Statement
The following Statement was made in the House of Commons on Monday 18 January.
“With permission, Mr Speaker, I would like to make a Statement about the technical issues that we have experienced with the police national computer over the past week.
The records and information held by the police help to keep us safe, but they, like many other public bodies, have an obligation to ensure that the information they hold is properly managed. As I am sure you are aware, Mr Speaker, not all information and records held by the police can be held indefinitely. To ensure that the police are complying with their legal obligations in respect of the records they hold, a regular housekeeping process is undertaken to delete personal data and records from the police national computer and linked databases: in this case, data relating to individuals who were investigated by the police but where no further action was taken. This is undertaken for a variety of reasons, but chiefly to abide by legal obligations.
With such a large database, holding some 13 million records, an automated process is used to remove records that the police national computer has no legal right to hold. A weekly update was designed by engineers and applied to the police national computer, which then automatically triggers deletions across the PNC, and other linked databases. Last week, the Home Office became aware that, as a result of human error, the software that triggers these automatic deletions contained defective coding and had inadvertently deleted records that it should not have, and indeed had not deleted some records that should have been deleted. An estimated 213,000 offence records, 175,000 arrest records and 15,000 person records are being investigated as potentially having been deleted. It is worth the House noting that multiple records can be held against the same individual, so the number of individuals affected by this incident is likely to be lower. Operational partners are still able to access the police national computer, which holds, as I say, over 13 million records. Clearly this situation is very serious, and I understand that colleagues across this House will have concerns, which of course I share.
By your leave, Mr Speaker, I want to set out for the House the steps that we have taken to deal with this complex incident. On the evening of 10 January—the same day the Home Office became aware of the incident—engineers put a stop on the automated process to ensure that no further deletions took place. All similar automated processes have also been suspended. Early last week, Home Office civil servants and engineers worked quickly to alert the police and other operational colleagues, and established a bronze, silver and gold command to manage the incident and co-ordinate a rapid response. The gold command provided rapid guidance for police forces and other partners to ensure that they were kept abreast of the situation.
Secondly, Home Office officials and engineers, working closely with the National Police Chiefs’ Council, police forces and other partners, immediately initiated rapid work, through the gold command, to assess the full scale and impact of the incident. This included undertaking a robust and detailed assessment and verification of all affected records, followed by developing and implementing a plan to recover as much of the data and records as is possible, and to develop plans to mitigate the impacts of any lost data. This is being done in four phases. Phase 1 involves writing and testing a code to bring back accurate lists of what has been deleted as a result of the incident. Phase 2 will involve running that code and then doing detailed analysis on the return to fully analyse the records that have been lost and establish the full impact. Phase 3 will be to begin the recovery of the data from the police national computer and other linked systems. Phase 4 will involve work to ensure that we are deleting any data that should have been deleted as usual when this incident first began. Phase 1 of the process has taken place over the weekend, and I am assured that it has gone well. The second phase is now under way, and I will hopefully have an update in the next few days.
While any loss of data is unacceptable, other tried and tested law enforcement systems are in place that contain linked data and reports to support policing partners in their day-to-day efforts to keep us safe: for example, the police national database or other local systems. The police are able to use these systems to do simultaneous checks.
I urge patience while we continue our rapid internal investigation and begin the recovery. I hope the House will appreciate that the task in front of us is a complex one. Public safety is the top priority of everyone working at the Home Office, and I have full faith that Home Office engineers, our partners in the National Police Chiefs’ Council and police forces throughout the country, with whom we are working, are doing all they can to restore the data. Although that is rightly our immediate priority, the Home Secretary and I have commissioned an internal review as to the circumstances that led to this incident, so that lessons can be learned. I will update the House regularly on the process. I commend this Statement to the House.”
I thank the noble Baroness the Minister for being here—unlike the Home Secretary yesterday in the Commons—as the senior government Minister in the Lords covering the Home Office, to be accountable to this House for the worrying events detailed in the Statement.
The Statement says that it is estimated that up to some 400,000 offence, arrest and person records have, due to human error, inadvertently been deleted from the police national computer. There will be an internal investigation. Something described as human error can hide a multitude of failures covering, for example, inadequate training or supervision, previous warnings of the likelihood of an incident occurring being ignored, people working under pressure, out-of-date or unreliable equipment and lack of provision of readily available safeguards to override the consequences of human error—all factors for which responsibility should ultimately lie at the highest level within the department. Yet the Commons Minister yesterday stated:
“Sadly, human error introduced into the code has led to this particular situation”.
