CPS fined £325,000 after losing victim interview videos

Energize · 5 Jun 2018 at 21:08

The Crown Prosecution Service (CPS) has been fined £325,000 by the ICO after they lost unencrypted DVDs containing recordings of police interviews.

The DVDs contained recordings of interviews with 15 victims of child sex abuse, to be used at the trial.

This is the second penalty imposed on the CPS following the loss of sensitive video recordings.

The DVDs contained the most intimate sensitive details of the victims, as well as the sensitive personal data of the perpetrator, and some identifying information about other parties.

The DVDs were sent by tracked delivery between two CPS offices, with the recipient office being in a shared building. The delivery was made outside office hours, and the DVDs – which were not in tamper-proof packaging – were left in the reception.

Although the building’s entry doors were locked, anyone with access to the building could access this reception area.

The DVDs were sent in November 2016, but it was not discovered that they were lost until December. The CPS notified the victims in March 2017, and reported the loss to the ICO the following month.

It is not known what has happened to the DVDs.

The ICO ruled that the CPS was negligent when it failed to ensure the videos were kept safe, and did not take into account the substantial distress that would be caused if the videos were lost.

It also found that, despite being fined £200,000 following a separate breach in November 2015 – in which victim and witness video evidence was also lost – the CPS had not ensured that appropriate care was being taken to avoid similar breaches re-occurring.

https://ico.org.uk/about-the-ico/ne...325-000-after-losing-victim-interview-videos/

The utter stupidity of using such an insecure way of delivering sensitive data is outstanding, why on earth was such sensitive data not sent over a VPN connection instead of being delivered in a physical format vulnerable to interception and loss?!

Who even uses DVD's in 2018?

Dis86 · 5 Jun 2018 at 21:12

What the hell is the point in fining the cps?! All that does is impact victims of crime few.

Rroff · 5 Jun 2018 at 21:16

Whelp why on earth are they not at the very least encrypted, sent using something like DX secure with proper handling at either end - we shouldn't tolerate stuff like this :s

Pigeon_Killer · 5 Jun 2018 at 21:21

Always browse the ICO website for articles I can **** my colleagues up with and saw this article a few weeks ago. Shame it didn't happen now the fines have massively increased, the complete incompetence deserved a far greater punishment imo.

adolf hamster · 5 Jun 2018 at 21:36

jesus, why are they using regular post for that, if it's so important then for gods sake get an employee to damn well drive there himself. the milage claim is not going to be more than £325k that's for damn sure.

i hope that fine money is going to the victims

DJ_Switch · 5 Jun 2018 at 21:38

The DVD's aren't encrypted as they would be the original productions and as such they would require the original disc from the Police Station which would then be copied for disclosure to the defence. It's not possible to send these in an encrypted format as it can, for example, introduce the possibility of arguments regarding tampering of digital evidence by the defence. The original discs/tapes are always required to be kept on file as they may be required at various points leading up to and during any trial.

Quartz · 5 Jun 2018 at 21:49

The real problem for me is not so much the initial loss - errare humanum est - but the process of the loss, that they were not discovered lost until December, and the victims only notified in March, four months later.

Energize · 5 Jun 2018 at 21:54

DJ_Switch said:
The DVD's aren't encrypted as they would be the original productions and as such they would require the original disc from the Police Station which would then be copied for disclosure to the defence. It's not possible to send these in an encrypted format as it can, for example, introduce the possibility of arguments regarding tampering of digital evidence by the defence. The original discs/tapes are always required to be kept on file as they may be required at various points leading up to and during any trial.

From a computer science perspective that just makes no sense, there is no way to verify that it's the original recording so an unencrypted copy could just as easily be tampered with. Secondly, the original productions can be created already encrypted, so there is no need to alter the original recording.

Raymond Lin · 5 Jun 2018 at 21:59

The average joe who works in the CPS/courts would need to be trained to use Win ZIP, a lot of the lawyers can't even figure out when a photocopier is out of paper….I can seriously, SERIOUSLY picture them can't opening an encryption DVD.

DaleTheWhale · 5 Jun 2018 at 22:01

Encryption just leads to more issues when trying to play it in court/use as evidence, having to have special decryption is just an extra hassle or someone forgetting the decryption key.

Mickie · 5 Jun 2018 at 22:02

Am i wrong in thinking it feels like a big cover up..

DJ_Switch · 5 Jun 2018 at 22:07

Energize said:
From a computer science perspective that just makes no sense, there is no way to verify that it's the original recording so an unencrypted copy could just as easily be tampered with. Secondly, the original productions can be created already encrypted, so there is no need to alter the original recording.

The discs are bagged and signed on completion of the interview and accompanied with documentation certifying them as the originals. This is accepted by all parties as sufficient to declare such discs as the originals. I couldn't comment on the encryption side of things at the point of creation for a number of reasons however there are numerous agencies involved.

Orionaut · 5 Jun 2018 at 22:09

Dis86 said:
What the hell is the point in fining the cps?! All that does is impact victims of crime few.

Government prosecutes itself, Lawyers win, Taxpayer loses.

Same old, Same old.... :mad:

dowie · 5 Jun 2018 at 22:13

well if they've got to be unencrypted for [reasons] then it was just pure stupidity to send them by a method that allows any old numpty in the reception area to sign for them and leave them laying about unsecured

also surely if these things are meant to be used as evidence there ought to be a clear audit trail/chain of custody or something along those lines? If packages have been left unsecured in a reception area of a shared office then surely any CPS evidence sent that way is potentially open to being compromised.

DJ_Switch · 5 Jun 2018 at 22:15

Mickie said:
Am i wrong in thinking it feels like a big cover up..

What exactly is being covered up?

It seems like one person has sent this by the wrong means. How was the package even delivered out of hours if it's saying the building was locked? We're also assuming the other office knew the package had been sent to them which wouldn't necessarily be the case...especially given that we know the person who sent it didn't send it by the usual secure means. It would have come to light when the evidence was needed so it's no real surprise that it wasn't noticed for a month...assuming the recipient office didn't know they'd been sent.

It's awful for the victims and certainly the result of someone's error in the way they sent it but it's far from some sort of conspiracy.

Dis86 · 5 Jun 2018 at 22:15

Orionaut said:
Government prosecutes itself, Lawyers win, Taxpayer loses.

Same old, Same old....

Exactly. Its retarded.

Orionaut · 5 Jun 2018 at 22:25

Dis86 said:
Exactly. Its retarded.

Not for the public sector it isn't.

Whatever goes wrong, Everybody wins, nobody loses, and the taxpayer picks up the tab.

The official report will mutter something about "Lessons have been learned"

Worst case scenario for any individuals is a bit of retraining or (If you are really lucky) early retirement due to "Stress"

Kreeeee · 5 Jun 2018 at 22:29

Energize · 5 Jun 2018 at 22:53

ThaReaperGuy said:
Encryption just leads to more issues when trying to play it in court/use as evidence, having to have special decryption is just an extra hassle or someone forgetting the decryption key.

That's why absolutely no one uses "special decryption" or gives someone a password to remember. Open standards and industry solutions are in place which automate the encryption and decryption process.

DJ_Switch said:
The discs are bagged and signed on completion of the interview and accompanied with documentation certifying them as the originals. This is accepted by all parties as sufficient to declare such discs as the originals. I couldn't comment on the encryption side of things at the point of creation for a number of reasons however there are numerous agencies involved.

That is far less trustworthy than encryption however because encryption mathematically allows the authenticity and integrity to be verified, documents are comparably trivial to fabricate.

DJ_Switch · 5 Jun 2018 at 22:54

Kreeeee said:
That's not true.

Source: I've been an expert witness.

I'm talking about the lodging of Police interview DVD's as is the subject of the original post. An expert witness would not be involved in that at all so I fail to see the relevance of you saying that. What I've said is true.