Yorkshire plods LOSE 9,000 GUNS in rogue BOFH database blunder

'Update your details please' 'Um, yes, you licensed me to have these six AK-47s ...'

SANS - Survey on application security programs

Bungling police staff at South Yorkshire Police have finally copped to a huge snafu in their firearms database after spending the last two months writing to thousands of firearms licence holders. The letter simply requested they "update their details". Bosses have blamed the database snafu on the actions of a sacked administrator.

South Yorks coppers had apparently first noticed that the force did not know where all the licensed firearms were located as far back as October 2012. Chief Superintendent Rob Odell told the Yorkshire Post that it was around that time that it became clear that the records were not being updated. The incident has led to serious concerns about the accuracy of thousands of entries on a critical police database.

A member of the force’s Firearms and Explosives Licensing Department was dismissed for misconduct in February after bosses discovered she had been “inaccurately recording” – or not recording at all – information submitted by firearm and shotgun owners.

Legal owners of firearms in the UK must inform the police whenever they move house, sell or dispose of a firearm, or want to buy a new rifle. This information is recorded on the National Firearms Licensing Management System (NFLMS), which all 43 of the UK’s police forces – as well as the Serious and Organised Crime Agency – have access to.

Chief Superintendent Odell told the paper that after discovering the scope of the problem, firearms licensing bosses wrote to all 9,000 firearm and shotgun certificate holders in the county earlier this month, claiming the force’s records were being “audited”.

“We are in a situation not of our making,” said Chf Supt Odell, “but we are trying to deal with it in as quick and pragmatic a way as possible. We are keen to assure our records and this is the best way to do it.”

The letter to the county’s gun owners, which The Register has seen, did not give any indication that the police had effectively lost control over the database of firearms and their owners. Nor did it mention that the police first noticed discrepancies eight months before writing to owners. It said:

We are currently undertaking an audit of all firearms and shotguns held within South Yorkshire and would appreciate your co-operation with this matter. I would be grateful if you could complete the table below with the details of firearms or shotguns you currently possess and return this information … to enable us to check these details against our records.

Bill Harriman, director of firearms at the British Association for Shooting and Conservation, the UK’s largest shooting organisation, told the paper: “South Yorkshire Police has an abysmal record when it comes to firearms licensing so this revelation comes as no surprise to me. When BASC members started receiving these letters, we suspected something was wrong with police record keeping.”

“Neglecting to record critical information such as changes of address or changes of firearm could potentially undermine the [police’s legal] duty to preserve public safety,” he added.

A police spokesman said: “The integrity of police-held information needs to be assured and South Yorkshire Police acted as soon as possible to ensure this is the case.”

The NFLMS is a prime example of pisspoor government IT procurement. Following the Dunblane tragedy of 1997, Lord Cullen recommended the introduction of a single, national computerised system for monitoring legal firearms ownership.

After a delay of almost a decade the system was initially rolled out in 2006, following a litany of “technical problems”.

Linda Saynor, the then firearms and explosives licensing manager at South Yorkshire Police,explained the database’s purpose at the time to public policy site The Information Daily: "The National Firearms Licensing Management System will allow firearms officers to check the applicant on the database to see whether an application has been submitted anywhere in the country previously and what the outcome was."

The NFLMS interfaces with the police’s existing STORM command-and-control system and the Guardian information collection and data management package. Some police forces, such as Devon and Cornwall, have managed to connect the NFLMS to their own in-house mapping systems, producing maps showing the locations of firearm owners’ homes which beat constables can access from their force-issued mobile devices.

As with any database, the accuracy of the NFLMS depends on the data entered into it. While firearms owners are subject to criminal prosecutions for minor technical offences* linked to their licences, some worry that failures by police licensing departments could have a negative effect upon law-abiding shooters.

“If I didn’t inform the police that I’d sold one of my rifles they’d prosecute me,” said 55-year-old Simon Wright of Northamptonshire, “my firearms certificate would be revoked and I’d get a criminal record. But there won’t be any comebacks for the police in this case. I’m just lucky enough to be covered by a different force’s licensing department who take pride in their work.”

UK firearms owners are subject to thorough background checks by the police before being granted a firearm certificate. The licensing process includes checks with the Police National Computer, Special Branch (who conduct their own background checks on applicants), and forces’ local intelligence systems. Chief constables are personally responsible for signing off certificates issued by their forces.

A Parliamentary memorandum by the Office of Legislative Affairs commenting on Blighty's gun laws said: “No one knows whether the control regime works. Moreover, the manner of its administration suggests that in some quarters it is not given as high a priority as the public might expect.” ®


* Most firearms certificates are normally granted with authorisations to hold hundreds of rounds. Going 100 rounds over that allocation is comparable to stopping in a yellow box zone at a junction; yes, it’s illegal, but the harm is negligible.

High performance access to file storage

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Reprieve for Weev: Court disowns AT&T hacker's conviction
Appeals court strikes down landmark sentence
prev story


Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.