Protocols, procedures and precautions in relation to eavesdropping on staff

Information Standards Freedom of Information Response

Our Ref: FoI 10-19

17 April 2019

Freedom of Information Act 2000

I can confirm that the Northern Ireland Assembly Commission holds some information relevant to your request of 19 March 2019. In your request you asked the following:

"1. What security rules, codes, protocols, procedures and precautions are taken to ensure that the CIA, GCHQ /Cabinet office are not eavesdropping / spying on staff, officials and ministers in your Department with social media media e.g. Google, Facebook as a conduit?"

"2. What summaries / reports does the department have about its security? Please indicate the public facing reports."

"3. Has the Department risk assessed the threat posed by social media especially that owned by foreign corporations and countries and especially US and CIA? What summaries does the department have of this information, including any public facing ones?"

"4. What social media apps are allowed on the Departments phones and computers? Which are installed?"

"5. Are Facebook, Google and Twitter apps allowed to be installed and or used on Department computers and mobile phones?"

"6. Are private, i.e. individually owned, mobile phones and computers with social media apps installed such as Facebook, Google and Twitter allowed in Department meetings, committees, and in the office environment?"

"7. If the answer to Qu 5 and Qu 6 are yes, how does the Department stop companies / CIA spying utilising microphones, cameras, and GPS data on those devices?"

"8. Has the department informed staff of the risk of spying and eavesdropping via social media apps? If so please send a copy of the memo / paper."

"9. Has the Department contributed material to the Cabinet Office as part of the cyber security strategy? If so what?"

"10. Has the Secretary, Ministers or the top 3 civil servants in the Foreign Office been briefed about Q Anon?"

"11. If so please indicate the date and the type of recorded information that has been briefed so that any future request may be narrowed down, as per Section 16 of the UK freedom of Information Act and Information Commissioner Guidance."

"12. Has the Department any other recorded information on Q / Q Anon? If so please indicate the date and the type of recorded information that has been briefed so that any future request may be narrowed down, as per Section 16 of the UK freedom of Information Act and Information Commissioner Guidance. (If there is a mass of information that will take the request over the time limit, please disregard this question)."

The information relevant to your request is provided at Appendix A.

If you feel that the information we have provided does not meet your request fully, please contact this office as soon as possible. You have the right to request a formal review by the Northern Ireland Assembly Commission and if you wish to do so, please write to me at the above address.

If after such an internal review you are still unhappy with the response, you have the right to appeal to the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF who will undertake an independent review.

If you have any queries about this letter, please contact me. Please remember to quote the reference number above.

Yours sincerely
Information Standards and Data Protection Officer

 

Appendix A

1. What security rules, codes, protocols, procedures and precautions are taken to ensure that the CIA, GCHQ /Cabinet office are not eavesdropping / spying on staff, officials and ministers in your Department with social media e.g. Google, Facebook as a conduit?"

The Northern Ireland Assembly Information Systems Office (IS Office) applies a wide range of intrusion prevention measures to protect the information held on internal Assembly systems including via social media tools. This is achieved through the use of multiple firewall technologies involving a range hardware and software vendors.

 

2. What summaries / reports does the department have about its cyber security? Please indicate the public facing reports."

The Information Systems Office commissions regular independent internal and external network penetration reports. The Information Systems Office also produces daily monitoring reports in relation to various aspects of cyber security. Due to the need to maintain the security and integrity of Assembly information systems, these reports are restricted and therefore not public facing.

 

3. Has the Department risk assessed the threat posed by social media, especially that owned by foreign corporations and countries and especially US and CIA? What summaries does the department have of this information, including any public facing ones?"

No. The Northern Ireland Assembly Commission does not hold this information.

 

4. What social media apps are allowed on the Departments phones and computers? Which are installed?"

Access to social media apps is not allowed on Assembly computers. Access to social media apps on Assembly phones is recommended for the purposes of Assembly business only.

 

5. Are Facebook, Google and Twitter apps allowed to be installed and or used on Department computers and mobile phones?"

Access to social media apps is not allowed on Assembly computers however staff may install Facebook, Google and Twitter apps on Assembly mobile phones for Assembly business purposes.

 

6. Are private, i.e. individually owned, mobile phones and computers with social media apps installed such as Facebook, Google and Twitter allowed in Department meetings, committees, and in the office environment?"

Yes.

 

7. If the answer to Qu 5 and Qu 6 are yes, how does the Department stop companies / CIA spying utilising microphones, cameras, and GPS data on those devices?

The Northern Ireland Assembly Commission disables access to microphones, cameras and GPS data on all Assembly mobile computers. The Northern Ireland Assembly Commission does not currently monitor or restrict the use of microphones, cameras or GPS data on Assembly mobile phones.

 

8. Has the department informed staff of the risk of spying and eavesdropping via social media apps? If so, please send a copy of the memo / paper."

No. The Northern Ireland Assembly Commission does not hold this information.

 

9. Has the Department contributed material to the Cabinet Office as part of the cyber security strategy? If so what?"

No. The Northern Ireland Assembly Commission does not hold this information.

 

10. Has the Secretary, Ministers or the top 3 civil servants in the Foreign Office been briefed about Q Anon?"

The Northern Ireland Assembly Commission does not hold this information.

 

11. If so please indicate the date and the type of recorded information that has been briefed so that any future request may be narrowed down, as per Section 16 of the UK freedom of Information Act and Information Commissioner Guidance."

The Northern Ireland Assembly Commission does not hold this information.

 

12. Has the Department any other recorded information on Q / Q Anon? If so please indicate the date and the type of recorded information that has been briefed so that any future request may be narrowed down, as per Section 16 of the UK freedom of Information Act and Information Commissioner Guidance. (If there is a mass of information that will take the request over the time limit, please disregard this question)."

No. The Northern Ireland Assembly Commission does not hold this information.

Find MLAs

Find your MLAs

Locate MLAs

Search

News and Media Centre

Visit the News and Media Centre

Read press releases, watch live and archived video

Find out more

Follow the Assembly

Follow the Assembly on our social media channels

Keep up-to-date with the Assembly

Find out more

Useful Contacts

Contact us

Contacts for different parts of the Assembly

Contact Us