then approached the gardaí in question to question them about speaking to members of the press.

In doing so they had, of course, disclosed that the journalists’ telephones had been accessed.

Word began to spread in media and policing circles, with The Irish Times first reporting the story last week.

An Garda Síochána has been doing this for years, secretly accessing the mobile phone records of at least tens of thousands of people. It refuses to say how often it does so, simply “explaining” that its policy is not to disclose such information.

But occasionally it loses control of the conversation. Just under two years ago, the Data Protection Commissioner’s office published its audit report of the Garda.

It contained the only real information about telephone and data checking that the Garda has disclosed.

It revealed, for example, that in January 2012 alone some 1,829 requests for disclosure of customers’ data and records were made to the major telecommunications companies. European Commission records show an average of 12,300 disclosures each year in the State.

The fact the Garda does not have to go to a court to seek permission for these checks, coupled with the mass scale on which phones and emails are being mined will come as a source of astonishment to most members of the public.

Many will be much less concerned about the encroachment on press freedom by the Garda watchdog when they realise the extent to which the Garda force is galloping daily through the phone calls and emails of ordinary citizens with no permission from outside the force required.

And with electronic communications having exploded in the five years since the January 2012 search figures were recorded, it is a certainty the searching has increased in the intervening period.

It should also be noted that when the January 2012 figures were disclosed the Garda had only just had a range of new powers conferred on it under the Communications (Retention of Data) Act 2011.

Under it the Garda no longer simply had the power to hack or eavesdrop on communications as they happened. Instead, the telcos were obliged to surrender data stored over a number of years; powers the Garda will have mastered and used often.


More recently, in its report on disclosures to law-enforcement agencies globally, Microsoft revealed that it had received 65 requests from the Garda in 2014 involving 107 of its users. In the first six months of this year some 47 requests were made by the Garda, involving 53 users.

Interestingly, the Irish police force is consistently among police from a very small group of nations to which Microsoft discloses not only data about the senders and receivers of electronic communication, along with time and locations, but also their content.

Of the 65 nations included in the Microsoft report, just three received content on request in the first half of last year; Ireland on five occasions, Brazil in 388 cases and the United States 691 times.

These murky practices on the part of the Garda never emerge in public but for one or two occasional reports because when the force mines data from mobile phones, messaging apps, emails and other private electronic arenas it never tells anyone.

If it, rather than GSOC, had found phone-based evidence that individual gardaí were in contact with journalists, it would never have disclosed the find by questioning the journalists or the gardaí in question. Instead, the information would have been used as intelligence to subtly and effectively drive the investigation into the media leaks.

And because neither the Garda suspects nor the journalists would have known about the covert checking of the phone records, the practice would have survived in the shadows to be used again. And again. And again.

Conor Lally is Security Editor