This column which looks (eventually) at Ireland’s ongoing political/policy neglect of data protection and cyber security and why the Defence Forces have a vital role to play in defending Ireland’s vital national infrastructure from cyber attacks. This column first appeared on Broadsheet.ie on July 20th 2020
Since I wrote my last Broadsheet column, An Taoiseach Michéal Martin has sacked a cabinet minister and reassigned three junior portfolios. According to his supporters this action, a mere 17 days after his first round of appointments, is proof of An Taoiseach’s cool decisiveness and a major rebuff to those who consider him a self-interested ditherer.
They may well be right, but either way his unplanned reshuffle does afford us the chance to look again at the choices made by An Taoiseach on June 27th and July 1st when he chose his team of senior and junior ministers.
Technically, of course, An Taoiseach did not choose most of them. Martin himself only got to name 5 cabinet and 8 junior ministers. 13 out of the 32 positions to be appointed. The rest, 6 Green and 13 Fine Gael were chosen by their respective party leaders and, we are told, beyond the allocation of portfolios, there was no consultation on the identities of any of those to be named.
So let’s look at some of those decisions. Actually, let’s not.
Rather than going over the appointments actually made, let’s look instead at two important appointments which were not made. Two non-appointments which will, in my opinion, have to be corrected in the near future.
The two are related and of equal importance and significance.
The first is the startling decision not to appoint a junior minister for Data Protection. Even the last government, whose record on data protection was questionable, managed to appoint one. Not alone that they even ensured they were [eventually] assigned to the department with primary responsibility for data privacy legislation, the Department of Justice.
Two events from the past week serve to highlight the critical importance of data protection. The first is the European Court of Justice decision in what has become known as Schrems II. This case revolves around the transfer of personal data to the US. While the ruling brings to an end the ongoing legal battle between Austrian privacy advocate Max Schrems and the Irish data protection commission, over how closely it regulates Facebook (and other social media giants), it doesn’t settle the issue.
The ruling has implications with stretch far beyond Facebook. It brings the validity of all data transfers to the US into question. This is significant as almost all trade involves data transfers.
This is especially critical for Ireland at precisely the time when the Taoiseach decides to appoint an additional Minister of State but drop the Data Protection one.
If this first event didn’t sufficiently highlight the critical national importance of data protection, the second one, the dismissal of Barry Cowen as minister, surely does. Whether you sympathise with the former Minister or not, there is no denying that it revolves around an improper, even malicious, leaking of Barry Cowen’s personal data.
There are two mentions of data protection in the Programme for Government (PfG). One acknowledges:
“…the domestic and international importance of data protection” while the other says the government will “support the Digital Single Market, ensuring high data protection standards”.
Not exactly inspiring stuff.
The second of the imprudent non-appointments, the decision not to have a Junior Defence Minister strongly suggests a continuance of the downgrading of Defence commenced under the last government. This is depressing, especially when you consider that Fianna Fáil’s recent election manifesto was the only one to contain a coherent and considered defence section.
The decision to appoint another part-time Defence minister by assigning responsibility for Defence to the Minister for Foreign Affairs is a retrograde step. It only serves to endorse Iveagh House’s long held, but deeply mistaken, belief that it ultimately runs national defence policy. It effectively relegates the Defence Department to being a supplicant of its bigger partner.
As if this was not worrying enough, it also strongly suggests that both the Taoiseach and Tánaiste now see national defence policy as a subset of foreign policy and view the Defence Forces as simply a supplier of UN manpower.
This fear is confirmed by the opening paragraphs of the Defence section of the PfG. While it rightly says our Defence Forces has the “longest unbroken record of overseas service with the UN of any country” and that “Peacekeeping and humanitarian efforts are at the core of the international reputation of the Defence Forces”, it also omits any meaningful recognition of their role in on-island security. Defence is seen solely through the prism of UN peacekeeping.
While UN overseas service undoubtedly is a important element of defence policy, it is far from the only one. The PfG language falls well short of that employed in the Fianna Fáil manifesto. That spoke of Fianna Fáil’s belief that “Ireland needs to recommit to its Defence Forces and its defence capability” and clearly identified cybersecurity as a vital element of national defence. It spoke of providing “a pathway of transferring this important function to the Defence Forces/Department of Defence”.
That is how a robust defence strategy should look and sound. National cyber defence is an issue I have explored here several times. Ireland is now strategically vital to Europe’s digital economy. Up to 40% of the EU’s personal data is stored here – here is the point where Data Protection and Cybersecurity intersect. We are a major target for a range of malign actors, both state and non-state. We are the sixth most cyber attacked EU member state and our response is poorly resourced, though highly committed, National Cyber Security Centre (NCSC), that only has about two dozen staff and an annual budget of €4 million.
To be fair to the PfG, there is a casual reference to the defence forces in the section on cyber security, buts it is oblique. It says the government will “Implement the National Cyber Security Strategy, recognising the potential and important role of the Defence Forces”, but never says how.
The comments last week by Minister Eamon Ryan responding to parliamentary questions from the independent T.D. from Kildare South, Deputy Cathal Berry did not add much to the discussion.
The failure to appoint either a junior or super junior minister with responsibility for defence leaves that Department worse off now than it was two months back.
This is not intended as a personal criticism of Simon Coveney. He is a decent and accomplished Foreign Minister, but he was a barely adequate Defence Minister the last time he held the portfolio. He was also a part-timer then as he was both the minister for agriculture and defence.
So that’s what the Taoiseach has got wrong. How can he put it right?
One quick and simple fix that would be to assign the Government Chief Whip, Jack Chambers T.D., as a Junior Minister for Defence. This would hardly be a major leap as traditionally the Chief Whip has been a Minister of State at Defence.
Almost every Chief Whip since Paddy Lalor in 1978 (when the post of Ministers of State was created to replace that of Parliamentary Secretary) has been a Junior Minister at Defence… apart, that is, from Dara Calleary and Jack Chambers, both nominated by Micheál Martin over the past three weeks
It would be a small move, but a significant one. Jack Chambers was Fianna Fáil’s spokesperson on Defence up to a few weeks ago. He wrote the Defence section of the Fianna Fáil manifesto and knows the issues better than anyone else in government, especially Coveney.
Chambers is primarily responsible for pushing the political case for both a permanent and independent Defence Forces pay body and a Commission on the future of Defence so, the allocation of the Junior Defence portfolio to him would be a welcome first step by An Taoiseach in showing that the Fianna Fáil section of this coalition was still committed to defence… assuming it is?
While Jack may not exactly be loved by some in social media’s darker corners, he is highly regarded by the people who know and understand defence policy.
The other is to allocate specific responsibility for Data Protection to a Junior Minister assigned to the two departments currently dealing with it: Justice and Communications. A quick run through the list of ministers and their responsibilities shows that the options here are not as clear cut. Maybe Green TD Ossian Smyth who current holds the eGovernment brief or Fianna Fáil’s Robert Troy who has the weightier Trade brief or his party colleague, Charlie McConalogue, who is already a Junior at Justice?
Why not a Fine Gaeler? Well, that’s obvious. You want someone who will do something with the role other than just Instagram about it.