Phil Hogan’s spokesperson, in their defence of his shifting story of how he drove laps around Ireland, in and out of Covid hot-spot Kildare, said that the reason for him visiting his apartment in the K Club was that:
“He stopped briefly at his apartment to collect personal belongings and essential documents relating to the EU-US trade negotiations, which continued while the Commissioner was in Galway.”
Document security isn’t familiar to most people unless it touches their job; it refers to measures taken by any company that is afraid of its secrets coming out.
They could be hospital records, a law firm with sensitive client information, a company developing a new product, or many others. Scandals over the years where information was accidentally leaked have spurred many organisations to bring in formal procedures.
These involve training staff on rules about not taking any documents offsite, shredding waste paper securely, printing sensitive documents on a different colour paper so they stand out, or using special paper that turns black when it is exposed to the light from a scanner or photocopier. Electronic measures include using high-grade encryption, or just disabling the print function for some staff viewing some documents.
Post-Covid many people will be familiar with bringing their laptop home, where to access sensitive information they have to securely log onto their office network, so even if the laptop is stolen, the sensitive data is on the office server, not the laptop’s hard drive.
That’s the type of security that’s used to protect the results of your prostate exam.
International negotiations are much more sensitive; documents could contain details that would cause embarrassment if they got in the press, but the real threat is from state actors. The EU is negotiating a trade deal with the US, and the Americans would have a huge advantage if they got hold of sensitive information; they have a record of using spies to do exactly that.
Other state actors, such as Russia and China, could well perceive an interest in sabotaging the talks, or trying to skew them in one direction or another.
Journalist John Mooney has written recently about how the Russian FSB, the successor of the KGB, is able to operate freely in Ireland. Could the European Commission be happy to have essential documents, an obvious target for espionage operations, left lying around an unoccupied apartment, with little or no security?
The problem for Hogan is how could documents so trivial as not to be covered by Commission document security rules, still meet the ‘essential work’ standard in the lockdown rules.
A European Commission spokesperson confirmed they have a detailed policy, Security Notice C(2019) 1904, for dealing with confidential documents, and that the documents in question were in the category “sensitive non-classified”. They’re not the nuclear launch codes, but definitely not something they want in the possession of negotiating rivals.
The spokesperson also confirmed that the commissioner’s home in Brussels got a security audit, but not his other residences, and said that, as per their policy, these documents must only be distributed on a need-to-know basis, that all recipients should be aware of the handling instructions, and the documents must be shredded to a particular standard when no longer needed.
And where possible, documents should be stored in a locked office or a locked cupboard when not in use. Phil Hogan drove to Covid-stricken Kildare and picked up these sensitive documents, perhaps from a locked office or a locking document cupboard in his apartment, that’s not clear.
He then drove with them to the golf dinner in Galway. Then what? Maybe he left them in his car, but that certainly doesn’t meet the handling requirements. Maybe he had a hotel room and he left them there. Or maybe he just kept them in his jacket pocket, or under the table in his briefcase as he downed the gargle.
These requirements are not suggestions. The Commission has confirmed that the document handling rules are binding and apply to all staff and commissioners.
Even if a locked hotel room, or hotel room safe, technically meets the EC Security Notice requirements, any number of hotel staff would have access cards for those, making this at the very minimum a breach of the spirit of the rules, and an incredibly sloppy way to deal with essential documents relating to the EU-US trade negotiations.
