Coppers 'persistently' breach data protection laws with police tech Coppers in England and Wales are "persistently" committing data breaches, according to the Police Federation's head of misconduct. Technologies from the Police National Computer (PNC) systems through to the Automatic Number Plate Recognition (ANPR) databases are "increasingly being used by officers for non-work related reasons …
There are about 125,000 police officers in England and Wales, and that's not including non-officer employees. If there are 2500 allegations of misconduct per year, then - assuming they all involve separate officers - that's 2%.
Wherever you work, how many of your fellow employees do you trust not to abuse private information they have access to in the course of their jobs?
If the answer is no more than 98%, that suggests police are no more corrupt than the average.
veti Wherever you work, how many of your fellow employees do you trust not to abuse private information they have access to in the course of their jobs?
If the answer is no more than 98%, that suggests police are no more corrupt than the average.
Mmm. But my fellow employees aren't empowered by the full might of the State to arrest me, ruin my life, seize my possessions & hold them for effectively unlimited time, deprive me of liberty...
Police have exceptional powers under the law. In return for granting those powers, we hold them to exceptional standards of probity and discipline. Frankly I would be disappointed if the police were "no more corrupt than the average". We should demand nothing less than absolute honesty and integrity. What, you don't like that Officer? Well, no more powers for you...
"Wherever you work, how many of your fellow employees do you trust not to abuse private information they have access to in the course of their jobs?
If the answer is no more than 98%, that suggests police are no more corrupt than the average."
Garbage. This shows that 2% were misusing and got caught.
@veti But that assumes the only misconduct is those 2500 instances, whereas those 2500 could be the tip of the iceberg.
Without knowing
a) how likely dodgy use being caught is
b) how likely such use (a) is actually recorded as misconduct
Nobody knows the "validity" of that 2500 figure so any interpolation is essentially a guess
Surely, if they are dealing with 1,000 cases at a time of misuse by the police then either:
A. Police need a massive amount of education around what they can and can't use these systems for.
B. Access to the systems needs to be locked down to more senior individuals who can vett the reasoning behind the request and only move forward if it is legal.
C. Both of the above.
PNC is quite heavily locked down. Other systems less so. It's possible that's what the Fed said but I suspect sloppy reporting.
As for access approval, it's a touch impractical. "May I have a vehicle check for AB12 ABC driving erratically please?". "Certainly, return to the station, fill out these forms and wait for the duty superintendent to finish his meeting with the district council" isn't really going to work.
Although I know IT departments who still operate like that.
It's not generally Fed members (Constables, sergeants and inspectors) in a position to abuse the systems, it's the civilian staff and IT. Constables will usually go through a radio operator or it'll be related to an active job, with permissions locked to their jobs.
Control room staff on the other hand have to deal with anything that might come in on the phones, so need fast access to a wide range of data.
One more reason to worry about outsourced 999 or merging Fire, Ambo and Police call centres.
Sometimes I wonder why I bother to post factually correct information with informed, reasoned argument.
Worried about a few downvotes? Don't be. No matter how well informed and argued you are, there will be people who disagree without any supporting evidence (and people who disagree with supporting evidence).
In this case I think the gist of your post is (beyond your factual contribution) implying that full police officers are less likely to abuse the systems at their control than civilian colleagues. I think I've seen enough reported evidence of poor conduct in a whole range of situations by the police to reasonably believe that police officers aren't any more law abiding than any reasonable sample of the same socio-economic groups outside the police force, and I would similarly believe the same would apply to their civilian colleagues.
And no, I didn't downvote you.
"implying that full police officers are less likely to abuse the systems at their control than civilian colleagues"
Partly, but mostly that there's just less opportunity. A constable's permissions are limited to their team's jobs and area, so they can't check out family and friends. Control room, crime recording and evidence clerks have access to almost everything.
"Constables will usually go through a radio operator or it'll be related to an active job, with permissions locked to their jobs."
Officers have a user account to the system so they can log in and get at information while they're writing reports on incidents they have been involved with. At this point there is very little limitation as to what data they can access as the incident could involve anyone. As such, abuse will only be uncovered when access is audited, and that audit could be automated to look for cases where an officer accessed a record that isn't matched to an incident report. That is likely why the figures are accurate.
Call centre staff, on the other hand, will have their access logged and matched to calls, so they can't just go nosing around in the system: They'd have to show that they were responding to an enqury from PC 'X' at the time. That, however, is getting phased out with new tech where the officer can access the system directly while in the field (this is available in many police vehicles already). This then logs all access against the specific officer and they'd need to note why they're accessing that data so it can be matched back to an incident report.
And small fines for the local Commissioner.
And while we're at it, how about dismissing police who are so woefully incompetent that they can't keep track of a suspect and instead follow and then shoot dead a random passer-by.
Insead of promoting the either incompetent or malicious Dick all the way to the top.
You're massively out of touch. Police forces (excluding Manchester and the Met) don't cover much up at all, certainly not at the lower ranks.
I'll give you a recent example. There is a minor traffic incident on an icy road. Sometime later "A" drives his car at 85mph on the same icy road. He crashes and kills someone. The Police officer attending the first incident was sacked for not closing the road. Bear in mind that there are hundreds of miles of icy road and thousands of minor dings every winter there is no way every single icy road can be closed just in case retard boy-racer does something stupid, but we still blame the unlucky scapegoat.
One more thought. Somewhere right now there's an officer in London wondering if he's about to be charged with murder for shooting the bloke who killed one of his colleagues and four other people.
Day 1 of the firearms course includes the line "if you ever pull that trigger your life will be ruined".
"Somewhere right now there's an officer in London wondering if he's about to be charged with murder for shooting the bloke who killed one of his colleagues and four other people"
Pedantic, I know, but... the bloke killed three people: One police officer, two civilians (as of last news update I read). So, unless there's been another death post mid-day news, it's 'the bloke who killed one of his colleagues and two other people'.
However, I think the above is justified by the title of 'More accurately'
"Police forces (excluding Manchester and the Met) don't cover much up at all, certainly not at the lower ranks."
Who said anything about "Covering up"?
I'm just going on the actually discovered violations
http://www.telegraph.co.uk/news/uknews/crime/8713194/Hundreds-of-police-officers-caught-illegally-accessing-criminal-records-computer.html
Looks like 79% wrist slapping, so I'll stand by the "likely" outcome.
And it seems the senior officers suspect it's happening a lot more than is being caught or reported.
But maybe they just don't trust the police eh?
I wonder just how likely and how very significant those penalties are, when data breaches are committed persistently. Did some officer just get another very significant slap on the wrist?
I used to work for a company that monitored access to customer data records. If someone accessed data they were not supposed to query, an investigation was launched. If the access could be reasonably explained e.g. by typo, it was a slap on the wrist. If there wasn't such explanation it resulted in a written warning ("two warnings and you're out") or outright dismissal without notice - depending on the severity of the data breach. That is what I call significant penalties. But with such procedures there probably wouldn't be many police left...
In the words of "Truscott of the Yard" "We always arrest someone, it's bad form if we don't."*
*One of Richard Attenborough's finest performances, back to back with his portrayal of John Christie, who was also only caught after they'd hanged the wrong man first.
I look at it this way,
If you could PNC check your new neighbours would you to make sure they aren't dodgy?
If you could PNC check your son or daughters new partner who appears a bit shady would you?
I think the majority of people would say yes.
However that does not excuse the situation as it is wrong.
All searches should be recorded with a explanation entering in the system for the search then if it is found that they have abused their position it should be an instant dismissal.
Maybe we should have a system where anyone can ask for information in certain situations where you don't get full disclosure but are told if you need to be wary.
but are told if you need to be wary.
This would be a good way to ensure that no-one who has been convicted of a serious offence is considered to have paid off their debt to society. It is also a great way to increase the likelihood that the offender will commit further crimes.
If you can't see how that works, please do sit down and think it through.
>> but are told if you need to be wary.
>This would be a good way to ensure that no-one who has been convicted of a serious offence is
>considered to have paid off their debt to society. It is also a great way to increase the likelihood that
>the offender will commit further crimes.
>If you can't see how that works, please do sit down and think it through.
Or maybe the 'be wary' flag could expire when the conviction is spent?
"Or maybe the 'be wary' flag could expire when the conviction is spent?"
As it's damn near impossible for innocent people to get themselves removed from the police database, even if they're only on there for "helping with enquiries", how likely do you think a spent conviction will take to remove?
I am fully aware of how the rehabilitation of offenders works and why disclosure can cause those problems.
However there are such situations where the disclosure can help prevent crimes.
Lets say you have a person who is a serial domestic abuser, should a potential partner be able to made aware of this?
What if your new neighbour has been inside umpteen times for burglary?
I'm not talking about giving people access to criminal records I'm talking about maybe another way that could be used that would discourage the police from doing what they are doing but making it available to all. I'm also only talking about repeat offended who clearly don't want to be rehabilitated so the original argument about further crimes is reduced.
Would I? No. I've spent most of my life with the security clearance from Hell, absolute power over information systems, and especially the knowledge on how to circumvent controls right down to the silicon. People trust me, whether on their personal, corporate, or governmental systems. I don't ever abuse that trust. [Hell, I wish I could unsee some things. Not enough mind bleach in the world.]
Seems there are damn few trustworthy individuals out there in trusted positions, given the data.
I was being hypothetical in my assumption about people and what they would do. I wouldn't abuse my position either and I've had access to a lot of datasets that could have been used in ways that were unethical to say the least.
I personally think my point is valid, yes we have rehabilitation but then you also have career criminals, should people have access to that information on those people? I honestly don't know because you don't know when someone actually wants to be rehabilitated or whether they will continue with those crimes.
I like the response about others checking me, it's the same argument but in reverse showing the same point I made originally.
I suppose it all boils down to one simple point, can people be trusted with position of power from information? and it seems the answer is no.
Many people would abuse it - occasionally, and with what they thought was good cause - if they believe that they can get away with it.
The only way to avoid that is to have Consequences with a capital C.
The organisation can only be trusted if those who transgress are rapidly, publicly and always prosecuted, and fired.
By their own numbers, 2% of the police force break these rules every year. So it is clear that there are simply no consequences for transgression as either 2% of the force are repeat offenders or most of the force have done this at least once.
People trust me
*DING* *DING* *DING*
Part of having extraordinary access is being professional about using that access, for legal, moral and ethical reasons.
Sadly, there are a lot of people that will fail one of the three and yet would be the first to scream if they discover that other people have done it to them.
Log all access PERMANENTLY. No way of deleting logs. Then insert logs into review process. Tell everyone that yes, we are watching your access, and at any time you may be called upon to justify the records you accessed.
Should slow down things pretty quickly.
Of course, it would be logical, so it will never be done.
No, absolutely no consequences at all, as the first page of a Google search shows. Why do make these groundless assertions without checking the facts, it's worse than a Trump press conference here.
"Burns pleaded guilty to three offences of misusing police computers"
"904 police officers and support staff across the country have been disciplined for abusing their access to confidential systems, 243 have received criminal convictions for their actions, and 98 have lost their jobs"
"The Metropolitan Police has disclosed that 142 police officers and 66 staff have been disciplined for misusing..."
"Log all access PERMANENTLY."
I've gone A/c for this one.
you cannot access any Police system without an audit trail. From the moment the call takers answers the phone and starts filling the form that incident is fully audited, with notes of exactly what's going on, who's doing it and what they did.
There is simply no way to access the systems "anonymously"
Maybe each case should be treated the same as if any citizen had hacked the system and accessed it. The officers involved should be charged, tried, and punished exactly the same way. Why shouldn't they? Didn't they just commit the same crime? Are police officers in the UK exempt from the laws?
It should not be tried and punished in the same way. Given the power officers are given beyond the general public the penalty for committing the same offence should be higher. The same way an assault of a police officer is graded higher than the same level of assault against a member of the public.
"an assault of a police officer is graded higher than the same level of assault against a member of the public"
...as in no difference at all?
Sentencing guideline for a cat 1 assault on a Constable:
"Low level community order – 26 weeks’ custody"
And for a cat 1 common assault:
"Low level community order – 26 weeks’ custody"
The starting points are a bit different and the ranges for cat 2 and cat 3 are different (you can get an absolute discharge for common assault and not for assault Constable) but that's more about the difference in offence than the seriousness. In reality the CPS very rarely charge assault Police unless it is cat 1 - taking the view that being punched occasionally is part and parcel of the job.
Many years ago I was in a role where I processed housing benefit claims. As part of this I had access to the DWP (DHSS as it was back then) systems and was subject to their rules on accessing information.
The system was set up so that, at any point and at random, it would do a spot check. It would not allow further access to records until the operator had collected all paperwork and details relating to the claim in question and presented them to a senior manager as justification for accessing that record.
If we couldn't do this (as in if we were just checking up on people we knew for example) then there were severe consequences.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
