UK Police Flagging Uncharged Arrestees As Possible National Security Threats To Keep Their Biometric Data From Being Deleted

from the fun-times-ahead! dept

Rules are rules, except when they aren't. UK law enforcement's biometric database has strict rules governing the retention of data not linked to suspects facing charges. The system automatically deletes the data when a file is flagged as closed, which happens automatically when a person is released without bail. At this point, "problems" develop, as The Register's Alexander J. Martin explains.

Police employees have been hacking the Police National Computer to unlawfully retain suspects' biometric data, it has emerged.



The manipulation of the national IT system has come in response to public demands to restrict the length of pre-charge bail, the Biometrics Commissioner has suggested.



In his 122-page annual report (PDF), the commissioner noted that it had become “not uncommon” for the police to release suspects in ongoing investigations without officially placing them on bail, as the forces “clearly feel under pressure” to meet the Home Office's guidance to bring charges within 28 days of an initial arrest.

Over the past few months I have become aware of a number of cases where biometric material has been lost – or at risk of loss – as result of this problem and I have little doubt but that there have been numerous other cases in which, by this route, unnecessary (and probably unnoticed) deletions have been triggered unwittingly by forces.

In some cases, forces have allowed “the custody record automatically to update the PNC (Police National Computer) with an NFA (No Further Action) disposal but then immediately add a ‘Biometrics Commissioner’ or other ‘marker’ to the PNC record to ensure that the biometrics are retained.”



The “Biometrics Commissioner” marker, also known as a UZ marker, informs the PNC not to delete the data held as it may be being referred to the commissioner, for purposes such as getting a National Security Determination to extend the length of time that the data may be held.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Speedy trials are a good thing, but the UK's legal system apparently can't handle cases this quickly. So, files are being closed and data erased (as it should be) after suspects are released. The "problem" is that UK law enforcement officers want to retain this data because their investigations are still open.The automated system is doing all it can to ensure the database isn't loaded with non-hit data on released arrestees. The system is also working to ensure people aren't being held indefinitely without bail before being arraigned. The Biometric Commissioner feels this is somehow a bad thing.The solution would appear to be find something to charge suspects with or work with legislators and oversight to alter retention deadlines. But some officers feel justice is best served by bending the rules -- ensuring neither a speedy trial nor the timely deletion of biometric data. They're working around the system by using the greatest exception toany government has ever known.As Martin notes in a related post, there are 7,800 "suspects" of dubious provenance in the national anti-terrorism biometric database, some of which undoubtedly found their way there by law enforcement's deletion-circumvention trick. So, suspects of petty crimes deemed not important enough to charge or hold with bail are now being flagged and rerouted to a national security database. How long before that ends up going horribly wrong?Law enforcement officers -- like people everywhere -- are more inclined to believe data a computer hands them than statements by other human beings, because computers are "impartial." But computers obviously aren't "impartial," not if there's a law enforcement officer placing the finger on the scales for no other reason than artificially extending a data retention period.

Filed Under: biometrics, national security, uk