Lord Paddick
Main Page: Lord Paddick (Non-affiliated - Life peer)Department Debates - View all Lord Paddick's debates with the Home Office
Police National Computer
Lord Paddick Excerpts(3 years, 5 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Rosser (Lab) [V]
I thank the noble Baroness the Minister for being here—unlike the Home Secretary yesterday in the Commons—as the senior government Minister in the Lords covering the Home Office, to be accountable to this House for the worrying events detailed in the Statement.
The Statement says that it is estimated that up to some 400,000 offence, arrest and person records have, due to human error, inadvertently been deleted from the police national computer. There will be an internal investigation. Something described as human error can hide a multitude of failures covering, for example, inadequate training or supervision, previous warnings of the likelihood of an incident occurring being ignored, people working under pressure, out-of-date or unreliable equipment and lack of provision of readily available safeguards to override the consequences of human error—all factors for which responsibility should ultimately lie at the highest level within the department. Yet the Commons Minister yesterday stated:
“Sadly, human error introduced into the code has led to this particular situation”.
The Government appear to have already determined the outcome of the internal investigation. I therefore ask the noble Baroness, who speaks for the Government: why is this investigation not going to be independent and, secondly, will the full report of the investigation be placed before Parliament? Can the Government also say whether Statements would have even been made to Parliament if reports of this serious loss of data had not appeared in the media?
The police national computer and the police national database are due to be replaced by the national law enforcement data programme. However, the assessment by the Infrastructure and Projects Authority is that successful delivery of the project is in doubt. The Policing Minister admitted in the Commons yesterday that the replacement of the PNC
“has had its fair share of problems, it is fair to say we have undergone a reset. There is now a renewed sense of partnership working between the Home Office and the police, to make sure we get that much needed upgrade in technology correct.”—[Official Report, Commons, 18/1/20; col. 624.]
When a Minister uses those kind of words, one knows that there have been big problems with the replacement of the outdated PNC, from which up to 400,000 records have been deleted, not because it is no longer fit for purpose but apparently due solely to human error. How could up to 400,000 records be deleted without apparently there being a proper back-up system in place? Was that lack of a proper back-up system also due to “human error”?
Is it true, as was asked in the Commons yesterday, but without a reply being given, that Ministers were warned many months ago that their approach to the police national computer and database posed a significant risk to policing’s ability to protect the public, and that the databases were “creaking” and operating on
“end of life, unsupported hardware and software”?—[Official Report, Commons, 18/1/20; col. 627.]
If so, what did the Government do about that?
In the Commons, the Government sought to say that, first, the data deleted might be available on other systems or databases and, secondly—because the data related to people arrested and in respect of whom, for the specific matter for which they were arrested, no further action was taken—it really is not that serious that this data has been deleted. The National Police Chiefs’ Council lead for the police national computer has said that the deleted DNA contains records marked for
“indefinite retention following conviction of serious offences.”
Is it still the Government’s view that this deleted data is not important? If so, could the Government explain why this data is retained at all, and may be on other systems, if it has no real value in preventing crime in the first place, in the fight against crime and in bringing criminals to justice? In the absence of a credible answer to that question, clearly the data deleted is of significance. In responding, could the Government set out the potential damage that could be done, or has perhaps already been done, as a result of these inadvertent deletions?
We need greater openness and frankness from the Government, now and in promised further updates, about what has happened—merely
“technical issues … with the police national computer”
according to the Statement—and why. We do not need an attempt to brush it all off as down to a “human error” with consequences of little significance.
Lord Paddick (LD) [V]
My Lords, let me try to bring some clarity to what has happened. The records that have apparently been deleted are those of people arrested but not charged, or charged but not convicted. These are sometimes, but not always, deleted. If someone is arrested but not charged or not convicted for one of more than 200 serious offences, their fingerprints and DNA can be retained for up to five years. If they have previous convictions for a serious offence, their fingerprints and DNA can be retained indefinitely. It may be that there are no fingerprint or DNA records for any of these people, other than those taken when there was no conviction. These are the records that have apparently been deleted. Meanwhile, some that should have been deleted have not been.
Although the people whose records have been deleted may not have been charged or convicted on this occasion, their DNA or fingerprints may be found at crime scenes in the future. If their fingerprints and DNA have been deleted, there is no way of proving forensically that they were at these crime scenes.
Some 213,000 offence records, 175,000 arrest records and 15,000 person records have potentially been deleted. Some 26,000 DNA records, 30,000 fingerprint records and 600 subject records may also have been deleted. This mistake could result in criminals who would otherwise be convicted of serious criminal offences not being identified, arrested, charged or convicted.
