W.A.TUPMAN

DEPARTMENT OF POLITICS

UNIVERSITY OF EXETER

AMORY BUILDING

EXETER

EX4 4RJ

UNITED KINGDOM

E.MAIL: W.A.Tupman@exeter.ac.uk

This paper will examine a variety of forms of data gathered by Criminologists. Most data is in fact gathered by official agencies and depends upon accurate reporting of offences by the police officers to whom data is first reported. Statements of trends of crime over time are difficult to make because the attitude of police officers in different countries and in different stations varies depending as to how important they think a particular act is and whether they think it is criminal. For example domestic violence where a husband commits violence against a wife was for many years considered an internal family affair rather than a crime. Equally minor property thefts may not be reported or recorded by individual officers if they think there is no likelihood of the perpetrator being caught. The recording of minor offences may reflect the demands for paperwork from insurance companies rather than trends of crime over time. Equally government and ministerial officials change their priorities as to what offences should be recorded and how. So unfortunately all criminological data has to be treated with a little suspicion and unless recording has been taking place on the same basis over a period of time can only be treated as a snapshot of the situation at a particular time.

Nevertheless in a specific area where an individual police commander has some control over the way in which his police stations operate it is possible for him/her to use criminological data as an important management tool. This paper focuses on five areas of data and their policy implications:

• Data on crimes (also known as crime profiling or offence profiling).
• Data on the Modus Operandi and the way in which the offence has been committed.
• Data on criminals (also known as offender profiling).
• Data on victims (also known as victim profiling).
• Data on the nature on the geography of the place where the crime has been committed: The buildings, the shops, the subways, the way in which people move about. This is also known as environmental scanning.

Correctly used criminological data is probably more advantageous in preventing crime than in catching criminals. Criminological data leads to policies of designing out crime and allows managers to make representations to public planners as to how structural features can be built in to minimise the risk of crime.

Before proceeding further it is also important to warn that racial stereotyping can creep back into policing if the analysis of criminological data is treated as providing a scientific basis for assuming that one type of person is more likely to have committed the crime than another. Inference is not evidence and to pretend that inference has been "scientifically" derived is not a justifiable way to manage an investigation.

1. Crime Data

For example, Policy or Problem Oriented Policing (POP) in one of its many incarnations defines certain areas as 'High Crime Districts.' These areas are characterised by multiple victimisation (residents are both victims of the same crime on more than one occasion, and victims of more than one type of crime), higher than average levels of crime (which may or may not be reported), high levels of drug misuse - and often multiple deprivation. In other words, markets for exploitation by organised crime related businesses.

POP is intended to be a research driven strategy properly monitored before, during and after implementation, but in essence it consists of the following stages. I have added Thompson's counter-insurgency heading ("Defeating Communist Insurgency", Sir Robert Thompson, 1966), in brackets, to them to illustrate how closely POP dovetails with the principles of counter-insurgency drummed into every British Army Officer.

• (CLEARING) The first step is to remove the drug dealers from the area. This will involve a major deployment of police manpower in raids on houses, and street stop and searches.
• (HOLDING) The second step is the institution of regular foot and vehicle patrols to make it quite clear that the police have come to stay.
• (WINNING) The implementation of public relations campaigns and consultation campaigns, building up to an Alderson style Community Policing strategy of foot patrol, inter-agency co-operation and community involvement.
• (WON) This is when research such as questionnaires shows that support for the police is the same as elsewhere. (It will as easily be monitored by experienced officers in that witnesses living locally are prepared to give evidence against accused individuals and a consequent rise in the rate of convictions).

1. Modus Operandi

3. Data on criminals (offender profiling).

4. Victimology

Victimology is the new growth area in criminological research. A lot of attention has been paid to victims of street crime and victims of burglary. Victims of violent assault tend to be young males in the age group of 18 - 24 although interestingly enough the members of this category have very little fear of being victims of violent assault. The over 65s have a high level of fear but a low level of victimisation. This also has implications for policy, it is necessary to do surveys on the fear of crime as well as on victims of crime. Policies to reassure the fearful are as important as policies to protect the potential victim.

The British Crime Survey began in the 1970s and was immediately important in identifying that there were many more crimes committed than there were reported. Two crimes are not reported for every crime reported and this has implications for the total crime rate. The so called "dark figure" of crime needs to be continually researched to discover whether or not police and traditional policies are having any effect. An increase in reported crime can be a sign of confidence in the police if it can be demonstrated that the actual percentage of crimes, including those not reported, is not going up. Equally a decline in crime figures may not mean that less crimes are being committed. It can either demonstrate that people do not see any point in reporting crime because the police will do nothing about it or it can be an indication that government and officials in the ministry have asked that certain types of crimes be not reported so that politicians can demonstrate a success in their anti crime policies.

The discovery of multiple victimisation discussed earlier also led to further discoveries about modus operandi. There are burglars who will assume a certain period will lapse before commodities they have stolen will have been replaced by the insurance companies. At this point they return and steal the replacements. This obviously has implications for crime prevention policy and police patrol policy.

5. Environmental Scanning

RE-EXAMINING POLICE USE OF DATBASES

In a previous presentation delivered to the XVII th Higher Police Course in 1995 the author discussed the problems of establishing an information technology policy for a police service. The original paper was intended as advice for less developed countries about to establish an information technology policy. It therefore analysed types of databases to which police services seek access with reference to the category of data stored. It assumed that any police database would be networked, which raised problems of rights of access. It went on to look at the sort of software available for analytical purposes. It also discussed the limits of existing databases from a practical police investigatory point of view. It then raised the limits placed upon the use and abuse of personal data by human rights considerations, judicial process, and administrative process.

The present paper is from this point more concerned with the judicial, ethical and criminological questions associated with police use of criminological data. It is concerned with potential ways in which investigators might abuse the system. It also, briefly looks at systems to safeguard against such abuses, although anticipating that no system can be successful in the absence of an internalised ethical code for investigators. It ends by anticipating legal challenges to the use of networked investigative systems.

There are two sides to the requirement for a legal framework for police investigatory networks and police rights of access to networked databases maintained by other organisations. Firstly, the human rights of the innocent must be protected. Secondly, there must be clear procedures to be followed by investigators to avoid the danger that major criminals will escape conviction on technicalities. The courts will have to police the balance between effective investigation and due process. If new technologies require a different human rights framework from existing technologies, then the principles involved in that framework must be spelt out and justified. Electronic invasion of privacy raises exactly the same legal issues as physical invasion of privacy. As discussed at the XVIIth Course, the existence of information technology transforms the nature of private and public space, making it possible for personal privacy to be invaded without physical entry into someone's home. The fact that organised crime is causing damage to the fabric of society still does not justify noble cause corruption.

INVESTIGATORS AND THEIR USE OF CRIMINOLOGICAL DATA VIA EXISTING POLICE AND OTHER ORGANISATIONS’ DATABASES

The major problem of setting up police policy with regard to networked databases is that they are rarely if ever approaching a green field site. Those databases already in existence were set up for purposes other than crime analysis. Several that the police would find useful to access and run profiling software upon belong to other public and private bodies. For the purposes of this discussion it should be kept in mind that investigation now involves four levels of data:

• information
• intelligence
• evidence
• and transactions that must be recorded for disclosure purposes

the importance of both the third and fourth is frequently forgotten. The fourth will become increasingly important as defendants’ lawyers seek access to run their own software across both database and Ana Capa network diagrams in order to demonstrate that their client was brought into the case on a false basis or to attempt to make evidence inadmissible.

Most countries have a security services/intelligence agency database accessible to a network of agents/investigators. Increasingly they gather and store data on the activity of economic enterprises, particularly multinational companies as this has implications for the "National Interest". For this reason agencies like MI5 have offered their services to the state for the pursuit of organised crime. Intelligence organisations have become very interested in the tracing of the movement of money and other assets across financial borders. As with espionage, so with drugs: find and confiscate the money and criminal activity becomes difficult. There are major human rights problems here, as security services use the justification of "national interest" to open and maintain files on all sorts of people and activities, without being covered by basic Data Protection legislation or subject to any form of judicial scrutiny. Bizarrely a recent UK court case declared there to be no distinction between the "national interest" and the interests of the government of the day. In which case, presumably there should be no files kept on anyone who becomes a minister, since ipso facto, everything they do is in the national interest. The present Home Secretary, on whom files were kept in the past may have a view on this.

The problem of introducing the security services to the organised crime area is that a database that may have been accessible to only a few jealously protective officials and for a very specific purpose suddenly becomes accessible to more individuals and for broader purposes. President Clinton may well have defined drug traffickers as a threat to National Security, but the Courts have not yet spoken on whether this allows any suspension of rights or of due process. "National security" is used to repel any demands for legal or political accountability, and there is a danger that data protection legislation will exclude police records on the basis of a spurious extension of this concept from the agents of other states to all forms of crime.

The second area where data is subject to networked computer analysis is in the criminal records area. Unlike the databases for the security services these have to conform with rules of court procedure, laws on evidence-holding and the like. These initial criminal records databases are of more use to Ministries of the Interior, Home Offices and Ministries of Justice than to the police. They tend primarily to be oriented towards monitoring the progress of convicted people through the system. In so far as they are of use to the police, they do allow a constable or an investigator to check on the background of a witness or a suspect, to check whether the person has previous convictions and for what. In smaller countries such as Scotland which, although within the UK, has a separate legal and criminal justice system from that of England and Wales, it is possible to integrate police computers with the records of prosecutors, courts, prisons, probation services etc. and provide for the requirements of all participants.

It is increasingly normal, but by no means a legal requirement for systems used by police officers to incorporate a system of double check on data-base interrogation, in that the computer records both who is being checked and who is doing the checking. In some European countries, only specially qualified officers can run such checks, or officers above a certain rank. If the European Commission’s model as exemplified by IRENE, the UCLAF database is to be followed, then investigation managers will record:

• who accessed the database,
• for what purpose,
• who authorised this access,
• what data, if any, was added, or subtracted.

