The personal details of Northern Ireland’s main police force have been leaked – three reasons why that’s incredibly dangerous.
Data breaches are not a good look for any institution or organisation.
But depending on the nature of the data leaked and the organisation, some breaches can be more serious and have greater consequences than others.
Written by Kevin Hearty, Queen’s University Belfast. This article is the opinion of the author and not necessarily that of the UK Defence Journal. If you would like to submit your own article on this topic or any other, please see our submission guidelines.
This is certainly true of the Police Service of Northern Ireland (PSNI), which has accidentally published information about all its police officers and civilian personnel in response to a freedom of information (FoI) request. This included a spreadsheet containing their names, their roles and where they were based.
The document was available online for several hours on the FoI website What Do They Know before being taken down. The PSNI is conducting an investigation into how this happened.
It has been reported that the spreadsheet contained approximately 345,000 pieces of data relating to every police officer. In confirming the breach, the PSNI attributed it to “human error” and stated that they were taking the matter “extremely seriously”.
PSNI chief constable Simon Byrne said in a press conference that dissident republicans claim to have some of the information and that the force is considering whether officers need to be moved from their places of work for their safety.
The data breach is said to encompass all serving staff including specialist firearms units, the tactical support group (which is responsible for public order and riot control) and those assigned to the specialist operations branch who command and assist in complex investigations.
A remarkable wealth of information about PSNI personnel has been leaked, by any stretch of the imagination. Of the many reasons why this is so serious, three stick out in particular.
1. Risking violence
A data breach of this nature is likely to leave any police force red-faced, yet for the PSNI the consequences extend far beyond public embarrassment. The long and contested history of problems with policing in Northern Ireland means that there are both practical dangers and specific sensitivities that even the most well-crafted apology won’t be able to assuage.
The most immediate problem is that the personal information of serving police officers is now potentially in the public domain. This raises the question of who might have accessed this information and what they might do with it.
Today’s levels of violence in the north of Ireland are incomparable to the past but the threat of violence against serving police officers remains. This threat comes mainly from armed Irish republican groups who have rejected the peace process and Good Friday agreement.
To them, PSNI officers represent “legitimate targets” because they uphold the constitutional status quo of post-Good Friday agreement Northern Ireland. Unlike other nationalists and more moderate republicans who have come to accept reformed policing, for these armed groups the PSNI remains a “British” police force tasked with enforcing partition on the island of Ireland.
The live nature of the threat to PSNI officers was brutally reiterated this year when PSNI detective chief inspector John Caldwell was shot in County Tyrone in February. Several of the people due to be tried for his attempted murder are also accused of being involved with the IRA.
Crucially, Caldwell was targeted while he was off duty and packing up after leading a youth football training session. The people who attacked him appear to have known where to find him outside of work, clearly illustrating how personal information about PSNI officers could be used to devastating effect.
To make matters worse, it has been reported that the details of 40 PSNI staff based at MI5 are included in the breach. Personnel of this nature would surely represent prize targets to Irish republicans.
Any attack on these people that resulted in injury or death would be seen as a huge propaganda coup at a time when the armed campaigns of these groups are sporadic and stuttering.
2. Stoking community tensions
At the same time, the data breach speaks to a more difficult question around just how accepted the PSNI are in certain working-class communities. The struggle to recruit officers from working-class Catholic, nationalist, republican backgrounds is well documented.
Anyone from this background within the PSNI is unlikely to tell anyone beyond their closest family and friends what their job is. This is partly because of the security threat but also because of the problematic relationship their community had with the PSNI’s predecessor force, the Royal Ulster Constabulary.
Yet the PSNI is also experiencing difficulty recruiting from working-class Protestant, unionist, loyalist areas too. Ongoing political tensions, including Brexit, disputes about which flags should fly over public buildings in Northern Ireland and the policing of Orange Order parades, have put these communities at a remove from the PSNI. It is unlikely, then, that officers from within these communities would make their jobs publicly known either.
3. Reviving unresolved grievances
Some will also have been reminded of the past by this data breach, which has echoes of the deliberate intelligence leaks that used to come out of the Royal Ulster Constabulary during the years of conflict. The force passed the personal details of nationalists to state agents within loyalist groups, who are accused of then murdering them.
This remains at the core of grievances over state collusion during the Troubles. While this latest data breach is different in nature, it nonetheless rubs at a sore spot for victims still waiting for truth and justice.
The leaking of personal details about every serving PSNI officer is without doubt an unmitigated disaster for the PSNI, politically and organisationally. While the force has apparently set up a “gold group” – the highest internal emergency response – significant damage has already been done.
