Alan Shatter (Dublin South, Fine Gael) | Oireachtas source

I am very conscious that the Garda Síochána Ombudsman Commission received a technical report which, from its perspective and understanding of it, exposed what the commission saw, and what the documentation I received subsequent to my statement to the Dáil referenced, as vulnerabilities. The wording used last week was "potential threats", and in the final report it was referenced as "anomalies". There were two issues that arose prior to the section 102 investigation. The first, if I could describe it in non-technical terms, seems to be that a Wi-Fi system which had been acquired by GSOC either late in 2007 or early 2008 had never been used for anything, was connecting to something external and remote, as the report from Verrimus states. As matters stood by the end of September, all GSOC seemed to know was that its Wi-Fi was connecting to something external. There are three security company reports, which I received subsequent to my statement to the Dáil. That is all GSOC knew. However, it had never been used. The Wi-Fi system did not connect to any of GSOC's information systems. There was nothing about that information which indicated what impact this was having, but it was described as a vulnerability.

The second issue, to which I will return later, was the telephone conference call system. There was a conference call telephone, which I believe was also never used, or certainly was not used during the lifetime of the current Commission. It had only been used for conference calls rather than ordinary telephone calls. There was a description of a test whereby some signal was sent down the telephone, and we were told three seconds later that the telephone rang. These were the only two issues.

When I met Simon O'Brien, together with both of my officials, I had a detailed conversation as to why at that point an investigation was commenced into An Garda Síochána. That was the only group into which the investigation could have been commenced. The explanation never went any further than that these two vulnerabilities, anomalies or potential threats had been identified. No more was said about that in the brief to me. I am open to correction by committee members, but I do not think that was expanded upon further during the course of the deliberations for the committee. The Deputy is right to say that there ultimately was a reference to a whole series of background issues, but it was not expanded beyond those two issues.

There was a conversation about the proportionality of the decision-making process in deciding at that point to invoke a section 102 investigation. In subsequent correspondence I have had with the Commission, I further raised that issue and the explanation really has not gone beyond that. The Deputy is right to say that if there were issues of concern arising out of the report - I take it genuinely that GSOC had issues of concern - I would have thought that certain other steps could have been taken. For example, the security company indicated that when it made the first report - I do not fully understand this and it is one of the issues that can be dealt with by the judge dealing with it by way of inquiry - the company stated that it did not have time to find where the remote connection to the Wi-Fi was coming from. I thought it would have been reasonable, before an investigation begins, to have the company take that time and to see if something can be identified.

The second occasion the security firm visited seems to be around 24 or 25 October, which is referenced in the second report. At that stage, the company seems to be identifying a connection to a Bitbuzz network.

It is only the final report, dated 16 December, which pins that matter down. I am happy to reference specifically what it says. However, it would have made some sense, before commencing that investigation, to have the security firm take the time to see where the connection came from.

The final report and the section 103 report may have been received in my Department late on Thursday evening or maybe Friday morning but I only saw it on Friday. The final report references that it was identified that the Wi-Fi system was connecting to another Wi-Fi system through Bitbuzz and that was located in a business premises close to the Garda Síochána Ombudsman Commission offices. It was not clarified any further. I asked my officials to seek clarification on that matter from GSOC. We were informed on Tuesday morning of this week. I imagine Brian Purcell can give the committee the exact time but I gather it was sometime between 9.45 a.m. and 10.15 a.m. We were informed that the system was connected to a Wi-Fi system operating out of the Spar shop on the ground floor of the same premises occupied by GSOC where there is an Insomnia coffee area and a counter arrangement whereby people can sit and use their equipment and connect to Wi-Fi.

There are several issues here. It may be, however, given the anxiety members of GSOC had that they may have prematurely commenced the investigation. I have no wish to be critical of that but there is specific provision in section 102(4) of the Garda Síochána Act which indicates that there must be something that indicates Garda involvement. At that point I was not aware, and certainly I have not been informed by GSOC, of what it was about those two matters that indicated Garda involvement of any nature. That is genuinely still unclear to me. It is no clearer to me following the correspondence I have had with the commission.