The following Statement was made in the House of Commons on Monday 18 January.
“With permission, Mr Speaker, I would like to make a Statement about the technical issues that we have experienced with the police national computer over the past week.
The records and information held by the police help to keep us safe, but they, like many other public bodies, have an obligation to ensure that the information they hold is properly managed. As I am sure you are aware, Mr Speaker, not all information and records held by the police can be held indefinitely. To ensure that the police are complying with their legal obligations in respect of the records they hold, a regular housekeeping process is undertaken to delete personal data and records from the police national computer and linked databases: in this case, data relating to individuals who were investigated by the police but where no further action was taken. This is undertaken for a variety of reasons, but chiefly to abide by legal obligations.
With such a large database, holding some 13 million records, an automated process is used to remove records that the police national computer has no legal right to hold. A weekly update was designed by engineers and applied to the police national computer, which then automatically triggers deletions across the PNC, and other linked databases. Last week, the Home Office became aware that, as a result of human error, the software that triggers these automatic deletions contained defective coding and had inadvertently deleted records that it should not have, and indeed had not deleted some records that should have been deleted. An estimated 213,000 offence records, 175,000 arrest records and 15,000 person records are being investigated as potentially having been deleted. It is worth the House noting that multiple records can be held against the same individual, so the number of individuals affected by this incident is likely to be lower. Operational partners are still able to access the police national computer, which holds, as I say, over 13 million records. Clearly this situation is very serious, and I understand that colleagues across this House will have concerns, which of course I share.
By your leave, Mr Speaker, I want to set out for the House the steps that we have taken to deal with this complex incident. On the evening of 10 January—the same day the Home Office became aware of the incident—engineers put a stop on the automated process to ensure that no further deletions took place. All similar automated processes have also been suspended. Early last week, Home Office civil servants and engineers worked quickly to alert the police and other operational colleagues, and established a bronze, silver and gold command to manage the incident and co-ordinate a rapid response. The gold command provided rapid guidance for police forces and other partners to ensure that they were kept abreast of the situation.
Secondly, Home Office officials and engineers, working closely with the National Police Chiefs’ Council, police forces and other partners, immediately initiated rapid work, through the gold command, to assess the full scale and impact of the incident. This included undertaking a robust and detailed assessment and verification of all affected records, followed by developing and implementing a plan to recover as much of the data and records as is possible, and to develop plans to mitigate the impacts of any lost data. This is being done in four phases. Phase 1 involves writing and testing a code to bring back accurate lists of what has been deleted as a result of the incident. Phase 2 will involve running that code and then doing detailed analysis on the return to fully analyse the records that have been lost and establish the full impact. Phase 3 will be to begin the recovery of the data from the police national computer and other linked systems. Phase 4 will involve work to ensure that we are deleting any data that should have been deleted as usual when this incident first began. Phase 1 of the process has taken place over the weekend, and I am assured that it has gone well. The second phase is now under way, and I will hopefully have an update in the next few days.
While any loss of data is unacceptable, other tried and tested law enforcement systems are in place that contain linked data and reports to support policing partners in their day-to-day efforts to keep us safe: for example, the police national database or other local systems. The police are able to use these systems to do simultaneous checks.
I urge patience while we continue our rapid internal investigation and begin the recovery. I hope the House will appreciate that the task in front of us is a complex one. Public safety is the top priority of everyone working at the Home Office, and I have full faith that Home Office engineers, our partners in the National Police Chiefs’ Council and police forces throughout the country, with whom we are working, are doing all they can to restore the data. Although that is rightly our immediate priority, the Home Secretary and I have commissioned an internal review as to the circumstances that led to this incident, so that lessons can be learned. I will update the House regularly on the process. I commend this Statement to the House.”
3:00 pm
Lord Rosser (Lab) [V]
I thank the noble Baroness the Minister for being here—unlike the Home Secretary yesterday in the Commons—as the senior government Minister in the Lords covering the Home Office, to be accountable to this House for the worrying events detailed in the Statement.
The Statement says that it is estimated that up to some 400,000 offence, arrest and person records have, due to human error, inadvertently been deleted from the police national computer. There will be an internal investigation. Something described as human error can hide a multitude of failures covering, for example, inadequate training or supervision, previous warnings of the likelihood of an incident occurring being ignored, people working under pressure, out-of-date or unreliable equipment and lack of provision of readily available safeguards to override the consequences of human error—all factors for which responsibility should ultimately lie at the highest level within the department. Yet the Commons Minister yesterday stated:
“Sadly, human error introduced into the code has led to this particular situation”.
The Government appear to have already determined the outcome of the internal investigation. I therefore ask the noble Baroness, who speaks for the Government: why is this investigation not going to be independent and, secondly, will the full report of the investigation be placed before Parliament? Can the Government also say whether Statements would have even been made to Parliament if reports of this serious loss of data had not appeared in the media?
