Without Good Cyber Security, A Connected Justice System Will Fail Us All
Guest blog: Ashley Mitchell, Head of Growth and Marketing at Risk Ledger as part of our #DigitalJustice2021 week.
A ‘connected’ justice system has many benefits for all users but if it isn't cyber resilient, the pain will be worse than not being connected at all.
The idea of a ‘connected’ justice system that makes use of digital processes and devices to enhance the capacity and capabilities of the justice system is an incredibly alluring proposition for anyone who has ever had to interact with it.
Anecdotes about police officers hand copying paper forms onto more paper, only for it to go missing in transit to the next agency in a system with the power to make life changing decisions for end users, are plentiful and soul-destroying to everyone concerned with a good functioning justice system at the heart of UK democracy. A 2015 Government Digital Service (GDS) study found that paperwork was the third highest cost across policing in the UK.
Even talking about a 'justice system' is a bit of a misnomer. The myriad of agencies - police forces, the Crown Prosecution Service (CPS), courts and many more - who play some role in the journeys of end users have never been put into sync by a single architect to facilitate seamless collaboration towards shared objectives. This 'system' is actually a group of agencies with entirely different ways of collecting, measuring, processing, and transferring data. They’re silos.
Where there is opportunity, there are risks
This presents a huge opportunity for the UK tech community to work with the agencies to drag justice in the UK into the 21st century. TechUK's Digital Justice Week will celebrate a plethora of great ideas about how to do this. Go read about them!
However, a digitally connected justice system also introduces significant data protection and cyber security risks across the entire justice ecosystem that can literally have life, death and liberty consequences for end users.
We all know that cyber-crime is on the rise but old-fashioned crimes, like the trade in illegal drugs and firearms, are increasingly cyber-enabled. Collecting and using digital evidence of these crimes is essential to the delivery of justice but how do we maintain a secure chain of custody for the large volumes of digital evidence going through the system when there is no organisation reviewing the cyber security practices of all the relevant agencies and their third parties? How long will it be until organised crime groups (OCGs to all the 'Line of Duty' fans) exploit poor cyber security to manipulate or otherwise interfere with this digital evidence trail?
In 2016, 15 unencrypted DVDs containing recordings of sensitive personal data of victims and the perpetrator of a crime were lost during the transfer between Surrey Police and the CPS. How does a justice system function if trust in its processes and outcomes is fraying around its cyber edges?
When it comes to data protection, victims, witnesses, agency officers, accused individuals and even their families are entitled to interact with agencies in the justice system safe in the knowledge that their sensitive personal data will only be accessed by authorised individuals and used in authorised ways. At the same time, a 'connected' justice system must rely on the free flow of sensitive data between those agencies who need it to deliver services.
In 2018, Gloucestershire Police were fined by the Information Commissioner's Office (ICO) for a data protection breach that led to the exposure of the names of child abuse victims in an email communication. Without adequate data protection policies and processes in place in these agencies and their network of third parties, the scope for serious data protection breaches will grow exponentially over time. Damage to this fundamental trust in the 'system' could be fatal to engagement from vulnerable groups most in need of a robust and secure justice system.
There is a solution
We shouldn't despair. This is not a call to reverse the progress towards a connected justice system or even to slow it down. At Risk Ledger, we want the justice system to learn from other industries that trade in highly sensitive data like banking and healthcare, by implementing comprehensive, cyber security focused third-party risk management programmes.
This is the process of reviewing and then minimising the cyber security and data protection risks introduced by third-party access to sensitive data, or other privileged access to networks and systems. Ensuring the justice ecosystem has a good base level of cyber security in place, and reviewing this regularly, must be integral to all digitisation programmes.
Risk Ledger is a member of TechUK and our third-party security risk management platform has been adopted recently by the City of London Police who wanted to reduce the financial and time resources required to assess the cyber security maturity of their third parties while making their reviews more comprehensive assessing more risk domains.
We recently ran a seminar on third-party risk management for nearly 100 information governance leaders in the Police Information Assurance Forum looking at this exact issue and would be happy to run a similar event for other sections of the justice system.
Latest News from
How British Swimming Dives into Data Analysis with Intel05/08/2021 16:25:00
Team GB’s elite swimming team has a laser focus on performance, using a sophisticated data-led approach powered by Intel® Xeon® Processors.
Guest blog: Setting the pace for intelligent mobility05/08/2021 13:33:00
Guest blog from Tom Guy, Chief Product Officer – Vodafone Smart Tech.
Online Safety Bill: A compliance headache for tech firms05/08/2021 11:25:00
Guest blog: Ben Packer (Partner) and Jemma Purslow (Managing Associate), Linklaters, discuss key takeaways from the draft Online Safety Bill and why services should act now to be ready for compliance.
ACT - Action Counters Terrorism: Awareness E-Learning course03/08/2021 16:25:00
The security experts at Counter Terrorism Policing have launched a new vigilance campaign to encourage everyone to help the police tackle terrorism and save lives by reporting any concerns.
Unique Cyber Security Centre shortlisted for national award03/08/2021 11:25:00
The National Management Centre (NMC), which is the only nationally co-ordinated capability to protect UK Policing against cyber-attacks, has been shortlisted for a national Cloud Excellence Award.
Project Gigabit summer update: significant progress made by industry02/08/2021 16:25:00
A summer update to Project Gigabit was announced today, with DCMS outlining future investment and rollout plans for 26 counties including Yorkshire, Staffordshire and Kent.
UK Space Command officially launched02/08/2021 11:25:00
Space Command will protect UK interests and capabilities in Space.
Bryden Wood: A data-powered collaboration to encourage the adoption of active travel - by making cycling even better30/07/2021 16:25:00
A cyclist swerves. Why? A city planner starts to plot a new cycle route. Where? The majority of cyclists choose to turn left rather than go straight on. What for? A local authority wants to encourage the adoption of active travel and get more people to ride bikes. How?