150,000 lost UK police records looking more like 400,000 as Home Office continues to blame 'human error' Estimates detailing the loss of criminal evidence records by the UK Home Office and the police show the figure leaping from 150,000 to 400,000. Nonetheless, in a statement issued on Saturday, the government department said it was working to restore the records using the magic of computer code. "Working with the National …
"Yesterday's article mentioned that there used to be a backup in the form of a complete mirror-server at a different location, but that was lost in a fire several years ago and so far not replaced."
<needlescratch/>
Wait, what?
In a former life I did some work which involved the PNC. One day in mid 2005 we lost all our connections. Turns out that the backup system we were using was in a building that was unfortunately close to a certain oil depot that had just explosively disassembled itself...
PLEASE tell me they haven't been running on a single system since then... !?
Mind you, having experienced PITO as a customer I wouldn't be surprised...
I have little doubt that Priti Patel has been hard at work and is spending many hours every day trying to decide who is the most convenient (and expendable) person to blame. Just like many of those whose records have been deleted, the question of guilt or innocence is completely irrelevant when compared with what is the most expedient.
I did note to my network admin (a couple of years ago, using win 7) that it was a bit unnerving that the rightclick 'delete' was perilously close to the 'rename' and 'create shortcut' function... don't worry that what the bin is for... a big problem is, if it is on a network share, it **does not** go to the bin, but disappears..
That was the original story I heard too, but both the volume and range have expanded since then.
There's been years of campaigning against police retention of data from those who are interviewed then released (or to use a technical term, "innocent"), or from mass 'round up the usual suspects' attacks on demonstrations. (Anyone remember kettling?) The police / government response was not much more sophisticated than "No. Shan't. Remember Ian Huntley?", despite him and that case being a red herring in this context. A lot of people will not be unhappy that those records have now been lost due to an admin SNAFU. Losing actual criminal records and those for investigations in progress is a little more serious.
What if this wasn't an accident? As everyone points out, this should be nearly impossible on a mature system like this, which should have backups and lots of barriers in front of operations such as this.
All you need to know is that an unnamed MP was recently released without charge for a (heinous) alleged crime. Perhaps there are other, unreported, cases as well relating to Tory MPs, or donors.
So this was potentially a planned data loss to remove the records relating to this, covered up with other deleted records, in a needle in a haystack method. They'll gloriously say they recovered 90% of the records in due course from backup or paper trail, but the rest of the paper trail for the critical records will have been disappeared. Did
Yeah, it seems far fetched and conspiracy theory like, and I'm not a fan of these in these times, and it most likely was poor backup practices and system access control. But still.
If I hear that somebody has been released without charge I assume it was because there was no provable case against them and that they are, therefore innocent. That is a basic principle of the English justice system (no "not proven" stuff here), has been for centuries and hopefully, despite the longings of the HO and intelligence services, will continue to be. It applies to everyone. It applies to Tory MPs and donors. It even applies to YOU. And if you think about it a little you'll realise that the reason that it applies to Tory MPs, donors and everyone else is so that it can apply to you. And if you do a little more hard thinking you might realise that that is the most valuable protection you can have under the law.
Meanwhile, those of us who've actually had the job of investigating allegations of criminal behaviour appreciate just how important it is that the subjects of those investigations do go unnamed.
This post has been deleted by its author
As everyone points out, this should be nearly impossible on a mature system like this, which should have backups and lots of barriers in front of operations such as this.
I think you are overlooking the minor detail of this being government IT, so hardly mature and apparently without backups. Besides that, those barriers also seem to have gone AWOL (assuming they ever existed).
Of course they do. They have an agenda. They've been for decades trying to make IT chartered profession where they can have out of date, expensive certifications.
Must've been over 2 decades ago when I looked and was like how much? For what? Sod that...
With hindsight, yes they are irrelevant.
> Nice of the BCS to blame the developers. This was probably user error compounded by worse management error because there were no backups.
Shirley, the BCS statement is making the point that it wasn't just the developer's fault because there were other people in the chain that should have checked as well but either didn't or also missed it?
AKA the Peter principle: people rise to the level of their own incompetence.