The Statement says that other databases such as the police national database can be checked, but my understanding is that the script run on the PNC deleted records on linked databases. Can the Minister confirm that?
Because of the variety of records that have been deleted—offence records, arrest records, person records and DNA and fingerprint records—it will be very difficult to put the jigsaw puzzle back together by collecting the pieces from different databases where the data may still be recorded. Is that the Minister’s understanding?
The first question, which the noble Lord, Lord Rosser, also asked, must be: why was there no back-up? In October, senior police officers wrote to the Home Office to say they had “lost confidence” in its ability to complete big IT projects. What evidence is there to support this view?
Work on the national law enforcement data programme is in serious trouble, as the noble Lord said. This replacement for the police national computer and the police national database began in 2016 but is not expected to be completed until 2023, significantly delayed and overbudget. That is despite the existing systems running on obsolete hardware, using obsolete software.
To take another example, the new emergency services network was due to replace the system of radios and other mobile communications used by the police, the Motorola Airwave network, by 2019. That Home Office IT project has been delayed, meaning the existing Airwave system has had to be maintained for at least three years beyond its planned end of life, which is costing an additional £1.7 million a day. The final total is expected to reach close to £2 billion.
The facts are that the Government not only cut police officer numbers by over 20,000 between 2010 and 2020 but failed to invest in the systems that the police rely on to be effective. They have committed to recruiting 20,000 new police officers—dressing the window—meanwhile allowing what is unseen but vital to fall apart.
Following the end of the transition period on 1 January, the police lost real-time access to the European Union Schengen Information System, SIS II, meaning that front-line officers no longer have real-time access to data on 40,000 fugitives and dangerous criminals. It is now clear that these officers, who put their lives on the line for us every day, cannot rely on UK systems either. What are the Government going to do, not just to retrieve the lost data, but to ensure that the Home Office IT systems that the police rely on are fit for purpose? At the moment, it is absolutely clear that they are not.
The Minister of State, Home Office (Baroness Williams of Trafford) (Con)
My Lords, I will start with that assertion by the noble Lord, Lord Paddick: this does not relate to SIS II. This issue was a human error. Both noble Lords talked about IT systems; again, this was a human error, but it would be churlish of me not to discuss what the Home Office is doing about IT systems. We are delivering a number of new national IT systems to replace ageing critical national infrastructure and provide modern digital services that extend and enhance police capability. They have already delivered some valuable new capabilities to front-line policing: for example, to do fingerprint checks in the field and to extend ANPR coverage significantly.
Noble Lords are right that there have been some delivery challenges. The noble Lord, Lord Paddick, talked about the ESMCP, where I share his frustration. I have been focusing on it closely, and a new programme director was appointed in August last year, with the support of an interim SRO. The focus has been on greater transparency to the emergency services. On that note, the emergency services need confidence that the programme will deliver, for which testing has to be done.
The noble Lord, Lord Paddick, was right in his breakdown of the numbers. On the point that this is not serious, it is. I do not think that my right honourable friend the Policing Minister tried to downplay that yesterday, in any way. It is serious. In answer to the noble Lord, Lord Rosser, who asked whether the deletion is not that important—no, it is important. It is important to show how the process that my right honourable friend outlined yesterday is going to work. The first stage is to bring back the data, not to try to restore that which has been deleted, as that could cause worse problems. We will do a close analysis by the close of play tomorrow. We will recover the relevant data and, fourthly and importantly, we will ensure legal compliance in all the moves that we make.
Back-ups are, of course, held for all systems but due to the scale, the complexity and the dynamic nature of how the affected systems interact, restoring from back-ups needs to be undertaken in a very controlled manner. Our technical teams are now working at pace to identify how to do this safely. As I said, we should complete this analysis very shortly, and it will give us the full picture of what needs to be done.
On the question from the noble Lord, Lord Paddick, about deleted records on police systems, I understand that the engineers managed to stop some of the activity before it could proceed any further. That is certainly a part of the analysis that is being done today, and the extent of that will be further understood.
The noble Lord, Lord Rosser, asked why we do not have an external review. The reason it is an internal review is because it is an issue of human error and the Home Office engineers are having to work at pace to identify the full list of affected records. The analysis is due to be completed, as I say, very shortly. There will be a lessons-learned exercise. Of course there will be a full lessons-learned review. As for who will carry out that, it may be an external person. I can certainly find that out for the noble Lord, Lord Rosser.