from the trust-issues-to-remain-unresolved-for-the-time-being dept
A lot of the problem with access is the access itself. Give enough people a way to look up compromising information on nearly anyone and abuse is guaranteed. Human nature ensures this outcome.
Sure, abuse could be curbed with actual, substantial punishments for abusing this access, but as we've seen time and time again, the threat of firings and jail time doesn't mean much if law enforcement officers are rarely, if ever, fired/jailed for abusing their access privileges.
The larger problem with access is the lack of strong deterrents. Access is essential to law enforcement work, but far too often, this access is used for anything but law enforcement reasons.
Big Brother Watch has released a report [PDF] detailing numerous abuses of law enforcement databases by UK police staff over the past several years.
Between 2011-2015, there were more than 800 individual UK police personnel who raided official databases to amuse themselves, out of idle curiosity, or for personal financial gain; and over 800 incidents in which information was inappropriately leaked outside of the police channels.
The incidents are reported in a new Big Brother Watch publication, which also reports that in most cases, no disciplinary action was taken against the responsible personnel, and only 3% resulted in criminal prosecution or conviction.
The report is an altogether depressing read. It shows that UK police staff can often be no better than the people they're supposed to be protecting citizens from -- like malevolent hackers, serial harassers, and mob bosses.
Safe in Police Hands? shows that between June 2011 and December 2015 there were at least 2,315 data breaches conducted by police staff. Over 800 members of staff accessed personal information without a policing purpose and information was inappropriately shared with third parties more than 800 times. Specific incidents show officers misusing their access to information for financial gain and passing sensitive information to members of organised crime groups.
A majority of these "breaches" resulted in nothing at all happening to violators.
1283 (55%) cases resulted in no disciplinary or formal disciplinary action being taken.
The breaches range from the stupid…
An officer found the name of a victim amusing and attempted to take a photo of his driving licence to send to his friend via snapchat. The officer resigned during disciplinary action.
... to the disturbing.
An officer has been suspended and is under investigation for abusing his position to form relationships with a number of females. It is suspected that he carried out police checks without a policing purpose.
Even as law enforcement agencies demand access to more data and work with national agencies to obtain additional personally-identifying information, like biometric data, they continue to handle this sensitive data with extreme carelessness.
Kent Police were fined £100,000 in March 2015 after leaving hundreds of evidence tapes and additional documents at the site of an old police station. The breach was only discovered after an officer visited the new owner of the premises and discovered them by accident. In a similar incident South Wales Police were fined £160,000 in May 2015 for losing a video recording which formed part of the evidence in a sexual abuse case. Due to a lack of training the loss went unreported for two years.
The long list of breaches listed in the report covers everything from improper access to abuse of CCTV footage to hacking into private Facebook accounts. In numerous cases, officers resigned while under investigation rather than face the consequences of their actions. This is why Big Brother Watch suggests UK police officials -- and the government agencies that oversee them -- need to start taking this far more seriously than they currently do. One recommendation is to prevent abusers from slipping away unscathed by leaving the force.
Where a serious breach is uncovered the individual should be given a criminal record.
At present people who carry out a serious data breach are not subject to a criminal record. They could resign or be dismissed by an organisation only to seek employment elsewhere and potentially commit a similar breach. In organisations which deal with highly sensitive data, knowing the background of an employee is critical.
The organization also suggests the government should put a few more teeth in its enforcement by attaching jail time to serious breaches -- something current law only hints at, rather than requires. Big Brother Watch also recommends mandatory, immediate disclosure of breaches to the victims whose records were improperly accessed. It also recommends the Snooper's Charter proposal to add citizens' online activity to law enforcement databases be rejected, if only because agencies have shown they can't secure the data they already have access to. Giving agencies with a track record of abuse access to even more potentially sensitive data -- without instituting serious deterrents -- is only asking for more trouble.