Re: Fine balancing act
That's garbage, all access should be limited to strict identification and authentification so that all access is easily traceable and that goes double for access from non police organisations.
Who says it isn't? He got caught didn't he?
My point is that it's difficult to limit what police can access if the thing theya re accessing is a tool they need to do their job. It's obviously not practical to lock it down so much that they can only access a single case, because that would mean that when they need to access anything else, such as previous convictions for a suspect, or another case that they suspect may be related, they need someone to grant that access. In practice, that would likely mean rubber-stamping of each request, because there would be far too many to actually get reviewed by a human.
The obvious solution (which I'm sure is applied) is to log all access, and if someone suspects something dodgy is going on, look at those logs. Hence what happened in this case, which was almost certainly a case of that.
You could go all clever and write some sort of system to look for suspicious patterns and flag them up for human review, but who's to say that doesn't exist either?
Biting the hand that feeds IT
