back to article Coppers 'persistently' breach data protection laws with police tech

Coppers in England and Wales are "persistently" committing data breaches, according to the Police Federation's head of misconduct. Technologies from the Police National Computer (PNC) systems through to the Automatic Number Plate Recognition (ANPR) databases are "increasingly being used by officers for non-work related reasons …

  1. TheTick

    Power corrupts

    Who would have thought it?

    1. codejunky Silver badge

      Re: Power corrupts

      Who didnt see this coming?

    2. Richard Rae

      Re: Power corrupts

      But absolute power is more fun and saves "In an average year around £17m on legal advice"

    3. veti Silver badge

      Re: Power corrupts

      There are about 125,000 police officers in England and Wales, and that's not including non-officer employees. If there are 2500 allegations of misconduct per year, then - assuming they all involve separate officers - that's 2%.

      Wherever you work, how many of your fellow employees do you trust not to abuse private information they have access to in the course of their jobs?

      If the answer is no more than 98%, that suggests police are no more corrupt than the average.

      1. David 132 Silver badge
        Unhappy

        Re: Power corrupts

        veti Wherever you work, how many of your fellow employees do you trust not to abuse private information they have access to in the course of their jobs?

        If the answer is no more than 98%, that suggests police are no more corrupt than the average.

        Mmm. But my fellow employees aren't empowered by the full might of the State to arrest me, ruin my life, seize my possessions & hold them for effectively unlimited time, deprive me of liberty...

        Police have exceptional powers under the law. In return for granting those powers, we hold them to exceptional standards of probity and discipline. Frankly I would be disappointed if the police were "no more corrupt than the average". We should demand nothing less than absolute honesty and integrity. What, you don't like that Officer? Well, no more powers for you...

        1. Pascal Monett Silver badge

          @David 132

          In theory you are absolutely right and I support your point of view completely.

          In reality, unfortunately, police business is done by humans, not robots. A 2% rate is, I think, just about as good as it's going to get.

          1. Trevor_Pott Gold badge

            Re: @David 132

            Then 2% of cops should be jailed every year. You or I would be in their place. If the cops can't handle being held to higher standards, they shouldn't get exceptions to breaching the standards to which mundanes are held.

      2. sabroni Silver badge
        Facepalm

        Re: that suggests police are no more corrupt than the average.

        Because how suspicious I am of my colleagues is the same as actual evidence?

      3. DavCrav

        Re: Power corrupts

        "Wherever you work, how many of your fellow employees do you trust not to abuse private information they have access to in the course of their jobs?

        If the answer is no more than 98%, that suggests police are no more corrupt than the average."

        Garbage. This shows that 2% were misusing and got caught.

      4. tiggity Silver badge

        Re: Power corrupts

        @veti But that assumes the only misconduct is those 2500 instances, whereas those 2500 could be the tip of the iceberg.

        Without knowing

        a) how likely dodgy use being caught is

        b) how likely such use (a) is actually recorded as misconduct

        Nobody knows the "validity" of that 2500 figure so any interpolation is essentially a guess

    4. dave 81

      Re: Power corrupts

      And any so called accountability is laughable.

  2. Zog_but_not_the_first
    Holmes

    See icon

    As above.

  3. Solarflare

    Surely, if they are dealing with 1,000 cases at a time of misuse by the police then either:

    A. Police need a massive amount of education around what they can and can't use these systems for.

    B. Access to the systems needs to be locked down to more senior individuals who can vett the reasoning behind the request and only move forward if it is legal.

    C. Both of the above.

    1. Anonymous Coward
      Anonymous Coward

      Go for C: but add instant dismissal and fine.

    2. VinceH

      @Solarflare

      Those sound reasonable and sensible.

      So they'll never happen.

      1. Adam 52 Silver badge

        Re: @Solarflare

        PNC is quite heavily locked down. Other systems less so. It's possible that's what the Fed said but I suspect sloppy reporting.

        As for access approval, it's a touch impractical. "May I have a vehicle check for AB12 ABC driving erratically please?". "Certainly, return to the station, fill out these forms and wait for the duty superintendent to finish his meeting with the district council" isn't really going to work.

        Although I know IT departments who still operate like that.

        It's not generally Fed members (Constables, sergeants and inspectors) in a position to abuse the systems, it's the civilian staff and IT. Constables will usually go through a radio operator or it'll be related to an active job, with permissions locked to their jobs.

