Feeds

MPs demand controls on Euro police databases

Co-operation needs human touch

SANS - Survey on application security programs

The Home Affairs Select Committee has advised government to put its weight behind neglected European efforts to hold the rapidly emerging system of police databases answerable to human rights legislation.

The committee's proposals, published today in a report on EU police and judicial co-operation, include a bar on agreements like the controversial PNR (Passenger Name Records) and Swift data sharing arrangements that the EU formed with the US in the name of the "war on terror".

It also recommends the government seeks to restrain EU efforts to share data between police forces by ensuring decent data protection laws are adhered to.

It noted how the EU (and largely the council) had been rushing ahead with plans to link European police databases, while legislation designed to protect citizens' fundamental rights against abuse from such powerful policing tools had been left to flounder.

"We consider that in the area of data protection there is evidence of insufficient political appetite for protective measures as compared to law enforcement ones," the report noted.

An EU measure to introduce data protection legislation into the third pillar of EU law (where matters regarding the police and judiciary sit) had been more or less abandoned because the council had failed to come to an agreement. Yet in the absence of an agreement, a cabal of EU states went ahead with their own police database plan called the Prüm Treaty, which contained weak data protections. This had subsequently been introduced as an EU framework, the committee noted, "almost as a fait accompli".

The committee was concerned about the precedent Prüm had set for European democracy, while noting the lack of scrutiny of these proposals in Westminster.

"There is a danger that if [Prüm] is not implemented with sufficiently rigorous safeguards, in particular robust data-protection arrangements, the principle risks the dissemination of personal data of UK citizens without sufficient control over the subsequent use of that data."

Experts told the committee how greater police co-operation across Europe could lead to greater abuses of human rights. Professor Steve Peers, of the University of Essex, warned that police would be tempted to use their databases to go on fishing expeditions unless their access was restricted.

Dr Valsamis Mitsilegas, from the University of London, said as police standardised their data formats, the sharing would become "quasi-automated", making it difficult for police to make checks that would uphold key data protections.

For example, data is supposed only to be used for the purpose for which it was collected, not shared with countries without proper protections, and not taken from sources that might have got the data through coercion or torture.

While people have found it easier to shuffle around EU states, police data sharing arrangements have been shoddy. Even the steps taken to improve matters in 2005 where inadequate, it noted. The 2005 legislation only made sure European police forces shared relevant data with one another about suspects and criminals on a weekly basis. It did not hold them to using common formats and ensuring a minimum standard of quality.

To illustrate the poor level of co-operation between European forces, the report noted the case of 63-year-old Belgian Michel Fourniret, who was arrested in 2003 for the murder of six French girls and one Belgian girl. Belgian police had no idea he had previously been sentenced for the rape and indecent assault of minors in France.

However, Home Office minister Joan Ryan said the UK was seeking to join an EU pilot for a more active police data link than those already being pushed through in legislation. The way the report described the pilot, it sounded as though it was exploring greater levels of integration between police databases than was presently accepted to be within the bounds of data protection.

The standard was set on the VIS (Visa Information System) legislation currently being passed through the Brussels legislature: it gave European police forces only limited access to one another's databases and only for good reason.

The principles behind these restrictions also prompted the committee to commend Ryan's suggestion that further agreements like the PNR data sharing arrangement with US terror investigators was "an area that the EU should hopefully be able to avoid".

The same went for other US data gathering exercises: "We consider that the casual use of data about millions of EU citizens, without adequate safeguards to protect privacy, is an issue of much greater significance than many of the other EU-related matters put to the UK government and Parliament for consideration," said the report.

"We recommend that the government and the European Commission should prioritise the question of provision of personal information to countries outside the EU as an issue of the greatest practical concern to its citizens."

It added that it was urgent that the government put its weight behind the EU proposal for data protection in police matters and that it ought to listen to the recommendations of the European Data Protection Supervisor (EDPS) if it wanted to see it done properly.

That should please the EDPS no end, because the headlong merger of police databases without proper regard for data protections is an illustration of just how well the EU Council has listened to the supervisor before now. ®

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.