Wednesday, April 27, 2005

Your personal information is for sale

From The Guardian:
Two national newspapers paid to receive confidential information from the police national computer, a court heard yesterday.

Articles from the Sunday Mirror and the Mail on Sunday were used in evidence against two former police employees and two private investigators charged with offences involving the sale of police information to the press.

The court was told that Stephen Whittamore, a 56-year-old private investigator with links to the national press, provided "very personal and confidential details" about a series of high-profile figures, including the EastEnders actors Charlie Brooks and Jessie Wallace; Bob Crow, general secretary of the Rail Maritime and Transport Union; and Clifton Tomlinson, son of the actor Ricky Tomlinson.

Riel Karmy-Jones, prosecuting, told Blackfriars crown court in central London that Mr Whittamore had received the information "through a chain" made up of the three other defendants: the private investigator John Boyall, 52; Alan King, a 59-year-old retired police officer; and Paul Marshall, 39, a former civilian communications officer who was based at Tooting police station in London.

Mr Marshall and Mr King both pleaded guilty to conspiracy to commit misconduct in a public office, while Mr Whittamore and Mr Boyall pleaded guilty to the lesser charge of breaching the Data Protection Act. All four were given a two-year conditional discharge.
This isn't unusual. Spy Blog points out that there have been many similar cases in England, including:
the breach of the Driver Vehicle Licensing Agency computer systems by animal extremist supporter Barry Saul Dickinson who only got 5 months in jail for the offence of "misconduct in a public office" and the Metroplitan Police spy Ghazi Kassim who only got two and a half years for "three charges of misconduct in a public office".
Why the reference to English cases? Is Ireland somehow immune? Hardly. We can be sure that similar cases are happening here. Although we have yet to convict somebody of selling information, there are periodic glimpses of things happening under the surface.

Two recent examples. The Minister for Justice has stated that some GardaĆ­ are selling information to journalists. (The background to that statement includes alleged leaks by GardaĆ­ to journalists about an assault on the Minister's son earlier that year.) Similarly, the Sunday Business Post recently printed (in relation to the Morris Tribunal) that:
Gardai have also been on the receiving end of phone bill enquiries. “I was able to access the phone records of 38 people, most of them guards,” said private investigator Billy Flynn, who helped expose the Donegal garda scandal. “You get a complete profile of the person - who they are contacting, how often and at what times."
There are other credible allegations out there - but our defamation laws don't encourage their repetition here.

Any system is open to insider attacks, and there will always be a risk of a dishonest user seeking to profit from their access. The key must be to minimise this risk by limiting the data which is available to the insider, tracking the data which they access and determining whether they have a reason to do so, and ultimately deterring abuse with a credible risk of detection, prosecution and conviction. I'm not sure that Irish law goes far enough to do this.

No comments:

Post a Comment