        Control room staff on the other hand have to deal with anything that might come in on the phones, so need fast access to a wide range of data.

        One more reason to worry about outsourced 999 or merging Fire, Ambo and Police call centres.

        1. Adam 52 Silver badge

          Re: @Solarflare

          Sometimes I wonder why I bother to post factually correct information with informed, reasoned argument. Maybe I should stick to "Linux rulz, Micro$oft sux" to hit the commentard sweet spot.

          1. Anonymous Coward
            Anonymous Coward

            Re: @Solarflare

            Sometimes I wonder why I bother to post factually correct information with informed, reasoned argument.

            Worried about a few downvotes? Don't be. No matter how well informed and argued you are, there will be people who disagree without any supporting evidence (and people who disagree with supporting evidence).

            In this case I think the gist of your post is (beyond your factual contribution) implying that full police officers are less likely to abuse the systems at their control than civilian colleagues. I think I've seen enough reported evidence of poor conduct in a whole range of situations by the police to reasonably believe that police officers aren't any more law abiding than any reasonable sample of the same socio-economic groups outside the police force, and I would similarly believe the same would apply to their civilian colleagues.

            And no, I didn't downvote you.

            1. Adam 52 Silver badge

              Re: @Solarflare

              "implying that full police officers are less likely to abuse the systems at their control than civilian colleagues"

              Partly, but mostly that there's just less opportunity. A constable's permissions are limited to their team's jobs and area, so they can't check out family and friends. Control room, crime recording and evidence clerks have access to almost everything.

          2. sabroni Silver badge

            Re: Micro$oft sux

            I believe the commentards prefer "Slurp". It's like they don't know what Google Analytics is.

            1. CrazyOldCatMan Silver badge

              Re: Micro$oft sux

              I believe the commentards prefer "Slurp". It's like they don't know what Google Analytics is.

              Other than the site that's permanently blocked by NoScript for me?

        2. Anonymous Coward
          Anonymous Coward

          Re: @Solarflare

          "Constables will usually go through a radio operator or it'll be related to an active job, with permissions locked to their jobs."

          Officers have a user account to the system so they can log in and get at information while they're writing reports on incidents they have been involved with. At this point there is very little limitation as to what data they can access as the incident could involve anyone. As such, abuse will only be uncovered when access is audited, and that audit could be automated to look for cases where an officer accessed a record that isn't matched to an incident report. That is likely why the figures are accurate.

          Call centre staff, on the other hand, will have their access logged and matched to calls, so they can't just go nosing around in the system: They'd have to show that they were responding to an enqury from PC 'X' at the time. That, however, is getting phased out with new tech where the officer can access the system directly while in the field (this is available in many police vehicles already). This then logs all access against the specific officer and they'd need to note why they're accessing that data so it can be matched back to an incident report.

  4. Wolfclaw
    Holmes

    Criminal copper who would have believed it. Big fines for any Force found to be in breach, the sack and prison time for the coppers. No cover-ups or retirement due any old reason to avoid prosecution !

    1. Oliver Mayes

      > Big fines for any Force found to be in breach

      Except that those fines are then paid by the taxpayer, not the people responsible.

      1. Anonymous Coward
        Anonymous Coward

        Medium-sized fines for the police chief

        And small fines for the local Commissioner.

        And while we're at it, how about dismissing police who are so woefully incompetent that they can't keep track of a suspect and instead follow and then shoot dead a random passer-by.

        Insead of promoting the either incompetent or malicious Dick all the way to the top.

  5. Justicesays

    More accurately...

    "those types of actions are only likely to lead them into serious trouble a slap on the wrist and maybe some time off with pay"

    1. Adam 52 Silver badge

      Re: More accurately...

      You're massively out of touch. Police forces (excluding Manchester and the Met) don't cover much up at all, certainly not at the lower ranks.

      I'll give you a recent example. There is a minor traffic incident on an icy road. Sometime later "A" drives his car at 85mph on the same icy road. He crashes and kills someone. The Police officer attending the first incident was sacked for not closing the road. Bear in mind that there are hundreds of miles of icy road and thousands of minor dings every winter there is no way every single icy road can be closed just in case retard boy-racer does something stupid, but we still blame the unlucky scapegoat.

      1. Anonymous Coward
        Anonymous Coward

        Re: More accurately...

