Police and intelligence agency workers often have access to vast amounts of people’s private data. Most of the time, that data is accessed in a legal manner using proper procedures. However, at times, rogue intelligence agents and police officers use their position of authority to access that data illegally. In Queensland, Australia, the problem is of epidemic proportions.
This week, the Queensland police force has once again been brought into the limelight due to the illicit behavior of a Brisbane police officer. The Australian Crime and Corruption Commission (CCC) – an agency founded in 2004 “to combat and reduce the incidence of major crime and corruption in the public sector” – has arrested a senior Brisbane police officer on hacking charges.
According to the investigative board, the unnamed law enforcement official accessed a police database ten times in 2016 for personal reasons. The police officer in question is said to be 43 years old, and according to the CCC, he illegally accessed Queensland Police Service’s QPRIME database to look at data unrelated to official police matters.
QPS Ethical Standards Command has been notified about the misuse of the database, and the officer in question is due to appear at the Southport Magistrates Court on 17 April. The charges are as follows:
- Three counts of Computer Hacking and Misuse pursuant to Section 408E (2) of the Queensland Criminal Code 1899.
- Seven counts of Computer Hacking and Misuse pursuant to Section 408E (1) of the Queensland Criminal Code 1899.
According to those parts of Section 408E, if found guilty the officer could face up to five years in jail:
“(1) A person who uses a restricted computer without the consent of the computer’s controller commits an offence. Maximum penalty—2 years imprisonment.
(2) If the person causes or intends to cause detriment or damage, or gains or intends to gain a benefit, the person commits a crime and is liable to imprisonment for 5 years.”
A Personal Touch?
The officer’s reasons for illegally accessing the database are currently unknown. However, if past cases of misuse are anything to go by, it is possible that the hacking may affect people who the police officer knew personally. Why? In the past, Queensland officers who accessed the database fell victim to temptation, using the database for personal gain.
Take last year’s case, for example, when a Queensland police officer was found guilty of hacking the details of 50 women that he met via a dating app. In another case, the QPRIME database was found to have been accessed illegally in excess of 1,400 times by police officers who looked at a former Bikini model’s criminal record. On that occasion, Renee Eaves decided to take legal action against up to 1,000 police officers and the state of Queensland itself.
The former Miss Bikini World contestant had previously won a harassment case for being pulled over in her car for unsubstantiated traffic violations. Unbelievably, the police constable in question pulled her over approximately 20 times between 2004 and 2006. Ms Eaves used the Freedom of Information Act to find out that her file had been accessed 1,435 times.
The story goes on and on. Last year, the CCC admitted that it had received 483 allegations of internal privacy and information breaches. That was 7% more than in 2015, which demonstrates that the problem is growing. Unlike the random harassment of the former Bikini model, most times the cases take on a rather personal touch.
On one occasion, a public servant was given an 18-month suspended sentence for accessing valuation and building inspection reports to help her make purchasing decisions. In another case, a police officer assessed the criminal records of a friend’s ex-partner in order to help out in a custody case.
In yet another case, a police officer was hit with a six-month suspended sentence for leaking car registrations and criminal records to a relative who was employed as a private investigator. In a final example, the Aussie netball star Laura Geitz was among a dozen people whose personal details were hacked by Broadbeach officer Stephen Patrick Wright.
On that occasion, the 40-year-old cop accessed the Queensland Police Service QPRIME database over 80 times. Considering that QPRIME holds the data of around a million Queensland residents, the escalating problem seems severe. In addition, despite the sentences specified in Criminal Code 1899/Section 408E, in most of those cases police agents were only handed a suspended sentence (which they will probably never serve). A suspended sentence, sadly, doesn’t appear to be a strong enough deterrent to quell the growing problem.
So, what does the CCC have to say? A spokesperson for it told me that they do have an ongoing strategic plan for dealing with illegally accessed police data. The CCC did also point out, however, that the “Police Commissioner has primary responsibility for discipline of police officers.” These are the directives that the CCC informed me about:
“Undertaking criminal investigations into police officers where the alleged offending would amount to a criminal offence.
Referring matters involving the improper access and release of confidential information to the Queensland Police Service Ethical Standards Command (ESC) for their action which may include the charging of police officers or disciplinary action. Often the CCC will also review how the ESC conducts their investigation to ensure it is carried out to an appropriate standard.
The CCC can conduct an audit of lower level police misconduct relating to improper access and release of confidential information to determine if the ESC are completing investigations appropriately.”
Around the World
Although Australians are suffering quite severely from this type of data misuse, in reality the problem is widespread, with similar cases occurring around the world. In the US, a Pembroke Pines police officer called Melodie Carpio was suspended in January for snooping. According to reports, she misused confidential databases about 500 times to snoop on fellow officers, her boyfriend’s ex-wife, and other people.
Her boyfriend’s ex-wife (and her new husband) appear to have been the subject of a morbid and jealous fascination for the Florida officer. She is said to have searched for each of them about 80 times on her work-issued laptop. The victimized couple complained to the Department of Law enforcement after suffering a hack of their social media accounts, and receiving letters and phone calls from loan agencies. They correctly suspected Carpio, who was soon proven to have been accessing data for nefarious ends.
Lack of Deterrents
Unbelievably, Carpio only had to serve a three-month suspension before being allowed back on the force. On her return, she was made to sign an agreement that specified that she would be terminated if she misused the system again, but one can’t help feeling that she got off way too lightly.
This isn’t the only time that important systems have been used in personal vendettas, either. In 2013 the LOVINT scandal involved an NSA officer who spied on his ex on his first day at work. That was only one of 12 reported cases of system misuse at the NSA in 2013, with one man found to have snooped on nine women.
In 2012, eight employees of Essex Police in the UK, including three police officers, resigned due to illegally accessing personal data on the UK’s police network. This turned out to be the tip of the iceberg, with around 200 officers eventually discovered to have illegally accessed the system.
Another UK scandal centered around a program called Optic Nerve. That case involved 1.8 million Yahoo accounts’ webcam photos being snooped on by GCHQ. Those images included huge amounts of explicit content, which spies had easy access to. Admittedly, this is slightly different to the police misuse cases. However, surveillance of any innocent person by the authorities should be severely frowned upon, and should never be considered acceptable (especially when it is of such a sensitive nature).
Innocent people shouldn’t be subjected to dehumanizing intrusions, but as Wikileaks’ Vault 7 release proved, it is happening a lot. Institutionalized snooping is one reason why large databases should be viewed with suspicion. In France, for example, late last year the government introduced a biometric database for every citizen over the age of 12. It holds data for 60 million citizens, and access to it is available across a broad range of French agencies.
As this article proves, the problem with databases is that humans often fall prey to temptation. The inner workings of the mind can be a tormented and confusing place, and it is this side of human nature that often leads to misuse. All databases are a weak point, but biometric databases – which harbor the potential for identity theft – are the most concerning of all.
Opinions are the writer’s own.
Title image credit: Tim Hood/Shutterstock.com
Image credit: Myvector/Shutterstock.com
Image credit: Rainer Fuhrmann/Shutterstock.com
Image credit: Billion Photos/Shutterstock.com
Image credit: Eva Cornejo Coba/Shutterstock.com