The police national computer and the police national database are due to be replaced by the national law enforcement data programme. However, the assessment by the Infrastructure and Projects Authority is that successful delivery of the project is in doubt. The Policing Minister admitted in the Commons yesterday that the replacement of the PNC
“has had its fair share of problems, it is fair to say we have undergone a reset. There is now a renewed sense of partnership working between the Home Office and the police, to make sure we get that much needed upgrade in technology correct.”—[Official Report, Commons, 18/1/20; col. 624.]
When a Minister uses those kind of words, one knows that there have been big problems with the replacement of the outdated PNC, from which up to 400,000 records have been deleted, not because it is no longer fit for purpose but apparently due solely to human error. How could up to 400,000 records be deleted without apparently there being a proper back-up system in place? Was that lack of a proper back-up system also due to “human error”?
My Lords, let me try to bring some clarity to what has happened. The records that have apparently been deleted are those of people arrested but not charged, or charged but not convicted. These are sometimes, but not always, deleted. If someone is arrested but not charged or not convicted for one of more than 200 serious offences, their fingerprints and DNA can be retained for up to five years. If they have previous convictions for a serious offence, their fingerprints and DNA can be retained indefinitely. It may be that there are no fingerprint or DNA records for any of these people, other than those taken when there was no conviction. These are the records that have apparently been deleted. Meanwhile, some that should have been deleted have not been.
Although the people whose records have been deleted may not have been charged or convicted on this occasion, their DNA or fingerprints may be found at crime scenes in the future. If their fingerprints and DNA have been deleted, there is no way of proving forensically that they were at these crime scenes.
Some 213,000 offence records, 175,000 arrest records and 15,000 person records have potentially been deleted. Some 26,000 DNA records, 30,000 fingerprint records and 600 subject records may also have been deleted. This mistake could result in criminals who would otherwise be convicted of serious criminal offences not being identified, arrested, charged or convicted.
The Statement says that other databases such as the police national database can be checked, but my understanding is that the script run on the PNC deleted records on linked databases. Can the Minister confirm that?
Because of the variety of records that have been deleted—offence records, arrest records, person records and DNA and fingerprint records—it will be very difficult to put the jigsaw puzzle back together by collecting the pieces from different databases where the data may still be recorded. Is that the Minister’s understanding?
My Lords, I will start with that assertion by the noble Lord, Lord Paddick: this does not relate to SIS II. This issue was a human error. Both noble Lords talked about IT systems; again, this was a human error, but it would be churlish of me not to discuss what the Home Office is doing about IT systems. We are delivering a number of new national IT systems to replace ageing critical national infrastructure and provide modern digital services that extend and enhance police capability. They have already delivered some valuable new capabilities to front-line policing: for example, to do fingerprint checks in the field and to extend ANPR coverage significantly.
Noble Lords are right that there have been some delivery challenges. The noble Lord, Lord Paddick, talked about the ESMCP, where I share his frustration. I have been focusing on it closely, and a new programme director was appointed in August last year, with the support of an interim SRO. The focus has been on greater transparency to the emergency services. On that note, the emergency services need confidence that the programme will deliver, for which testing has to be done.
The noble Lord, Lord Paddick, was right in his breakdown of the numbers. On the point that this is not serious, it is. I do not think that my right honourable friend the Policing Minister tried to downplay that yesterday, in any way. It is serious. In answer to the noble Lord, Lord Rosser, who asked whether the deletion is not that important—no, it is important. It is important to show how the process that my right honourable friend outlined yesterday is going to work. The first stage is to bring back the data, not to try to restore that which has been deleted, as that could cause worse problems. We will do a close analysis by the close of play tomorrow. We will recover the relevant data and, fourthly and importantly, we will ensure legal compliance in all the moves that we make.
We now come to the 20 minutes allocated for Back-Bench speakers. I ask that questions and answers be brief so that I can call the maximum number of speakers.
[Inaudible]—that the Home Office is moving swiftly to rectify what we now learn was the result of human error. That error was in fact exposed by the Times last week. What troubles me—this has already alluded to by the noble Lords, Lord Rosser and Lord Paddick—is the latest report, again in theTimes, that the Metropolitan Police Commissioner has apparently told the Home Office that the police has lost confidence in its ability to complete big IT projects—that is really serious—and that
“the Home Office was warned 18 months ago that a lack of investment in ‘creaking’ databases put the public at ‘significant risk’”.
That is at odds with the opening paragraph of this government Statement. Does the Minister accept that this, combined with the loss of access to certain EU databases from 1 January this year, now has the potential to present us with a perfect storm with regard to our security and policing? What plans do the Home Office have to alleviate this problem and to reassure law enforcement agencies and indeed the public?
I do not disagree with my noble friend that the confidence of the police and our operational partners is absolutely crucial to the delivery of these systems. Many of our systems are of course large and complex, and some of them date back some time—the noble Lord, Lord Paddick, talked about the Motorola project. We share the concerns about delays. That is why we are reviewing delivery, to ensure that projects are delivered as efficiently as possible to protect the public. As I said to noble Lords previously, I have taken a personal interest in the ESMCP because it is an absolutely crucial project to get right and to get delivered without any further delay.