        What planet are u living on? Police cover up things all the time. It's like a second trade for them.

        1. Adam 52 Silver badge

          Re: More accurately...

          A real one, not an imaginary world constructed from watching too much TV and reading conspiracy theories on the web.

          1. Adam 52 Silver badge

            Re: More accurately...

            One more thought. Somewhere right now there's an officer in London wondering if he's about to be charged with murder for shooting the bloke who killed one of his colleagues and four other people.

            Day 1 of the firearms course includes the line "if you ever pull that trigger your life will be ruined".

            1. PatientOne

              Re: More accurately...

              "Somewhere right now there's an officer in London wondering if he's about to be charged with murder for shooting the bloke who killed one of his colleagues and four other people"

              Pedantic, I know, but... the bloke killed three people: One police officer, two civilians (as of last news update I read). So, unless there's been another death post mid-day news, it's 'the bloke who killed one of his colleagues and two other people'.

              However, I think the above is justified by the title of 'More accurately'

              1. Alister

                Re: More accurately...

                @PatientOne

                You are out of date.

                Perhaps you should check before posting.

                From the BBC website:

                "The flag above the Houses of Parliament flies at half mast following an attack on Westminster that left four dead and many injured,"

                1. A Nother Handle

                  Re: More accurately... @Alister

                  According to the BBC those four people are

                  1. Kurt Cochran

                  2. Aysha Fraid

                  3. PC Keith Palmer

                  4. Khalid Masood

                  Three people murdered by Masood, and Massod was killed by the unnamed police officer referred to by Adam 52. Patient One's correction is accurate.

      2. Justicesays
        WTF?

        Re: More accurately...

        "Police forces (excluding Manchester and the Met) don't cover much up at all, certainly not at the lower ranks."

        Who said anything about "Covering up"?

        I'm just going on the actually discovered violations

        http://www.telegraph.co.uk/news/uknews/crime/8713194/Hundreds-of-police-officers-caught-illegally-accessing-criminal-records-computer.html

        Looks like 79% wrist slapping, so I'll stand by the "likely" outcome.

        And it seems the senior officers suspect it's happening a lot more than is being caught or reported.

        But maybe they just don't trust the police eh?

  6. Evil Auditor Silver badge

    "...are likely to face very significant penalties"

    I wonder just how likely and how very significant those penalties are, when data breaches are committed persistently. Did some officer just get another very significant slap on the wrist?

    I used to work for a company that monitored access to customer data records. If someone accessed data they were not supposed to query, an investigation was launched. If the access could be reasonably explained e.g. by typo, it was a slap on the wrist. If there wasn't such explanation it resulted in a written warning ("two warnings and you're out") or outright dismissal without notice - depending on the severity of the data breach. That is what I call significant penalties. But with such procedures there probably wouldn't be many police left...

  7. Anonymous Coward
    Anonymous Coward

    Nothing To Hide!

    If you've got nothing to hide, why is this a problem?

    (Note: above is sarcasm for anyone half asleep)

  8. John Smith 19 Gold badge
    FAIL

    "majority of cases, the officer thinks that they are doing it for the right reasons"

    New flash. Police always think they are doing whatever they have been caught doing for the right reasons.

    If this is so useful why can't everyone do it?

    1. Roj Blake Silver badge

      Re: "majority of cases, the officer thinks that they are doing it for the right reasons"

      Indeed - they almost certainly thought they were fitting up the Birmingham Six and Guildford Four for the right reasons.

      1. John Smith 19 Gold badge
        Unhappy

        "they were fitting up the Birmingham Six and Guildford Four for the right reasons."

        In the words of "Truscott of the Yard" "We always arrest someone, it's bad form if we don't."*

        *One of Richard Attenborough's finest performances, back to back with his portrayal of John Christie, who was also only caught after they'd hanged the wrong man first.

      2. Frumious Bandersnatch

        Re: "majority of cases, the officer thinks that they are doing it for the right reasons"

        And not just the police, as it happened:

        http://www.irishtimes.com/news/appalling-vista-observation-stuck-1.160004

  9. Anonymous Coward
    Anonymous Coward

    I look at it this way,

    If you could PNC check your new neighbours would you to make sure they aren't dodgy?

    If you could PNC check your son or daughters new partner who appears a bit shady would you?

    I think the majority of people would say yes.

    However that does not excuse the situation as it is wrong.

