Reports Shows UK Police Improperly Accessed Data On Citizens Thousands Of Times

from the trust-issues-to-remain-unresolved-for-the-time-being dept

A lot of the problem with access is the access itself. Give enough people a way to look up compromising information on nearly anyone and abuse is guaranteed. Human nature ensures this outcome.

Sure, abuse could be curbed with actual, substantial punishments for abusing this access, but as we've seen time and time again, the threat of firings and jail time doesn't mean much if law enforcement officers are rarely, if ever, fired/jailed for abusing their access privileges.

The larger problem with access is the lack of strong deterrents. Access is essential to law enforcement work, but far too often, this access is used for anything but law enforcement reasons.

Big Brother Watch has released a report [PDF] detailing numerous abuses of law enforcement databases by UK police staff over the past several years.

Between 2011-2015, there were more than 800 individual UK police personnel who raided official databases to amuse themselves, out of idle curiosity, or for personal financial gain; and over 800 incidents in which information was inappropriately leaked outside of the police channels.

The incidents are reported in a new Big Brother Watch publication, which also reports that in most cases, no disciplinary action was taken against the responsible personnel, and only 3% resulted in criminal prosecution or conviction.

The report is an altogether depressing read. It shows that UK police staff can often be no better than the people they're supposed to be protecting citizens from -- like malevolent hackers, serial harassers, and mob bosses.

Safe in Police Hands? shows that between June 2011 and December 2015 there were at least 2,315 data breaches conducted by police staff. Over 800 members of staff accessed personal information without a policing purpose and information was inappropriately shared with third parties more than 800 times. Specific incidents show officers misusing their access to information for financial gain and passing sensitive information to members of organised crime groups.

A majority of these "breaches" resulted in nothing at all happening to violators.

1283 (55%) cases resulted in no disciplinary or formal disciplinary action being taken.

The breaches range from the stupid…

An officer found the name of a victim amusing and attempted to take a photo of his driving licence to send to his friend via snapchat. The officer resigned during disciplinary action.

... to the disturbing.

An officer has been suspended and is under investigation for abusing his position to form relationships with a number of females. It is suspected that he carried out police checks without a policing purpose.

Even as law enforcement agencies demand access to more data and work with national agencies to obtain additional personally-identifying information, like biometric data, they continue to handle this sensitive data with extreme carelessness.

Kent Police were fined £100,000 in March 2015 after leaving hundreds of evidence tapes and additional documents at the site of an old police station. The breach was only discovered after an officer visited the new owner of the premises and discovered them by accident. In a similar incident South Wales Police were fined £160,000 in May 2015 for losing a video recording which formed part of the evidence in a sexual abuse case. Due to a lack of training the loss went unreported for two years.

The long list of breaches listed in the report covers everything from improper access to abuse of CCTV footage to hacking into private Facebook accounts. In numerous cases, officers resigned while under investigation rather than face the consequences of their actions. This is why Big Brother Watch suggests UK police officials -- and the government agencies that oversee them -- need to start taking this far more seriously than they currently do. One recommendation is to prevent abusers from slipping away unscathed by leaving the force.

Where a serious breach is uncovered the individual should be given a criminal record.

At present people who carry out a serious data breach are not subject to a criminal record. They could resign or be dismissed by an organisation only to seek employment elsewhere and potentially commit a similar breach. In organisations which deal with highly sensitive data, knowing the background of an employee is critical.

The organization also suggests the government should put a few more teeth in its enforcement by attaching jail time to serious breaches -- something current law only hints at, rather than requires. Big Brother Watch also recommends mandatory, immediate disclosure of breaches to the victims whose records were improperly accessed. It also recommends the Snooper's Charter proposal to add citizens' online activity to law enforcement databases be rejected, if only because agencies have shown they can't secure the data they already have access to. Giving agencies with a track record of abuse access to even more potentially sensitive data -- without instituting serious deterrents -- is only asking for more trouble.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: databases, privacy, searches, uk


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 11 Jul 2016 @ 5:51am

    Ah those double-standards

    At present people who carry out a serious data breach are not subject to a criminal record. They could resign or be dismissed by an organisation only to seek employment elsewhere and potentially commit a similar breach.

    Just imagine if that was allowed elsewhere, the kind of uproar that would result.

    Being investigated for walking off with company property? Simply quit and the investigation is dropped.

    Charged with installing hidden cameras in private residences while performing official duties? Resign and all charges just disappear.

    Accused of destroying evidence related to your job during an investigation? Quit your job and get another one elsewhere, made all the easier because no punishments are handed out for the initial charge, no black mark is added to your record to notify potential employers what you've done.

    Work at a bank and get caught using your credentials to launder money? Resign and the matter is completely dropped.

