PACE Codes consultation - DNA and Biometrics at Supermarkets ? What about cyber crime evidence ?
For what it is worth, there is Yet Another Home Office Public Consultation, which we know we really should feed back some comments on, but we are increasingly disheartened, disenchanted, and disengaged with such New Labour Government "going through the motions" initiatives.
"Modernising Police Powers Review of the Police and Criminal Evidence Act (PACE) 1984" (.pdf) . This consultation closes on the 31st May 2007.
Apparently the last major review of this cornerstone of the way in the Police, other investigators and the Courts deal with things like Arrests, Evidence , Identification etc. was in 2002.
The Forward by Tony McNulty MP, the Minister of State for Crime Reduction, Policing, Community Safety and Counter Terrorism is what you would expect from this NuLabour politician, who has been personally responsible for so many of the "not fit for purpose" areas of the Home Office. Will he soon be removed when Gordon Brown purges Cabinet and junior ministers in a few weeks time ?
The Forward by the senior Civil Servant Vic Hogg, appears to claim that this really is a wide ranging review of PACE, and not just more tinkering and added bureaucracy.
We are acutely aware that change is sometimes perceived to be the only constant factor.
There are some potentially useful ideas in this Consultation document, notably the stated aim of simplifying the over bureaucratic and legalistic PACE Codes, which ,it appears, not even the Police understand fully, let alone the general public.
There is also the idea of allowing, under some vague circumstances, with some, as yet undefined safeguards, the further questioning of suspects after they have been charged with an offence, if some new evidence or other lines of enquiries comes to light, whilst they are awaiting their first Court appearance. This seems to work ok in many other countries, and might reduce the need for say, detention without charge, in terrorism cases.
However, there is also the potentially dangerous idea of Short Term Holding Facilities, where supsects can be held for up to 4 hours, at premises which are not allegedly secure designated Police Stations, so that Biometric Identifiers and DNA Samples can be taken.
There is also a huge and complicated area of Criminal Evidence, which surely now deserves its own PACE Code, of which there is no mention of in this Consultation document, namely Computer and Internet Evidence, especially any safeguards against Collateral Damage to innocent third parties on shared computer or telecommunication infrastructure, caused by legal investigations.
DNA and Biometrics at Supermarket etc. Short Term Holding Facilities
It may just be the "kite flying" way in which the Consultation document has been written, but the clear implication is that these STHF, will also have access to the Police National Computer, IMPACT, the National DNA Database and the forthcoming National Identity Register etc.
3.30 The function of the STHF would be to confirm the identity of the suspect and process the person by reporting for summons/charging by post, a penalty notice or other disposal. Persons detained would be subject to detention up to a maximum period of 4 hours to enable fingerprinting, photographing and DNA sampling. The STHF would not be used in cases where the arresting officer considers that an investigation was required and authority to transfer a person from a STHF to a designated police station would require the authority of an Inspector. The aim would be to locate STHFs in busy areas to allow quick access and processing of suspects to enable the officer to resume operational duties as quickly as possible.[...]
3.33 The absence of the ability to take fingerprints etc in relation to all offences may be considered to undermine the value and purpose of having the ability to confirm or disprove identification and, importantly, to make checks on a searchable database aimed at detecting existing and future offending and protecting the public. There have been notable successes particularly through the use of the DNA database in bringing offenders to justice.3.34 Is there scope to populate identification databases and remove unnecessary operational constraints on the extent to which police are able to use fingerprints etc. to prevent, detect and investigate crime?
This weasel worded paragraph 3.34 implies that the whole National Identity Register will be slurped into Police database to pre-populate them with fingerprints, names and addresses etc., thereby circumventing any alleged safeguards on the National Identity Register itself, as these databases will not even come under the weak scrutiny of the National Identity Scheme Commissioner.
3.37 Importantly, there are issues around proportionality and whether there are sufficient safeguards to protect a person guilty of a so called minor offence from being considered as part of an investigation into a more serious offence as a result of the outcome of speculative searches. There will be concerns that providing a uniform set of powers is disproportionate and an excessive approach to dealing particularly with low level offending.
