Gosh, what a surprise.
A legally significant police database to be given an audit trail, wonders will never cease. And at no extra cost I'd expect.
(Sorry all these databases are audited to hell and back, already, to BIP0008)
A code of practice for the forthcoming Police National Database says that an audit trail will be created to tackle abuse. Chief police officers will be responsible for auditing the activity of their own officers and no user should audit their own activities, says the document, presented to Parliament on 17 March 2010 by the …
"Chief police officers will be responsible for auditing the activity of their own officers and no user should audit their own activities"
am i being silly, or should the software not just log all requests for data?
"exported information should be anonymised by the removal of information which could be used to identify individuals"
normally i'm all for anonymisation but... again, it must be a morning lack of coffee, but this is useful to the police... how?
(if its primary uses are going to be data entry and retrieval for records of specific individuals then.. you know who the person is(/claims to be) before you begin)
?
where police officers have downloaded files or photocopies of documents of citizens and passed them to some of the more shady characters in society for information purposes only.
Just to be helpful.
Of course this information has led to several people getting a bullet in the head.
I would imagine the data being anonymised will be to try and prevent this.
Even the Police can't trust the Police.
anonymised obviously
Newsflash - plod forced to add an audit trail! Excuse me - WTF.
How many systems do the plod have without a audit trail(s) plural. I thought all supposedly secure systems had multiple levels of audit trail. Also I would hope someone is reconciling these as part of a rolling security review.
Are you teling me the plod have yet to get their brains out of the 80's? Mind you given the salaries for plod IT jobs, "pay peanuts get monkeys" springs to mind. I am amazed they have not outsourced thier IT dev and support to one of the APNIC lands to save that bit more.
Oh great - the police once again being entrusted with the task of policing themselves.
I suppose one should take solace from the fact that at least it has been recognised that there is a need for an audit trail, albeit designed more to ensure compliance with the DPA than to combat abuse of the system.
Note however that AFAIK anyone charged and sent for trial would have a file through the PNC system in any case. Given the UK police forces fondness for collecting data I *strongly* doubt that being acquitted at a trial is *anywhere* near enough to have their record removed from a PNC check.
This will also mean that all that "soft" intelligence or gossip, innuendo and malice, will about someone will be accessible nationwide.
Still good know it will have an audit trail. So if some vigilante group does burn a house because a mate in the force 2 counties away says someone reported that someone they knew said someone had been seen near a play ground they can find the plod to started it.
Data security. They've heard of it. Thumbs down because audit trails should be in from day 1.
"Chief police officers will be responsible for auditing the activity of their own officers and no user should audit their own activities"
By God, it's the most ingenious plan ever! Britain is safe once more.
"To guard against data breaches, the code says that exported information should be anonymised by the removal of information which could be used to identify individuals."
Didn't AOL already try this once...?
"Chief police officers will be responsible for auditing the activity of their own officers and no user should audit their own activities"
"They will be monitored by HM Inspectors of Constabulary."
so the police and their mates in the HMIC will be making sure everyting is ok. I feel more relaxed already.
Hmnnn, one wonders how effective the PND will be at its stated purpose of "information sharing". The political and technical barriers to individual forces uploading data are already quite high:
* Reluctance to expose "interesting" or "sensitive" data to other forces, in case it is "misused" by other forces, or simply upsets long-running operations (you don't really want somebody you have been following for months arrested by a neighbouring force on a minor offence, do you?)
* Reluctance to expose poor-quality data for risk of embarrassment or ridicule by other forces (or worse, the attention of professional standards or HMIC).
* Difficulty of meeting the onerous technical requirements of the interface specification for uploading information to PND.
So how much really useful data will end up in PND? I suspect a minor fraction of what is actually available, seriously restricting its value for intelligence purposes.
Then, each individual force will apply its own access control policies on their uploaded information. Given the lack of standardisation of working practices across the forces, these policies are all going to be subtly different, which means that visibility of information will vary from force to force. Any query across information from multiple forces is therefore going to deliver inconsistent results. How users and intelligence analysts will make sense of this is anybody's guess.
The implementation of the centralised security model is also going to be incredibly difficult and complex, because it will actually be an amalgam of 43 different security policies, one for each force (and not counting the national agencies, of course). How likely is it that the implementation of such an access control model is going to be correct, with no weaknesses or security holes?
The PND also seems to confuse the needs for the search and sharing of intelligence information (the original and primary driver for PND) with the simpler information access needs for operational policing (that is, the future replacement of PNC). It would probably have been better to create two separate systems to deal with these two very different sets of requirements.
Surely, for the search and sharing of intelligence information, a federated approach would have been better, one based on modern web search technology:
* Allow each force to host their own portion of the PND in a simple web system, defining their own upload and access control policies.
* Use a simple set of media types for information storage, loosely typed and encouraging information upload.
* Make sense of the data using modern web search tools based on Information Retrieval (IR) technology.
* Deploy standard web server and caching proxy servers for resilience, availability and scalability.
As well as encouraging "buy in" and "ownership" by forces, such a system is also likely to be easier to manage and far more resilient and secure than any centralised PND.
This is a classic example of how the design of a computer system needs to mirror the operating model of the organisation. Without the political will to actually merge them, if you have 43 separate police forces, the chances are that you need a system consisting of 43 times "something". My vote would be for a simple federated system made up of 43 identical parts, rather than one centralised system that is perhaps 43 times more complex than it needs to be!
I know a federated approach was tried several years ago, but failed due to the wrong technology choices and poor implementation, but today we have a much better understanding of how to make Internet-scale web search systems work. The public sector's reliance on large, centralised databases using (relatively) old-fashioned technology approaches is astounding. For how long will government continue to ignore what the private sector has learned about technology implementation and about web systems in particular?
> Surely, for the search and sharing of intelligence information, a federated approach would have been better, one based on modern web search technology:
What's so special about the web. Or did you mean HTTP. Or TCP or what.
> * Allow each force to host their own portion of the PND in a simple web system, defining their own upload and access control policies.
Bit vague. Sounds like a recipe for trouble, each with their own create/access policies.
> * Use a simple set of media types for information storage, loosely typed and encouraging information upload.
"loosely typed" Aww gahd, no00000000000000000ooooooooooooooooo...! The road to hell & that. Loosely structured = machine unreadable = almost useless. A rat's nest of unconnectable, unsearchable facts.
> * Make sense of the data using modern web search tools based on Information Retrieval (IR) technology.
using Information Retrieval to get info. Whatever next.
> * Deploy standard web server and caching proxy servers for resilience, availability and scalability.
I'd worry about security before that, and resilience etc. needs more than web server & cacheing considered. Actually, I'd worry about the people side of things first, from developers to managers to users. They're always the weak point.
> As well as encouraging "buy in" and "ownership" by forces, [...]
mmm, I don't see how that follows.
Another contract for ACPO? Well after all, like with all the other inevitabilities of the intrusive, anti-democratic, proto-totalitarian legislation of the Blair/Brown/Campbell/Mandelson years that the average voter or abstainer refuse to believe could ever happen here, it isn't so hard to imagine a not-too-distant UK in which ACPO runs the police in a PPP (and as with any PPP, it goes entirely commercial the moment it shows a profit - well, if you pretend it isn't being subsidised by the tax payer, that is).
<breathe in! Make that incompetent public-speaking face Gordon Brown does>
The 21st Century police state is a commercial enterprise.
Having worked at a company for 7 years that produces database software for the UK Police and Internationally (and not a small player at that), I can tell you that amongst the big things you HAVE to do for any database is be able to audit who/what/where/when of what the people are doing. The storage of that audit information is required to be transparent to the person using the database, and for people with audit viewing permissions, be relatively easy for them to interrogate that database. Oh and the audit viewing actions should also be audited as well :-)
It still fails me that they couldn't look above the border and see how things work in the national Scottish database!
So, instead of getting a printout saying "Joe Bloggs was suspected of ... " it will say "The suspect was suspected of ..."
Great, that will sure keep his information private.
For all of ten minutes while it sits in the printer tray, maybe. And then, the person who created the report will add the handwritten caption "Joe Bloggs" and circle it because its important.
But Joe Bloggs' privacy will be ensured, because he isn't mentioned *IN* the report.