CPS apologises for DNA disc blunder
Civil Service pass-the-parcel
The Crown Prosecution Service has apologised unreservedly for misplacing a disc of DNA profiles sent by Dutch authorities in January 2007.
The 2,159 DNA profiles from crime scenes were not checked against the UK database until February 2008. This resulted in 15 matches. Because of the delay in dealing with the disc, 11 of the 15 suspects had already gone on to commit further crimes in the UK.
The disc contained DNA profiles but no identifying information - the idea was to find matches between the two databases first, then get the legal clearance to link those to actual database entries.
A review by Peter Lewis, chief executive of the CPS, found the disc was sent unexpectedly to the CPS - it should have gone to Mutual Legal Assistance, which deals with international exchanges of police information and evidence.
Instead, it was sent by business post in an envelope addressed to CPS's Ludgate Hill office, but not to an individual or even a department.
The disc arrived 29 February 2007. On 2 March a senior manager noticed the disc and contacted Dutch authorities, who told him the right lawyer to contact within the CPS.
The review said: "By March 2007 the Dutch disk was in the hands of the lawyer who, although not expecting the disk, was aware of the background to Operation Thread [as the Anglo-Dutch co-operation was known], knew what was likely to be contained on the disk and should have understood its importance to the investigation of crime in the Netherlands.
"All that was now required was for the disk to be placed in a safe or secure cabinet and for contact to be made quickly with the police to arrange for the secure collection or transfer of the disk. This was a simple task that could and should have been undertaken immediately."
But this "simple task" was not carried out. The disc did not get delivered to the police until almost a year later - January 2008.
The report gave a brief summary of the disc's travels, or lack thereof, in that period.
The lawyer who had the disc took an unexpected and lengthy leave of absence in early April 2007. This person did not tell their manager about the disc. In late April Dutch authorities asked about the disc, but nothing was done.
In August 2007 the CPS searched for the disc and could not find it. On 14 August the Home Office cheekily asked the Dutch if they could pop another copy in the post. The report notes: "The Dutch Authorities were more concerned about the whereabouts of the original disk and the matter was not pursued."
In late October the lawyer returned from their leave of absence. The disc was found and police contacted 21 November.
The report said: "There followed an almost casual exchange of correspondence over the next two months... The disk was eventually collected by NDNADB [National DNA Database] on 11 January 2008."
No evidence was found that the disk was copied or ever left the CPS offices.
The report is circumspect about actual crimes committed as a result of this failure, because: "A number of individuals who may have felt they had successfully escaped justice in the Netherlands are now at risk of arrest and it would be very unfortunate if a fuller reporting of Operation Thread alerted them to their vulnerability and caused them to go into hiding, flee the jurisdiction or impede investigations in the Netherlands."
The report made several recommendations for improving data transfer in future, but said: "It is essential that understandable concerns caused by both the delay in executing Operation Thread, and the uncertainty of its final outcome, do not in any way diminish enthusiasm for similar exchange agreements with other partner states in the future." ®
I bet the procedure wasn't defined in the IT contract.
I remember several commenters in the past taking the trouble to explain the hassles for a government IT supplier doing anything which isn't already defined in the contract.
Want to bet that there's no procedure to cover apparently mis-delivered CDs (which are a security risk--trojans, vurses, and stuff)?
And there would therefore be no evidence that the disk was copied or left in the office.
Which is completely different to there being evidence that the disk was not copied or left in the office.
It's all in the way you phrase things.
"Further more, if the disc had been crafted such that it was a bomb that went off once it reached a particular angular velocity (ie spinning in a drive)"
You [b]can[/b] take paranoia a step too far you know.
Is this idea even feasible? It needs to be a stable explosive, and be effectively concealed in something that genuinely resembles a CD-ROM disk and have the necessary mechanism to trigger at a certain spin speed, but not when chucked around in the post...