Security concerns have been raised following the roll-out of a new Police National Database (PND) to allow forces across the country to share locally-held information and intelligence.
The Home Office-funded project was developed by IT services firm Logica at a cost of £75.6m in response to Lord Birchard’s 2002 post-Soham inquiry which found that the inability of Forces to routinely share information electronically was a major obstacle in arresting killer Ian Huntley before he could murder schoolgirls Holly Wells and Jessica Chapman.
The system will be used by a total of 53 police bodies in England, Wales, Scotland and the British Transport Police, with up to 15 million people's details are estimated to appear on the database, which will be made available to 12,000 officers granted appropriate clearance.
Nick Gargan, head of the National Policing Improvement Agency, which is in charge of all central police databases and oversaw the NPD project, said at the launch this week: “The PND pulls together all that local knowledge and allows investigators to see the full intelligence picture. As a result, they can react far more quickly and effectively when it comes to protecting the public.”
Until now, such information had to be shared manually, but because processes could be “bureaucratic” and relied on the “right staff being able to access and share the relevant files”, it could take up to two weeks, he added.
The NPD will not hold all of the information stored on local police systems such as witness data and most of the details about victims, however, but will instead focus on crime-related information such as domestic violence, child abuse and criminal intelligence.
The NPIA said that use of the database would be strictly controlled, with only authorised and appropriately vetted users with a single digital identity allowed to access it using a smartcard. Access is authorised based on business role and extensive auditing systems have also been put in place to prevent misuse.
Not everyone is convinced it's secure enough, however. Alex Teh, commercial director at internet security software provider Vigil Software, for one, worries that although creating a more joined-up system was a positive move, setting up a large centralised database meant a single “point of vulnerability” now existed.
“With one central repository storing highly sensitive data, it will be absolutely imperative to ensure that the most stringent measures are in place from access authorisation to preventative monitoring and encryption to ensure that this is a watertight system,” he warns.
The reality with centralised databases was that they were “only as good as your weakest link," Teh said. “As all Police Forces across the UK will now be able to access the database to share intelligence, there needs to be a joined up process for data protection.
"It only takes one weak access connection at one police force for data to get into the wrong hands,” he added.