The Government appear to have already determined the outcome of the internal investigation. I therefore ask the noble Baroness, who speaks for the Government: why is this investigation not going to be independent and, secondly, will the full report of the investigation be placed before Parliament? Can the Government also say whether Statements would have even been made to Parliament if reports of this serious loss of data had not appeared in the media?
The police national computer and the police national database are due to be replaced by the national law enforcement data programme. However, the assessment by the Infrastructure and Projects Authority is that successful delivery of the project is in doubt. The Policing Minister admitted in the Commons yesterday that the replacement of the PNC
“has had its fair share of problems, it is fair to say we have undergone a reset. There is now a renewed sense of partnership working between the Home Office and the police, to make sure we get that much needed upgrade in technology correct.”—[Official Report, Commons, 18/1/20; col. 624.]
When a Minister uses those kind of words, one knows that there have been big problems with the replacement of the outdated PNC, from which up to 400,000 records have been deleted, not because it is no longer fit for purpose but apparently due solely to human error. How could up to 400,000 records be deleted without apparently there being a proper back-up system in place? Was that lack of a proper back-up system also due to “human error”?
Is it true, as was asked in the Commons yesterday, but without a reply being given, that Ministers were warned many months ago that their approach to the police national computer and database posed a significant risk to policing’s ability to protect the public, and that the databases were “creaking” and operating on
“end of life, unsupported hardware and software”?—[Official Report, Commons, 18/1/20; col. 627.]
If so, what did the Government do about that?
In the Commons, the Government sought to say that, first, the data deleted might be available on other systems or databases and, secondly—because the data related to people arrested and in respect of whom, for the specific matter for which they were arrested, no further action was taken—it really is not that serious that this data has been deleted. The National Police Chiefs’ Council lead for the police national computer has said that the deleted DNA contains records marked for
“indefinite retention following conviction of serious offences.”
Is it still the Government’s view that this deleted data is not important? If so, could the Government explain why this data is retained at all, and may be on other systems, if it has no real value in preventing crime in the first place, in the fight against crime and in bringing criminals to justice? In the absence of a credible answer to that question, clearly the data deleted is of significance. In responding, could the Government set out the potential damage that could be done, or has perhaps already been done, as a result of these inadvertent deletions?
We need greater openness and frankness from the Government, now and in promised further updates, about what has happened—merely
“technical issues … with the police national computer”
according to the Statement—and why. We do not need an attempt to brush it all off as down to a “human error” with consequences of little significance.
My Lords, let me try to bring some clarity to what has happened. The records that have apparently been deleted are those of people arrested but not charged, or charged but not convicted. These are sometimes, but not always, deleted. If someone is arrested but not charged or not convicted for one of more than 200 serious offences, their fingerprints and DNA can be retained for up to five years. If they have previous convictions for a serious offence, their fingerprints and DNA can be retained indefinitely. It may be that there are no fingerprint or DNA records for any of these people, other than those taken when there was no conviction. These are the records that have apparently been deleted. Meanwhile, some that should have been deleted have not been.
Although the people whose records have been deleted may not have been charged or convicted on this occasion, their DNA or fingerprints may be found at crime scenes in the future. If their fingerprints and DNA have been deleted, there is no way of proving forensically that they were at these crime scenes.
Some 213,000 offence records, 175,000 arrest records and 15,000 person records have potentially been deleted. Some 26,000 DNA records, 30,000 fingerprint records and 600 subject records may also have been deleted. This mistake could result in criminals who would otherwise be convicted of serious criminal offences not being identified, arrested, charged or convicted.
The Statement says that other databases such as the police national database can be checked, but my understanding is that the script run on the PNC deleted records on linked databases. Can the Minister confirm that?
Because of the variety of records that have been deleted—offence records, arrest records, person records and DNA and fingerprint records—it will be very difficult to put the jigsaw puzzle back together by collecting the pieces from different databases where the data may still be recorded. Is that the Minister’s understanding?
The first question, which the noble Lord, Lord Rosser, also asked, must be: why was there no back-up? In October, senior police officers wrote to the Home Office to say they had “lost confidence” in its ability to complete big IT projects. What evidence is there to support this view?
Work on the national law enforcement data programme is in serious trouble, as the noble Lord said. This replacement for the police national computer and the police national database began in 2016 but is not expected to be completed until 2023, significantly delayed and overbudget. That is despite the existing systems running on obsolete hardware, using obsolete software.