    All searches should be recorded with a explanation entering in the system for the search then if it is found that they have abused their position it should be an instant dismissal.

    Maybe we should have a system where anyone can ask for information in certain situations where you don't get full disclosure but are told if you need to be wary.

    1. Rich 11 Silver badge

      but are told if you need to be wary.

      This would be a good way to ensure that no-one who has been convicted of a serious offence is considered to have paid off their debt to society. It is also a great way to increase the likelihood that the offender will commit further crimes.

      If you can't see how that works, please do sit down and think it through.

      1. John Robson Silver badge

        >> but are told if you need to be wary.

        >This would be a good way to ensure that no-one who has been convicted of a serious offence is

        >considered to have paid off their debt to society. It is also a great way to increase the likelihood that

        >the offender will commit further crimes.

        >If you can't see how that works, please do sit down and think it through.

        Or maybe the 'be wary' flag could expire when the conviction is spent?

        1. Red Bren

          "Or maybe the 'be wary' flag could expire when the conviction is spent?"

          As it's damn near impossible for innocent people to get themselves removed from the police database, even if they're only on there for "helping with enquiries", how likely do you think a spent conviction will take to remove?

      2. Anonymous Coward
        Anonymous Coward

        I am fully aware of how the rehabilitation of offenders works and why disclosure can cause those problems.

        However there are such situations where the disclosure can help prevent crimes.

        Lets say you have a person who is a serial domestic abuser, should a potential partner be able to made aware of this?

        What if your new neighbour has been inside umpteen times for burglary?

        I'm not talking about giving people access to criminal records I'm talking about maybe another way that could be used that would discourage the police from doing what they are doing but making it available to all. I'm also only talking about repeat offended who clearly don't want to be rehabilitated so the original argument about further crimes is reduced.

        1. frank ly

          How about:

          Your new neighbours can PNC check you to make sure you aren't dodgy.

          Your daughter's new boyfriend can PNC check you all to make sure he's not getting involved with a criminal family.

          Would most people say yes?

    2. Anonymous Coward
      Thumb Down

      Would I? No. I've spent most of my life with the security clearance from Hell, absolute power over information systems, and especially the knowledge on how to circumvent controls right down to the silicon. People trust me, whether on their personal, corporate, or governmental systems. I don't ever abuse that trust. [Hell, I wish I could unsee some things. Not enough mind bleach in the world.]

      Seems there are damn few trustworthy individuals out there in trusted positions, given the data.

      1. John Smith 19 Gold badge
        Unhappy

        "Seems there are damn few trustworthy individuals out there in trusted positions, given the data."

        And I think you'd be right.

      2. Anonymous Coward
        Anonymous Coward

        I was being hypothetical in my assumption about people and what they would do. I wouldn't abuse my position either and I've had access to a lot of datasets that could have been used in ways that were unethical to say the least.

        I personally think my point is valid, yes we have rehabilitation but then you also have career criminals, should people have access to that information on those people? I honestly don't know because you don't know when someone actually wants to be rehabilitated or whether they will continue with those crimes.

        I like the response about others checking me, it's the same argument but in reverse showing the same point I made originally.

        I suppose it all boils down to one simple point, can people be trusted with position of power from information? and it seems the answer is no.

        1. Richard 12 Silver badge

          Some people can be trusted with that ability

          Many people would abuse it - occasionally, and with what they thought was good cause - if they believe that they can get away with it.

          The only way to avoid that is to have Consequences with a capital C.

          The organisation can only be trusted if those who transgress are rapidly, publicly and always prosecuted, and fired.

          By their own numbers, 2% of the police force break these rules every year. So it is clear that there are simply no consequences for transgression as either 2% of the force are repeat offenders or most of the force have done this at least once.

      3. CrazyOldCatMan Silver badge

        People trust me

        *DING* *DING* *DING*

        Part of having extraordinary access is being professional about using that access, for legal, moral and ethical reasons.

        Sadly, there are a lot of people that will fail one of the three and yet would be the first to scream if they discover that other people have done it to them.

  10. caffeine addict
    Facepalm

    Remember...

    ... any government IT system that ties all your records together will be safeguarded so that it can only be used for proper purposes.

  11. Will Godfrey Silver badge
    Unhappy

    To paraphrase

    Anyone who wants to be a police officer is psychologically unfit to be one.

  12. Herby

    Simple solution...