This article is republished from The Conversation under a Creative Commons license. Read the original article.
The Online Safety Bill proposes that we decrease messaging security level in the UK. Nobody really knows how this should be done, but suggestions include message apps like Whatsapp and Signal have back doors built in, compromising end-to-end encryption, or more likely that AI monitors all communication at the level of the app and silently sends back warnings to the police if it “thinks” the communicator is up to no good. This reverses the current Digital Defence mantra: “Secure by Design”. The government, driven by concerns of child safety, are willing to compromise privacy and security. The technology minister said… Read more »
The problem you outline is that mega databases inevitably leak. However securely you design them: humans are involved. So aggregating people’s data is an inevitable issue. You add to that the lack of transparency and the evaporation of checks and balances in the UK legal system and you have a disaster brewing. Particularly as Plod will demand access ‘operationally necessary’, ‘keeping people safe’ to it as well so nothing will be private or secure anymore as it will be being sold out of the back door as PNC data has always been sold. Really, it is more to do with… Read more »
I can’t talk for plod, however, the services further up the tree will be using ESN before the emergency services. We had ESN beta for the London and South East group last year and it worked reasonably well, save for a few seconds delay on the odd occasion. We cannot use WhatsApp or anything like that. Our devices will not allow us to put anything on them, we have the technical branch for that. The system works just the same as a mobile telephone using EE. I never used the push-to-talk feature, it wasn’t turned on. The big difference is… Read more »
While the FOI breach is the largest one, it’s actually only one of four breaches this summer with laptops and files being stolen from unattended cars, or just left on vehicles roofs by accident in the latest event. The FOI breach had multiple checkpoints in the process that should have prevented the data being published but each failed utterly, all of which suggests that the PSNI culture around data security needs to be reviewed fairly quickly.
The first problem is they don’t understand what days security actually is.
Most SME’s have better data security than that.
Thanks for clearing up a lot of confusion on my part. Someone better get their acts together,or has sufficient damage occured???🧐
The picture is of Scottish police!
I once attended a conference on the mainland and N.I terrorist threat. At the end I remember asking “what about N.I.?” as it hadn’t been mentioned once. The presenter replied “oh yes,we forgot about them”
Ah yes Russ-NI overlooked coz we’re the “wee bit attached” from across the water! 😁Some sort of reform was of course absolutely necessary but in some areas, such is the lingering bitterness that it is still almost Mission Imposible. One of my cousins was injured at a roadblock whilst serving with the RUC so for him it is hard to forgive and forget although he is long retired. As to data breaches-I know little about modern security systems but as with comments above it must be very difficult to secure information. If dissident republicans want to target certain PSNI members… Read more »
It should be noted that the last attack on the PSNI officer was actually a “cross community” action, as his work had been impacting one of the Loyalist drug gangs so they helped the dissident Republicans for the attack.
As I posted the PSNI have now admitted to 4 separate data breeches with the added “bonus” of reawakening tensions between the Protestant and Catholic members of the service.
Not a great time, wonder if the Gardaí might try poaching more from them?
Hi Mark. I hope you are well. You are absolutely correct to point out the reality of cross community action. The old Prod vs Catholic situation is becoming far less relevant in NI-witness the growth of the Alliance Party for example, and of course as the Police Service becomes more integrated then there arises the possibility of Loyalist action against Catholic Officers.
Not just the officers, remember the main leak they have had has given out the names and addresses of all the clerical staff and everyone else on staff payroll. There’s been some interviews with Catholics who hadn’t even told family they were working for the PSNI and are now dealing with the fallout, a few have already said they are leaving NI due to concerns for their families…
Sad situation Mark
Yep, and the politicians of both the DUP and SF are happy to keep it going sadly.
all sadly too true……
Human error… firstly, why is sensitive information taken from a place of work? People like Dyson do not allow employees to take laptops, notebooks, tablets or written material from their workplace.
I do not see why anyone anywhere, should be allowed to take sensitive and or classified material from any workplace.
The issue is humans. We are not infallible. Subject to whom you work for Tom, you are allowed to transmit some stuff. By having the correct measures in place, you can remove it. Being secure on both sides often mean you can only transfer data between a government location to another government location. If you cannot verify the receiving centre’s efficacy, you end up taking a device with you that (should) has encryption combined with a reasonable set of security keys. Some data simply cannot be transmitted, I have travelled miles in my last posting to attend a meeting that… Read more »
A mistake like this would have seen me shot dead in 1997-98. That leak is unforgivable.
More fallout from this:
https://www.rte.ie/news/ulster/2023/0822/1400913-psni-data-breach/