To take another example, the new emergency services network was due to replace the system of radios and other mobile communications used by the police, the Motorola Airwave network, by 2019. That Home Office IT project has been delayed, meaning the existing Airwave system has had to be maintained for at least three years beyond its planned end of life, which is costing an additional £1.7 million a day. The final total is expected to reach close to £2 billion.
The facts are that the Government not only cut police officer numbers by over 20,000 between 2010 and 2020 but failed to invest in the systems that the police rely on to be effective. They have committed to recruiting 20,000 new police officers—dressing the window—meanwhile allowing what is unseen but vital to fall apart.
Following the end of the transition period on 1 January, the police lost real-time access to the European Union Schengen Information System, SIS II, meaning that front-line officers no longer have real-time access to data on 40,000 fugitives and dangerous criminals. It is now clear that these officers, who put their lives on the line for us every day, cannot rely on UK systems either. What are the Government going to do, not just to retrieve the lost data, but to ensure that the Home Office IT systems that the police rely on are fit for purpose? At the moment, it is absolutely clear that they are not.
My Lords, I will start with that assertion by the noble Lord, Lord Paddick: this does not relate to SIS II. This issue was a human error. Both noble Lords talked about IT systems; again, this was a human error, but it would be churlish of me not to discuss what the Home Office is doing about IT systems. We are delivering a number of new national IT systems to replace ageing critical national infrastructure and provide modern digital services that extend and enhance police capability. They have already delivered some valuable new capabilities to front-line policing: for example, to do fingerprint checks in the field and to extend ANPR coverage significantly.
Noble Lords are right that there have been some delivery challenges. The noble Lord, Lord Paddick, talked about the ESMCP, where I share his frustration. I have been focusing on it closely, and a new programme director was appointed in August last year, with the support of an interim SRO. The focus has been on greater transparency to the emergency services. On that note, the emergency services need confidence that the programme will deliver, for which testing has to be done.
The noble Lord, Lord Paddick, was right in his breakdown of the numbers. On the point that this is not serious, it is. I do not think that my right honourable friend the Policing Minister tried to downplay that yesterday, in any way. It is serious. In answer to the noble Lord, Lord Rosser, who asked whether the deletion is not that important—no, it is important. It is important to show how the process that my right honourable friend outlined yesterday is going to work. The first stage is to bring back the data, not to try to restore that which has been deleted, as that could cause worse problems. We will do a close analysis by the close of play tomorrow. We will recover the relevant data and, fourthly and importantly, we will ensure legal compliance in all the moves that we make.
Back-ups are, of course, held for all systems but due to the scale, the complexity and the dynamic nature of how the affected systems interact, restoring from back-ups needs to be undertaken in a very controlled manner. Our technical teams are now working at pace to identify how to do this safely. As I said, we should complete this analysis very shortly, and it will give us the full picture of what needs to be done.
On the question from the noble Lord, Lord Paddick, about deleted records on police systems, I understand that the engineers managed to stop some of the activity before it could proceed any further. That is certainly a part of the analysis that is being done today, and the extent of that will be further understood.
The noble Lord, Lord Rosser, asked why we do not have an external review. The reason it is an internal review is because it is an issue of human error and the Home Office engineers are having to work at pace to identify the full list of affected records. The analysis is due to be completed, as I say, very shortly. There will be a lessons-learned exercise. Of course there will be a full lessons-learned review. As for who will carry out that, it may be an external person. I can certainly find that out for the noble Lord, Lord Rosser.
We now come to the 20 minutes allocated for Back-Bench speakers. I ask that questions and answers be brief so that I can call the maximum number of speakers.
[Inaudible]—that the Home Office is moving swiftly to rectify what we now learn was the result of human error. That error was in fact exposed by the Times last week. What troubles me—this has already alluded to by the noble Lords, Lord Rosser and Lord Paddick—is the latest report, again in the Times, that the Metropolitan Police Commissioner has apparently told the Home Office that the police has lost confidence in its ability to complete big IT projects—that is really serious—and that
“the Home Office was warned 18 months ago that a lack of investment in ‘creaking’ databases put the public at ‘significant risk’”.
That is at odds with the opening paragraph of this government Statement. Does the Minister accept that this, combined with the loss of access to certain EU databases from 1 January this year, now has the potential to present us with a perfect storm with regard to our security and policing? What plans do the Home Office have to alleviate this problem and to reassure law enforcement agencies and indeed the public?
