nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

UK official LOSES Mark Duggan shooting discs IN THE POST

Nobody’s found a politically charged package have they?

By John Leyden, 30 Jan 2015

Discs containing information from three sensitive police inquiries – two of which involved‪ highly controversial shootings in London, including that of Mark Duggan – ‬have gone missing after being sent through the post. Yeah, you read that right: sent through the post.

The information covers probes into the role of the police in the deaths of three men – Duggan, Azelle Rodney and Robert Hamill.

Officials at the UK's Ministry of Justice realised the optical storage discs had gone missing three weeks ago. A member of staff has since been suspended.

Duggan was shot by police in 2011 while Rodney died in similar circumstances back in 2005. The third case related to the 1997 murder of Hamill by loyalists in Northern Ireland, which his family and campaigners claim involved police collusion.

Each case involved testimony from witnesses, including police officers, who were offered anonymity. It's unclear whether or not copies of the missing documents included the personal information of witnesses.

A Ministry of Justice declined to take questions from El Reg because of ‪an independent inquiry into the incident, referring us to a government statement instead.‬

The government takes information security extremely seriously, and this incident is a breach of the arrangements that should be in place.

At this stage there is no evidence to indicate that the information loss arose from malicious intent.

Nevertheless, it is essential to take the most precautionary view and to take all necessary steps to safeguard the interests of anyone whose information could be disclosed.

Police and other agencies have undertaken their own risk assessment, and have identified and taken any steps necessary to ensure the protection of officers.

We'd wanted to ask whether or not the data had been encrypted, as well as why post was used to move sensitive information, which anyone in the tech industry might commonly be sent by secure file transfer technologies that have been available for many years.

"Intensive searches" assisted by police have failed to find either of the two missing discs. Families of the deceased have been informed.

ID of Duggan marksman apparently in lost file

Duggan's death sparked riots that spread from north London to other cities across the UK in 2011. Reporting restrictions applied in the case mean that the identity of the police marksman who killed Duggan has never been made public.

Mark Duggan's aunt Carole Duggan told the BBC: "The criminal justice system went out of its way to protect the identities of the officers who killed Mark, issuing all manner of reporting restrictions and anonymity orders in court. Now we learn that this apparently sensitive information has been 'lost in the post' at the Ministry of Justice."

The Hamill family said: "We are at a loss to understand why any material relating to the Robert Hamill inquiry should have been posted or sent at this particular time, given the fact that the inquiry report itself was completed in February 2011."

In a statement, the Metropolitan Police said it had carried out a risk assessment on the lost material before taking "appropriate" steps.

We have carried out a full risk assessment on the material that is relevant to the MPS ... and have taken the necessary steps. Due to the nature of the material we are not prepared to discuss what those steps entail.

Police are NOT investigating the loss of the sensitive discs, which the MoJ is treating as accidental.

In a statement supplied to the BBC, the Information Commissioner's Office said it was looking into the incident.

We have recently been made aware of a possible data breach involving the Ministry of Justice. We will be making enquiries into the circumstances of the alleged breach before deciding what action, if any, needs to be taken.

The whole incident recalls the infamous loss of two discs containing ‪child benefit data back in 2007.‬ Records for 25 million people, relating to child benefit payments for 7.25 million families, were sent using the HMRC's internal postal system but never arrived.

The discs were password-protected but unencrypted, and sending them was a breach of HM Revenue and Customs procedures even at the time. A further copy of the information was sent, this time by registered post, and did arrive.

The MoJ has form when it comes to data loss screw-ups. For example, the UK prisons ministry was fined £180,000 last year over the loss of unencrypted back-up hard drives containing sensitive information. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing