A new report details how UK police inappropriately accessed personal information, often passing it on to non-police members. And even criminals. This is particularly troubling as the UK government is about to massively expand its surveillance capabilities. This will also greatly expand the number of individuals and government organisations that can access highly detailed and personal information.
The 138-page report is the result of months of requests made under the Freedom of Information Act by digital rights group Big Brother Watch. It shows that between June 2011 and December 2015, over 800 UK police staff abused their positions in order to access citizen’s personal records for private and often illegal purposes.
These ranged from comedic to outright criminal. Notable examples include:
- Passing on confidential information about a detainee to a relative.
- Using unauthorized police checks to form relationships with a number of females.
- Published a photo of a driving licence on Snapchat because the officer found the victim’s name amusing.
- Alerting someone that they were about to be arrested.
- Informing a member of public that sex offender lived on their road.
- Selling photographs of restricted information for personal gain.
- Passing on sensitive police information to a member of the public who was almost certainly involved in organized crime! This included intelligence reports, emails and public information letters relating to crime.
Of the 2,315 data breaches covered by the report:
- 55 per cent (1,283) resulted in no formal disciplinary action being taken.
- A further 11 per cent (258) of cases only warranted a verbal warning.
- 13 percent resulted in either a resignation or dismissal.
- In fact, only 3 per cent (70) of breaches resulted in “a criminal conviction or caution.
- I think it safe to assume that these findings, which can of course only report incidents where officers were actually caught, represent just the tip of a large and very worrying iceberg!
The report is particularly alarming in light of the upcoming Investigatory Powers Bill (IPB). This “Snooper’s Charter” massively expands police surveillance powers. As the report notes,
“With the potential introduction of Internet Connection Records (ICRs) as outlined in the Investigatory Powers Bill, the police will be able to access data which will offer the deepest insight possible into the personal lives of all UK citizens.”
Not just the police…
Equally worryingly, it permits members of a ridiculous number of government organizations to access the highly personal internet and phone records of ordinary citizens who are not suspected of committing any crime. This includes bodies such as the Department of Health, HM Revenue and Customs, the Postal services Commission, the NHS ambulance service Trust, the Scottish Ambulance Service Board, and many more. This is because the current Bill is based on the old RIPA legislation.
“It has been argued by the Home Secretary Theresa May MP, that ICRs [Internet Connection Records] are the modern day equivalent of a phone bill. A description which has been roundly derided; a phone bill details the process of a one to one communication, whereas ICRs by the very nature of the internet detail one to many communications. The websites we visit can reveal a wide range of information about use; including our health and finances, our sexuality, race, religion, age, location, family, friends and work connections.”
Of course, in addition to authorized personnel making unauthorized use of personal data, the broad accessibility of this data will inevitably make it a tempting and low-hanging target for criminal hackers. This concern is compounded by the fact that the telecoms companies who are charged with collecting and storing all this data in the first place, have a worrying track record of keeping such data secure!
The report concludes that the privacy-invading provisions of the IPB are disproportionate in relation to the security threats the Bill is intended to meet. It also concludes that these measures will be ineffective at addressing such threats anyway.
“The power to collect, store and for the police to subsequently seek a warrant to access our online activity would create another vulnerability to our personal data and personal lives. The failure of the Government to demonstrate the need for the power means that there are no tangible benefits to set against the negative impact the power would have on our privacy.”
This is perhaps unsurprising, given that it is the view shared by just about everyone except the UK government, police, and intelligence agencies…