back to article Non-police orgs merrily accessed PNC without authority, says HMIC

Her Majesty's Inspectorate of Constabulary (HMIC), which inspects Britain's police forces, has reported on several cases of misuse of the Police National Computer (PNC) by non-police organisations. The PNC is a law enforcement database that holds personal information about people arrested by police or convicted of crimes – as …

  1. g e

    SO. That's interesting, then.

    Logins aren't set to expire on the contract end dates then?

    Quality stuff.

    1. Anonymous Coward
      Anonymous Coward

      Re: SO. That's interesting, then.

      Quality handshakes too.

    2. Adam 52 Silver badge

      Re: SO. That's interesting, then.

      Pay peanuts, get monkeys.

    3. Electric Panda

      Re: SO. That's interesting, then.

      Apparently not. That truly beggars belief.

  2. Warm Braw Silver badge

    Yes, but it's established practice

    Do whatever you like for years and get any necessary permission in retrospect if someone notices.

    1. Voland's right hand Silver badge

      Re: Yes, but it's established practice

      Do whatever you like for years and get any necessary permission in retrospect if someone notices.

      Not quite. Do whatever you like for years, then hire a PR consultant.

    2. ecofeco Silver badge

      Re: Yes, but it's established practice

      Why not both?

  3. graeme leggett

    Confusion

    "were all accessing the PNC in spite of contracts allowing them do so, known as Supply Agreements, having expired"

    By comparison, if your contract with BT for a phoneline runs out you can't make calls.

    In these cases it seems two bodies were at fault. The users without up to date agreements and accessed the PNC after the expiry, and the operators of the PNC for not cutting them off when the agreement expired.

    1. Loyal Commenter Silver badge

      Three body problem

      ..actually it sounds like there is s third body at fault; Her Majesty's Government doesn't seem to have made it clear who has ownership of (and therefore responsibility for) the PNC. Is it any wonder that it isn't being administered well when we get politically-led reorganisations like that of the ACPO without a clear plan that accounts for the assets?

      1. Peter 26

        Re: Three body problem

        This is the main issue! Somebody needs to be in charge and take the blame for failures.

        What will be the result of all these failures? Who will be fined? Who will be fired? Nobody...

        So they might as well just carry on with the current practice...

        1. Wommit

          Re: Three body problem

          @ Peter 26

          "and take the blame for failures."

          Oh, that was funny. It really was. Have an upvote.

          1. Sir Runcible Spoon Silver badge
            Black Helicopters

            Re: Three body problem

            How to find out who owns the PNC:

            Who has the right to turn it off*?

            *If you have the power to destroy a thing, you control a thing.

  4. tony2heads
    WTF?

    List

    Children and Family Court Advisory and Support Service (Cafcass);

    Environment Agency;

    Financial Conduct Authority;

    Gangmasters Licensing Authority;

    NATS (an air traffic control provider);

    Natural Resources Wales;

    Post Office;

    Scottish Society for the Prevention of Cruelty to Animals; and

    Thurrock Council.

    I can sort of understand Cafcass and maybe the SSPCA, but am puzzled by the others.

    1. Loyal Commenter Silver badge

      Re: List

      Environment agency - investigation of environmental crimes, such as pollution of rivers, etc. - I can understand

      FCA - investigation of financial institutions (these would obviously never be crooked in any way) - ditto

      The others; not so much

      In any event, there should be up-to-date agreements and access controls in place.

      1. TimR

        Re: List

        Gangmasters Licensing Authority - investigation of slavery/illegal employment, etc

      2. John Brown (no body) Silver badge
        Facepalm

        Re: List

        "FCA - investigation of financial institutions (these would obviously never be crooked in any way) - ditto"

        I think that one is the most worrying of the lot. The FCA business is analysing systems and procedures to make sure they are properly and legally adhered to. And yet they don't appear to have, or have not followed, their own procedure for making sure their PNC access is correct and up to date.

        Closest I can find to an "own goal" icon -------------->

    2. John Smith 19 Gold badge
      Joke

      Wot?

      No wheeel clamping companies?

      No Scouting Assocation?

      Seriously WTF is special about Thurrock Council.?