I do not disagree with my noble friend that the confidence of the police and our operational partners is absolutely crucial to the delivery of these systems. Many of our systems are of course large and complex, and some of them date back some time—the noble Lord, Lord Paddick, talked about the Motorola project. We share the concerns about delays. That is why we are reviewing delivery, to ensure that projects are delivered as efficiently as possible to protect the public. As I said to noble Lords previously, I have taken a personal interest in the ESMCP because it is an absolutely crucial project to get right and to get delivered without any further delay.
My Lords, I draw attention to my relevant technology interest in the register. We rightly worry about sophisticated technological attacks on our national digital infrastructure and we worry post-Brexit about access to relevant European intelligence databases. However, is not our most critical national concern evidenced by seemingly systemic failures in our ability to effectively and securely manage data? Do we not appear to lack appropriate understanding of the necessary interdependence of technology, policy and user competence? Specifically, in an age when it is technological feasible to ensure that data cannot be truly lost through human error, can the Minister say what active consideration is being to adopting blockchain technologies to both secure and manage access to our most vital national data?
Technology and the sorts of things the noble Lord talks about are being developed all the time; he asked about technology not being lost through data loss, I think. This issue was human error in the coding. Much as I would like to say that human error does not exist, occasionally it does. This happened with the best technology systems in the world; how a system is coded will unfortunately predict what comes out the other end. I do not disagree with the noble Lord’s assertion at all.
My Lords, I recall being involved in a case in Southwark Crown Court where DNA convicted a man of rape 35 years after the offence. There was no other evidence. Statistically, there were would be only four people in the UK with the same DNA. What database exists for the recording of all DNA and other forensic scientific evidence where a crime is unsolved but the possibility of detection in the future remains? Will scenes of crime information of this sort be kept securely as part of the national law enforcement data programme, in the process of being developed by the Home Office, and if not, on what programme will it be kept?
I am slightly surprised by the noble Lord’s question because there has been quite strong feeling in your Lordships’ House, particularly from the Liberal Democrats, that DNA information should be automatically deleted after a certain period of time. The DNA records that were deleted required “no further action”. I totally understand the noble Lord’s point; I saw something about a conviction in Wales that went back years, and it was DNA that convicted that individual. On the holding of DNA, in most cases the data of unconvicted people has to be deleted.
My Lords, this is a serious matter. I was going to ask about alternative sources of data, but such is my disappointment at the attempt by the noble Lord, Lord Rosser, to take an unfortunate event caused by human error and seek to score political points, that I feel compelled to remind him of his own party’s policy, as stated on 11 June 2018 by the then shadow Home Secretary, Diane Abbott. She said:
“The state has no business keeping records on people who are not criminals.”—[Official Report, Commons, 11/6/18; col. 640.]
I believe that the police should have access to all the data and technology they need to arrest criminals. Does my noble friend agree?
We have just seen from the previous question that there is a bit of contradiction in some of the points raised by noble Lords on the Opposition Benches. Personally, I would allow my data to be kept for as long as anybody wanted for the purposes for which it might be used. Those pleas from the Opposition Benches have certainly been quite contradictory over the years.
My Lords, we now know that a weekly weeding session from the database owned and operated by the Home Office takes place for DNA and fingerprint records, and this has links to local police force databases. The Minister answered a Written Question that I tabled by saying:
“The police in England and Wales cannot at present automatically wipe facial images at the point when a person is determined to be innocent.”
So why are “no further action” facial recognition images not included in the Home Office’s weekly weeding?
Facial images have to be manually removed from the database, whereas the DNA database allows for automatic deletion. That is the answer.
This is an embarrassment and, sadly, not the first. My noble friend must be as frustrated as anyone about this. Does this not suggest some impenetrable and deep-rooted shortcomings in the Home Office structures, as the noble Lord, Lord Reid of Cardowan, pointed out so forcefully 15 years ago? If, after all these years, with attention from all sides, we have still not been able to make the Home Office fit for purpose, do we not need to stop kidding ourselves that our Civil Service structure is a Rolls-Royce operation that just needs a fine tune? Without entering into a blame game, do we not need to ask the really difficult questions about why it keeps breaking down—and, in the interests of Ministers, civil servants and, not least of all, the public, do more to find an updated model that works?
My Lords, we need to get to the heart of what happened here, which was human error in the coding of a programme. As I said earlier, all the best IT in the world cannot prevent human error—it will happen. I am not in any way undermining the seriousness of what happened, but it was indeed human error.
