Tuesday, 16 October 2012

"Sexual predator" police officers use police databases to find victims

People often say, yes, so the police have gathered data on you even though you have no criminal record, but if you have done nothing wrong, what have you got to fear? Here's another reason to be fearful of police data-gathering on all of us.

The abuse of police powers to perpetrate sexual violence is the title of the report published on 20 September jointly by the Independent Police Complaints Commission (IPCC) and the Association of Chief Police Officers.

As the Guardian had commented earlier on sexual predators in the police force, "the problem is to a large extent hidden, as no official statistics are kept and few details are released about internal disciplinary action in such cases.(Guardian 29 June 2012.) All we get is the anonymised details of those who were caught - either convicted of criminal charges or booted out of the force, or at least disciplined. There are probably many more.

Some of the cases of sexual predation by police officers were the result of being able to pray on the vulnerable while they were in police custody, or police officers were pursuing and harassing women they'd encountered after getting their personal details following call-outs after they'd reported a crime, and so on.

But in many other cases, coppers had used the numerous police databases that are available to them to identify vulnerable people (usually women, but men in one case) who they could prey on. A recent FOIA request by the Guardian revealed millions of people with no criminal records are showing up on police databases (some because they were the victims of crime, had reported a crime, or - as in my case - had just been on a demo.)

In most cases there were no restrictions at all on any copper getting a peek at all this deeply personal data - something like 50,000 cops could just help themselves to the data with few if any obstacles.

The report in September arose from an earlier 2011 investigation which “included cases in which officers or staff had misused police computer systems in order to target individuals who might be vulnerable to abuse.”

In the new report, there are three "case studies" which are clear examples of police officers using police database to prey on the vulnerable - all shorn of any identifying features, of course, which is ironic given the obsessive way that police intelligence units collect the most intimate details on activists. No dates, nor even the gender of the officer are given, although their genders can be inferred by word like "his". The "case studies" make chilling reading.

Case study three - "an officer was dismissed from the police service for misusing police computer systems" after the IPCC and social services rumbled them. "The investigation found that the officer carried out 176 unauthorised checks on females over a three year period. Forty-eight of the checks were carried out after (my emphasis) the officer received a written warning for misuse of police computer systems relating to checks on himself, his vehicle, and his family."

Social services first got on this unnamed officer's case regarding "a possible offence of engaging females under the age of 16 in sexual activity. It found no evidence to support this. However, the existence of robust IT audit mechanisms identified additional unauthorised checks undertaken by the officer concerned... In common with some of the other cases in this report, the police officer involved misused police computer systems to identify women. It is conceivable that his behaviour would have escalated in the same way as the other cases discussed had it not been discovered."

In Case study five, two complaints from "members of the public" triggered an IPCC probe which led to a copper being "convicted of five offences of misconduct in public office and received a prison sentence." Other police investigated the officer and "identified a pattern of behaviour whereby the officer would use police computer systems to search for and target individuals who might be vulnerable to abuse, and then attempt to develop a sexual relationship with them. The investigation identified four women with whom the officer had had a sexual relationship. Three of these were considered to be in a vulnerable position."

One of these dated back 20 years. It was a relationship with "Ms B," then aged 17 and at the time "living in a hostel for vulnerable adults with drug or alcohol dependencies and mental health issues. On several occasions the officer gave Ms B money, which was seemingly used to buy alcohol. He requested sex, which was refused. A friend of Ms B complained to a local inspector about a police officer."

The officer in question already had "two previous disciplinary findings against him.

Both concerned inappropriate sexual behaviour. These were not considered when he applied for a role in the force’s public protection unit." Despite this history, the unnamed police officer was still allowed unrestricted access to police databases. As a result of the case, it was suggested to the police force in question (even the force isn't named!) that they should consider (not "should" or "must" but "should consider") "implementing a tiered access system to personal telephone numbers of
individuals held on intelligence systems so that there is no general access for all police staff. The fact that the officer’s behaviour continued for a number of years raises questions regarding the kind of supervision he was subject to," if any.

"Robust auditing of computer use could have identified the officer’s misuse at an earlier stage," concludes the report. When I talked to a salesperson for Memex, the company that produces most police databases (Crimint Plus, Patriarch, etc.), he told me they come with an easily accessible audit trail - it's a simple task for a police force to find out who's been accessing what data how often, when data was last amended or deleted, etc. Rocket science it ain't.

Finally, Case study six - an officer resigned from the police service and was later convicted of a number of computer related crimes" as a result of an investigation triggered "after a man made allegations of sexual assault against the officer." (So men who think they're unlikely to be targeted in this way can stop being complacent now.) "Insufficient evidence" meant the assault case went nowhere, but "auditing of the police force’s computer systems... found that the officer had improperly accessed police computer systems on hundreds of occasions over a significant period to check information about a number of individuals."

When interviewed "the officer admitted these searches were entirely for personal use; to find the home addresses of the persons searched, view photographs and, in some cases, contact the individual in order to pursue a sexual relationship. A number of these individuals were considered to be in a vulnerable position as a result of their individual personal circumstances."

"The police officer was able to make hundreds of improper searches of police computer systems over a significant period of time to target individuals for sexual purposes. What is different here is the officer targeted men. Though this type of crime disproportionately affects women and girls, some victims will be male or transgendered individuals."

Not only was there apparently no supervision of this officer and his many years' worth of "improper searches" on police databases, but "Every time the officer in the case conducted a search a warning about misuse appeared on his computer screen, which the officer felt able to ignore." He knew he was acting illegally, but also knew he'd probably get away with it. He was eventually convicted and booted out of the force.

There were some bullet points at the end of the report, on "learning", with "questions" aimed at police forces. For example, "Does your police force have the capability to monitor access to IT by individual officers, for example police national computer and other checks apparently targeting particular groups?" As the man from Memex told me at a policing exhibition in Manchester a couple of years ago (Dave Powell, who was apparently on loan to Memex from Surrey Police when I talked to him back in July 2010), the digital audit trail on most police database isn't hard to do.

I asked the Information Commissioner's Office if they had any comment to make on the revelations in the Abuse of police powers to perpetrate sexual violence report. An Information Commissioner's Office spokesman told me "Police officers and civilian staff can have access to substantial collections of often highly sensitive personal information. It is important that they do not abuse this access and only use the information for their policing duties. We expect police forces to make substantial proactive efforts to check that any access to their records is for legitimate police purposes and to take action where they discover wrongdoing. Public officials who abuse their positions can face serious consequences including criminal prosecution under the Data Protection Act."

No comments: