ENDitorial: Abuse of Irish police databases

By EDRi · September 7, 2011

This article is also available in:
Deutsch: [ENDitorial: Missbrauch der irischen Polizeidatenbanken | http://www.unwatched.org/EDRigram_9.17_ENDitorial_Missbrauch_der_irischen_Polizeidatenbanken?pk_campaign=edri&pk_kwd=20110907]

In 2003, the then Minister for Justice, Michael McDowell, stated that he
“knew that journalists were bribing gardaí (police)”. This was said in the
context of proposed legislation which would create a crime of leaking
information. Unfortunately, the intervening years seem to have confirmed the
continued existence of police abuse of confidential information, resulting
in a recent announcement by the Data Protection Commissioner of a national
audit into garda compliance with data protection law.

The audit will focus on access to the main police database system, known as
PULSE, which was introduced in 1999. While that system has a read/write
audit trail, this has not acted as a deterrent to abuse – some police have
sought to evade the audit trail by requesting others to carry out searches
on their behalf, and login sharing has also been a problem. Consequently, in
his 2010 Annual Report the Data Protection Commissioner stated that:

“In 2007 we agreed a data protection Code of Practice with the Gardaí which
included undertakings to monitor access to the Garda PULSE system. It is
disappointing to report that, despite our repeated engagements on this
issue, the monitoring of access by members of An Garda Síochána to PULSE
falls short of the standards we expect. We wish to see significant progress
by the Gardaí in pro-actively monitoring PULSE access in 2011 and will be
carrying out an audit to satisfy ourselves of this progress.”

The most recent allegations generally concern personal use of the system,
for example by using it to check on daughters’ boyfriends or to check the
history of cars which they are buying. However, allegations of more serious
abuses are also common, including the sale of information to insurance
companies and even criminals.

Unfortunately, it is difficult to provide a full assessment of abuses which
have taken place. While many allegations have been published by the media
and some internal garda investigations carried out, the results of these
investigations have not been published, disciplinary sanctions (if any) are
seldom made public and there is no comprehensive official report. This
secrecy is a failing in itself and makes it impossible for the public to
have confidence in the system.

Nevertheless, there have been a number of cases in which abuses have been
clearly established and some significant examples from recent years include
a court award of 70 000 Euros damages to a family who were harmed by a garda
leak (2007), the dismissal of a garda for leaking information to a drug
dealer (2010) and most recently the finding that a detective sergeant abused
her position to monitor an ex-boyfriend through his phone records (2011). A
particularly telling example in 2007 followed the high profile death of a
person struck by a car driven by an off-duty garda. In that case, 187
individual gardai accessed that person’s PULSE record following his death,
without apparent justification. An investigation into that incident
recommended that:
“supervisory ranks should regularly monitor the use of PULSE to ensure that
members adhere to their legal and disciplinary obligations in regard to its
proper use [and] suitable measures [should] be put in place by the Garda
authorities to ensure that audit-trails of the usage of PULSE and any other
official information systems can always be accurate and verifiable.”

Unfortunately, it seems that several years later this has yet to be done.

GRA’s concern about bribery claim, RTÉ News (04.08.2003)
http://www.rte.ie/news/2003/0904/justice.html

Family awarded 70,000 Euros over garda leak, RTÉ News (17.01.2007)
http://www.rte.ie/news/2007/0117/gray.html

Report by the Commission following the death of Mr. Derek O’Toole on March
4th 2007 and subsequent complaints and investigation under Section 98,
Garda Síochána Act, 2005 (10.2008)
http://www.gardaombudsman.ie/GSOC/Report_October2008.pdf

Garda Data Protection Code of Practice (12.11.2007)
http://www.garda.ie/Controller.aspx?Page=136&Lang=1

Gardaí line up 17 officers for quizzing over leaks to ‘Don’, Evening Herald
(16.10.2009)
http://www.herald.ie/news/gardai-line-up-17-officers-for-quizzing-over-leaks-to-don-1916105.html

Walsh, Human Rights and Policing in Ireland (Dublin: Clarus Press, 2009), Ch. 32

Garda sacked for leaked secrets to Don’s crime gang, Evening Herald
(18.06.2010)
http://www.herald.ie/news/garda-sacked-for-leaking-secrets-to-dons-crime-gang-2225992.html

2010 Annual Report of the Data Protection Commissioner (03.2010)
http://www.dataprotection.ie/documents/annualreports/2010AR.pdf

EDRi-gram: No effective sanction for Police abuse of Irish data retention
system (24.08.2011)
http://www.edri.org/edrigram/number9.16/abuse-data-retention-ireland

(Contribution by TJ McIntyre – EDRi-member Digital Rights Ireland)