THIS WEEK, GARDA Commissioner Nóirín O’Sullivan came under scrutiny after it emerged she had been using a private Gmail account to send work-related emails for years.
The organisation has sought to assure the public that security was not compromised at any time through the Commissioner’s use of a Gmail account, which they said had to be set up in order for her to make use of a smartphone provided by An Garda Síochána.
At a Policing Authority session this week, the force’s chief administrative officer, Joseph Nugent, said he had reviewed hundreds of emails in this account and determined it had not been used for the “purposes of circulating sensitive material”.
He said content included “things in the public domain”, like speeches and research papers.
However, authority member Maureen Lynott, who said she had read garda policy in relation to this issue, told senior officers it was “very tight” and had been breached in this instance.
Technological advances
The force’s 2012 policy states that using commercial or personal email for official purposes is prohibited and the Commissioner has admitted that this 2012 policy is outdated. In a statement earlier this week, An Garda Síochána said:
An Garda Síochána’s policy on email use dates from 2012 and does not take into account advances in technology since then such as the need for mobile devices to be associated with a commercial email address in order for them to be secured and configured.
This statement has puzzled members of the force this week, as it is widely known that senior officers had been issued with smartphones back in 2012, when they oversaw the roll-out of this outdated policy.
Some are supportive of their boss, suggesting that she was “being efficient”, even if she was ignoring the fact that this activity was not technically permitted.
I’m actually on her side a little here. I’ve been guilty of using my own Dropbox to get CCTV and think we should look at using technology a bit more.
“We’re just not moving with the ages, we’re not up-to-date with modern technology at all – they talk about that policy being outdated, but 2012 was only yesterday,” one garda said. Another described it as “an archaic system”.
And one pointed out that there are still stations across the country that do not have internet access:
It is laughable that, in this day and age, members cannot access the internet when working, laughable to think we must apply for internet access, laughable it’s not viewed as a basic necessity, but this is the reality.
“An Garda Síochána is trying desperately to be a modern day police force, dealing with 21st century society in all forms, but doing so with outdated dinosaur-like resources and methods,” he added.
Poor training
The emails controversy is a symptom of how “poor” the IT system is, according to one garda, who said he had used his own Gmail account in the past to send official emails in order to “speed up cases”.
And others have pointed out that the emails saga demonstrates how basic the training is in An Garda Síochána when it comes to IT security.
I assume that she [the Commissioner] is subject to the same training as everyone else in the organisation regarding data security. Using a third party supplier such as Gmail for email or Dropbox for cloud storage is madness and many of us would appreciate that, but the majority of the workforce would not realise the implications that this entails regarding security because we are not adequately educated in relation to it.
“Only officers and detective sergeants have encrypted USB keys as general issue as far as I’m aware. The entire workforce is running around with God knows what on unsecure USB keys.”
Attempts to address security of garda IT systems have been criticised for creating barriers to investigative work, as other solutions and resources have not been provided.
One garda explained that the current policy put a stop to gardaí being allowed to take photos on their phones, for example, at the scenes of road traffic collisions for evidential purposes.
“We used to email them in to our work emails to use. Now we’re meant to use cameras from the stations, but we don’t have cameras in all the stations.”
Reform
The discovery in August this year of a virus in the garda IT system led to further restrictions. Up until that point, gardaí could access other email accounts on computers in stations.
Now, the only email account they can access is the one in the Pulse system, which has extremely limited capacity when it comes to receiving attachments.
The system is so secure now, the force’s chief administrative officer boasted to the Policing Authority that even their agenda had been quarantined when they emailed it to him.
In an attempt to move with the times, the organisation has committed to reform, launching an ambitious modernisation programme earlier this year.
The programme includes initiatives that would see gardaí on the beat issued with a device allowing them to access information systems, like Pulse, in realtime. Gardaí on the ground are skeptical about how such a significant advancement will be achieved when they are now so far behind the times, with one describing it as a “pie in the sky plan”.
Garda management has said work has already commenced on a new policy, and structures will be put in place to make the IT system as secure as possible.
But while management, government and other authorities focus on data security, gardaí on the ground are wondering when the promised modernisation will provide them with the tools they need to police Ireland in the 21st century.
To embed this post, copy the code below on your site
have your say