Reports Shows UK Police Improperly Accessed Data On Citizens Thousands Of Times
from the trust-issues-to-remain-unresolved-for-the-time-being dept
A lot of the problem with access is the access itself. Give enough people a way to look up compromising information on nearly anyone and abuse is guaranteed. Human nature ensures this outcome.
Sure, abuse could be curbed with actual, substantial punishments for abusing this access, but as we've seen time and time again, the threat of firings and jail time doesn't mean much if law enforcement officers are rarely, if ever, fired/jailed for abusing their access privileges.
The larger problem with access is the lack of strong deterrents. Access is essential to law enforcement work, but far too often, this access is used for anything but law enforcement reasons.
Big Brother Watch has released a report [PDF] detailing numerous abuses of law enforcement databases by UK police staff over the past several years.
Between 2011-2015, there were more than 800 individual UK police personnel who raided official databases to amuse themselves, out of idle curiosity, or for personal financial gain; and over 800 incidents in which information was inappropriately leaked outside of the police channels.
The incidents are reported in a new Big Brother Watch publication, which also reports that in most cases, no disciplinary action was taken against the responsible personnel, and only 3% resulted in criminal prosecution or conviction.
The report is an altogether depressing read. It shows that UK police staff can often be no better than the people they're supposed to be protecting citizens from -- like malevolent hackers, serial harassers, and mob bosses.
Safe in Police Hands? shows that between June 2011 and December 2015 there were at least 2,315 data breaches conducted by police staff. Over 800 members of staff accessed personal information without a policing purpose and information was inappropriately shared with third parties more than 800 times. Specific incidents show officers misusing their access to information for financial gain and passing sensitive information to members of organised crime groups.
A majority of these "breaches" resulted in nothing at all happening to violators.
1283 (55%) cases resulted in no disciplinary or formal disciplinary action being taken.
The breaches range from the stupid…
An officer found the name of a victim amusing and attempted to take a photo of his driving licence to send to his friend via snapchat. The officer resigned during disciplinary action.
... to the disturbing.
An officer has been suspended and is under investigation for abusing his position to form relationships with a number of females. It is suspected that he carried out police checks without a policing purpose.
Even as law enforcement agencies demand access to more data and work with national agencies to obtain additional personally-identifying information, like biometric data, they continue to handle this sensitive data with extreme carelessness.
Kent Police were fined £100,000 in March 2015 after leaving hundreds of evidence tapes and additional documents at the site of an old police station. The breach was only discovered after an officer visited the new owner of the premises and discovered them by accident. In a similar incident South Wales Police were fined £160,000 in May 2015 for losing a video recording which formed part of the evidence in a sexual abuse case. Due to a lack of training the loss went unreported for two years.
The long list of breaches listed in the report covers everything from improper access to abuse of CCTV footage to hacking into private Facebook accounts. In numerous cases, officers resigned while under investigation rather than face the consequences of their actions. This is why Big Brother Watch suggests UK police officials -- and the government agencies that oversee them -- need to start taking this far more seriously than they currently do. One recommendation is to prevent abusers from slipping away unscathed by leaving the force.
Where a serious breach is uncovered the individual should be given a criminal record.
At present people who carry out a serious data breach are not subject to a criminal record. They could resign or be dismissed by an organisation only to seek employment elsewhere and potentially commit a similar breach. In organisations which deal with highly sensitive data, knowing the background of an employee is critical.
The organization also suggests the government should put a few more teeth in its enforcement by attaching jail time to serious breaches -- something current law only hints at, rather than requires. Big Brother Watch also recommends mandatory, immediate disclosure of breaches to the victims whose records were improperly accessed. It also recommends the Snooper's Charter proposal to add citizens' online activity to law enforcement databases be rejected, if only because agencies have shown they can't secure the data they already have access to. Giving agencies with a track record of abuse access to even more potentially sensitive data -- without instituting serious deterrents -- is only asking for more trouble.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Ah those double-standards
Just imagine if that was allowed elsewhere, the kind of uproar that would result.
Being investigated for walking off with company property? Simply quit and the investigation is dropped.
Charged with installing hidden cameras in private residences while performing official duties? Resign and all charges just disappear.
Accused of destroying evidence related to your job during an investigation? Quit your job and get another one elsewhere, made all the easier because no punishments are handed out for the initial charge, no black mark is added to your record to notify potential employers what you've done.
Work at a bank and get caught using your credentials to launder money? Resign and the matter is completely dropped.
An average citizen would have no chance whatsoever of having an investigation dropped, or charges simply never brought simply because they voluntarily resigned, and given those in positions of power and/or authority should be held to higher standards, they most certainly shouldn't be able to do so either.
If they want to quit, fine, but the investigation continues, the charges are still brought, no more dodging any accountability for their actions simply by leaving the job and getting hired elsewhere.
[ link to this | view in chronology ]
Re: Ah those double-standards
More realistically, official accused, official resigns, official forgiven, citizen accuser charged, citizen accuser sentenced, private prison achieves full occupancy. Much more likely.
[ link to this | view in chronology ]
Re: Ah those double-standards
[ link to this | view in chronology ]
Don't be so serious...
[ link to this | view in chronology ]
No deterrent
I can imagine the police service getting it's £100k fine and then asking the Home Office for a £100k budget increase due to unforeseen additional costs.
Similarly the individual staff get to resign and apply somewhere else to do the same job. The stigma doesn't follow them.
[ link to this | view in chronology ]
Quite a feat
Ok, this does sound like the kind of stuff that would cause some bad press when made public. I'm just not sure whether they actually breached their legal authority doing that or just decorum.
It's good that the EU has its hands forced to rip out this one of the five eyes and cast it away. That definitely improves its chances at forming some kind of privacy regulation consensus that's not entirely beyond ridiculous.
[ link to this | view in chronology ]
Re: Quite a feat
/sarcasm
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
NETIZEN ICT LAWSUITS
Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!... Lawsuit!...
-----
Please!... no emails!
[ link to this | view in chronology ]
Title error
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]