150,000 lost UK police records looking more like 400,000 as Home Office continues to blame 'human error'

That technical issue the department said it had fixed? It didn't exist


Estimates detailing the loss of criminal evidence records by the UK Home Office and the police show the figure leaping from 150,000 to 400,000.

Nonetheless, in a statement issued on Saturday, the government department said it was working to restore the records using the magic of computer code.

"Working with the National Police Chief's Council and other policing partners, data engineers within the Home Office Digital, Data and Technology function continue to develop and test new code with the ultimate aim of restoring the data," the department said in a statement issued on Saturday.

It has so far not responded to The Register's questions about where this code would be running and where it hoped engineers could recover the lost records from.

It has also yet to answer questions about the cause for the data loss of thousands of fingerprint, DNA, and arrest records. The losses have led to fears that matches between crime scene evidence and any potential offenders may not be identified.

The Home Office initially issued a statement late on Thursday saying the data loss was down to a "technical issue", which had been resolved, a statement still live on its Twitter feed.

Though there must have been some technical resolution because by Friday the Home Office was saying it was not a technical issue after all, and in fact a "housekeeping error", as The Register reported.

Over the weekend, the Home Office issued a further statement, with Home Secretary Priti Patel saying: "Home Office engineers continue to work to restore data lost as a result of human error during a routine housekeeping process earlier this week."

In a letter published by The Guardian, National Police Chiefs' Council (NPCC) deputy chief constable Naveed Malik, lead for the organisation on the Police National Computer (PNC), said approximately 213,000 offence records, 175,000 arrest records and 15,000 person records had potentially been deleted in error.

Meanwhile, the DNA database connected to the PNC saw 26,000 records corresponding to 21,710 subjects potentially deleted in error, "including records that have previously been marked for indefinite retention following conviction of serious offences". The letter also said 30,000 fingerprint records and 600 subject records may have been deleted in error.

The PNC dates back to the 1970s. The current iteration is a Fujitsu BS2000/OSD SE700-30 mainframe based in a Hendon data centre, running Software AG's natural programming language-using ADABAS database. The UK's territorial and regional police forces, Serious Fraud Office, Security and Secret Intelligence Services (MI5, MI6), HM Revenue & Customs, and the National Crime Agency all make use of it. They have controlled and 24-hour access from remote terminals and through local police force systems.

According to Adam Smith, chair of the Software Testing Group at BCS, The Chartered Institute for IT: "In order to delete data from a live environment through a coding error, a failure needs to occur not just in the coding, but in the test design (or one of its supporting processes, such as making sure the right version of the software is in the testing environment.)

Smith added: "Even the non-critical systems are typically backed up daily, so either a failure has also occurred in the backup process, or something about the backout plan for the software change wasn't tested properly and has failed."

The BCS said in a statement: "It is likely that a developer, test analyst and release manager would all have been part of the process leading up to the failure.... The incident highlights the fact that IT practitioners should be accountable to independent professional standards." ®


Biting the hand that feeds IT © 1998–2021