The police use many ICT programs that do not comply with the Police Data Act. So says the digital civil rights organization Bits of Freedom, which requested internal reports on apps used by the police, such as apps that record reports and interrogations or with which officers exchange information.
“These are the 36 most important systems the police have in place, which are crucial to doing the job properly,” says Rejo Zenger of Bits of Freedom in the NOS Radio 1 News.
The Police Data Act states how the police and other investigative services must deal with personal data collected during work. According to Zenger, things go wrong on several fronts. This way, data is stored that should have been deleted for a long time. “That is very important if you have been a suspect in a case. Then you want to be removed from the police systems if you are acquitted. That will not happen.”
“It is true that many police systems do not meet the privacy and security requirements of the Police Data Act”, admits Stephan den Hengst, chief data officer at the National Police in a response in the NOS Radio 1 News. “That does not mean that police information is on the street.”
Zenger: “We have all made agreements about how the police will deal with this type of data, we have laid it down in a law. I think it is quite absurd that the police violates this law on a large scale and for a long time. The minister must to come in action.”
According to Zenger, it also goes wrong in deciding who gets access to a particular database and when. “The moment someone changes job, or stops working at the police, you want him to lose access to a database.” That does not always happen either. “That’s a problem with corrupt agents sharing information with criminals. You don’t want a corrupt agent to have more access than he should, because you want to minimize the risk of him passing on information.”
According to Zenger, a possible consequence could be that witnesses in, for example, a liquidation case do not want to talk to the police, because they are afraid that this will end up with the perpetrators. Or that victims of a rape keep their mouths shut because they are afraid that unauthorized persons will read their reports.
Den Hengst says that a central system has now been developed for granting access to police apps. Everyone who comes into employment now receives a profile, with which they are authorized to use certain apps. Anyone who changes positions loses their authorizations or receives different ones.
Cyber criminals are also getting smarter and we have to fight against that.
According to Den Hengst, security is the sum of physical security and technical information security, of security awareness, security procedures, screening of employees and knowledge and culture. “We invest on all these elements, actively and reactively after something went wrong. This does not preclude information from falling into the wrong hands, but they reduce the chance that it will happen.”
He doesn’t think that will solve the problems forever. “This is a development that will continue. Cyber criminals are also getting smarter and we have to fight against that. We work very hard on that every day.”