My Lords, I draw attention to my relevant technology interest in the register. We rightly worry about sophisticated technological attacks on our national digital infrastructure and we worry post-Brexit about access to relevant European intelligence databases. However, is not our most critical national concern evidenced by seemingly systemic failures in our ability to effectively and securely manage data? Do we not appear to lack appropriate understanding of the necessary interdependence of technology, policy and user competence? Specifically, in an age when it is technological feasible to ensure that data cannot be truly lost through human error, can the Minister say what active consideration is being to adopting blockchain technologies to both secure and manage access to our most vital national data?
Technology and the sorts of things the noble Lord talks about are being developed all the time; he asked about technology not being lost through data loss, I think. This issue was human error in the coding. Much as I would like to say that human error does not exist, occasionally it does. This happened with the best technology systems in the world; how a system is coded will unfortunately predict what comes out the other end. I do not disagree with the noble Lord’s assertion at all.
20 of 43 shown
Is it true, as was asked in the Commons yesterday, but without a reply being given, that Ministers were warned many months ago that their approach to the police national computer and database posed a significant risk to policing’s ability to protect the public, and that the databases were “creaking” and operating on
“end of life, unsupported hardware and software”?—[Official Report, Commons, 18/1/20; col. 627.]
If so, what did the Government do about that?
In the Commons, the Government sought to say that, first, the data deleted might be available on other systems or databases and, secondly—because the data related to people arrested and in respect of whom, for the specific matter for which they were arrested, no further action was taken—it really is not that serious that this data has been deleted. The National Police Chiefs’ Council lead for the police national computer has said that the deleted DNA contains records marked for
“indefinite retention following conviction of serious offences.”
Is it still the Government’s view that this deleted data is not important? If so, could the Government explain why this data is retained at all, and may be on other systems, if it has no real value in preventing crime in the first place, in the fight against crime and in bringing criminals to justice? In the absence of a credible answer to that question, clearly the data deleted is of significance. In responding, could the Government set out the potential damage that could be done, or has perhaps already been done, as a result of these inadvertent deletions?
We need greater openness and frankness from the Government, now and in promised further updates, about what has happened—merely
“technical issues … with the police national computer”
according to the Statement—and why. We do not need an attempt to brush it all off as down to a “human error” with consequences of little significance.
The first question, which the noble Lord, Lord Rosser, also asked, must be: why was there no back-up? In October, senior police officers wrote to the Home Office to say they had “lost confidence” in its ability to complete big IT projects. What evidence is there to support this view?
Work on the national law enforcement data programme is in serious trouble, as the noble Lord said. This replacement for the police national computer and the police national database began in 2016 but is not expected to be completed until 2023, significantly delayed and overbudget. That is despite the existing systems running on obsolete hardware, using obsolete software.
To take another example, the new emergency services network was due to replace the system of radios and other mobile communications used by the police, the Motorola Airwave network, by 2019. That Home Office IT project has been delayed, meaning the existing Airwave system has had to be maintained for at least three years beyond its planned end of life, which is costing an additional £1.7 million a day. The final total is expected to reach close to £2 billion.
The facts are that the Government not only cut police officer numbers by over 20,000 between 2010 and 2020 but failed to invest in the systems that the police rely on to be effective. They have committed to recruiting 20,000 new police officers—dressing the window—meanwhile allowing what is unseen but vital to fall apart.
Following the end of the transition period on 1 January, the police lost real-time access to the European Union Schengen Information System, SIS II, meaning that front-line officers no longer have real-time access to data on 40,000 fugitives and dangerous criminals. It is now clear that these officers, who put their lives on the line for us every day, cannot rely on UK systems either. What are the Government going to do, not just to retrieve the lost data, but to ensure that the Home Office IT systems that the police rely on are fit for purpose? At the moment, it is absolutely clear that they are not.
Back-ups are, of course, held for all systems but due to the scale, the complexity and the dynamic nature of how the affected systems interact, restoring from back-ups needs to be undertaken in a very controlled manner. Our technical teams are now working at pace to identify how to do this safely. As I said, we should complete this analysis very shortly, and it will give us the full picture of what needs to be done.
On the question from the noble Lord, Lord Paddick, about deleted records on police systems, I understand that the engineers managed to stop some of the activity before it could proceed any further. That is certainly a part of the analysis that is being done today, and the extent of that will be further understood.
The noble Lord, Lord Rosser, asked why we do not have an external review. The reason it is an internal review is because it is an issue of human error and the Home Office engineers are having to work at pace to identify the full list of affected records. The analysis is due to be completed, as I say, very shortly. There will be a lessons-learned exercise. Of course there will be a full lessons-learned review. As for who will carry out that, it may be an external person. I can certainly find that out for the noble Lord, Lord Rosser.