AGIS PROJECT JAI/2003/AGIS/002
Feasibility Study on the creation of a database on investigations and prosecutions
REPORT FOR THE UNITED KINGDOM
by Bill Tupman
Department of Politics, University of Exeter
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
Abstract
Policy as regards a European database to fight organised crime needs to
distinguish between criminal records databases and intelligence databases. The issues
involved are different. As will be argued later: prosecutors need a case tracking database;
employers need a convictions database for vetting purposes; judges need a convictions
database for sentencing purposes; but police officers need databases for convictions, for
intelligence and to store material on a particular complex investigation or series of
interlinked investigations. The issues involved in setting up and using each overlap but
are not identical.
Databases should not be seen as a route around problems arising from differences
between national jurisdictions. The legal problems need to be identified and overcome as
a prerequisite to setting up a database. Cyberspace is imaginary, not extra-jurisdictional
433
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
Questionnaire
1)
Does your country have a database for investigations? Is it central or
regional? Do these databases include exclusively criminal investigations or
do they also include administrative/other investigations? What is their legal
basis (statutory or other)? Please analyse and attach the introducing legal
texts as amended (in English or the original language of publication).
Background
The UK has a number of different databases, the legal basis of which is in need of
clarification. The Bichard Enquiry into the Soham murders has recently reported and
made a number of recommendations which will affect the whole system of data recording
within the criminal justice system.
The Police and Crown Prosecution Services are organised into 43 areas in
England and Wales. There are 8 areas in Scotland, where the prosecuting authority is
called the Crown Office and Procurator Fiscal Service, and there is a single area covering
Northern Ireland. Scotland has a separate legal system to England and Wales. Each of
these police and prosecution areas has at least one local database as well as access to
records on the Police National Computer [PNC2].
Although policing in the UK is traditionally locally organised, there has been a
National Crime Squad [NCS] since 1998, there is also a National Criminal Intelligence
Service [NCIS] and there is shortly to be a Serious Organised Crime Agency [SOCA] at
national level. [see Consultation document “One Step ahead” Cm6167
http://www.homeoffice.gov.uk/docs3/wp_organised_crime.pdf ]
There are a number of other police organisations within the United Kingdom, in
addition, Customs and Excise play an important role with regard to duty evasion, drug
smuggling and trafficking and the Immigration Service has a role to play in dealing with
trafficking in human beings. Some of these functions will be taken over by SOCA.
The whole system of national databases is undergoing a process of reform. A
National Identity Register is planned to support the introduction of ID cards, the Office of
National Statistics is working on a population register, it is proposed to make the electoral
434
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
register a national database, and the Department of Education is looking at plans to
produce a child identifier database. In addition there are plans for increased interactivity
between databases in the criminal justice system, particularly with regard to individual
criminal cases.
The Government has targets for the computerisation of recording systems in all
branches of the public sector and this will include Social Services, who will be
introducing an Electronic Social Care Record.
See:
http://www.dh.gov.uk/PolicyAndGuidance/InformationPolicy/InformationForSocialCare/
FrameworkDocument/FrameworkDocumentArticle/fs/en?CONTENT_ID=4073669&chk
=4CBoI2
Access to this without the consent of the client on child protection and mental health
grounds is already envisaged. Given the historical relationship between police and social
work, there may be conflict in this area in the future.
In addition all social care workers will be registered on a database. Social workers
will be the first to be registered, followed by care workers. There will also be special
procedures for workers with international qualifications. See: http://www.gscc.org.uk/
The use of databases has been reviewed by the Bichard Inquiry, following on the
Soham murder case…”to assess the effectiveness of the relevant intelligence-based
record keeping, the vetting practices in those forces since 1995 and information sharing
with other agencies , and to report to the Home Secretary on matters of local and national
relevance and make recommendations as appropriate.” The recommendations from this
Inquiry and the response to them of the Home Office are likely to produce new legislation
and a different legal basis for all these matters. The Bichard Inquiry’s report is now in the
public domain at: http://www.bichardinquiry.org.uk/report/ .
The most important
recommendation in the present context is for a national intelligence database for Police
purposes.
Existing databases used by the Police
Databases for particular investigations
435
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
What do we mean by a database for investigations? For a complex stand-alone
investigation, such as a murder or similar serious crime where a great deal of information
has to be collated and analysed quickly, the UK has HOLMES2 [Home Office Large
Major Enquiry System]. This allows a database to be created quickly from new data
gathered in the course of the investigation of a serious crime or a major incident. “It
identifies and plots lines of enquiry, keeps track of vital pieces of evidence and reduces
paperwork. All 53 police forces are signed up to it as well as National Crime Squad,
National Crime Faculty, Ministry of Defence [MoD] police, British Transport Police
{BTP] and Royal Military police [RMP]. Several forces can work together adding
information to a single Incident Room”. [PITO website] It can also be used for lowprofile crimes such as a series of burglaries where data management becomes complex.
There also exists SCAS [Serious Crime Analysis System], which is a specialised
database related to murder, rape or abduction. This is to enable the rapid comparison of
such crimes and the rapid identification of past cases exhibiting similar behaviour. This
enables offender profiling and allows the investigating constabulary to have access to
evidence previously gathered.
These two databases were the ones identified by representatives of the police
during interviews as what could genuinely be called “investigative databases”.
The general system of data recording
There is a summary of the PITO statement to the Bichard Inquiry below that
explains the PNC system nationally and the local systems. There are a number of
highlights not mentioned by PITO which are worth noting here:
“…the strength of PNC is that it is a national system and depends on all forces entering
quality, accurate and timely data to common minimum standards” I use this quote from
the July 2000 Thematic Report of Her Majesty’s Inspectorate of Constabulary “ On the
Record” to illustrate what will be the biggest problems of any European database.
There is also the C.A.T.C.H.E.M database at the National Criminal and
Operations Faculty. This is primarily a research facility.
436
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
There are also regional databases, such as the Drugs Misuse Databases.
There has been a national DNA database since 1995. This is managed on behalf of
the police service by the Forensic Science Service. It consist of a suspect database and a
crime scene database.
“The Police and Criminal Evidence Act 1984 (PACE), as amended by the Criminal
Justice and Public Order Act 1994, provides a power to take non-intimate DNA samples
from all persons suspected of, reported for, charged with, convicted of, or cautioned for, a
recordable offence. A "non-intimate DNA sample" essentially comprises a mouth swab
or rooted hair (other than pubic hair). A "recordable offence" is any offence for which a
person is liable, on conviction, to a term of imprisonment. The legal statutes mentioned
above also provide that police may take DNA samples from suspects without their
consent, using force where necessary, providing a Superintendent of Police has given
authority, in accordance with the provisions of PACE.”
ACPO memo to House of Lords Science and Technology Committee Inquiry on DNA
Databases
http://www.parliament.the-stationeryoffice.co.uk/pa/ld199900/ldselect/ldsctech/115/115we05.htm
In the course of an investigation the police may also additionally have or seek
access to a number of non-police databases:
In the public sector:
National Health Service
Inland Revenue
Passport Agency
Driver Vehicle Licensing Agency
In the private sector:
British Telecommunications PLC
The mobile phone companies such as Orange, Vodaphone etc.
437
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
Legislation
The major current pieces of relevant legislation are:
Rehabilitation of Offenders Act 1974
http://www.lawontheweb.co.uk/rehabact.htm
Amended 2002
http://www.legislation.hmso.gov.uk/si/si2002/20020441.htm
Review 2004
http://www.homeoffice.gov.uk/justice/sentencing/rehabilitation/act.html
Police and Criminal Evidence Act Revised Codes of Practice 1995
[original act 1984:
http://www.swarb.co.uk/acts/1984PoliceandCriminalEvidenceAct.html ]
Code a:
http://www.homeoffice.gov.uk/docs/pacecodea_textchanges.pdf
all codes:
http://tash.gn.apc.org/pace_act.pdf
Police Act 1997
http://www.hmso.gov.uk/acts/acts1997/1997050.htm
Youth Justice and Criminal Evidence Act 1999
http://www.hmso.gov.uk/acts/acts1999/19990023.htm