    Log all access PERMANENTLY. No way of deleting logs. Then insert logs into review process. Tell everyone that yes, we are watching your access, and at any time you may be called upon to justify the records you accessed.

    Should slow down things pretty quickly.

    Of course, it would be logical, so it will never be done.

    1. Adam 52 Silver badge

      Re: Simple solution...

      Err, that's exactly what does happen.

      1. Richard 12 Silver badge

        Re: Simple solution...

        Where are the consequences?

        There clearly aren't any, as they either don't think they'll get caught, or don't care if they are.

        1. Adam 52 Silver badge

          Re: Simple solution...

          No, absolutely no consequences at all, as the first page of a Google search shows. Why do make these groundless assertions without checking the facts, it's worse than a Trump press conference here.

          "Burns pleaded guilty to three offences of misusing police computers"

          "904 police officers and support staff across the country have been disciplined for abusing their access to confidential systems, 243 have received criminal convictions for their actions, and 98 have lost their jobs"

          "The Metropolitan Police has disclosed that 142 police officers and 66 staff have been disciplined for misusing..."

    2. Anonymous Coward
      Anonymous Coward

      Re: Simple solution...

      "Log all access PERMANENTLY."

      I've gone A/c for this one.

      you cannot access any Police system without an audit trail. From the moment the call takers answers the phone and starts filling the form that incident is fully audited, with notes of exactly what's going on, who's doing it and what they did.

      There is simply no way to access the systems "anonymously"

    3. spotburst

      Re: Simple solution...

      agree. This sounds like a job for BLOCKCHAIN !

    4. anothercynic Silver badge

      Re: Simple solution...

      All the logs in the world don't help you if you do not review them regularly...

      Just sayin' - It may happen, it may not...

    5. spotburst

      Re: Simple solution...

      tamper proof logs? BLOCKCHAIN!

  13. OliP

    "Those types of actions are only likely to lead them into serious trouble."

    Yeah - like a fine against the station, and the plod being put on some course or other but ultimately receiving no sanctions that matter

    Rinse and repeat.

  14. MSmith

    Maybe each case should be treated the same as if any citizen had hacked the system and accessed it. The officers involved should be charged, tried, and punished exactly the same way. Why shouldn't they? Didn't they just commit the same crime? Are police officers in the UK exempt from the laws?

    1. Anonymous Coward
      Anonymous Coward

      Good questions. Certainly are on our side of the Pond.

    2. Anonymous Coward
      Anonymous Coward

      It should not be tried and punished in the same way. Given the power officers are given beyond the general public the penalty for committing the same offence should be higher. The same way an assault of a police officer is graded higher than the same level of assault against a member of the public.

      1. tfewster
        Facepalm

        http://www.cps.gov.uk/legal/l_to_o/misconduct_in_public_office/

        Of course, MPs are not on the list of "public officers".

      2. Adam 52 Silver badge

        "an assault of a police officer is graded higher than the same level of assault against a member of the public"

        ...as in no difference at all?

        Sentencing guideline for a cat 1 assault on a Constable:

        "Low level community order – 26 weeks’ custody"

        And for a cat 1 common assault:

        "Low level community order – 26 weeks’ custody"

        The starting points are a bit different and the ranges for cat 2 and cat 3 are different (you can get an absolute discharge for common assault and not for assault Constable) but that's more about the difference in offence than the seriousness. In reality the CPS very rarely charge assault Police unless it is cat 1 - taking the view that being punched occasionally is part and parcel of the job.

  15. Winkypop Silver badge
    Joke

    Relax

    The PNC is just Facebook for coppers...

  16. Anonymous Coward
    Anonymous Coward

    I just looked up my info in the PNC . . .

    but I used a proxy to do it for me https://www.acro.police.uk/police_certificates.aspx

  17. Dan McIntyre

    This isn't really news.

  18. Dan McIntyre

    Many years ago I was in a role where I processed housing benefit claims. As part of this I had access to the DWP (DHSS as it was back then) systems and was subject to their rules on accessing information.

    The system was set up so that, at any point and at random, it would do a spot check. It would not allow further access to records until the operator had collected all paperwork and details relating to the claim in question and presented them to a senior manager as justification for accessing that record.

    If we couldn't do this (as in if we were just checking up on people we knew for example) then there were severe consequences.

  19. Anonymous Coward

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like