My Lords, we are facing a sorry state of affairs in policing issues in this country. First, despite the introduction of 20,000 new police personnel, we learn that a large number of crimes are not reported, including one in four serious crimes in the Manchester police force. Secondly, we have lost records, despite a number of requests to renew our technologies in this area. My noble friend Lord Paddick asked a question on this. Have any discussions taken place with our EU colleagues about whether this deletion of records has any implications for proceedings in their countries?
I confirm to the noble Lord that this has no relation to SIS II, so our European partners are not relevant in this case, which is one of human error. The noble Lord talked about criminal records from Greater Manchester Police; it is terrible that crimes have not been recorded and followed up, which my right honourable friend the Policing Minister is incredibly concerned about.
My Lords, can my noble friend confirm that those who are currently relying on data searches via the police national computer for investigations will be able to rerun those searches once the recovery work on the computer is complete? Do we have an estimated time for this work?
I say to my noble friend that they can run them now. On the recovery timescale, as I said, the analysis should be complete by close of play today, and the work will be done to remediate the system as soon as possible after that.
My Lords, it is not just 175,000 arrest records of people arrested and released without charge, is it? My noble friend Lord Paddick told us just how many offence and person records have also gone missing. Can the Minister tell us how many of these were under live investigation?
These were “no further action” records—but, as I say, the further analysis of this will be completed, and I am sure I will be able to explain this to the House in more detail in due course.
My Lords, the development of the police national computer, in which I was involved many years ago, was a massive leap in the progress of law enforcement in the UK. As the noble Baroness well knows, the value of real-time data from the PNC is critical to all front-line police officers. DNA and fingerprint evidence is also essential, not only in convicting but in establishing innocence in our courts, in historic and current investigations. For the record, I agree with her that, once taken, DNA should be retained forever. Can she shine any more light on how the error occurred? Can she also give your Lordships any idea of whether it will be possible to recover all or part of the lost data, which is perhaps also held elsewhere?
I am very happy to give the noble Lord an update: last week the Home Office became aware that, as a result of human error, the software which triggers these automatic deletions contained defective coding and had inadvertently deleted records that it should not have and had not deleted some records which should have been deleted. An estimated 213,000 offence records, 175,000 arrest records and 15,000 person records are now being investigated as potentially having been deleted. It is worth explaining to the House, which I did not do before, that multiple records can obviously be held against the same individual, as the noble Lord will know.
On how we dealt with it, on the same day as the Home Office became aware of it, engineers put a stop to the automated process to ensure that no further deletions took place. All similar automatic processes have also been suspended. Earlier last week, Home Office civil servants and engineers worked very quickly to alert the police and other operational colleagues, and established a bronze, silver and gold command to manage the incident and co-ordinate a rapid response. The noble Lord will have heard me say to two previous speakers just what the process will be over the next few days.
My Lords, I, of course, accept my noble friend’s assurances that this was human error. Indeed, human error has brought down the biggest and most sophisticated IT companies, such as Facebook, Google and Twitter. Nevertheless, this shines a light on the still creaking government IT procurement systems. I echo the comments of my noble friend Lord Dobbs. Is it not time to get departments out of their fiefdoms and working more effectively with the Government Digital Service to provide an IT strategy that is fit for purpose as we end the first quarter of the 21st century? We still have these fiefdoms procuring huge IT projects at vast cost and overrun which are not fit for purpose. It is time to centralise this procurement process.
My Lords, I do not know whether I am speaking as a Minister or not, but on a personal level I totally agree with my noble friend. A whole-of-government approach would be so much better in so many areas, but each department is very protective of the money it seeks from the Treasury. Perhaps in future we will begin to have much more of a common approach on technology and procurement.
My Lords, I think the Minister has just pleaded guilty. Of course, it was human error—she must have repeated that 20 times. But what else has emerged in this questioning, to use the old phrase of the noble Lord, Lord Reid, is that the department is not fit for purpose, certainly not for the purpose of making a major data investment. I repeat and emphasise the request of the noble Lord, Lord Rosser. I do not think that an internal inquiry will not work for this. We must have a proper external inquiry with a report to Parliament, which Parliament can then study and debate. From her last reply, I suspect the Minister will agree.
My Lords, I have said that it was human error—probably fewer than 20 times, actually—because it was human error. I also repeat that there will be a full lessons learned review. I am not undermining the seriousness of this at all, because it is a very serious matter.
Sitting suspended.