[section 60 of the above removes section 69 of PACE
“evidence from computer records inadmissible unless conditions relating to proper use
and operation of computer shown to be satisfied”
Data Protection Act 1998
http://www.hmso.gov.uk/acts/acts1998/19980029.htm
Human Rights Act 1998
http://www.hmso.gov.uk/acts/acts1998/19980042.htm
Computers Misuse Act 1990
http://www.hmso.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm
Freedom of Information Act 2000
http://www.hmso.gov.uk/acts/acts2000/20000036.htm
438
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
Regulation of Investigatory Powers Act 2000
http://www.hmso.gov.uk/acts/acts2000/20000023.htm
Criminal Justice and Police Act 2001
http://www.hmso.gov.uk/acts/acts2001/20010016.htm
para 134 inserts a new 120A into the 1997 act
Anti-Terrorism, Crime and Security Act. 2001
http://www.hmso.gov.uk/acts/acts2001/20010024.htm
Crime [International Cooperation] Act 2003
http://www.hmso.gov.uk/acts/acts2003/20030032.htm
Problem of legal basis
The Law Society’s submission to the Bichard Inquiry suggests that there is no
coherent legal framework governing the use of personal data in the public sector. They
argue that this has already been recognised by the government and that the
recommendations of the Cabinet Office Performance and Innovation Unit report “Privacy
and Data Sharing: the Way Forward for Public Services” provide an excellent starting
point. This report identified a lack of awareness of how the legal framework operated and
a problem with a lack of powers to share data between public bodies, even where consent
has been given. The report argued that it was possible to achieve the objective of making
better use of personal data in the delivery of public services while also enhancing privacy.
It did however argue that crime policy might be the area where privacy was least
possible.
The Department of Constitutional affairs produced a guide to the law on datasharing in November 2003
http://www.dca.gov.uk/foi/sharing/toolkit/lawguide.pdf
The guidance discusses the powers of public bodies to collect use, and disclose
personal information. It considers five areas of law are involved:
• the law that governs the actions of public bodies
(administrative law);
439
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
• the Human Rights Act 1998 and the European Convention on Human Rights;
• the common law tort of breach of confidence;
• the Data Protection Act 1998; and
• European Union law.
The advice in the document, in summary, is that it is a matter of administrative
law as to whether a public body has the power to carry out data sharing. It must then be
considered whether, even though it may have the power, its exercise may be unlawful due
to the operation of the Human Rights Act of 1998, the Data Protection Act or the
common law tort of breach of confidence. These provisions should be interpreted with
regard to the relevant principles of the ECHR and of European law.
But there are also Home Office circulars and notes of guidance which govern
police use of databases. There are ACPO [Association of Chief Police Officers]
Compliance Standards governing the placing of data on PNC2 and there will be in the
near future recommendations as to best practice from the Centre of Excellence at the
National Crime Faculty, Centrex, Bramshill.
A very clear statement, which is summarised in the following paragraphs, has
been provided to the Bichard Inquiry by the Police Information Technology Organisation
[PITO]. This body was established as a non-departmental public body [NDPB] in 1996
under the tripartite governance of ACPO, the Association of Police Authorities [APA]
and the Home Office. PITO is responsible for the provision of national Information
Technology and Communications systems to the police. “The policies and processes that
govern the operational use of these ICT services are established by ACPO and monitored
by the police and HMIC.”
In addition to national services provided by PITO, primarily the PNC, there are
local intelligence systems devised and operated by individual constabularies. These vary
greatly. PNC comprises several national police databases, including Stolen Vehicles,
Criminal Names index and wanted/Missing persons. It is a 24 hour a day, 7days a week
service available to organisations approved by the ACPO IM [Information Management]
Police Security Sub-Committee [PSSC], which controls access by the police and partner
agencies, including prosecution. It has existed since 1974 and has expanded over time.
440
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
The PITO report singles out as an example, the Phoenix application, which includes
criminal record information and did not go on-line until May 1995.
The information on the PNC is “owned” by police forces, and each Chief
Constable is a data controller under the terms of the Data Protection Act 1998 for the
management of this information.
Individual forces, under HO Circular 29/95, are responsible for creating PNC
records and for data input into PNC databases. Rules governing operation of all PNC
services are prescribed by the PNC User Manual, which is “owned” by the Police PNC
Policy and Prioritisation Group [P4G]. This reports to the PNC Management SubCommittee.
Weeding and deletion of records is administered by PITO and implemented
directly by PNC software in accordance with ACPO defined business rules, contained in
the ACPO memo “General Rules for Criminal Record Weeding on Police Systems”. Sine
1995 rules have been incorporated in the ACPO Code of Practice for Data Protection.
PITO is introducing 3 further systems over the coming years:
NSPIS Custody system [National Strategy for Police Information Systems]
NSPIS Case preparation system
Violent Offender and Sex Offender Register [ViSOR]
The Custody and Case Preparation Systems are being procured by most police forces
jointly and are referred to as a single system.
The Custody system is intended to assist with the administration of custody
centres and ensure compliance with the requirements of the Police and Criminal Evidence
Act [PACE]. It enables automatic reporting and updating of local arrest and summons
details directly onto PNC.
The Case Preparation system is designed to assist police to compile and present
prosecution case files and associated evidence for presentation to other Criminal Justice
Agencies [eg Crown Prosecution Service, Magistrates Court Service and the Crown
Court Service. The outcome of any trial will automatically be reported to PNC.
Not all police forces will go along with this system. Some have already developed
their own alternatives.
441
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
ViSOR will provide police and probation with a register of violent and/or
registered sex offenders An interim application was in place by September 2002 and by
January 2004, 38 of the 43 police forces in England and Wales were using it.
Local intelligence systems exist throughout the Cnstabularies and their CJ
partners. PNC data is “hard data” based on verifiable fact. Local systems contain much
more “soft data”, often based on speculation and hearsay. The National Intelligence
Model is now being used to provide a framework for assessing the reliability of
information sources. Intelligence is increasingly shared between forces and with national
organisations. Regional intelligence sharing is becoming more formally organised.
http://www.policereform.gov.uk/implementation/natintellmodel.html
Scottish System
The Scottish system was singled out for praise at the Bichard inquiry. They have
centralised their IT systems and their intelligence database comes on-line during 2004.
For non-UK readers, it may be worth pointing out that “United Kingdom” refers to the
uniting of the Kingdoms of Scotland and England in 1707. From 1603, when James VI of
Scotland became simultaneously James I of England, the same individual was King or
Queen of both countries but each had its own separate parliament and own legal tradition.
In 1707 the parliaments were merged, but Scottish legislation was a matter for a Grand
Committee of Scottish MPs within the UK Parliament. Scotland has recently regained its
own Parliament, though with fewer powers that the one that sis at Westminster.
There are 8 police forces in Scotland. The Lord Advocate and Procurator Fiscal
can give instructions to the Chief Constables on offences and prosecutions. Otherwise the
Chief Constable has sole responsibility for operations and effective and efficient use of
resources. The role of the Procurator is a major distinction between Scotland on the one
hand and England and Wales on the other. It also means that there is more in common
between the Scottish system and Continental European systems that between “England
and Wales” and other EU systems.
The major legal difference between Scotland and England and Wales is that
corroboration of evidence is required for the proof of guilt. An accused cannot be
convicted on the basis of a single unsupported piece of evidence. There are other
442
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
differences, but this is the most important in the present instance. There is a Separate
body of Scottish Law and a separate Scottish Parliament with law-making powers in a
variety of areas.
The Scottish Police Information Strategy began with a feasibility study in 1993:
http://www.spis.police.uk/index.html
After 1998 the process accelerated and a centralised system was put out to tender
in 2000. This included the Scottish Intelligence Database [SID]. This database will cover
all Scottish forces by Autumn 2004 and already covered three of the eight at the time of
the Bichard Inquiry. It is worth noting that the Cullen Inquiry into the shootings at
Dunblane played a role in accelerating progress in a similar way to that about to be
played in England and Wales by the Bichard Inquiry.
Cullen Inquiry Report:
http://www.archive.official-documents.co.uk/document/scottish/dunblane/dunblane.htm
ACPOS acted for 5 reasons:

Intelligence held on one of the 8 systems failed to comply with the legal
requirements of the Human Rights and Data protection Acts

Data was a mixture of 4x4 and 5x5x5 format and therefore non-ECHR compliant

Existing systems neither met need to protect sources nor where they networked
in-force, so intelligence picture fragmented

National system did not exist and intelligence exchanged via paper-based system

Development of National Intelligence Model demanded an integrated system to
deliver generic products
The Scottish Criminal History System [equivalent of NCIS in England and Wales
and linked to it, but the information within it is not identical, and there is a difference
between a “caution” in Scotland and a “Caution” in England and Wales] already had
“intelligence markers” on individual records, so that an inquirer may be informed that
intelligence is held on the individual by another force. It also has “intelligence flags” so
that the force holding information will know if a particular record has been accessed. It is
443
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
also possible to place a “target flag” on an individual on whom a live operation is
underway.
Full details are available in the ACPOS evidence to the Bichard Inquiry
http://www.bichardinquiry.org.uk/10663/full_evidence/0089/00890002.pdf
The full statement is worth reading as it covers much of the thinking that went
into setting up an integrated system.
A quotation from this evidence is particularly pertinent:
“In an increasingly litigious society police responses have to be seen to be necessary and
proportionate, particularly now that the UK has implemented ECHR in the form of the
Human Rights Act 1998.”
Legal Basis
The legal basis of ACPO and ACPOS manuals is unclear. Presumably Home
Office Notes of Guidance are based in legality on Delegated Legislation under Statutory
Instruments. The legal status of ACPO as a source of law appears to be anomalous, to say
the least. ACPO members were at one time Justice of the Peace and therefore had some
legal status but this has not been the case since the 1960s. Perhaps it should be so again,
given the increasing quasi-judicial role played by senior police officers. Bichard reports
that ACPO guidance aims to help Chief Officers achieve good practice but it is not
binding on individual Forces or authorities other than by agreement. “Forces are free to
introduce and implement their own policies, even where ACPO has agreed a national
policy.” Forces are, however, invited to produce justification for departing from national
policy.
Bichard Recommendations
Recommendations in the Bichard Report will affect many of the practices and
processes of database management in the UK. The ones that are selected here are of
general relevance. Others will be raised as appropriate in this report.
444
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
Bichard found there was no national information technology system in place for
police intelligence in England and Wales. There is, however, one in place in Scotland.
He thought the creation of one was a matter of urgency. There is debate between ACPO
and the Home Secretary as to who is responsible for the absence of such a database. At
present such intelligence systems as exist are held by the individual Forces and most are
not directly readable or interrogatable by other Forces.
Bichard’s second recommendation is that the PLX [Police Local Cross-reference]
system which flags that intelligence is held about an individual by a particular Police
Force should be introduced in England and Wales by 2005. It is already in place in
Scotland. An intelligence system was planned for England and Wales in 1994, then
dropped in 2000. PITO intends to “roll PLX out” over the next year as a stopgap.
http://www.computerweekly.com/Article131698.htm
Bichard’s seventh recommendation is that the transfer of responsibility from the
police to the Courts themselves for inputting Court results onto PNC should be reaffirmed
and if possible accelerated. The present deadline of 2006 at least must be met and
Bichard wished to see the transfer take place as early as possible.
He placed
responsibility for this on the Court Service and the Home Office.
Bichard also wants the quality and timeliness of PNC data input to be routinely
inspected by HM Inspectorate of Constabulary.
Implicit in the Report is that the process called “weeding” should be recognised as
two quite separate processes, one of which is retention, the other of which is deleting.
Bichard wants “clear guidelines in place as to what should be retained, what should be
deleted and what should be available as part of a vetting procedure for employers
particularly employers where work is to be done with children.”
2)
Is there a database for prosecutions in your country? Is it central or
regional? Do these databases include exclusively criminal prosecutions?
What is their legal basis (statutory or other)? Please analyse and attach the
introducing legal texts as amended (in English or the original language of
publication).
445
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
There is at present no database for prosecutions in England and Wales. There are
several projects under development including one to introduce a file-tracking system and
various other initiatives to improve the use of and compatability of information
technology systems.
The Case Preparation System mentioned above by PITO will be the one closest to
what I assume is meant here by a database for prosecutions. There is no database owned
by the Crown Prosecution Service, yet, but there is a project entitled “Compass” under
development, and one called “J-track”. As mentioned in the answer to question 1 above,
the Crown Prosecution Service is one of the agencies allowed access to PNC2 and it is
envisaged that this will be the case with the new databases and applications that are
coming on-line in the next few years.
The submission of the Crown Prosecution Service to the Bichard Inquiry states
that before 2003, there were at most electronic card index systems, accessible mainly
locally. A Casework Management System was introduced in 2003, principally designed
to monitor the progress of individual cases. It is “neither an intelligence system nor a
substitute Criminal Records Bureau”. Initial case files delivered by the police are mostly
retained on paper. Many areas operate joint police-CPS units with a single file system.
Retention tends to be by the police as they have the right to retain for longer periods due
to their different responsibilities.
Cases are divided into categories A,B,C,D,E and F. Category A consists of those
that are in the long term public interest are kept for 30 years then transferred to the
national archive at Kew. Of the other categories, D is treated differently. B,C, E and F are
kept until the end of the sentence. Category D is managed at local level as this sort of
case tends to be required at short notice.
All policies are at present under review partly because of the Soham case, partly
because of the incipient introduction of electronic filing and partly because of the
expectation of closer working with the police.
The CPS Records Management Manual is available both on the Bichard Inquiry
website and on the CPS Website.
http://www.bichardinquiry.org.uk/10663/full_evidence/0091/00910125.pdf
446
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
Scotland
The Crown Office and Procurator Fiscal Service is under more pressure than most
prosecutors because of the 110 day rule. Once a charges is made, the case has to be
brought to court within 110 days or dropped.
There is a working group composed of members of the Scottish executive Justice
Department and the main Criminal Justice partners working on improvement of the
statistical and management information information available on the criminal justice
system in Scotland. The current thinking is that a data warehouse approach will be the
most effective.
The Future Office System is being introduced by the Crown Office and Procurator
Fiscal to enable electronic filing, recording and case tracking. It sounds like a database
for prosecutions. There is an initiative for electronic courts COPFS/SCS and an ISCJIS[
Integration of Scottish Criminal Justice Information Systems] scheme for electronic
documentation production.
http://www.crownoffice.gov.uk/publications/Crown%20Office%20Strategy.pdf
www.crownoffice.gov.uk/publications/ DASPID1finalrevMar03.doc [this link does not
work for some reason and the Google.html search link has to be used:
http://66.102.11.104/search?q=cache:jTykM62MqbkJ:www.crownoffice.gov.uk/publicati
ons/DASPID1finalrevMar03.doc+Electronic+Courts+Scotland&hl=en
3)
Which national, EU or international authorities have access to the
databases? If such databases do not exist, who has access to information on
investigations and prosecutions?
There is no direct access for EU or international authorities to the databases.
Access takes place through NCIS and the Sirene Bureau. For international authorities
access would be routed through the Interpol Bureau which is in the same office as the
Sirene Bureau. Requests are made under articles 39, 40 and 46 of the Schengen
Convention.
Requests come through the Sirene Bureau which is effectively NCIS.
Article 39 requests will be able to come “live” through the Schengen Information System
[SIS] when that comes onstream in 2005.
447
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
Prosecutors and examining magistrates can make a request via the Home Office
under the Mutual Assistance in Criminal Matters Convention. In practice the information
can be obtained much more quickly if a Prosecutor asks a Police Officer to make an
Interpol request and this would then go directly to NCIS.
It is an English view that Prosecutors only need a case progression database.
They have no real need for access to an investigative database. This may not be shared in
other EU countries.
Since 9/11, a number of working relationships have developed, particularly with
regard to terrorism, which are difficult to document for reasons of operational security.
Increasingly PITO works with the Home Office branch, the CJIT [Criminal
Justice IT Organisation] which is bringing it into contact with other agencies: courts,
prison, probation CPS and it is also beginning to work with health, social services and the
emergency services [evidence to Bichard Inquiry by Mr. Webb 23rd March 2004 am].
Child protection issues have led to the requirement for all these agencies to examine how
best to exchange information. The Bichard Inquiry has addressed these and related issues
in its final Report.
Evidence from abroad
The Crime [International Cooperation] Act 2003 section 81 amends the Data
Protection Act 1998 and inserts a new section 54A giving the Commissioner powers to
inspect data in the Europol, Customs and Schengen Information Systems and to inspect
test and operate equipment used for the purpose of data processing…is this just from a
terminal in UK or is he seriously supposed to be able to do this at the place where the
server is based? And do we give reciprocal rights to similar officers in other member
States?
Articles 13-19 of the same act deal with requests for evidence from abroad…but
do not refer to databases or information from the same, yet the process of obtaining the
evidence will clearly involve the use by the territorial authority in the UK of database
interrogation in the first instance…
448
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
Section 14 gives the territorial authority power to obtain evidence where a request
is made, if the authority is satisfied:
“a) that an offence under the law of the country in question has been committed or
that there are reasonable grounds for suspecting that such an offence has been
committed, and
(b) that proceedings in respect of the offence have been instituted in that country
or that an investigation into the offence is being carried on there.”
This covers administrative proceedings as well as criminal proceedings.
But this does appear to be cover obtaining evidence, not simply information.
This raises a related issue, that of datasharing in the public sector. A debate has
been initiated by the recommendations of the Cabinet Office Performance and
Innovation Unit report “Privacy and Data Sharing: the Way Forward for Public
Services”. Available at:
http://www.number-10.gov.uk/su/privacy/pdf.htm
The
response
from
Liberty
is
available
from:
http://www.liberty-human-
rights.org.uk/resources/policy-papers/policy-papers-2002/pdf-documents/jul-2002privacy-data-sharing.pdf
And the Department for Constitutional Affairs has provided an update as of November
2003 at:
http://www.dca.gov.uk/majrep/datasharing/update.htm
The intention is to bring forward legislation on data sharing. The working group
has rejected the idea of a general power to share data with consent and is examining the
idea of legislation to create a general power to set up data sharing gateways via
secondary legislation.
The Home Office has produced a model protocol for data-sharing available at:
http://www.crimereduction.gov.uk/infosharing21-00.htm
449
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
and a Government data standards catalogue is available at:
http://www.govtalk.gov.uk/schemasstandards/eservices.asp
There is a standard for information security management: ISO 17799/BS7799
4)
At which procedural stage are data introduced to the database (for example,
at police/law enforcement investigation, launch of formal prosecution, or
trial)?
This depends on which database an entry is being made. The individual Police
Forces are responsible for entering data onto the PNC Phoenix database and each has
direct access to the system. Normally Phoenix includes an individual’s name, known
aliases, sex, age, height and distinguishing features.
At present the Police are still responsible for putting Court results onto the PNC.
The original intention was that arrests and summonses would be placed on the PNC at the
time they were made. Bichard found, however, that with the exception of prevention of
terrorism legislation the first record on the PNC is usually when a person is charged or
cautioned. The Court Service will take over responsibility for inputting Court results in
2006. Bichard would like to see that process accelerated.
For the new intelligence database that Bichard envisages, his prime concern was
with the recording of acquittals and cases not proceeded with, so this data would be
entered at the same point.
Data for proactive investigation would be another matter entirely and where this
happens at present the relevant information is not at present in the public domain.
5)
At which procedural stage are data erased for the databases?
Repeating information supplied in answer to question 1, the information on the
PNC is “owned” by individual police forces, and each Chief Constable is a data controller
under the terms of the Data Protection Act 1998 for the management of this information.
450
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
Individual forces, under HO Circular 29/95, are responsible for creating PNC
records and for data input into PNC databases. Rules governing operation of all PNC
services are prescribed by the PNC User Manual, which is “owned” by the Police PNC
Policy and Prioritisation Group [P4G]. This reports to the PNC Management SubCommittee.
Weeding and deletion of records is administered by PITO and implemented
directly by PNC software in accordance with ACPO defined business rules, contained in
the ACPO memo “General Rules for Criminal Record Weeding on Police Systems”. Sine
1995 rules have been incorporated in the ACPO Code of Practice for Data Protection.
Increasingly there is a debate about records, particularly as regards fingerprints
and DNA. With US demand for biometric data and proposals for a National Identity
Card, there are proposals that some forms of personal data will be kept permanently.
Paedophile databases are also permanent so that enquiries can be made where individuals
are applying for work with children and sexual offenders excluded from this area.
There has also been a disagreement between ACPO and the Information
Commissioner which is documented in the submissions to the Bichard Inquiry arising
from individual complaints about data kept by the police and passed on to employers.
This will be dealt with in greater detail in response to Q 22.
Bichard found the following and this point is central to his Inquiry, as it concerns
the failure to identify Huntley as having a record of accusations against him with regard
to underage sex.
[The following is paraphrased from the Report]:
there is a lack of clear national guidance about information management in the sense of
the way information is recorded, reviewed, retained or deleted. There is reference to
record creation in the ACPO Code of Practice on data protection of 2002 which replaced
the 1995 Code. This does little more than summarise the importance of information
being relevant, accurate and up-to-date and is more or less taken from the Data Protection
Act. There is a “pressing need for clearer guidance in this area” [Para 3.67].
The ACPO Code did provide eight pages of guidance for Forces in terms of
retaining data in compliance with principal 6 of the Data Protection Act of 1984. This
451
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
stressed that no absolute rules could be laid down about how long particular items of
personal data could or should be retained. A series of questions were given as a test:
What purpose does the data now serve?
Is the data still relevant to the registered purposes?
How useful is the information likely to be in future?
The original guidance also advised that it might be necessary to consult the officer
responsible for making the initial record and the 1995 guidance recommended that all the
above should be applied to manual records despite the fact that the legal requirement for
this came later. [ Para 3.70]
It also suggested an automatic review should be built into systems. This, Bichard
stressed, was a review not automatic deletion. [Para 3.71].
16th June 1995 a policy document was circulated by ACPO General Rules for
Criminal Record weeding on Police Computer Systems:

Conviction for a reportable offence, retention for twenty years. Exceptions where
the conviction was for an offence against a child, or young persons, in this case
the record was to be kept until the offender was seventy years old subject to a
minimum twenty year retention period.

In case of a rape conviction record to be retained for the life of the offender.

Records of cautions assuming there were no other convictions or further cautions,
retained for five years.

Records of disposal other than conviction, caution, acquittal, discontinuance and
not guilty bind over were to be retained for the same period as set out for
convictions, ie twenty years,
but acquittals and “discontinued cases without
caution” not normally to be retained beyond a forty-two day period from the
disposals notification date.
However this general rule is subject to exceptions when the record “should be considered
for retention”. These included:
452
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM

Acquittal for an offence of unlawful sexual intercourse by a male with a female
under sixteen. In such a case the record should be deleted when the male’s age
reached twenty-five subject to no other offences being recorded.

If there was an acquittal or discontinuance because of a lack of corroboration or
an allegation of consent in a case in which a sexual offence was alleged the record
could be retained for five years on the authorisation of an officer not below the
rank of Superintendent and the record would be reviewed at the end of that period.

The [ACPO] Crime Committee policy gave guidance to the officer making that
decision and laid down three criteria as necessary preconditions for retention: (a)
the case’s circumstances would give cause for concern if the subject was to apply
for employment in a post that involved substantial access to vulnerable persons;
(b) the facts of the case showed that the subject’s involvement was based on
information that was high quality and could be graded A1 when the 4x4 reliability
test was applied; (c) the decision to retain the information could be defended on
public interest grounds.
[4x4 test: a subjective alpha/numerical intelligence grading system used by most
police forces to determine the reliability of a piece of information (on a scale of A, B,
C and X) and the reliability of the source of the intelligence (on a scale of 1–4).
Therefore, ‘A1’ means the intelligence source is highly credible and the intelligence
is of a high standard. Glossary, Bichard Report
Now succeeded by 5x5x5 test incorporating the two factors above but including a
judgement about who can have access to that intelligence (on a scale of 1 to 5).]
In September 1999 new rules from the ACPO Crime Committee changed the
general period of retention from twenty years to ten years. There were exceptions where
the conviction was for an offence involving a child or a young person as victims. In such
a case the record was to be retained either until the subject died or until the subject
reached 100 years of age. Records of disposals were to be retained for ten years for most
offences. The 1999 weeding rules removed the reference to AS1 intelligence.
453
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
In October 2002 the ACPO Code of Practice on data protection was revised.
Again the foreword from the Information Commissioner stressed that any specified
retention period could only be a benchmark. The Information Commissioner would be
obliged to examine on its individual merits any case referred to her. The 2002 ACPO
Code did not make any changes of significance for the Bichard Enquiry. It dealt with
criminal intelligence records and recommended that all intelligence reports should be
regularly reviewed and considered for deletion subject to a maximum review period of 12
months.
Each of the 43 Forces produced its own set of local guidance and directions to
give effect to ACPO and others national guidance. Content varied widely. Humberside,
for example, followed a very different approach to that contained in the national
guidance.
HMIC admitted that it had not carried out inspections of data protection weeding
and that it would be doing so in future.
Stop Press:
On 22nd July 2004 in a landmark judgement the House of Lords decided that the
Police can keep DNA samples even where criminal investigations have been dropped.
The argument had been made that the South Yorkshire Police, in keeping DNA samples
after the two cases were dropped, were contravening either the individual’s right to a
private life under Article 8 of the European Convention on Human Rights or the right not
to be discriminated against under Article 14 of the same Convention. Lord Brown argued
that the cause of Human Rights would be better served by expanding Police databases
rather than deleting records. He said the only logical reason to objecting to samples
being kept by the Police was that it would make it easier for Authorities to arrest
someone if they ever offended in future. Lord Steyn said that Police should be able to
take advantage of modern technology which “enables the guilty to be detected and the
innocent to be rapidly eliminated from enquiries.” The decision affects both DNA and
fingerprint records. It is likely to be taken to the European Court of Human Rights.
454
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
6)
What is the purpose of the databases as described in their founding
instruments? What is their use in practice?
The databases exist for a number of purposes but the PNC was originally
established to improve record-keeping on criminals. PNC2 was established to improve
exchange of information between constabularies.
It is the use of these databases for employment vetting that has caused most
conflict in practice. Bichard has proposed that a separate agency is made responsible for
deciding what details to release to employers so that the police can be removed from the
conflicts involved.
7)
Is there collaboration with foreign authorities for the acquisition of data on
investigations and prosecutions (please refer to Europol/Eurojust)? Which
authorities have access to this data?
The UK cooperates with foreign authorities via the Sirene Bureau, the Europol
Bureau and the Interpol Bureau, all now in NCIS. Michael Kennedy represents us on
Eurojust and is also President of Eurojust.
There is also collaboration via Mutual Legal Assistance or through Liaison
Officers in the European Embassies or through, in the case of terrorism, the Terrorism
Liaison Officers who go via Special Branch in the UK and this is a completely separate
system.
For cases of fraud and for the Serious Fraud Office, on the whole contacts are via
the NCIS but lawyers from the Serious Fraud Office can write directly to their
counterparts in other jurisdictions. There is thus a legal route and an intelligence route
which is via NCIS. There is not necessarily an absolute demarcation between these two
routes, they represent tendencies towards a particular direction.
The UK has a problem with Europol in terms of second party disclosure.
Comment repeated from answer to question 3
455
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
There is no direct access for EU or international authorities to existing databases.
Access takes place through NCIS and the Sirene Bureau. For international authorities
access would be routed through the Interpol Bureau which is in the same office as the
Sirene Bureau. Requests are made under articles 39, 40 and 46 of the Schengen
Convention.
Requests come through the Sirene Bureau which is effectively NCIS.
Article 39 requests will be able to come live through the SIS when that comes onstream
in 2005.
Prosecutors and examining magistrates can make a request under the Mutual
Assistance in Criminal Matters Convention and this would go to the Home Office. In
practice the information can be obtained much more quickly if a Prosecutor asks a Police
Officer to make an Interpol request and this would then go directly to NCIS.
The feeling of the senior English Police Officers interviewed was that Prosecutors
only need a case progression database.
They have no real need for access to an
investigative database.
If the question is about possible routes forward, then a TETRA-style network
might be developed to link networks such that the simple question could be answered as
to whether an investigation was under way or a prosecution in process against a particular
named individual.
8)
What provision is made in your national laws for data sharing between
public bodies? What are the relevant restrictions?
PNC is a 24 hour a day, 7days a week service available to organisations approved
by the ACPO IM [Information Management] Police Security Sub-Committee [PSSC],
which controls access by the police and partner agencies, including prosecution.
General comment on data-sharing law repeated from answer to Q.1.
The Law Society’s submission to the Bichard Inquiry suggests that there is no
coherent legal framework governing the use of personal data in the public sector. They
argue that this has already been recognised by the government and that the
recommendations of the Cabinet Office Performance and Innovation Unit report “Privacy
456
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
and Data Sharing: the Way Forward for Public Services” provide an excellent starting
point. This report identified a lack of awareness of how the legal framework operated and
a problem with a lack of powers to share data between public bodies, even where consent
has been given. The report argued that it was possible to achieve the objective of making
better use of personal data in the delivery of public services while also enhancing privacy.
It did however argue that crime policy might be the area where privacy was least
possible.
The Department of Constitutional Affairs produced a guide to the law on data-sharing in
November 2003
http://www.dca.gov.uk/foi/sharing/toolkit/lawguide.pdf
The guidance discusses the powers of public bodies to collect use, and disclose
personal information. It considers five areas of law are involved:

the law that governs the actions of public bodies (administrative law);

the Human Rights Act 1998 and the European Convention on Human Rights;

the common law tort of breach of confidence;

the Data Protection Act 1998; and

European Union law.
The advice in the document, in summary, is that it is a matter of administrative
law as to whether a public body has the power to carry out data sharing. It must then be
considered whether, even though it may have the power, its exercise may be unlawful due
to the operation of the Human Rights Act of 1998, the Data Protection Act or the
common law tort of breach of confidence. These provisions should be interpreted with
regard to the relevant principles of the ECHR and of European law.
9)
Are there national general principles of law and privacy laws which prohibit
either the creation of national databases on investigations and prosecutions
or the use of such data? Please describe and attach these laws.
457
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
There are no UK laws prohibiting the creation of a database. Such databases
already exist in the UK. As noted in the answer to the previous question it is data-sharing
that raises legal problems.
10)
Is there an exemption to these laws, for example on the basis of the general
“public interest” to combat crime? Could such an exemption supersede
national privacy laws?
National Security
Is there really a public interest exemption or is this something drummed up by
newspaper editors to protect themselves against a privacy law? [answer yes it’s to do with
data retention. Discussed in Bichard]
11)
In view of measure 12 of the mutual recognition programme (OJ C 12,
15.1.2001, p. 10), would linking national databases be an effective weapon
against transnational crime or would an EU database on investigations and
prosecutions from all EU Member States be preferable? What added value
for your national authorities do you see in the setting up of a EU judicial
database as foreseen in Eurojust and, if there are any, what would be the
current legal difficulties to be upheld in your country for the connection to
such a data bank?
If there were to be an EU judicial database, what would it contain? There is a
feeling in the UK that a comparative law database is increasingly needed. If such a
database included judicial decisions this would be especially useful given the move of the
EU to framework decisions which produces 25 different national implementations which
in turn produces a need to know what the differences are between the different
implementations. A database that provided that information would be extremely useful.
Measure 12 asks how best the competent authorities in the European Union
should be informed of investigations or prosecutions outstanding in respect of a given
458
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
individual, covering, in particular, the categories of offence potentially concerned and the
stage of proceedings at which the information process should start. It should also consider
which of the following would be the best method: (a) to facilitate bilateral information
exchanges; (b) to network national criminal records offices; or (c) to establish a genuine
European central criminal records office.
The grammar of the measure is odd. Presumably, it means, how can the
competent authorities find out if a given individual has an investigation or prosecution
outstanding against them? Or does it imply that a passport or identity card check should
immediately and automatically throw up this information as a result of a barcode scan
that would link into a closed and secure network in some way.
Where an investigation of a serious crime is underway, surely the last thing that
an investigator would want is that a routine check of a person’s documentation led to
behaviour on the part of a uniformed police officer that informed the person being
investigated that such an investigation was under way? Investigating organised crime
involves surveillance and identifying an individual’s contacts without alerting them to the
fact that they are under investigation.
If the intention is to apprehend an absconder, then that is a totally different matter.
If, however, what is required a system that throws up information on investigations or
prosecutions underway in other Member States against an individual into whom an
investigation has been opened or whose name has come up in the course of an
investigation? If so, the existing Sirene Bureaux is the appropriate system upon which to
build, but with an improvement in accessibility for investigators at lower levels than the
national as long as it has provision to warn other investigators that access has been made,
so that on-going investigations are not compromised. There will need to be a body and a
procedure to deal with such conflicts as to which investigation and which country has
priority and this will almost certainly mean a role here for Eurojust and for Europol.
Presumably what we are looking at is something that would benefit a hands-on
investigator. And the question that needs to be answered is what we would need above
and beyond the SIS (Schengen Information System). The Europol database is a good one
but it is not supplied with sufficient data and it can only be accessed via national units.
The existing databases need a greater quantity of data supplied and they need the
459
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
possibility of wider access to improve the possibilities for a hands-on investigator.
Access is the fundamental problem, as opposed to the architecture of the databases. The
level at which access can be made needs to be determined. As mentioned above, there
also need to be dispute resolution procedures in place. The greater the access, the more
likely it is that investigations will conflict, and the greater the likelihood of security being
breached.
The problem for a hands-on investigator is not so much access to data on
prosecutions and convictions, but to data on intelligence. For this reason a European
version of the UK National Intelligence model is required together with a 5x5x5 test of
reliability. The legal problems of empowering direct access to such data on the part of an
investigator from another country are the ones that need to be addressed, rather than data
on convictions. Often what is required is to know what an individual is suspected of in
order to know what to look for in their relations with other individuals and organisations.
The creation of a UK intelligence database needs to parallel those similar databases that
already exist in other member States. The interviewees thought that the data protection
issues here would be fairly difficult to overcome.
The prevailing IT doctrine in the UK is, however, changing as the following quote
shows:
“I think today we are looking at a far more information centric architecture which
provides information as the entity which is common across the entire environment,
whereas in the days of NSPIS, it was a far more systems-based structure where people
had individual systems and they would talk to each other, whereas now we are looking at
far more commonality of information, perhaps in central databases or centralised
databases, where the information is shared.” Mr. Webb of PITO Bichard Inquiry March
23rd 2004
The EU needs to go through the intermediate step of a common data recording
strategy. When all Member States record the same data in the same format, it will become
possible to move to central databases.
460
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
Most so-called transnational crime actually consists of regional groups trading
with other regional groups. The Europol Joint Investigative Team with a case specific
approach seems adequate enough and databases for individual investigations are more
rational. Although there is now software available in the US, apparently, that can search
databases much more quickly than has previously been possible, the principle of Occam’s
razor remains an excellent one.
An EU database will only be efficient if there is an obligation to notify which is
then followed through. Irene, OLAF’s database has been plagued by a failure to notify of
offences of fraud. Multiply that by 50 other major offences and there will be lots of
gleaming machinery and very little data. Tupman and Tupman discussed the EU database
strategy in 1999. The same shortcomings are still apparent:
The following thoughts from the present author, written in 1999 have been
updated slightly to take account of changing names of organisations.
“The Database Strategy
In default of a European FBI, all attempts at cross-border police organisation since 1985
have centred on the creation of a networked computer database. A number of such crossborder databases and database-related communication systems have now been established
as necessary prerequisites for risk-assessment together with offender and offence
profiling. Their advantages are:

offender profiling is vital for identifying individuals and organisations who
commit relevant types of offence - fraud, smuggling, trade in people;

offence profiling ensures that investigators are up-to-date with the modus
operandi of the various offences being committed and with the organisational
structures required to commit them;

risk-assessment enables proper targeting of scarce resources, both for prevention
and successful investigation;

information technology enables rapid exchange of relevant intelligence between
investigative organisations across frontiers and removes bureaucratic obstacles
with regard to provision of evidence.
accountable to existing command structures.
461
At the same time officers remain
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
All cross-national database schemes have had problems achieving their original goals.
The major problems have been:

compatibility between EU Member States' software and hardware;

judicial acceptability of on-screen communication in place of paper;

data-protection and privacy;

analytical software for profiling;

consistency of reporting of offences by individual countries and organisations.
The Schengen Information System (SIS) has been transformed into a man-
machine interface by the SIRENE bureaux.
The former’s original anti-immigration
aspect has recently been transferred to the proposed database Eurodac.
The European Commission’s own investigative organisation, formerly UCLAF,
now OLAF, assists Member States to focus on high risk areas by providing information
resulting from an analysis of information on its databases: - pre-IRENE (IRégularities,
ENquêtes et Exploitation), for cases of fraud under investigation and IRENE, for cases
successfully investigated.
These were combined to create IRENE 95, another step
towards upgrading the system from an electronic filing cabinet to a full-scale independent
knowledge-based system that can identify and analyse risk factors. IRENE has had many
problems in gestation, but in late 1999 included over 20,000 cases.
The other major relevant databases are DAF (Database Anti-Fraud), SCENT
(System Customs ENforcement Network), and CIS (Customs Information System).
There are now 323 SCENT/CIS terminals installed at airports and administrative
headquarters. They may be used to record and to access data on both Community and
non-Community matters. With regard to CIS, European Union Member States have
adopted a convention on the use of information systems in the customs field. Agreement
has also been reached on the provisional application of this convention between some of
the Member States.
The convention itself has not yet been ratified, so the central
database cannot yet be created. Without further research, it is impossible to say whether
there is deliberate obstruction on the part of some Member States, or if some have a
462
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
technology problem.
On 26 July 1995, under article K3 of the Treaty of Maastricht, a Convention was
signed on the use of information technology for customs purposes. It provided a legal
basis for including in a database information to combat drug-trafficking. This database
has been set up. In addition, the system for registration of goods in transit across the EU
is being computerised, in cooperation with EFTA: ‘Although it is obvious that
computerisation will not totally wipe out fraud, it is safe to assume that the cost of this
project will soon be recouped’.
This view is belied by the development of every computer system. It is not safe to
assume costs will be recouped. It is safer to assume that the system will not do what the
client originally thought it would. What it does may be useful but will not be as per
specification. The databases so far established in the European Union have been good at
recording data, but poor at analysis, and have run into data-protection and judicial
supervision problems that have reduced them to electronic filing-systems of limited
utility as investigative tools. Nevertheless they continue to proliferate. The Europol
Convention is 75 per cent concerned with database matters. It is time for serious analysis
of investigator use of databases in order to establish how successful they have been in
achieving their original goals, to identify good practice and to establish real costs. Above
all, a project needs to be established to examine and overcome the legal and technological
problems of moving from a primitive man-machine interface to intelligent, analysiscapable software.
An intelligence- and database-oriented approach is unlikely to be successful if
information is slow to reach database managers because of bureaucratic delay and
complexity. To by-pass obstacles, UCLAF proposed the installation of ‘an experimental
freephone service to allow European citizens to provide information on fraud in
confidence directly to the Commission’. The freephone number received over 4,000 calls
in the first 12 months of its operation from November 1995. Around 200 of these led to
further investigations and subsequent formal enquiries involved amounts of over 30
million ECUs . It is tempting to wonder what the impact would be of a European version
of Crimewatch [It would be a big step forward from the Eurovision Song Contest!] [I’m
copyrighting this idea!]
463
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
Equally important, if databases are to provide a true picture, is the issue of
notification.
A targeted strategy demands reliable, up-to-date information.
A
Commission proposal to improve both the level of detail and frequency of submission of
Member States’ reports of fraud and irregularities was adopted during 1996.
The
intriguing question is how long it can be before banks and financial institutions are also
placed under legal obligation to report fraud to a central database run by a Financial
Intelligence Unit. The impact of a database-led strategy will be affected by the priorities
of individual countries. Investigative priority will be determined by the perceived scale of
the problem and this is normally measured on a purely financial basis. Article 209a of
the Treaty of Maastricht establishes ‘the assimilation principle’, whereby Member States
shall take the same measures to counter fraud affecting the Community as they take to
counter fraud affecting themselves. In the UK this may be counter-productive - officers
from the Serious Fraud Office have told the author privately that they do not investigate
frauds below £5million.
This is because of the immense costs of prosecution.
Presumably, local fraud squads, Ministry of Agriculture, Food and Fisheries inspectors
and Inland Revenue officials operate to different guidelines. Recognising this problem,
the Convention on the Protection of the European Communities Financial Interests of 26
July 1995 instructs Member States to define serious fraud as involving a minimum
amount that cannot be set at less than 50,000 ECUs. Legislators may define an offence as
serious by using financial criteria, but investigative priority cannot be guaranteed where
there is already a heavy domestic case-load that is being prioritised on the basis of higher
monetary value.
As long as the policing of cross-border crime is hamstrung by governments’
reluctance to set up a permanent cross-border police organisation, idiotically complex
sets of regulations will continue to be passed. The Treaty empowered Europol to set up
joint investigative teams for individual operations. Customs organisations can already do
this, so there is a precedent and this may produce a more effective halfway house.
The Customs network, finance ministry-driven and concentrating on drug
smuggling and revenue invasion, has been the most successful integrator of information
technology and joint investigation teams. I commented in 1999 that Europol had too
many potential responsibilities and suffers from in-fighting between the Ministries of the
464
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
Interior and Justice, which was then preventing the K4 Commission [ now the Title VI
Commission] from developing into a successful driver of policy. The Schengen system
has made progress but had to move away from its original, information technologydriven, vision.
Europol and OLAF need to be coordinated. OLAF fortunate in its freedom from
the multi-national decision-making process and single-crime oriented, is the only
supranational body capable of driving cross-border investigative policy and practice
forward. The organised crime groups it investigates are involved in many other types of
crime outside its competence. It will of necessity exceed any brief it is given. While this
should be welcomed if it increases the effectiveness of the battle against organised crime,
it will inevitably be portrayed as part of the battle for sovereignty between the
Commission and certain Member States.” (Tupman and Tupman Policing in Europe pp
91-94)
12)
Could the EU establish a database for investigations and prosecutions that
includes relevant data on EU citizens, supervised by a judicial/quasi judicial
authority be acceptable to your national legal orders? What problems, if any,
would you foresee and how could they be resolved?
There would probably be less legal problems for the UK than for many other
member states of the European Union. The UK databases would have to comply with
data protection law, the European Convention on Human Rights, and Court decisions
with regard to privacy.
The problems will primarily be political. Daily Telegraph will go berserk,
followed by the Mail, the Times and probably the Express! UK would opt out. Databases
for paedophiles and sex offenders are easily saleable, but cigarette and alcohol duty
evaders are seen as legitimate. The Sun newspaper has even run a campaign supporting
them.
There is a frightening lack of recognition in all the European Commission
documents on this question of the existence of a European democratic deficit and of a
need for any aspect of policing to concern itself with legitimacy. The European
465
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
Parliament may appear to be obstructionist to the technocrats that are proposing these
solutions, but there is a danger of widening the gap between the public and central
institutions unless this issue is borne in mind. Databases are a useful tool, but if the public
isn’t coming forward and reporting crime, there will not be any data. Equally, there will
not be any witnesses giving evidence when the court proceedings begin. So there will be
no convictions.
13)
Could the EU database supply data to be accepted and used as indirect
information or evidence before your national courts, or would your national
laws limit its use to the support of investigations and prosecutions via the
provision of soft intelligence?
It is unlikely that data from an EU database would be accepted as evidence. The
UK Courts would want to go back to the source of the information and be able to cross
examine the witness who provided it. As regards the provision of limiting it to the
provision of soft intelligence, the answer is almost certainly ‘yes’.
The UK government in the Organised Crime White Paper March 2004 strongly
supports the creation of an EU intelligence model on the lines of the existing UK
National Intelligence Model and supports the second generation of the Schengen
Information System.
See answer to Q 11
Police forces and politicians in the UK would be interested in the creation of a
European criminal intelligence model. This would need to be created by the European
Police Chiefs Task Force. It would then be necessary to create appropriate hardware and
software to provide the analytical capability. All this would have to be in a framework
that would define intelligence in such a way that it would not terrify East Europeans who
remember the meaning of intelligence as used by their former communist rulers.
466
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
14)
Which crimes could be included in the EU database for investigations and
prosecutions? Could it extend past the limited crimes included in the
Europol/Eurojust mandate?
You need to start by deciding what the requirements are for a successful
investigation of organised crime, then build your database so that it can supply useful
information. Unless it is intended that the database will consist of a list of individuals
convicted for their involvement in organised crime and the cases in which they were
prosecuted plus your soft intelligence on them. Start with the individuals not the crime.
But to do that you need to have legislation in place legalising proactive investigation and
a procedure for legalising and legitimising data entry.
In terms of United Kingdom law any crime could be included on a database. The
decision would be a business or economic decision rather than a legal decision.
22nd July 2004 House of Lords decision that the Police can keep DNA samples even
though criminal investigations have been dropped. The argument had been made that the
South Yorkshire Police in keeping DNA samples after the two cases were dropped were
contravening either the individual’s right to a private life under Article 8 of the European
Convention on Human Rights or the right not to be discriminated against under Article 14
of the same Convention. Lord Brown argued that the cause of Human Rights would be
better served by expanding Police databases rather than deleting records. He said the
only logical reason to objecting to samples being kept by the Police was that it would
make it easier for Authorities to arrest someone if they ever offended in future. Lord
Steyn said that Police should be able to take advantage of modern technology which