      1. CrazyOldCatMan Silver badge

        Re: Wot?

        > Seriously WTF is special about Thurrock Council.?

        Absolutely nothing. But I suspect that someone who works there either used to work for the police or is friends/spouse/blackmailer to someone who does..

        There is a big shooping centre (I refuse to call it a mall) in Thurrock.

      2. graeme leggett

        Re: Wot?

        perhaps other councils had up to date agreements so they didn't show up in this list

        Thurrock was unlucky because the person who deals with the agreement was on long term sick leave/left post and not replaced/forgot ...?

      3. Anonymous Coward
        Anonymous Coward

        Re: Wot?

        @"No wheeel clamping companies"

        To be on this list they have to have *abused* the process. i.e. failed to fill in the application form promptly so it can receive its rubber stamp.

        Do you think the "Scottish Society for the Prevention of Cruelty to Animals" had access (failing only to renew it), but somehow the "Donkeys have emotional needs too" charity doesn't?

        Nah, they just posted off the form quicker with the appropriate fee.

    3. Electric Panda

      Re: List

      I suppose the Gangmasters Licensing people might be looking for criminal records and doing their own DIY background checks rather than doing it properly. The others, I don't have a clue.

    4. CommanderGalaxian

      Re: List

      NATS (an air traffic control provider); = THE air traffic control provider in the UK.

      To work for NATS (at least in the past) required an MOD check and signing the Official Secrets Act. No idea what the current requirements are.

  5. J J Carter Silver badge
    Holmes

    Also...

    PLA Unit 61398 has unlimited, unaudited access.

    1. allthecoolshortnamesweretaken

      Re: Also...

      I can't help it, that always sounds like the title of a TV show to me.

      BTW, what about Bureau 121?

  6. Andy The Hat Silver badge

    Who is the data controller?

    Surely it is the Data Controller who should be taken to task for allowing access? This was not a breach of security but misuse of data by the data controller. Therefore the data controller will be subject to the relevant fines/prison sentence as defined in the law ... won't he/she/they?

    1. BoldMan

      Re: Who is the data controller?

      There are probably two chances of that happening, one is slim the other is fat.

    2. Commswonk Silver badge

      Re: Who is the data controller?

      "The" Data Controller? I suspect that there are so many Data Controllers involved in the various agencies that there are too many cracks through which malpractice could slip to count. With PNC predating the Data Protection Act it would not surprise me in the least to find that proper management of the data on it has never really caught up with the requirements of the legislation.

      It is not hard to imagine the DC for say "Force A" being red - hot on data protection, but what good is that is all and sundry can access it without his having any knowledge of that access? He (or she) may be accountable for how persons employed by Force A use the data, but he (she) cannot have any control whatsoever beyond the force "boundary".

      This topic could make for an extremely revealing FoI Act enquiry, subject to its being properly worded so that the Home Office cannot slide out from under it too easily. Is this something that El Reg Staffers could consider?

    3. John Brown (no body) Silver badge

      Re: Who is the data controller?

      "Surely it is the Data Controller who should be taken to task for allowing access?"

      Based on how the PNC is administered, there probably isn't a single data controller to accuse. On the other hand, the organisations accessing the PNC with expired credentials are illegally slurping data, possibly even in breach of The Computer Misuse act so their data controllers most certainly should be hauled over the coals. Preferably white hot glowing ones.

  7. JaitcH
    FAIL

    Yet another success story ...

    in the unending serial story of Mad MAY of Hurst, Berkshire aka as the Home Secretary.

    1. BoldMan

      Re: Yet another success story ...

      How is this May's fault when the PNC has been around for decades? She's just the latest "fall guy/gal" - i think blame should also go to all those previous home secretaries - especially under the Tony B Liar government who allowed this farce to get out of hand in the first place.

      1. John Brown (no body) Silver badge

        Re: Yet another success story ...

        "How is this May's fault"

        Because it is. It always is. She's in charge so she takes the blame. And she deserves it for Snoopers Charter 2.0. It's also her fault there is traffic congestion. And it's her fault that kittens get mistreated. It just "is". It's the natural and universal order of things and stuff.

