Police send Reg hack CRB check database

How come it took them two days to nip over?

Trying to think of a way to bluff it out/blame the recipient?

Muppets

Heads *need* to roll for this. I mean what happens when dozens of people get Das Boot from their high paid jobs because they failed to disclose that they got busted for possessing an ounce of weed back in the '70s.... which I might add shouldn't even be on the records after that length of time.

Fail on a googol levels.

AC, because I really, *really* hate getting raided when working on my fusor...

Which ?

Novell eMail application were they using ?

I have to say, I have been using SeaMonkey eMail client for several years under various Microshaft OSes,

However, having gone over to Ubuntu for a dreadfull few months, I am now running OpenSuse Linux and I am forced to say that SeaMonkey is very very wonkey by comparison to the Windose versions.

This morning the preview pane opened up by itself, one of my Junk folders decided it wanted to be open on a TAB of it's own (?) and the message headers are often all screwed up (?)

WFT ?

Still, plod doing this sort of stunt just makes the whole thing a fucking farce. As per expectations.

ALF

"Main Stream Media"

Have any of the dailies picked up this story? Wrong on so many levels.

However, this doesn't change my confidence in the police; they never had it.

irresponsible

You shouldn't have published because in fact the article achieves nothing other than good copy for El Reg.

The fact is it was an innocent mistake. The person responsible would have been in just as much trouble whether article was published or not. The IT systems would have been adjusted to make sure such a breach does not occur again whether the aritcle was published or not (password/encrypt/monitoring of outbound attachments etc). The article does therefore only serve to undermine confidence in a public service in which it is essential the public has trust.

Of course it's a fine line between what is in the public interest at the expense of public confidence.

When I was readin your article I thought to myself that it was not a good one to publish and that there are far more great police officers in the various forces than there are bad and that articles such as these just undermine everyone but for no actual public achievement/gain. It was right of you to add in the line at the end about disclosure but I feel that you got it wrong on this occasion.

Next time ask yourself; what does making this story public achieve? What are my real/honest motivations for publishing the story?

CRBs fault?

How does CRB check work behind the scenes:

- CRB asks the organisation which is allowed to process the forms to scan them and extract data from them into a (usually) pretty big file

- CRB then expects the organisation to upload the pretty big file via FTP to them (yep, unencrypted, but 'password protected').

- CRB then does 'the check' and sends letters

I wouldn't be surprised if they were expecting data delivery from various police forces in a similar way.

Anon cause... - well, guess why.

emailed file deleted ????

> The Register has now deleted the file in cooperation with Gwent Police’s professional standards officers ..

Will it also be deleted from the numerous email servers it passed through o nthe way to you and what the F**K are they doing emailing such files over the Internet ????

Tip of the iceberg

This incident should scare everyone deeply, not for what was revealed but for what must surely be going on that we don't know about. There must be thousands of incidents of stupidity/negligence every day that are business as usual and never found out about. As they say, the problem is not that you broke the law, but that you got caught!

Maybe the plodlet was distracted

By farmfacevilletownbook

High of the mark

What's the pass mark you have to hit now for getting in the force,as it's constantly being lowered so all and sundry can get in to fill those otherwise empty seats ?

I'll take a guess;

5ft at least ,a waist of 50 inches max ,able to get over excited and feel physically threatened at the slightest of things and the ability to put one foot in front of the other (and in your mouth on numerous occasions) (when you eventually get of your arse once in while that is)) !?

More to the point...

is why someone felt the need to have extrated ANY info from the CRB database to be stored, presumably locally, on a poxy spreadsheet. It's not just the twat who accidentally sent it that should be 'disciplined', but also whoever put the spreadsheet together. And also, if the CRB database is being abused by one force, would we be wrong to presume that it's being abused by them all?

This must happen all the time

My girlfriend volunteers for an organisation and just happens to have the same name as one of the HR staff. So she gets sent all manner of things - usually people's personal details - which have nothing to do with her. At the same time, the intended recipient doesn't get these mails. She mails them back saying "You shouldn't be sending me this stuff", they mail back saying "Oh sorry, we've taken you off our list now". Then it all goes quiet for 3 weeks, then starts again.

What about the other incidents

Are Gwent police now investigating themselves thoroughly for data breaches????

Surely as there is clear evidence of them having commited one offence they should now start checking every email they have sent for the last X years (where X is defined by their data retention policy, probably 10 years for secret type data) and making sure that no other incidents have occured.

What about all the similar emails that were sent to criminals? (because I'm sure the police must email ex-cons and the like more often than innocents?)

This sort of cost as a result of a single incident is about the only way to ensure that they spend the money getting it right in the first place.

When it's "if an email goes awry it costs us a few quid to delete" then it's cheaper to get a crap system in place.

When it's "if an email goes awry then it costs us a shed load of money to investigate" then it's suddenly a lot cheaper to do it right first time.

Well done!

If you're going to make a cock-up, make it worth while and the Plod certainly managed that!

US Military

I get regular emails from people in the US Military in Iraq because I share the same name as someone there. I've tried and tried to remove myself but they just ignore me...

I know...

Our 'organisation' is forbidden from communicating with Gwent Police by e mail because of its known high level of mail insecurity and reputation for data cock-ups. It's not a new issue it's just gone national that's all!

I'm already in trouble for refusing to complete any security clearance forms because they lost one of mine in 1997 that caused me a lot of grief for years.

I expect to be unemployed fairly soon.

Anon? You bet. Be safe!

Gwent Police know where you live

And so will everyone else soon. Have a look at the South Wales Argus. Gwent Police are getting into bed with the local councils to share data centre, desks, staff etc. So now, not only do you have to worry about the competence of police staff but also council staff to look after your data. And bearing in mind this is a public sector project run by a 'manager' with no experience of managing police data it's already over budget and way late. It would have made far more sense to merge Gwent Police with South Wales Police rather than the councils, at least they'd have something in common. Not the best way to spend our taxes but hey, once you're high enough in the council what can they do to you.