Scots victims could be illegally compromised by 33m criminal justice IT system – Daily Record

admin on November 26, 2023 Leave a Comment

A 33 million criminal justice IT system could illegally compromise the personal data of thousands of Scots victims.

Watchdogs have raised serious concerns about trials of the Digital Evidence Sharing Capability (DESC) service by Police Scotland and said the Crown Office could already have broken the law.

The system bought by the Scottish Government from US firm Axon allows witness statements, body-cam footage, fingerprints and other details to be uploaded and shared with other agencies. But the Sunday Mail can reveal the Scottish Police Authority (SPA) and biometrics commissioner have given formal warnings over its legality and security.

They have raised fears it could lead to class action lawsuits, hacking and the prospect of the US government snooping on citizens.

Opposition politicians have demanded a halt to the roll-out until concerns are answered.

Scottish Tory shadow justice secretary Russell Findlay said: SNP ministers cannot press ahead with this system without seeking categorical assurances about the security of the highly sensitive and personal data of crime victims and witnesses. It appears these concerns have already been flagged within Scottish policing, so it would be grossly irresponsible, and financially improper, to proceed without ensuring they are addressed.

Scottish Lib Dem justice spokesperson Liam McArthur said: These documents raise real questions about why Police Scotland has pressed ahead with this scheme while the legal status is still up in the air. Its an approach that opens up the risk of legal challenges bogging down the service in litigation for years.

Concern revolves around files being held by a US firms cloud servers. This could leave Scottish authorities unable to comply with UK data protection laws.

Get the latest news sent straight to your messages by joining our WhatsApp community today.

You'll receive daily updates on breaking news as well as the top headlines across Scotland.

No one will be able to see who is signed up and no one can send messages except the Daily Record team.

All you have to do is click here if you're on mobile, select 'Join Community' and you're in!

If you're on a desktop, simply scan the QR code above with your phone and click 'Join Community'.

We also treat our community members to special offers, promotions, and adverts from us and our partners. If you dont like our community, you can check out any time you like.

To leave our community click on the name at the top of your screen and choose 'exit group'.

If youre curious, you can read our Privacy Notice.

Axons system is being hosted on Microsoft Azure. But in an impact assessment drafted by the SPA and seen by the Sunday Mail, the watchdog warned transfers to overseas cloud providers are likely to be illegal. It added its concerns relate to the provider, a wholly owned US company, and its sub-processor, Microsoft Azure.

The document said US law allows its attorney general and intelligence services director to jointly authorise targeted surveillance of people outside the US, as long as they are not a US citizen.

US law also allows its government to access any data, stored anywhere by US firms in the cloud. While the data protection impact assessment said the risk of US government access via the Cloud Act was unlikely, it added the fallout would be cataclysmic.

Scottish biometrics commissioner Brian Plastow also raised concerns. He served Police Scotland with a formal notice in April requiring it to demonstrate its use of the system was compliant with the Data Protection Act.

Police Scotland confirmed in July it had uploaded significant volumes of images to DESC during this pilot, while insisting appropriate encryption was in place. But Plastow said this did not ameliorate specific concerns.

He is now reviewing whether Police Scotland is complying with a data code of conduct.

The SPA said: There are often associated risks when introducing new digital solutions and it is satisfied Police Scotland is taking all necessary steps to address and mitigate these before rollout.

Police Scotland said it was continuing to identify, assess and mitigate any risks relating to data sovereignty. The Scottish Government said: We take the privacy of citizens data very seriously.

Axon said it has established and continues to enhance data protection measures to support customers, including our contract with the Scottish Government.

Don't miss the latest news from around Scotland and beyond - sign up to our daily newsletter here.

See the article here:
Scots victims could be illegally compromised by 33m criminal justice IT system - Daily Record

Related Posts
Posted in Cloud Servers

Comments are closed.