Reports Shows UK Police Improperly Accessed Data On Citizens Thousands Of Times

from the trust-issues-to-remain-unresolved-for-the-time-being dept

A lot of the problem with access is the access itself. Give enough people a way to look up compromising information on nearly anyone and abuse is guaranteed. Human nature ensures this outcome.

Sure, abuse could be curbed with actual, substantial punishments for abusing this access, but as we’ve seen time and time again, the threat of firings and jail time doesn’t mean much if law enforcement officers are rarely, if ever, fired/jailed for abusing their access privileges.

The larger problem with access is the lack of strong deterrents. Access is essential to law enforcement work, but far too often, this access is used for anything but law enforcement reasons.

Big Brother Watch has released a report [PDF] detailing numerous abuses of law enforcement databases by UK police staff over the past several years.

Between 2011-2015, there were more than 800 individual UK police personnel who raided official databases to amuse themselves, out of idle curiosity, or for personal financial gain; and over 800 incidents in which information was inappropriately leaked outside of the police channels.

The incidents are reported in a new Big Brother Watch publication, which also reports that in most cases, no disciplinary action was taken against the responsible personnel, and only 3% resulted in criminal prosecution or conviction.

The report is an altogether depressing read. It shows that UK police staff can often be no better than the people they’re supposed to be protecting citizens from — like malevolent hackers, serial harassers, and mob bosses.

Safe in Police Hands? shows that between June 2011 and December 2015 there were at least 2,315 data breaches conducted by police staff. Over 800 members of staff accessed personal information without a policing purpose and information was inappropriately shared with third parties more than 800 times. Specific incidents show officers misusing their access to information for financial gain and passing sensitive information to members of organised crime groups.

A majority of these “breaches” resulted in nothing at all happening to violators.

1283 (55%) cases resulted in no disciplinary or formal disciplinary action being taken.

The breaches range from the stupid…

An officer found the name of a victim amusing and attempted to take a photo of his driving licence to send to his friend via snapchat. The officer resigned during disciplinary action.

… to the disturbing.

An officer has been suspended and is under investigation for abusing his position to form relationships with a number of females. It is suspected that he carried out police checks without a policing purpose.

Even as law enforcement agencies demand access to more data and work with national agencies to obtain additional personally-identifying information, like biometric data, they continue to handle this sensitive data with extreme carelessness.

Kent Police were fined £100,000 in March 2015 after leaving hundreds of evidence tapes and additional documents at the site of an old police station. The breach was only discovered after an officer visited the new owner of the premises and discovered them by accident. In a similar incident South Wales Police were fined £160,000 in May 2015 for losing a video recording which formed part of the evidence in a sexual abuse case. Due to a lack of training the loss went unreported for two years.

The long list of breaches listed in the report covers everything from improper access to abuse of CCTV footage to hacking into private Facebook accounts. In numerous cases, officers resigned while under investigation rather than face the consequences of their actions. This is why Big Brother Watch suggests UK police officials — and the government agencies that oversee them — need to start taking this far more seriously than they currently do. One recommendation is to prevent abusers from slipping away unscathed by leaving the force.

Where a serious breach is uncovered the individual should be given a criminal record.

At present people who carry out a serious data breach are not subject to a criminal record. They could resign or be dismissed by an organisation only to seek employment elsewhere and potentially commit a similar breach. In organisations which deal with highly sensitive data, knowing the background of an employee is critical.

The organization also suggests the government should put a few more teeth in its enforcement by attaching jail time to serious breaches — something current law only hints at, rather than requires. Big Brother Watch also recommends mandatory, immediate disclosure of breaches to the victims whose records were improperly accessed. It also recommends the Snooper’s Charter proposal to add citizens’ online activity to law enforcement databases be rejected, if only because agencies have shown they can’t secure the data they already have access to. Giving agencies with a track record of abuse access to even more potentially sensitive data — without instituting serious deterrents — is only asking for more trouble.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Reports Shows UK Police Improperly Accessed Data On Citizens Thousands Of Times”

Subscribe: RSS Leave a comment
17 Comments
That One Guy (profile) says:

Ah those double-standards

At present people who carry out a serious data breach are not subject to a criminal record. They could resign or be dismissed by an organisation only to seek employment elsewhere and potentially commit a similar breach.

Just imagine if that was allowed elsewhere, the kind of uproar that would result.

Being investigated for walking off with company property? Simply quit and the investigation is dropped.

Charged with installing hidden cameras in private residences while performing official duties? Resign and all charges just disappear.

Accused of destroying evidence related to your job during an investigation? Quit your job and get another one elsewhere, made all the easier because no punishments are handed out for the initial charge, no black mark is added to your record to notify potential employers what you’ve done.

Work at a bank and get caught using your credentials to launder money? Resign and the matter is completely dropped.

An average citizen would have no chance whatsoever of having an investigation dropped, or charges simply never brought simply because they voluntarily resigned, and given those in positions of power and/or authority should be held to higher standards, they most certainly shouldn’t be able to do so either.

If they want to quit, fine, but the investigation continues, the charges are still brought, no more dodging any accountability for their actions simply by leaving the job and getting hired elsewhere.

Anonymous Anonymous Coward (profile) says:

Re: Ah those double-standards

I can see it now, citizen accused, citizen resigns, citizen forgiven, private prison goes bankrupt. Hmm, I don’t think so.

More realistically, official accused, official resigns, official forgiven, citizen accuser charged, citizen accuser sentenced, private prison achieves full occupancy. Much more likely.

Call me Al says:

No deterrent

The problem with misbehaviour by government bodies is that the punishment (if any) is rarely any kind of deterrent.

I can imagine the police service getting it’s £100k fine and then asking the Home Office for a £100k budget increase due to unforeseen additional costs.

Similarly the individual staff get to resign and apply somewhere else to do the same job. The stigma doesn’t follow them.

David says:

Quite a feat

Given the UK laws, I find it surprising that the police managed to improperly access citizen data at all.

Specific incidents show officers misusing their access to information for financial gain and passing sensitive information to members of organised crime groups.

Ok, this does sound like the kind of stuff that would cause some bad press when made public. I’m just not sure whether they actually breached their legal authority doing that or just decorum.

It’s good that the EU has its hands forced to rip out this one of the five eyes and cast it away. That definitely improves its chances at forming some kind of privacy regulation consensus that’s not entirely beyond ridiculous.

John Mayor says:

NETIZEN ICT LAWSUITS

Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!…
Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!…
Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!…
Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!…
Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!…
Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!…
Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!…
Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!…
Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!…
Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!…
Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!…
Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!…
Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!…
Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!…
Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!…
Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!… Lawsuit!…
—–
Please!… no emails!

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...