Three civil servants were suspended following a security probe prompted by the discovery of an unauthorised computer in the basement of the Department of Foreign Affairs passport service offices, a tribunal has heard.
Officials at the Department sacked one of the three - a senior porter with decades of service to the State -after deciding he “was not being truthful” about a series of unauthorised logins to a highly sensitive national passport database from another computer.
The Workplace Relations Commission (WRC) heard there was sustained unauthorised access to the database in 2022 after a civil servant with clearance to use the database gave colleagues his credentials so they could clock him in on the flexi-time system.
The details were made public during the hearing of a complaint under the Unfair Dismissals Act 1977 by Declan Cosgrave, who was sacked from his job as deputy head service officer for the department’s passport service offices on Mount Street, Dublin 2, in September 2023.
‘I am back in the workplace full-time and it is unbearable. Managers have become mistrustful’
‘Remarkable’ officer who was subject to court martial should be rehabilitated and promoted, says ombudsman
Gardaí search for potential information left behind by deceased Kyran Durnin murder suspect
Enoch Burke’s father Sean jailed for courtroom assault on garda
He denied under oath on Tuesday that he “deliberately or knowingly breached the secure access system” for the State’s Automated Passport System (APS) database, which holds the names, addresses, dates of birth, next of kin, and PPS numbers for seven million passport applicants.
The State’s position is that the explanations Mr Cosgrave gave to account for the logins were “not credible” and that the porter “did access the APS over a sustained period” in a “flagrant breach” of the Department’s IT policies.
The department’s secretary-general called Mr Cosgrave’s actions “damaging to the State” – while his trade union said he had been the victim of a “hatchet job”.
Mr Cosgrave was one of three civil servants suspended in April 2022 following a security probe prompted by the discovery of an unauthorised computer in the building’s basement, the tribunal heard.
Giving evidence yesterday, former DFA human resources director, Barry Mulligan, said the database was supposed to be restricted to staff in the passport section and “relevant people with the security clearance”.
However, he said Mr Cosgrave’s computer account and that of another named civil servant, Mr X, was identified in the security probe as having been used to go to the home page of the database at times when a compromised set of credentials were used to access it.
Mr Mulligan’s evidence was that a third civil servant who was an authorised user of the database, Mr Y, had given his login details to Mr X in an arrangement to “change his flexi-time” – referring to the Civil Service clocking system.
The tribunal was told Mr Y kept his job, with a final written warning, a situation Mr Cosgrave’s representative, Fórsa deputy general secretary Éamon Donnelly, argued amounted to “entirely different treatment” for “the same type of offence”.
Quoting from the minutes of an investigation report, State solicitor Dylan West BL said Mr Cosgrave had told investigators that that at times he was logged into a PC at work, “a clerical officer with APS rights would sit down at the computer and say ‘scooch over’.”
Mr Mulligan said that when Mr Cosgrave was questioned about one login to the database on March 11th, that year using Mr Y’s credentials, the complainant “initially says [Mr Y] would have sat down next to him and accessed it”.
The witness said that when it was pointed out that Mr Y “wasn’t present” on the day in question, Mr Cosgrave’s response was to say it was “someone else” who had accessed it.
Mr Mulligan said: “What Declan Cosgrave did, and never admitted to, was to access the APS system using two other individuals’ login details, which infringed on the security of our passport systems.”
He agreed with Mr Donnelly that this was on the basis of the balance of probabilities.
Findings of serious misconduct were made by Mr Mulligan as the disciplinary officer, and by the Civil Service Disciplinary Code Appeal Board, the tribunal heard.
While Mr Mulligan had recommended termination of employment, the board urged transfer or demotion, the tribunal heard. The final decision lay with the department’s secretary-general, Joseph Hackett, who said Mr Cosgrave’s case was the only time he ever overruled the recommendation of the board.
“I had a choice to make. I could try to find a way of transferring him, but think about what message that would have sent to staff in the passport service and the public,” Mr Hackett said.
He said he was faced with “a person who, over a sustained time, exposed seven million citizens’ data in a way that is damaging to the State” and that he could not accept the appeal board’s recommendation to “move them sideways”.
Mr Hackett said the options were limited to service officer or service assistant roles where Mr Cosgrave would still have a security responsibility with access to papers, buildings and keys.
“I felt strongly that an individual who we believed was responsible for such a serious breach… could not be entrusted to either of those roles. I couldn’t be confident I could explain that to a member of the public,” Mr Hackett said.
Mr Cosgrave said in his evidence that he never signed or saw a set of security policies referred to by the State prior to his dismissal.
Mr Donnelly asked him: “Did you ever deliberately or knowingly breach the secure access system in that office?”
“No, no I have not,” Mr Cosgrave said.
Cross-examining the complainant, Mr West said: “You said [Mr Y] would have ‘scooched’ you over?”
“On many an occasion,” Mr Cosgrave said.
“You were then told [Mr Y] wouldn’t have been in,” counsel said.
“I said that could have been anybody accessing my PC while I was at the door dealing with customers,” the complainant said.
Asked why a clerical officer would use Mr Y’s credentials, Mr Cosgrave said: “I’ve no idea.”
When Mr West put it to him that there were 11 dates when he had been “logged in at the desktop and [Mr Y’s] credentials were used to access” the database.
“They were, yeah, but it wasn’t me,” Mr Cosgrave said.
Mr Cosgrave said he was never late or sick since joining the Department of Foreign Affairs in 2007 and was “always glad to show up and do my bit”. He pointed to “21 years loyal service with the army” prior to that and said: “Why would I look up a stranger’s application and destroy 16 years?”
In a closing submission, Mr West said: “It’s simply the position that no-one believed Mr Cosgrave at any stage, and that includes the appeals board. The reality is that everyone in this process concluded Mr Cosgrave was not being truthful and that he did access the APS over a sustained period.”
Mr Donnelly said he did not believe Mr Cosgrave “caused the offences” and said the Civil Service disciplinary code had been applied as “a walkthrough exercise in getting somebody dismissed”.
“This was a hatchet job from start to finish,” he said. “This man is 37 years in the armed forces and the civil service, never put a foot wrong, and then this comes along – surely some reasonable thinking has to come in and say: ‘What can we do here?’” he said.
Adjudicator Kara Turner closed the hearing and is expected to issue her decision in writing to the parties in due course.
- Sign up for push alerts and have the best news, analysis and comment delivered directly to your phone
- Join The Irish Times on WhatsApp and stay up to date
- Listen to our Inside Politics podcast for the best political chat and analysis