Dratted 'housekeeping', eh? 150k+ records deleted off UK’s Police National Computer database

This has got to be the Who Me? story of all time...


An "error" in a "standard housekeeping process" on the UK’s controversial Police National Computer (PNC) database has led to the deletion of more than 150,000 DNA, fingerprint and other records, the Home Office has confirmed.

The PNC - the national law enforcement DB that holds personal info on people arrested by the police as well as data on people who have been questioned by police but never charged or convicted of any offence - is hosted on a Fujitsu mainframe, running Software AG's Natural programming language using ADABAS database.

Last year Home Office Minister Kit Malthouse assured Parliament it had round-the-clock support from the vendor.

Reportedly, a weekly so-called “weeding” session to purge old data erroneously removed the valid data, which included arrest, fingerprint records and intelligence files about suspects. Visa applications were also held up for two days, according to the Times.

The deletion reportedly took place this week.

Malthouse told The Reg in a statement:

Earlier this week, a standard housekeeping process that runs on the Police National Computer deleted a number of records in error.

A fast time review has identified the problem and corrected the process so it cannot happen again. The Home Office, NPCC and other law enforcement partners are working at pace to recover the data.

While the loss relates to individuals who were arrested and then released with no further action, I have asked officials and the police to confirm their initial assessment that there is no threat to public safety.

The PNC system is a Fujitsu BS2000/OSD SE700-30 mainframe based in a Hendon data centre. It is used by the UK’s territorial and regional police forces, the Serious Fraud Office, the Security and Secret Intelligence Services (MI5, MI6), HM Revenue & Customs and the National Crime Agency. They have controlled and 24-hour access from remote terminals and through local police force systems.

Fujitsu BS2000 mainframe has a central SE server unit running the BS2000 OSD/XC operating system and applications. There are additional server and application units that can be attached, as well as an SE net unit for network connectivity. The application units can be X86 servers running Unix and Windows, with applications executing inside these environments.

Storage can (potentially) be provided by a Fujitsu ETERNUS SAN with ETERNUS LT tape libraries available for backup and archive.

Fujitsu's HSMS line is a hierarchical file, database and library backup system for the BS2000 mainframe.

The lost data include fingerprints and DNA collected from individuals arrested by the cops.

Policeman claps in London street

Non-police orgs merrily accessed PNC without authority, says HMIC

READ MORE

The system is operated under the UK’s Home Office, and weekly user jobs locate and weed out data that is no longer required or must be deleted after a certain time.

We understand this is Home Office-provided software, not Fujitsu software. Fujitsu would not have weeding functionality in the base BS20000 OS, which would likely be a function of the PNC's application and system software.

We have asked Fujitsu for comment.

Separate DNA and fingerprint database systems are connected to the PNC, which is how their record data can be "weeded" as well.

It is reported that Home Office staff are trying to get some of the deleted information back. This implies, strongly, that they cannot simply restore the deleted information from backup files.

Police were warned about problems getting data onto the PNC in 2005, following the Soham murders.

That same year, the Police National Computer's "Hot Stand-By" back-up system, designated "national critical infrastructure" by the government, was destroyed in a Buncefield oil depot fire that also damaged the premises of Northgate, Dixons, etailer Asos.com and Richer Sounds.

In 2018, The Home Office said it was planning to replace the creaky PNC and the Police National Database (PND) with a Law Enforcement Data Service (LEDS) as part of its National Law Enforcement Data Programme - which has also come under fire by civil rights bodies..

A 2016 investigation by HM Inspectorate of Constabulary (HMIC) revealed that the non-police bodies including the Financial Conduct Authority, Scottish Society for the Prevention of Cruelty to Animals, and the Gangmasters Licensing Agency had obtained ongoing, illicit access to the PNC. ®

Do you know something we should know? Send a tip to the scribe here. There are instructions on how to reach us more securely here.


Biting the hand that feeds IT © 1998–2021