  8. JimmyPage Silver badge
    FAIL

    Ah, the old "not our responsibility" canard ...

    right up until it's in their interests that it is.

    True story. MrsJP was issued an electric wheelchair yonks ago (I suspect they had budget to spend). It's spent most of it's life in the garage as (a) it wasn't suitable, and (b) it packed up within a few weeks.

    Fast forward a few years, and it's frankly in the way. Repeated calls to various arms (legs and feet) of the local NHS rehab outfit suggests that no-one has any clue as to the provenance or responsibility for said wheelchair.

    "I know", I said. "Ring someone up. Tell them we sold it on eBay, and ask where the proceeds should go."

    Had a callback within 10 minutes - they had *all* the paperwork, and were in full "prosecute to full extent of the law" mode.

  9. Teiwaz Silver badge
    Windows

    corruption

    I may have woken up grumpy this morning, but it's probably way past time the entire government structure was rebuilt from scratch.

    Fight corruption? You can't do that when the foundation of policing and justice is this shaky. The UK isn't a well designed car (or even poorly, merely by accident), driven or navigated by the elected body, it's a collection of bits some of which might be car pieces some horse and cart becasue they were overlooked when the modernisation happened, all trundling along merely, some veering all directions only marginally under control or not at all.

    1. TonyJ Silver badge

      Re: corruption

      "...Fight corruption? You can't do that when the foundation of policing and justice is this shaky. The UK isn't a well designed car (or even poorly, merely by accident), driven or navigated by the elected body, it's a collection of bits some of which might be car pieces some horse and cart becasue they were overlooked when the modernisation happened, all trundling along merely, some veering all directions only marginally under control or not at all..."

      The problem here though is that there has to be will to fight said corruption and that is sadly lacking. Politicians, bankers, CEO's and FCO's of large corporations are all too busy looking out for themselves, creaming off the top.

      If they can keep the masses' attention on things like immigration and terrorism, whilst simultaneously keeping as many of them as under-educated as possible, then it makes it so much easier to pull off the above.

    2. John Brown (no body) Silver badge
      Joke

      Re: corruption

      "Fight corruption?"

      Are you implying that the UK is "fantastically corrupt" on a par with Nigeria and Afghanistan?

      1. Insert sadsack pun here

        Re: corruption

        How dare you suggest we are bribe payers. That's disgusting and insulting to the UK.

        We in the UK, sir, are money launderers, and bloody good at it.

  10. M7S

    I'm not opposed to there being a PNC

    to help the police (and yes, there are many nice/sensible ones in the overall mix) do their job, but I am astonished to learn that it is in effect "owned" by what seems to be a private company/members club. ACPO (as was) had a little racket selling "police checks" required for some visa applications and the like, and also has some oversight on things like the issuance of powers granted under CSAS.

    This really should be the province of a national police authority of some kind and not the trade union for very senior officers which they progress to via Police Federation and then the Superintendents Association. If ACPO had a disagreement with the Home Office in the same way that the BMA have with the Department of Health (over new contracts for junior doctor) they could in theory pull the plug which would have a very detrimental effect on day to day operational policing.

  11. A Ghost
    Coat

    Scottish Society for the Prevention of Cruelty to Animals

    I think I know why they are on the list.

    You remember the Scottish Nazi dog? You don't? Really? You must!

    The one that the owner had 'allegedly' trained to make a Nazi salute?

    You think I'm making this up don't you. Ok. LMGTFY:

    https://www.google.co.uk/#q=A+Scottish+man+who+provoked+outrage+after+filming+his+girlfriend%27s+dog+responding+to+Nazi+slogans+has+been+arrested+by+Lanarkshire+police.

    WITH VIDEO!

    Perhaps it was pertinent to this particular prosecution? Possibly.

    I wonder if he was guilty after all. And did the dog get off? Legally, not sexually, of course, that would be a whole other level of investigation called for.

    M'lud, not only did he dress his dog as Adolf Hitler, teaching and training him (through several advanced techniques) to make the Nazi salute, but to also 'click his heels' - all four of them at once your Honour! Not to mention the wagging of the tail in synchronous motion! The depth of depravity countenanced here, just simply will not do in any decent Scottish society. But to make matters worse M'lud, much worse in fact, he also did this whilst masturbating.

