Mr. Simon O'Brien:

Good afternoon. I thank the committee for its invitation to appear today. As members are aware, the Garda Síochána Ombudsman Commission was previously before this committee on 3 July 2013. On that occasion we discussed issues which had arisen regarding our capacity to properly investigate complaints alleging Garda misbehaviour. More specifically, we reported at that time on what we felt were undue delays by the Garda Síochána in the provision of information relating to investigations. The exchange of information between the Garda Síochána and GSOC is essentially managed under agreed protocols drawn up under section 108 of the Garda Síochána Act 2005, as amended. Protocols had been in place between the two organisations since the commencement of GSOC's operation in 2007. As outlined by us in July 2013, we were in negotiations with the Garda Síochána on the revision of these protocols.

In our annual report for 2012 and in a section 85 report, which was laid before the Houses of the Oireachtas, we reported on the delays caused to our investigations and the non-compliance by the Garda Síochána in terms of timeliness in the provision of information. Since our appearance before this committee, revised protocols were agreed and signed off by me, as chairman of the commission, and by the Garda Commissioner on 23 September 2013.

The operation of these revised protocols is a work in progress. However, both organisations are actively working to ensure compliance through ongoing monitoring and review. Indications are that some improvement in the system can be seen. The commission is happy to discuss any matters on those issues with the committee today.

In the past week, as members will be aware, information relating to a specific security sweep was published without authorisation from this commission. As a consequence of the publication, the focus on GSOC, the Garda Síochána Ombudsman Commission, and other agencies has been intense. First, we would like to point out our unhappiness with the release of the contents of a secret document into the public domain. The media coverage at the weekend took us all by surprise. Since Sunday last, we have been briefing the Minister for Justice and Equality and the Garda Commissioner, dealing with press queries and so on.

As a direct result of the newspaper coverage on Sunday, I, as chairman of the commission, was called to see the Minister for Justice and Equality on Monday of this week. Over two hours, I updated him on the situation. I must point out there is an inaccuracy referenced in three separate places in a report that may come into the public domain. I pointed out the presence of inaccuracies to the Minister. I laid out to him that, in view of the amount of detail in the public domain last Sunday, the commission strongly suspects that a copy of a section of a report which is marked "secret" was possibly in the hands of a journalist. I expressed my regret to the Minister that he had been blindsided by the appearance of this information in the media.

I must explain to the committee my clear recollection of the reasons and the thinking to retain Verrimus, the UK specialist company. The final investigation report and the Verrimus documentation make reference to reasons for the sweep that do not accord with my recollection of those reasons. This is a matter that I identified in my own notes shortly after receiving and considering the final investigation report. I can only assume this arose because of a misunderstanding and I make no criticism of the authors. However, I am categorical in my recollection of the reasons but it is, nevertheless, important in the interest of clarity that this is brought to the attention of the committee.

On Monday, we launched an internal inquiry to see how much information was in the public domain. The three commissioners met the Secretary General on Tuesday afternoon to further update the position. Later that afternoon, after a kind invitation from the Garda Commissioner, I met him privately in Garda headquarters to brief him. He again had been blindsided by the release of this information. He was understandably concerned and during our two-hour meeting I tried to allay his sense of grievance. We have agreed for the benefit of public confidence to ensure we continue to maintain and develop the relationship between our two organisations. We both agreed to try to find a way through this crisis.

Last night, we felt the level of public discourse was such that we needed to appear in public to answer questions. The commission was represented on “Prime Time” and that was another way to update the wider public on this series of unfolding events.

Why did we conduct this inquiry? As a brief background, I will outline the work in which GSOC has been engaged for the past few years. We were appointed in December 2011. From the earliest days of our tenure, we were conscious that in the context of organisational risk management, it is prudent for the purposes of good governance that precautionary measures are utilised to allay fears of unauthorised penetration of assets, physical or electronic. GSOC has, since its commencement of operations in 2007, taken seriously all aspects of its security and carries out ongoing testing, as well as reviewing, of its systems and procedures. Part of this ongoing monitoring includes penetration testing of electronic systems and security sweeps. The staging of these test procedures is sensitive and it is, therefore, closely guarded in the context of information control. This, as members will appreciate, is a standard operating procedure for organisations holding sensitive data.

In the early days after our appointment, we decided that a security sweep of our building, which had not been undertaken since 2007, was something we would undertake. We did not progress this immediately at that time. Security checks, albeit part of standard procedures, should always be predicated on the level of risk that exists at any time. Risk assessment should be dynamic as time and circumstances change. The work of GSOC is high profile. The work we are engaged in can accrue great interest and it is wise to put risk assessment in that context.

Throughout 2012, we spent considerable time negotiating privately with the Garda Síochána around our operational protocols, addressing issues of timelines and other issues of interagency co-operation. Towards the end of 2012, we took a strategic decision that we needed to air publicly some dissatisfaction with the level of co-operation we were getting from the Garda Síochána. This resulted in us making very public comment around the publication of one report following a sensitive investigation. For example, on 9 May 2013, we took the unusual step of submitting to the Minister a special report in accordance with section 80(5) of the Garda Síochána Act 2005. That special report contained some highly critical comments on our relationship with the Garda Síochána. A few weeks later, on 23 May 2013, we also made some further criticism of the Garda Síochána’s adherence to our operational protocols in our annual report. Members may recall that this committee invited us to attend to discuss these reports on 3 July 2013. This was a level of publicity and controversy which was unusual for the commission. In the context of this public profile, we did then have heightened concerns about confidentiality, particularly in light of some public discourse appearing to be exceptionally well-informed. For that reason, consideration was given to the engagement of the Irish firm which had previously undertaken such a security sweep for this organisation.