“enables the guilty to be detected and the innocent to be rapidly eliminated from
enquiries.” The decision affects both DNA and fingerprint records. It is likely to be
taken to the European Court of Human Rights.
The UK Prime Minister, Tony Blair has now returned to support for the original
wording for European Public Prosecutor’s Office, which includes “serious crimes
affecting more than one member state” as well as fraud against the community budget.
Is this a practicality type of question? If so, surely best to start with a limited numbers of
offences. But if it is for the investigation of organised crime, isn’t that the wrong way
467
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
round. One way I’ve heard organised crime defined is “ we know who the bad guys are,
we just don’t know what they are up to”. If a database is to be of any use in investigating
organised crime it needs to be capable of supporting a proactive investigation, and has to
get away from “reactive” thinking.
Or are we talking about an OLAF-style approach, involving a database that can
somehow be used to risk-profile new policies for opportunities for organised
crime…OLAF reports claim to be able to do this for fraud against the Community
Budget.
15)
What safeguards could ensure that the transfer of data from your national
authorities to the database does not clash your national law?
The Data Protection Act and the European Convention on Human Rights are the
two major pieces of legislation that govern UK use of data on databases. In certain
circumstances, particularly if it threatened the security of an on-going investigation into
serious crime, the request to see what data was held could be refused. This is outlined in
the Data Protection Act.
Citizens would have to have a right to ask to see what data was held on them,
there would have to be a date by which data was removed, except in the case of
paedophiles and terrorist suspects, possibly other categories. The UK Information
Commissioner already has the right to inspect data input to the Schengen Information
System and similar European databases.
16)
Which national authority within your jurisdiction could undertake the task
of transferring the relevant data to the EU database?
Have to be NCIS or its successor, unless PITO can be given some form of
external jurisdiction as for PNC. An NCIS – PITO partnership would be the most likely
body to take responsibility for data transfer. The position of Scotland in the UK means
that there is already experience of running such a system. ACPOS says Scotland updates
PNC every four hours. Presumably a similar system could be established from PNC to a
468
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
European database, but we surely wouldn’t be talking about transferring EVERYTHING
would we? There would have to be some decision as to what sort of cases would be
involved and how they would be defined as involving organised crime. See answer to
question 14.
17)
Which national/EU persons may have access to the EU database: judicial,
prosecution, police?
For the UK it is and would be NCIS. The Scottish Procurator Fiscal may have a
claim but does not at present have access to PNC except via a Police Officer. The Fiscals
have a liaison officer to carry out functions normally only carried out by a serving Police
Officer.
Elsewhere in Europe it may be judges or procurators. You’re going to end up
reinventing Sirene bureaux, I suspect.
18)
Which EU agency could be a suitable host for the EU database? Could
Eurojust (pursuant to Article 14 of the Eurojust Decision) establish a
database for investigations and prosecutions that includes relevant data on
EU citizens, supervised by a judicial/quasi judicial authority be acceptable to
your national legal orders? What problems, if any, would you foresee and
how could they be resolved?
The Directorate General of Justice and Home Affairs within the Commission
would have to create and build a new database. It would make sense to put it in
Strasbourg alongside SIS2. There are two major systems, the visa information system at
Salzburg and SIS2 in Strasbourg. In Strasbourg is the backup for Salzburg and in
Salzburg is the backup for Strasbourg, if you follow me, the online site for each of these
databases is in a different place to the backup site.
It would be a good idea to have a system that could capture criminal convictions
based in either Strasbourg or Salzburg. There is in place a new system S (for secure)
TETRA [TErrestrial Trunked RAdio] http://www.tetramou.com/ . This is a network that
469
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
will enable the exchange of information and may be able to search SIS2 and any criminal
convictions database.
The English response is that we need integration, harmonisation and consolidation
of existing IT systems, NOT yet another one. STETRA is the most sensible and rational
next step forward.
Overall it makes sense to:
1)
Define business needs, ie the needs of the Police investigators.
2)
Look at Human Rights and data protection problems that would be raised by these
needs.
3)
Adopt those solutions that could be obtained by adding extra functionality to SIS.
This would cover most of the present problems.
In other words we should take a Police wish list which should go to the politicians
in order that they can decide what is acceptable and produce, then, the appropriate
legislation.
In the UK it is not necessary to worry about the purpose for which data was
entered. Once it is entered it is available as intelligence or general information. In a
number of European countries you can only look at data in a context similar to that in
which it was first entered.
Tampere recommendation 44 set up a Police Chiefs operational Task Force which
links to Europol. It has a responsibility to exchange best practice and contribute to the
planning of operations. Such an institution is another possible host for a database if it
became permanent.
Eurojust or Europol? UK could understand Europol hosting such a database.
England and Wales don’t have a tradition of prosecutors supervising investigation. We
will have all sorts of problems adjusting, but we have linked PNC2 to SIS and established
a process of data protection and inspection.
The European Public Prosecutor would also be obvious, but the UK is not
politically ready for that. Although according to the Financial Times 31.5.04, government
sources are saying that the UK could return to a wider role for the EPP, as long as the
470
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
veto is retained over extensions of the mandate.
The House of Lords European Union Committee has discussed the role of Eurojust in its
23rd Report of Session 2003-4.
http://www.publications.parliament.uk/pa/ld200304/ldselect/ldeucom/138/138.pdf
para 6 quotes Hans Nilsson, the Head of Judicial Cooperation in the Council Secretariat
as saying that Eurojust “ is at the crossroads of two conflicting models: one seeking
increased harmonisationof criminal law and procedures and centralised EU structures and
the other based on mutual recognition of Member States’ laws and procedures and
enhanced cooperation between them.” The UK sees it as the latter, not the former.
Eurojust is a useful institution for exchanging information and facilitating coordination of
a prosecution. It is difficult in a UK view to see why it should have access to a database,
let alone be the home for one. The UK Information Commissioner even criticised the
composition of the Eurojust Joint Supervisory body. He argued that judges might not be
experts in data protection and that members of national data protection authorities would
be more appropriate. [para 55]
In para 102 of the Report, the Committee was not convinced of the necessity for
the establishment of a European Criminal Record. They felt that there has been a
proliferation of databases at EU level and that “the feasibility and added value of these
databases was questionale and their impact on privacy and the protection of personal data
may be considerable”[footnote 138 of the Report attributes the quotation to a letter from
Lord Grenfell, committee chairman (sic), to Caroline Flint MP parliamentary underSecretary of State at the Home Office] Links between national databases could achieve
the same objective. There certainly should not be a European database containing data on
investigations
The Committee was in agreement with Drs Xanthaki and Stefanou that if a
European Criminal Record were to be established, taking into account the fact that
several new Member States have no criminal records as such, then there should be three
safeguards: data should be held only on convictions, data should be held only on
transnational offences and only judicial authorities should have access [paras 100 and
102].
471
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
19)
In view of the free movement of persons within the EU and the increase in
crime, would such a database constitute an effective weapon against crime?
The United Kingdom has not signed up to the free movement of peoples and has
kept border controls. On the other hand, the feeling among investigators is that any more
information would be useful. Ideally, a proper evaluation needs to be done as to what a
separate database could achieve that improved cross-border access to national databases
couldn’t.
The danger is that such a database would be used against immigration and
political dissidents rather than criminals. The profiling and analytical software isn’t there
yet and the storage capacity doesn’t yet exist. Cross-border networking between police
officers and prosecutors together with Joint Investigative Teams is more likely to work at
this stage of European Development.
A sex offenders database is more likely to be successful in the first instance and
likely to be accepted as legitimate by the European public at large. [see next answer]
20)
Do you foresee political opposition, in your country, to a move for the
creation of such a database either by political parties or by human rights
groups?
Human Rights groups will protest. Justice will certainly object strongly. The
Joint Supervisory Authority [JSA] for SIS has criticised moves to widen access, so it isn’t
simply going to be a local political issue.
The British Press is more likely to go berserk. Europe really isn’t popular in the
UK right now. The idea of faceless Brussels bureaucrats invading our private lives is not
one that would receive a positive response. Human rights groups may jump up and down,
but they would not be the main opposition to this. It is an issue that the Conservative
Party would expect to exploit. See “the Five Ways the EU Constitution would harm our
lives”. Four of the five are about European judges, rights and law.
http://www.conservatives.com/campaigns/campaign.cfm?obj_id=73417
472
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
But the Caroline Dickinson murder trial at present underway in France has already led to
calls for a European database of Sex Offenders [Nicky Campbell on the Breakfast Show,
Five Live 9th June 2004].
Home Secretary has called for a DNA database and a database of sexual offenders
for whole of Europe. The latter is likely to be acceptable. The former is more debatable.
21)
Is crime seen as a serious problem, by the media and the public, in your
country? Justify your opinion by reference to interviews with representatives
of the main political parties (a telephone call to their headquarters is
adequate).
Yes it is. But it is petty crime and anti-social behaviour and fear of crime that are
the big issues not transnational crime. This will change if there were to be a terrorist
attack on London or a major incident involving criminals in which a number of
policemen are killed.
Labour Party position on crime:
http://www.labour.org.uk/crime04/
Conservative Party position on crime:
http://www.conservative.com/policies/
[the crime consultation document The Conveyor Belt to Crime is a long way down the
list, but there are documents on crime in London earlier in the list.]
speech by David Davis
http://www.conservatives.com/news/article.cfm?obj_id=111556
Howard’s Midlesborough speech on crime:
http://www.conservatives.com/news/article.cfm?obj_id=113496&speeches=1
473
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
Liberal Democrat party position on crime:
Speech:
http://www.libdems.org.uk/index.cfm/page.homepage/section.home/article.7258
Policy:
http://www.libdems.org.uk/documents/policies/Policy_Papers/51JusticeandtheCommunit
y.pdf
22)
Is there a move in your country towards the reduction of police powers and
the promotion of the rehabilitation of ex-offenders?
The phrasing of this question is somewhat unfortunate. I do not see a link between
the two.
Police powers: the police would always say they are being reduced, lawyers
would say they are increasing. Speed cameras and random breath-tests cause much
grumbling in pubs!
There is a major dispute between ACPO and the Information Commissioner on
how long records can be kept on file, which opposes the need for child protection to the
requirements of the rehabilitation legislation.
Bichard discusses the entire system of employment vetting and refers back to
Article 8 of the European Convention of Human Rights which has markedly different
things to say about whether information should be retained and whether it should be
disclosed. He argues that an individual’s privacy can be interfered with to the extent that
confidential information may be retained but it may not be justifiable to communicate
that information to the employer. There is an issue of fairness to the job applicant and in
4.109 he acknowledges that careers may be blighted and job prospects lost. He lists what
he considers to be the essential issues:

What should the ingredients for fair treatment be?

Can the system be made to work efficiently, protectively and fairly all at the same
time bearing in mind the call on limited resources?

How should the balance be struck between the rights of the individual and the
need to protect the vulnerable?
474
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
The Courts have been involved in considering disclosure of Police information for
vetting purposes. A recent successful judicial review challenged the provision of local
Police information to an employer was X versus Chief Constable of the West Midlands
(2004) EWHC (Admin) 61 Mr Justice Wall. In summary Mr Justice Wall decided that
the discretion to be exercised by the Chief Constable under Section 115 of the Police Act
1997 as to whether to disclose intelligence material has to be exercised in accordance
with Common Law principles of fairness and in the present context those principles were
set out in ex parté Thorpe (1996) QB396 and ex parté LM(2000) 1FLR612.
The principles require that the job applicant be given an opportunity to make
representations before the disclosure is made to the prospective employer.
The
conclusion was based on the seriousness of consequence of disclosure for the job
applicant and on the very small number of enhanced disclosure requests producing a
result other than no trace. The figures cited to the Court indicated a figure of 3 in every
1000 for that force.
The judgement is under appeal.
The effect if the appeal is
unsuccessful is likely to be that there will have to be an extensive review and debate with
the job applicant and lawyers in a significant number of enhanced disclosure cases before
any disclosure is made. Bichard feels that in terms of fairness there are attractions in
according applicants a prior opportunity to comment on disclosed information.
23)
Please feel free to make additional comments.
Alternative routes forward:
A system of separate databases for separate purposes could be set up in order to
satisfy the legal requirement that data placed on a database can only be accessed for the
purpose the data was originally entered. The legal basis here needs clarifying but several
documents from the European Parliament suggest that this is an important consideration
in many continental European jurisdictions. This would have the advantage of satisfying
human rights concerns but the disadvantage that it would be expensive and would hamper
cross-border investigation. On the other hand if any other system means that evidence so
475
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
obtained cannot be presented in court, then economic cost cannot be used as an argument
to outweigh human rights costs and the ultimate benefit of successful prosecution.
The European Commission proposal to change the purpose of the Schengen
Information System from a control system i.e. a system that exists primarily to prevent
the admission of “undesirables” to the European Union to a more investigative system is
one that is inevitably going to succeed given the growth in the use of the database for
enquiries about wanted persons, evidence and objects. The problem that was not
anticipated when SIS was set up was that there might be individuals, such as football
hooligans who it might be necessary to prevent crossing internal frontiers at specific
times, or such as paedophiles, whose movements need to be monitored. The English view
that the author of this report has encountered seems to accord with that of the
Commission, that the Schengen Information System should be developed for
investigative purposes.
There is not such support for a European Criminal Records database and more
support for the idea of a procedure by which individual Member States’ criminal records
databases can be accessed via the SIS. Whether the attitude would be different if it were
to turn out that not all member states have Criminal records databases at national level
would need to be explored, but support is more likely for the creation of individual
national databases that an all-European one at this point. The UK is strongly in favour of
taking a Third Pillar approach to Criminal Justice matters, while accepting that
immigration requires a centralised approach.
A prosecution database at European level is equally unlikely to find favour,
although access to individual member States databases via SIS would be acceptable. The
Home Secretary has proposed a European DNA database, but whether Parliamen,
particularly the House of Lords would in practice pass such legislation will be a question
for future empirical verification.
A database for investigating terrorism and organised crime, where a definion
could be agreed for entry purposes is a possible step, but a database for intelligence, in
the sense of investigative intelligence, not security services information will require a
European version of the UK National Intelligence Model.
476
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
Interface between databases is the favoured UK approach, preferably via direct
access terminals with such access recorded and monitored. A series of bureaux on the
lines of Sirene would be seen as a retrograde step. A further possibility might be that
Member States databases develop sections that would be all-European access, with
judicial supervision of the rules for data entry and occasional regular inspection by an
appropriate data protection officer. Access level is probably the issue that most interests
UK investigators.
List of those interviewed for the Project
July 2004 12.00-2.00 NCIS London
Brian Donald, Senior Business Manager, Sirene Project Manager, NCIS
Matthew Foley, Senior Intelligence Officer, NCIS
May 2004 12.30-3.30 Centrex Bramshill
Insp. G. Marshallsay “Genesis” Helpdesk, Central Police Training and Development
Authority, Bramshill
Sgt B. Cook “Genesis” Helpdesk, Central police Training and Development Authority,
Bramshill
June 2004 email contact with Sandy Taylor of the Scottish executive Justice Department
Justice Statistics Unit
The issues are:
Big centralised database vs Smaller local databases
What data goes where
What software is available to process data
Soft data and hard data
Compatability of rules for data handling and their relation to laws of evidence and
disclosure
Defining organised crime in legal terms
477
AGIS PROJECT JAI/2003/AGIS/002 – UNITED KINGDOM
Proactive vs reactive investigation. Legal basis for proactive investigation and data
gathering and storage in such investigation
Database for single investigation that crosses Member State boundaries [LESTRADE
rather than HOLMES???].
Disclosure?
Politics
Nature of evidence taken from a computer
How would you cross-examine it? Basic misunderstanding of adversarial system here.
Crime [International Cooperation] Act 2003
Scots would require corroboration.
478