    [Not clear if they are talking about the man or the dog here, doing the 'Nasty', whilst doing the 'Nazi'.]

    Because, because, because I don't know.

    Because the world has gone so bat shit crazy that anything just anything is possible these days. Masturbating Nazi salute dogs? Sounds like the new Quentin Tarrantino film.

    'Shooting' starts in Edinburgh in two weeks time.

    1. Boris the Cockroach Silver badge

      Re: Scottish Society for the Prevention of Cruelty to Animals

      Quote >> 'Shooting' starts in Edinburgh in two weeks time'

      Is that the revolution or the man with the nazi dog or the latest hollywood blockbuster by QT?

      Boris

      <<needs to know as he's planning a trip to the far north for next month

      1. A Ghost

        Re: Scottish Society for the Prevention of Cruelty to Animals

        Dear Boris,

        Thank you for your coded question. Still don't have a fucking clue what you are talking about, as usual.

        (Try more turps)

        We all know you like to get in on the 'act' early and score an unfair advantage.

        But this Nazi's not for turning!

        [STOP PRESS - STOP PRESS - As of this moment, Brad Pitt has denied any involvement at all at being cast as the Scottish Nazi Dog Salute Trainer. "It was one of those dream jobs that you only get once in a lifetime", he was heard to say. "But sadly, I had to turn it hound." Angelina was unavailable for comment.]

    2. CommanderGalaxian

      Re: Scottish Society for the Prevention of Cruelty to Animals

      Funny. But the content hoster was YouTube. So clearly YouTube need access to the PNC to establish the facts.

  12. John 98

    On the ownership issue, is this deliberate obfuscation? A wizard wheeze which guarantees it's impossible to pin down who is responsible for anything? Or am I just confusing conspiracy and cock up?

  13. Tromos

    1970s Fujitsu mainframe

    Maybe about time for an upgrade - possibly a Raspberry Pi?

    1. KA1AXY

      Re: 1970s Fujitsu mainframe

      The fact that it's still operating is an accomplishment of which the owner(s) should be proud.

    2. David Roberts Silver badge

      Re: 1970s Fujitsu mainframe

      Trying to find out if it was originally ICL (which you would expect of a UK governmental organisation in the '70s) or a "real" Fujitsu system.

      Wikipedia is staying schtum at the moment.

  14. ecofeco Silver badge

    Just more adoption of U.S. Capitalism!

    In the U.S., that information is for sale for very tidy sums.

    In fact, the local govs with ALL of your official data are the biggest offenders.

    I laugh and laugh and laugh every time I hear someone say the U.S. is a free country. Compared to some 3rd world? Yep. Compared to the rest of the world? Highest prison population of ANY country in the world and in-your-face fascism sorta put lie to that.

  15. Daggerchild Silver badge

    Turnabout is fair play

    Okay, so people deliberately delved into protected data they know they shouldn't, fine.

    We want the life data of those specific users made public so we can do the same. I think that's perfectly fair.

  16. Anonymous Coward
    Anonymous Coward

    ACPO dodge

    ACPO were the private company used by the police to hide from Freedom of Information requests. So now they have an agreement? And the agreement owns the police computer???

    So do the RSPCA have access to this? I notice they aren't listed as an abuse (so they fill in their forms?), but its clearly not proportionate for a private charity to have access to data! Do they also have access to the "Bulk Datasets" we learned the government has been slurping down?

    Why do dogs and cats have more rights than British people?

  17. x 7

    this rather explains why some types of information are kept away from police computer systems.......they don't trust the security of the network

  18. Anonymous Coward
    Anonymous Coward

    wtf is going on nowadays.

    In the 80s I had to design and code an interface to the PNC. The number of Home Office checks and balances was unbelievable. At the time naughty PCs were being sacked without pension etc for just looking up number plates without a valid reason, even if it was their own, so I built in extra audit checks and logging. As a result each of our local bobbies were able to do their own checks rather than wait and go through the "bureau"

    A couple of governments later and instead of improving the system they seem to have destroyed it!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019