When did we conduct this inquiry? On 9 June 2013, contact was made with that Irish service provider but it was established the firm was no longer operational. Further inquiries were made with oversight bodies similar to GSOC in Northern Ireland and England and Wales to establish whether a suitable resource to undertake this work existed. On 3 September 2013, contact was made with a UK service provider. On the basis of a recommendation of suitability, this UK firm, which specialises in technical surveillance counter measures, was engaged by GSOC.

How was the inquiry conducted? On 23 to 27 September 2013, in accordance with standard operating procedures, a security sweep was conducted of GSOC’s office. The overall cost of the security checks undertaken in late 2013 was just under €18,000. As well as the general check of our building, the commission also sought expert advice on the sorts of capabilities that exist in the interception of ICT communications, including telephones.

What was found? Two potential threats were identified during this security sweep from 23 to 27 September 2013. The first threat was a wireless device located in the boardroom - the commission’s conference room - which was found to have connected to an external Wi-Fi network. Access to this wireless device was protected by a password. Absent this password, the device should not have been able to connect to that external Wi-Fi network. As GSOC does not have a Wi-Fi network, this device had never been activated by GSOC and its password was unknown.

Its connection to an external network was, therefore, a concern. This device, although Wi-Fi enabled, was unable to communicate with any of GSOC’s databases or electronic systems.

As part of the security checks, the conference call telephone unit located in the chairman’s office was subjected to a number of tests, one of which was an alerting test. Immediately after this test, the conference phone line rang. The security expert judged the likelihood of a wrong number being called at that time to that exact number was so small as to be virtually zero. GSOC conducted a number of telecoms checks to seek to establish the source of this telephone call but was unable to do so. Further checks revealed no additional anomalies or matters of concern.

On 7 October 2013, after confirmation paperwork was received from the specialist firm, the investigation team assessed these two threats. On 8 October 2013, a public interest investigation was launched, pursuant to section 102(4) of the Garda Síochána Act 2005. The investigation was launched on the basis that the acting director of investigations was of the opinion that, to the extent these threats could be proved, section 102(4) engaged. This is to say such surveillance may have originated within An Garda Síochána and, if so, a member of An Garda Síochána may have committed an offence or behaved in a manner that justified disciplinary proceedings. The investigation was launched in the public interest to ensure the objectives of GSOC, as set out in section 67(1) of the Act, were not compromised or impugned.

As part of that investigation, the specialist firm was re-engaged and a number of steps were undertaken, including accessing retained telecommunications. During the course of the investigation, the specialists advised on the risks of interception to mobile telephony. The commission established that commercial products were available that could, for example, intercept mobile phones, take them over and send and delete texts from them.

During a visit by the specialist firm on 19 and 20 October 2013, it detected a UK 3G network. UK networks do not operate within Ireland, except in Border areas. It advised that such a network could only be simulated through a specialist device. The device simulated a UK mobile phone network which picks up UK phones registered with that network. Once a phone has been connected, it can be forced to disable call encryption making the call data vulnerable to interception and recording. The specialist firm indicated this level of technology was only available to Government agencies.

With regard to what the inquiry found, analysis of these threats was inconclusive. GSOC was operating at the limits of its technical knowledge and on information only from security professionals. The commission did not rule out that there could be reasonable explanations for any or all of these issues. Connection by the Wi-Fi device in the conference room with an external Wi-Fi network was occurring randomly and with no discernible pattern or agent apparent. The anomaly in the telephone unit in the chairman’s office could not be repeated. The commission could not rule out the possibility that an innocent call was made to the office at 1 a.m. Telecoms data could not identify a number from which the call had originated or even that a call had been made. Concerning the device scanning for mobile phones, the commission could not rule out that such a device was being lawfully used in the vicinity of our building or that it was not directed at our building.

In the absence of any further clarification, the commission could not simply proceed on the basis that these issues were purely innocent or coincidental. Accordingly, it conducted a specific operational test on 19 November 2013. This was co-ordinated by the security firm and involved a GSOC investigation team. It also involved the three commissioners to test these issues. This operational test yielded no results and added no clarity to the threats identified.

With regard to why the results were not reported, the report was in my possession only just prior to the Christmas break. I had to think very carefully about the need to report matters to the Minister and other parties. At the time I made a strategic decision not to report what could be described as suspicious activity that did not meet the threshold of an offence. I have said before in my briefing to the Minister and to the Garda Commissioner that I regret my decision now. My decision-making at the time just prior to Christmas looked at the potential damage that could be done to public confidence if these suspicious activities were in the public domain. We had opened an investigation under section 102(4) and the threshold test was achieved, but, by definition, any likely offence might involve a Garda member. The level of public disquiet about allegations that gardaí might be involved in that type of activity was immense. I took the decision alone not to report at the time and, to the point of having publication forced on the State, I still had not engaged in any reporting. It is our earnest wish that we can all learn from and move on from this experience.