GeneWatch are rightly worried by this proposed expansion of the role of STHF and also the the implied increase in DNA database surveillance of people who have not been charged with a crime., and so are we. See GeneWatch UK submission to the Home Affairs Committee Inquiry "A surveillance society?"
See also David Mery's Forensic use of bioinformation and human rights and Should the Police keep your DNA forever? blog articles.
Anyone who has had to wait to be seen by the overworked Front Desk at a supposedly secure Police Station, especially at lunch time, will have noticed the tendency, so prevalent in British corporate offices and even in Banks and Building Societies, for people to circumvent the supposedly secure contactless smartcard or PIN code access electronic building security systems, either by "tail gating" along with their colleagues, or by shouting to a more junior member of staff at the front desk, to press the button to open the door for them. This destroys one of the main selling points of such systems,i.e.that the actual number of people in the building at any one time is known, for fire and bomb threat evacuation purposes.
This will be much, much worse, in Short Term Holding Facilities, where the main building is controlled by Supermarket or Shopping Mall, cannot,by definition be as secure as a Designated Police Station, especially as these STHF are likely to have no Police Officers guarding them 24 hours a day.
These seem to be obvious potential weak points for organised criminals or terrorists gain access to these supposedly secure back end intelligence database systems. Things will be even worse, if non-Police staff are allowed physical access to these STHFs for cost reasons.
No mention of Computer / Internet / Telecomms Evidence in the PACE Code B consultation section
PACE Code B, deals with Criminal Evidence, and is hugely complicated, and needs reform. However, there is no explicit mention, amongst all the "tagging and bagging" and "seizing of evidence" and [powers to "seize" whole buildings and all their contents as crime scenes, of the complexities of Computer and Internet and Telecommunications evidence.
The now defunct National Hi-Tech Crime Unit, used to publish a Best Practice Guide, which showed law enforcement and businesses how to properly secure Computer evidence, with a proper chain of evidence procedure suitable for the Courts, without disrupting innocent customers who happen to share a web server or email server or e-commerce system, only part of which may be under investigation. The successor to the NHTCU, the Serious Organised Crime Agency no longer bothers to publish such guidelines, for no good reason, and they no longer have direct contact by phone or by email with the public (incredibly,not even for intelligence tip offs).
Last Summer's Home Office consultation on the handling of Cryptographic Keys, (see our dedicated blog) the "Consultation on the Draft Code of Practice for the Investigation of Protected Electronic Information - Part III of the Regulation of Investigatory Powers Act 2000" suggested various practices and safeguards, which should be equally applicable to, say, a database with thousands or millions of customers' personal data details, or medical records etc., as to the cryptographic keys which may, or may not have been used to protect such details in transit over the internet.
There should be a specific PACE Code of Practice which deals with this increasingly common and complicated area of digital evidence, and potential economic damage to the economy of the United Kingdom (i.e. a National Security concern).
A mishandled Police or other legal investigation targeted at a few recoords or transactions, could easily do as much disruption and damage to the Critical National Infrastructure, (see the Centre for the Protection of National Infrastructure), so there should be appropriate safeguards, spelled out in detail, in a PACE Code.
However, there is no mention at all of Computer or Internet or Telecommunications evidence in in this consultation document.
Respond to the Consultation by 31st May
e-mail your response to pacereview@homeoffice.gsi.gov.uk.
Alan Brown
Home Office
Police Leadership and Powers Unit
4th Floor Peel
2 Marsham Street
London
SW1P 4DF
Responses should be submitted by 31st May 2007.
Comments
Another relevant blog post is http://gizmonaut.net/blog/uk/dna_more_more_more.html
I haven't sent comments to these consultations either relying instead on associations such as Genewatch, Liberty, Justice etc. to do so. It's a bit daunting as an individual to work on a researched reply and I wonder if they're really interested in the experience of one person, however representative it may be.
br -d
Posted by: David Mery | May 8, 2007 9:34 PM