    An average citizen would have no chance whatsoever of having an investigation dropped, or charges simply never brought simply because they voluntarily resigned, and given those in positions of power and/or authority should be held to higher standards, they most certainly shouldn't be able to do so either.

    If they want to quit, fine, but the investigation continues, the charges are still brought, no more dodging any accountability for their actions simply by leaving the job and getting hired elsewhere.

    link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 11 Jul 2016 @ 8:33am

      Re: Ah those double-standards

      I can see it now, citizen accused, citizen resigns, citizen forgiven, private prison goes bankrupt. Hmm, I don't think so.

      More realistically, official accused, official resigns, official forgiven, citizen accuser charged, citizen accuser sentenced, private prison achieves full occupancy. Much more likely.

      link to this | view in chronology ]

    • icon
      Padpaw (profile), 11 Jul 2016 @ 6:03pm

      Re: Ah those double-standards

      these are paid for thugs, the only incentive they have is the fact they will not be held accountable. Otherwise why else would they continue to work for so little pay if not for the constant opportunities to hurt people.

      link to this | view in chronology ]

  • identicon
    Jason, 11 Jul 2016 @ 7:38am

    Don't be so serious...

    Where a serious breach is uncovered the individual should be given a criminal record.
    This seems like a no-brainer. Of course, if implemented, it only means there will be no more "serious" breaches, at least when the government finishes classifying them.

    link to this | view in chronology ]

  • identicon
    Call me Al, 11 Jul 2016 @ 7:44am

    No deterrent

    The problem with misbehaviour by government bodies is that the punishment (if any) is rarely any kind of deterrent.

    I can imagine the police service getting it's £100k fine and then asking the Home Office for a £100k budget increase due to unforeseen additional costs.

    Similarly the individual staff get to resign and apply somewhere else to do the same job. The stigma doesn't follow them.

    link to this | view in chronology ]

  • identicon
    David, 11 Jul 2016 @ 8:09am

    Quite a feat

    Given the UK laws, I find it surprising that the police managed to improperly access citizen data at all.

    Specific incidents show officers misusing their access to information for financial gain and passing sensitive information to members of organised crime groups.

    Ok, this does sound like the kind of stuff that would cause some bad press when made public. I'm just not sure whether they actually breached their legal authority doing that or just decorum.

    It's good that the EU has its hands forced to rip out this one of the five eyes and cast it away. That definitely improves its chances at forming some kind of privacy regulation consensus that's not entirely beyond ridiculous.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 11 Jul 2016 @ 8:44am

      Re: Quite a feat

      Wow I'm surprised that this happens at all. In the USA the NSA says that it has only happened a handful of times. Interesting that the UK has a problem keeping officers out of the data.

      /sarcasm

      link to this | view in chronology ]

  • icon
    Jigsy (profile), 11 Jul 2016 @ 8:30am

    And with Theresa May now becoming PM, it's going to get worse...

    link to this | view in chronology ]

    • identicon
      David, 11 Jul 2016 @ 10:29am

      Re:

      At least May will be confined to screwing over UK citizens rather than all of the EU.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Jul 2016 @ 9:06am

    and no one in Congress or other position of power will do a damn thing about it because they aren't the ones 'being accessed'! if they were, it would immediately be a different story!

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 11 Jul 2016 @ 10:07am

      Re:

      Have you thought that it might be the skeletons in their cupboards that keep them so compliant to the demands of law enforcef=ment and the security services.

      link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 11 Jul 2016 @ 9:35am

    But hey if you download the newest Drake album you can go to jail for 10 years...

    link to this | view in chronology ]

  • identicon
    John Mayor, 11 Jul 2016 @ 9:56am

    NETIZEN ICT LAWSUITS

    Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
    Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
    Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
    Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
    Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
    Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
    Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
    Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
    Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
    Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
    Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
    Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
    Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
    Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
    Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
    Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
    -----
    Please!... no emails!

    link to this | view in chronology ]

  • identicon
    Capt ICE Enforcer, 11 Jul 2016 @ 11:38am

    Title error

    Sorry Tim. You forgot to mention the words per day in your title..

    link to this | view in chronology ]

  • identicon
    Whatever, 11 Jul 2016 @ 5:43pm

    Mmmmm. Citizen surveillance turns me on, baby.

    link to this | view in chronology ]

    • icon
      Padpaw (profile), 11 Jul 2016 @ 6:05pm

      Re:

      No you need to be more kiss ass about how its for our own good, and the citizenry doesn't know how bad they are and that the police are always right if you want to do a good whatever impersonation

      link to this | view in chronology ]

  • icon
    Padpaw (profile), 11 Jul 2016 @ 5:57pm

    Those rascally blueshirts, what crimes against humanity will they do next

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.