Analysis Home Office proposals on "multi-agency information sharing", leaked to the Times this week, say that council, NHS and care staff should be given a statutory obligation to pass on information about anyone they think might commit violent crimes in the future.

According to the Times, the report proposes that a preliminary risk assessment be made by the body concerned, following which those flagged as dangerous should be referred to a new "multi-agency body" for more detailed assessment.

The proposals were circulated by Simon King, head of the Home Office violent crime unit, and envisage a new statutory obligation on professionals to pass on their fears about potential future offenders. There would be, it suggests, two new agencies for them to tip off - one for potential criminals and one for potential victims.

The proposed agency for possible criminals could perhaps be seen as a step on the road to a Department of Precrime, with a growing database of potential murderers and rapists who haven't actually done anything, yet. The second body adds handy symmetry for Home Office strategists seeking quick fixes for the twin cause celebres of Soham and Haringey.

If murderer Ian Huntley had been intercepted early enough, then the Soham murders would not have happened, while if the threat to Victoria Climbié had been properly identified, she would not have died.

If, indeed. But in both these cases, although failure to share information is widely seen as being to blame, and frequently used by the government as a justification for breaking down the 'outmoded' barriers to data sharing between public bodies, carers and agencies, in neither of these cases was this entirely true.

In the case of Victoria Climbié information was shared at various points between hospital, social services and police, and her death was more a consequence of failure to act, or failure to act with sufficient urgency, on the information that was available. And while there were failures of information sharing in the Huntley case, it is clear from the report of the Bichard enquiry into the Soham murders that this is a systemic problem, not one that can be fixed simply by placing a statutory duty on professionals to pass on their concerns to a new agency that manages a suspect list.

Inadequate IT systems and practices loom large in the list of failures identified by Bichard, but cancellations, delays and overruns have meant that little has been done since Bichard to address these failures. From the government's perspective it is no doubt a lot easier to announce a whole new "fix" (necessitating, erm, another new database) to be layered on top of the existing failing systems, but there's no reason to believe this will have any effect on the root problems.

Bichard found numerous problems with the IT systems used by police, and with police data entry and retention practices. The Police National Computer (PNC) was the only system accessible by all forces in England and Wales, but its effectiveness as a broad-ranging national system remains limited, and there had been "major and continuing problems" with it.

Bichard also notes that although various reviews resulted in the adoption of the National Strategy for Police Information Systems (NSPIS), they "did not address urgently enough the problems of the existing systems and whether these needed to be modified or improved in the interim." NSPIS, set up in 1994, is intended to standardise the forces on a compatible IT architecture running national software applications. Some 38 applications were originally envisaged as being part of this. Crucially, however, the common IT system for managing criminal intelligence was removed from the list in 2000 in order to cut costs, and this leaves forces singularly ill-equipped to share intelligence - a key problem in the Soham case.

More recently, the Home Office pulled the plugs on CRISP, the Cross-Region Information Sharing Project, one of the justifications offered being that police quality standards for inputting, maintaining and sharing data would not become compulsory until 2010. This could easily be read as "it's not possible to fix the broken databases and procedures because the databases and procedures are broken" - but this could be seen as a reasonable summation of the hill police IT systems have to climb.

Although there is general acceptance that police forces are in serious need of radical IT upgrade, sooner rather than later, the concerns Bichard expressed regarding attention to existing systems remain valid, and reactions such as the Home Office "Precrime Register" plan illustrate how government is still trying to address the problems via the wrong routes.

The professional organisations it is proposed to charge with identifying potential problems already are in large measure organisations whose role includes the identification of those problems. And where they (in the Soham case, the police and social services) fail, they fail to a great extent because the tools and systems they use are faulty, or barely exist.

What went wrong?

By the time he committed the Soham murders, Ian Huntley had been the subject of several allegations of rape and of sex with under-age children, had had repeated contact with social services and Humberside police in connection with these, and had also been charged (but not convicted - the charge was allowed to "lie on file") for burglary.

Generally, the failings in the case are seen as being of communication between Humberside and Cambridgeshire police, because the criminal record check made via Cambridgeshire came out clean, revealing none of the information that was known (but, as it turns out, only after a fashion) to Humberside. The history of Huntley's involvement with the authorities as set down in Bichard (from page 23 on) however shows that the problems went much deeper.

In the underage sex cases it is clear that risk assessment did to an extent take place, but this was largely focussed on the young girls involved. Social services and police did exchange information at various points, but social services approached each instance separately, with no apparent awareness that a single individual was involved.

The system used by social services did not readily facilitate this, as it was searchable only by the name of the "service user" (i.e. the child), not by any claimed perpetrator. And social services themselves failed on several occasions by not referring matters to the police when they should have. There were however discussions between social services and Humberside police at various points, and the course of action followed afterwards was agreed between the two bodies when this happened.

There is clearly an argument for social services systems being aimed primarily at protection of the vulnerable, and their ability to do this could be damaged if they began to be perceived as part of an enforcement network (which is one unfortunate potential consequence of current government data sharing strategy). In fairness, however, it is difficult to see Humberside's social services' failure to identify Huntley as a serial threat to its customers as anything other than an own goal. They would surely have performed more effectively if they had been better equipped to grasp the nature of the threat.

Note however that as they were not able to spot that Huntley was a single threat rather than three or four separate incidents, they would have been entirely unable to pass any useful information on to the Department of Precrime. If the systems themselves are not able to spot the serial offender, then why should we expect a superimposed deus ex machina to be able to do so?

Humberside police also lacked a record or an awareness of the totality of Huntley's activities, and no 'big picture' of the man was built up in around 15 years of contacts with him. Bichard catalogues a series of, effectively, individual incidents where the outcome was explicable, even logical.

Look at each of these individually, consider the likely costs and benefits of available courses of action, and ask yourself, what would you have done? There is no obvious gross incompetence or negligence. There are various human errors, but systems need to be able to cater for and trap human errors - here, with little or no safety net, the errors simply added a little more to the chances of Huntley being given a clean bill of health.

In none of the cases of alleged child sex would the children involved or their parents press charges, while none of the rape allegations could be made to stick. Effectively, despite regular police attention over a protracted period, the nearest thing to a record Huntley had was the burglary charge. But the information to produce something more meaningful did exist, as illustrated by an intelligence report that was filed, finally, by one PC Harding in 1999.

Huntley, said the report, had come to the attention of Grimsby CID in four separate rape enquiries and one indecent assault. "Huntley on all these occasions has targeted women that he knew or has befriended, usually in nightclubs..." The report explains that Huntley admits to sex with consent, and that he "seems to choose women who do not make ideal witnesses/complainants", hence the lack of convictions. But: "It is clear that Huntley is a serial sex attacker and is at liberty to continue his activities..."

PC Harding's report makes it clear that it was possible for police to produce a coherent and accurate (albeit overly-conclusive regarding guilt) assessment of Huntley, but this was the one and only intelligence report (there's a form, form 839) filed on Huntley, despite there having been justification for these earlier in the series of contacts.

Were the officers involved wrong in failing to complete them? Possibly, but filing intelligence reports for every last no-hope, minor, loser of a case (as most of these must have seemed) does not seem a sensible approach. As with social services, most of the contacts were dealt with case-by-case - there was no reference to a big picture, and (PC Harding's report aside), no big picture was recorded. As with social services, Humberside police was failing to share information with itself.

The systems available to the officers involved could almost be said to exhibit this lack of sharing as a design feature, and not for reasons of data protection. The relevant systems here were the PNC; Humberside's core intelligence system, CIS Nominals; CIS Crime, which contained details of reported, recorded, detected and 'disposed of' crimes; the Humberside Child Protection Database (CPD) and the ICJS, which creates custody records and produces documents concerning cautions, charges and bail. Huntley would at various points have been on some of these, but not necessarily helpfully, and not necessarily at the times when it would have been most helpful.

Huntley would not have shown up on the PNC because with the exception of the burglary offence he was never charged. He was interviewed under caution in 1995, but not formally cautioned. Formal cautions are now entered on the PNC, but they were not at the time of this particular interview, so he would not have acquired a PNC entry if a caution had been given. A record of the burglary "lie on file" did exist on the PNC and therefore in theory could have been found by the Cambridgeshire check. It wasn't, but even if it had been, it would simply have revealed a possible case of petty dishonesty five years previously.

This information quite possibly (and with justification) would not have been passed on by the police. As for the local systems, limitations on the way things were recorded on CIS Crime and Nominals meant that Huntley tended to fall down the cracks. If the incident was not investigated as a crime, then there would be no record opened on CIS Crime, while CIS Nominals entries stemmed from source documents, such as custody records, a Form 310 (the basic form to generate entries for the PNC or CIS Nominals) or a bail form. If none of these applied, then there would be no record.

Historically, where records did exist retrieval could be difficult, because prior to December 1999 It wasn't possible to search CIS Crime by name, only by a Unique Reference Number (URN), which was assigned to an individual when the first record of them was made on CIS Nominals.

As Huntley had not been charged, convicted or cautioned over any of the underage sex allegations, he was not on any of the national child protection registers. He possibly had been on the Humberside Police Child Protection Database, but if so the entries were weeded in 2002. Entries in other systems concerning other incidents were patchy, and because most of the incidents resulted in no action, vulnerable to deletion.

In one case where Huntley was arrested (in April 1998, for rape), case papers have been lost. The case was discontinued, and as he was not charged there was no entry on the PNC. If there was an entry on CIS Nominals, it was subsequently deleted, and while an entry on CIS Crime remained, and was marked 'retain' (so it was not automatically archived after three years), this does not record Huntley as being involved in the incident, although it should have done.

Human error also seems to have favoured Huntley as regards PC Harding's report, which is thought to have been deleted in error or by misjudgement in 2000. The report still existed in the hands of Lincolnshire police, who had been faxed a copy by PC Harding, so might have shown up if Cambridgeshire had contacted Lincolnshire, but having no record of an address for Huntley there, it did not do so.

Criminal record checking

The systems used to check criminal records described by Bichard could in no sense be seen as producing a complete, guaranteed and reliable result. Cambridgeshire had no means of ensuring that all of the required checks had in fact been done during the processing, while at the Humberside end not all of the appropriate systems would necessarily have been queried. The query itself would have been carried out via a combination of fax and manual processing, and as no audit trail was retained and the originating form destroyed, Bichard was forced in the main to say what probably took place.

Huntley did leave an imprint on police systems, but the systems themselves did not readily give up the data, and the processes used to query them didn't help either. Presuming, as Bichard does, that the surviving copy of PC Harding's report was not identified because Lincolnshire was not queried, one could note that a Criminal Record Check of a particular force area could be avoided by the simple expedient of the subject falsifying their address records. And as much of the joining up of police force's databases is still done by form and fax, this loophole quite possibly still exists under the current centralised CRB regime.

Essentially, the government's concerns about failures to identify dangerous individuals and to share information are in some senses right, but in most of the important senses, wrong. The systems clearly are failing to identify these people, but making failure an offence (and, if past experience is anything to go on, increasing the penalties when that doesn't work) won't help. Nor will adding more systems on top of the failing systems, while allowing the fixes for the failing ones to recede into the middle distance, be any help.

And while there are obvious barriers to data sharing, these are, at least as far as the Soham case is concerned, a consequence of inadequate or non-existent systems, not the fault of the Data Protection Act.

The latter, incidentally, was initially blamed, wrongly, by Humberside Chief Constable David Westwood for the deletion of Huntley's records. In fact, those records which were deleted were purged either in accordance with relatively standard police procedures or by operator error. ®

Related stories

• Oh noes – they've stolen the internet! (17 January 2011)

  https://www.theregister.com/2011/01/17/entanet_stepney/

• UK Gov, and privacy invasion without a safety net (18 April 2010)

  https://www.theregister.com/2010/04/18/gwent_crb_comment/

• Government wants every English child on 'secure' database (13 February 2008)

  https://www.theregister.com/2008/02/13/england_child_database/

• Most doctors plan to dodge health database (20 November 2007)

  https://www.theregister.com/2007/11/20/database_bad_say_docs/

• Bangkok vigilante 'wipes out' sleeping security guards (12 November 2007)

  https://www.theregister.com/2007/11/12/vigilante_security_guard/

• London NHS paper reveals plans to share patient data (3 July 2007)

  https://www.theregister.com/2007/07/03/london_nhs_patient_data/

• Orange and Littlewoods breach Data Protection Act, says ICO (22 June 2007)

  https://www.theregister.com/2007/06/22/orange_littlewoods_dpa_breach/

• UK regulator urges caution on data sharing (29 May 2007)

  https://www.theregister.com/2007/05/29/data_sharing_stopgap/

• Home Office discusses thief-proof phones (25 May 2007)

  https://www.theregister.com/2007/05/25/home_office_phone_crime/

• Police data sharing plan faces the chop (4 April 2007)

  https://www.theregister.com/2007/04/04/bichard_cutback/

• Bring back Bichard (16 June 2006)

  https://www.theregister.com/2006/06/16/bichard_recall/

• Bichard reports widespread errors in Police data (26 May 2006)

  https://www.theregister.com/2006/05/26/bichard_part3/

• Police database patch-up planned (25 May 2006)

  https://www.theregister.com/2006/05/25/police_database_promise/

• Home Office finalises police IT plan (20 April 2006)

  https://www.theregister.com/2006/04/20/police_it_plan_finalised/

• UK parents to get online check of 8m child workers records (1 March 2006)

  https://www.theregister.com/2006/03/01/dfes_paedo_biglist/

• Government FOI Act chief trails Data Act 'reform' (18 October 2004)

  https://www.theregister.com/2004/10/18/falconer_flagpoles_dpa_reform/

• Data federation and the police (6 July 2004)

  https://www.theregister.com/2004/07/06/data_federation_and_police/

• Home Office to centralise police intelligence (18 February 2004)

  https://www.theregister.com/2004/02/18/home_office_to_centralise_police/

• UK Gov's response to child abuse – unique IDs for all (9 September 2003)

  https://www.theregister.com/2003/09/09/uk_govs_response_to_child/