
Da na na na na na na na na
"Policing and criminal justice minister Nick Herbert described the PND as a "powerful crime fighting tool""
Much like Batman's utility belt?
The National Policing Improvement Agency, in charge of central British police databases, has announced the rollout of the new Police National Database, an intelligence-sharing tool designed to let coppers access information across force boundaries – a thing which was very difficult to do until now. "In many cases forces have …
``Nearly 100 organisations with an interest in privacy, including all English and Welsh police forces, were consulted ... 17 responses were received from a narrow range of organisations – 15 from police forces, police authorities or police related associations, one from the Information Commissioner's Office and one from the Welsh Language Board.''
That is an exceptionally poor response for something like this. I would've thought parties like NoID would definitely have something to say about it. Who was asked but didn't respond, and why? Or were they all police forces as those too have "an interest in privacy" of sorts?
And while I'm wondering, just what is the interest the Welsh Language Board has in privacy? Inquiring commentards want to know.
I find the privacy groups lack of interest about as likely as the bottles protesters hurled whilst police valiantly tried to save a dying newspaper seller, or the man in the suspiciously large puffer jacket who jumped the barriers at stockwell tube and failed to respond to police requests to stop.
"nearly 100" => between 90 and 99
number of police forces in England & Wales : 43
number of police authorities in England & Wales : 46
which leaves no more than 10 other organisations 'with an interest in privacy' including an unknown number of 'police-related associations' and, of course, the Welsh Language Board
So, I'd guess that approximately zero organisations with an interest in *protecting* privacy were consulted
Huntley did not work at the school of the girls he killed (he was a caretaker at a neighbouring school), although his girlfriend did. So a 'perfect' Police National Database might have prevented him being employed as a school caretaker - he would presumably have taken some other local job - but it would almost certainly have made no difference to the tragic outcome, unless we vet not only applicants for jobs working with children, but also all their associates (and presumably repeat the process every year or so as associates change).
BTW - if anyone applies "to find out what is held about them on PND" and "contact their local force", does that get recorded too?
The very first recommendation of the Bichard inquiry into vetting procedures that followed the inevitable furore was: "A national IT system for England and Wales to support police intelligence should be introduced as a matter of urgency.*"
http://media.education.gov.uk/assets/files/pdf/b/bichard%20inquiry%20report.pdf
* I guess 7 years counts as urgent in GovIT speak.
Not CLAIMED but it's obviously SUGGESTED or IMPLIED indeed. There's no other link.
The solution would be to vet (a) applicants to school jobs, (b) all their known associates, (c) applicants to jobs within 750 yards of schools or 250 yards of major school-home-traffic roads. And if that fails, then (d) all known associates of people applying for jobs within 750 yards of schools or close to major school traffic. There, I've also solved the looming unemployment crisis for bureaucrats.
NOTE: I did prefer the Beeb's title for this story, "Police shares database on 15million people" --- it clairvoyantly announced that one or more of them will put it all on a usbstick or laptop, unencrypted, and then lose it on the bus/train/slotmachine on the way home.
For something that's going to be accessible throughout the country anyway, why store yet another copy in a central location? This makes sense for a central paper repository, but for an electronically queryable database much less so.
What about foregoing the copy and linking up the actual databases instead, perhaps with some unified index, possibly distributed (think DNS), to tie it all together? It'd give the "primary keepers"* closer control over who has what access by manipulating access flags on bits in their own database rather than having it copied wholesale to elsewhere and have a nice out of sight, out of mind apathy effect set in.
Comments, anyone?
On that note: This sort of thing does mean lots of attention to access and logs and such, yes. Have we solved that in a usable manner yet? How's the state of your company's RDBMS access lists then, hm? Would you suppose the plod would be better? Though they'll be operating under stricter rulage at least in theory, my ears on plod practice beg to differ.
* let's not open up another can of worms by calling them "owners" of the data.
There was, and still is an indexing system, but it doesn't work that well. It's used as a part of the vetting process.
LPF systems only cover information relevant to their inquiries, and only hold other force data if a cross force connection is known. Chief's tend to get very nervous when you suggest things like distributed queries over their data from other forces, and would never allow it, as it would be a nightmare to administer that level of user access, and cost each force a fortune in additional equipment and licence costs, holding their own copies of data would also be prohibitive.
The NPIA however can do this, and having a central warehouse means you can do a whole load of neat stuff with the data. Though, I doubt it is as sophisticated as yet, as the fraud detection software used by Banks and Insurance companies.
Don't forget that the Police have relied for years on the PNC, and that's a pretty limited system in modern IT terms, basically a lookup database.
... that the plod are basically too unsophisticated to make anything more than an electronically niced-up but in spirit still very much paper filing system work. IE they're still stuck a century or two in the past as to the level of tech they --as an organisation-- can mentally deal with.
Not really a surprise. I now don't have to propose spending some on research on how to do the tagging and the fine-grained access controls efficiently and make the logging and auditing usable as the problem lies deeper. But it does mean that any tech "upgrade" doesn't stand a chance as it is the organisation that it is supposed to improve simply cannot deal with it, IOW is flat-out incompatible with anything that doesn't "work like" filing cabinets. That is to say, yet another inherent IT failure waiting to happen.
Might as well scrap the thing now and save some monies. But that's unacceptable as it'd mean failing the buzzword compliance test. Oh dear.
The price? A bunch of centralised bozos rooting around an entire country's worth of sensitive files and teaching themselves datamining along the way. No possible way that can lead to abuse of any sort, sir, honest.
I'm working on some government systems, and we have a requirement that we are compliant with the Welsh Language act of 1993.
Essentially it means that if a system is going to be available for use in Wales, then the system at least needs to be open to localisation into that language (though I'm not sure that you actually need to do it)
http://en.wikipedia.org/wiki/Welsh_Language_Act_1993
It's because the police are as infallible as the rest of us, but are in possession of dramatically more rights, authority and power. We all know what power does to people.
History is littered with examples of how dangerous and difficult is becomes to control corruption in monolithic police forces, and eventually, to control the force itself. An integrated IT a dangerous step with some positives, but a lot of potential and very real negatives. Just looking at recent confrontations between the Police and Parliament ought to be warning enough.
The forces remain owners of their data, the PND simply facilitates data sharing.
Access to data is very tightly controlled: only a few (in smaller forces, less than 10), named people have access to the PND and all access and access requests are logged and audited.
For sensitive data, access is further restricted to 'headline' information - officers from other forces who require more detail have to apply to the owning force and justify their request.
If regionalisation is your worry, you should be far more concerned with the cost control driven merging of back office operations that is happening across multiple forces. With budgets dropping 20%, for the last year or more Chief Constables have spent half their time playing outsourcing salesman, trying to persuade other forces to outsourcing of back office operations to them ("we're really good at looking after radios - let us look after yours and we'll save you x% on your current budget").
Some smaller forces, facing drastic funding cuts are going to end up virtually merged.
"Access to data is very tightly controlled: only a few (in smaller forces, less than 10), named people have access to the PND and all access and access requests are logged and audited."
Not necessarily, Having both reviewed and then audited certain parts of this system I can assure you that this is not the case.
In the first instance, cases of police officers 'sharing' key cards and log in details are far to frequent and far too leniently dealt with (where they can be bothered) to NOT be a significant issue.
In the second, security is not good.
In the third, there is little evidence of forces systematically examining logs for behaviours that might pick up data theft (as opposed to going back to try to find out how some poor sods details went out the the Daily M*****). And even then, the Met is a good example of where there is insufficient will to do anything with the data they have.
Anonymous for very obvious reasons - when we approached the relevant government bodies we were fobbed off with (and I kid you not) "Our best people are working on this at the moment"
I think the proof of the privacy pudding will be what they do to the first person caught misusing information from the PND. The police forces of England and Wales are hardly all the fine upstanding dixons of dock green we would like to think.
I would suggest the first time this happens the copper or staff member is named, shamed and hung out to dry. If not then we have a much bigger problem.
Btw how does this sit with the pan-european share mongers, are we going to see this as a next step that the intelligence will be shared with your friendly Estonian police?..
Are you saying that the Police should not hold intelligence information about criminals on computer systems for analysis, or that criminals should have the right to know what is known about them, and who said it.
Are you saying that only true information should be held on the database.
Or course intelligence and investigative information is confidential, and not for disclosure outside of controlled user groups. Any investigation will turn-up thousands of items, some true, some false, some indeterminate. All of this is subject to human and computer analysis, some will be marked as true and later found to be false, and vice versa, that is the nature of the beast.
Oh, criminals tend to lie when they give information to the Police, those lies are as important to record as the truth. It is not unknown for a criminal to give someone else's details when challenged.
Do you ant the PND to hold information only about known and convicted criminals, well that won't work either, the guilty get off, and some really serious criminal are never caught because they never actually commit a direct offence, they fund, they manage, they sit in the shadows and are only identified indirectly through data mining across boundaries and borders.
It's a sobering thought that many of the behind-the-scenes criminals tend to be Accountants, Solicitors, Estate Agents and small business men of good standing. Remember Layer Cake.