There's too many managers around that can't do the job of the people they're managing. Whilst there's *some* skilled and talented managers who understand this and effectively delegate and manage, alas they're a rare commodity outnumbered many times over by clueless management numpties throwing their (light) weight around.
"Quick, call the BCS" .. said nobody.
They're fine for academia (one ass-u-me s), but not when working at the coal face with unqualified 'managers' and dubious processes. Much like attempting to read 3 volumes of The Art of Computer Programming (Knuth) - which would probably qualify as membership, but you wouldn't get a job.
Yeah, a quick take-offline, restore and apply recent transactions from logs before re-onlining overnight and hoping nobody noticed the 2 hour outage. Been there. I deliberately mistype the initial parts of SQL statements now so they will fail in case I accidentally run them and then have an "Oh F**k" moment.
As a matter of course, I would generally write any DELETE statement as SELECT * first and check it returns the results I want.
Then, before running it, select the contents of the affected table(s) into backups, along the lines of SELECT INTO TABLENAME_20210119 * FROM TABLENAME.
Then, where practical to do so, start a transaction before running the DELETE and only commit it if I get the expected number of records reported. I say "where practical" because you might not always have the tempdb space available.
Of course, if you do actually want to zero out a table, you should be using TRUNCATE anyway, unless you have a particular need to be able to reverse the transaction log.
> Unless they are using the Adabas SQL gateway apparently. Adabas is not a RDBMS I'm familiar with, but Google is your friend (in this context).
When I were but a stripling starting out in the business there were job ads a plenty for Adabas and Natural. I nearly thought about re-training but never did. Eventually of course it was crushed by Oracle out-marketing everything even vaguely close as a competitor.
However it has made me suddenly realise that the poor person responsible is more likely to have made the mistake through senility rather than youthful exuberance!
When I were but a young'un, it was a case of get any job you can, and in my case, it turned out to be Equinox on Novell Netware (shudder). I was asked now to do anything with that now, I'm not sure that I could remember a single thing about it. And that's the way I want it to stay.
I had heard that the PNC has not been compliant with this legislation for years.
Scuttlebutt has it that it was the implementation of rules to become compliant which went wrong, and that this problem goes back to sometime in last year so some data will have rolled off their DR backups. If that was the case, then the rules to make sure that data that should be completely purged, even from the backups may have been incorrect.
Under UK and previously EU law, the police to not have catre blanche to keep information gathered from suspects forever. If someone is arrested for a crime, then the police can take and store information about the person. If they are subsequently released and the charges dropped, or go to trial and are cleared of the crime, then the police are bound by law to delete the fingerprints, DNA and other data that they've collected after a certain period of time.
Anybody convicted of a crime will have their records stored forever (incidentally, this is sometimes quoted as being why police will take fingerprints from people who are stopped for minor motor offenses, even when the data has no bearing on the crime - "it's standard procedure, sir"). Once someone has been convicted, the police have the right to keep any data they've collected whether it was needed or not.
This deletion policy does not please the police. They would really like to build up a complete database of all the people in the country whether they've been found guilty of a crime or not. If I were to put my conspiracy hat on (the one with the tin foil lining), this news story could be a deliberately created attempt to shock the people and government into a policy change to allow them to keep more information for longer.
Within the last decade, I heard a broadcast interview about the police's DNA retention policy with who ever was the chief of ACPO at the time, where he repeatedly called people who had been arrested but not yet tried as "criminals" instead of "suspects" (not even "potential criminals"), even after being pulled up by the interviewer on more than one occasion. I'm sure that some members of the police regard all of the public as criminals who just have not yet been caught yet!
In theory backups should be cleaned as well, but in practice that is usually not practical.The important thing here is putting the deleted data "beyond use". So it might still be on a tape/... but it cannot be accessed through normal use/mechanisms.
repeatedly called people who had been arrested but not yet tried as "criminals" instead of "suspects"
A crime is committed by one or more culprits and yet reports will almost inevitably say "suspect" instead. I suppose referring to suspects as "criminal" is the logical extension.
And the Libra magistrates court system that was memorably described as 'one of the worst IT projects ever seen' by the Commons Public Accounts Committee:
https://www.computerweekly.com/news/2240049341/Courts-Libra-system-is-one-of-the-worst-IT-projects-ever-seen
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2021