This will all become relevant if disclosure to the defence of relevant information remains mandatory, and will be questioned, by the defendant, as to whether evidence obtained by this process or as a consequence of this process, be admissible in court.

THE POLICE AND NON-CRIMINAL DATABASES

Data on health matters is a controversial area. Traditionally, patient consultations with doctors, like consultations with priests and other professionals, are totally confidential. However, with the advent of Hospital Trusts, impersonal regional organisations now exist and record data on everybody who passes through their doors. At present all these records are supposed to be confidential. Police access to them is on an ad hoc basis. The technology is now available to the unscrupulous to access all those records at any time, and to change them. There needs to be a clear judicial procedure spelling out under what conditions a police officer should have access to those records. This should not be via permission from a senior police officer as is the present case in the United Kingdom, with regard to telephone tapping and electronic surveillance. There might be arguments in favour of permitting police managers to make a specific enquiry via a court with regard to a medical matter. What must be resisted at all costs is the "fishing expedition". That way lies the Soviet policy of placing dissidents in mental asylums.

As drug profits spiral out of control, and international fraud becomes more and more prevalent, police services and investigators around the world need evidence from banks. Increasingly, money is moved by electronic means and not by documents. Unless the electronic movements can be traced the money cannot be pursued as it is laundered. This is a major area of international concern and one where some countries are under a great deal of pressure to allow inspection of their banking databases under specific circumstances.

There are areas of banking secrecy which are clearly unacceptable to the citizen as well as to the police. At the very least a citizen living under "popular capitalism" needs to know the nature of the risk she is taking when buying goods or financial products. A more moral citizen may even wish to know whether a company operates in accordance with accepted international standards. On the other hand, no citizen, moral or immoral would want the police to be able to inspect the details of her bank account without justifying their investigation to the courts. The same principle as elsewhere should operate. There must be reasonable grounds for interfering with privacy and there must be proper procedures so that redress for illegal acts and abuses of power can be sought. There must be respect for the right to legitimate political dissent and there must be protection from interference by government or multinational company in political activities.

The next important area where management information systems have rapidly come to exist is that of the utilization of resources. Once a command-and-control system is set up and a telephone log established, it becomes fairly simple for a police manager to study the relationship between the deployment of his or her units/officers and the patterns of crime. One of the early and obvious pieces of information that was demonstrated by such a study was that most criminal activity and public disorder tend to occur between the hours of 10 at night and 6 in the morning, whereas the police presence available, although in theory equal across all shifts, tends in fact to be lowest at that time. Similarly, Friday and Saturday night in Christian countries, and Wednesday and Thursday night in Moslem countries, tend to show higher demands on police time, although the distribution of police resources in the past has been equally spread across the week.

This is very simple stuff, but of course the danger is that the accountants that now rule the world tend to assume that police activity only consists of those aspects that can be measured. The general demand for service policing, as opposed to reactive policing, would not be shown by such a log. Similarly, the effect on public confidence of a foot patrol cannot be measured by studying the control room, which deals with reaction and response. As elsewhere there is a danger of assuming that data from a computer screen is "scientific" and objective. The police manager must beware of knee-jerk reactions to the data her computer monitor appears to show. The first thing she should try to do is to make attempts to change policies and see if this has any impact on the incident log. She needs to back up the data coming from the computer with data from human sources, both through questionnaire and through discussions with genuinely representative citizens.

Police managers need to remember that police officers have human rights too. In their own self-interest police managers need reminding that systems to protect privacy, and to ensure that data cannot be misused, are important to them, too. They themselves are the most likely targets for rogue police officers, and the newspapers are the most likely recipients of damaging information.

NETWORKS AND THEIR EFFECT ON POLICING STRUCTURES

Once the decision has been taken to introduce network access to databases, there are implications for police organisational structures. For example, what data should be held at what level of the police organisation? Marx may be unfashionable, but he was not far wrong when he argued that technological change inevitably produced changes in the relationships between workers. The introduction of a computer system is as fundamental as the introduction of a production line.

Patrol constables need access to databases that give a picture of the patterns of crime and of the demand for police officers in their territorial area. Detective and investigative officers need a different sort of system. They need access to regional and even national criminal databases which can be interrogated either on the basis of an individual criminal, a group of criminals or a type of crime. They also need data on modus operandi. At national level there are major questions for consideration. These include:

1. Should there be individual databases or a gathering of data on

individual types of crime, or should there be bases to enable

examination of the activities of particular criminal groups?

2. Does organisation at the national level need dividing into teams on

this basis and do they also need to be divided into reactive

investigation and proactive profiling and predicting?

3. Does this demand four groups and four separate databases or can the

groups be split into two: one reactive and oriented to the type of

crime, one proactive and related to the criminal group?

4. Can a single database be adequate for the needs of these different

types of team, or do we need two databases or even four?

5. Given the problem of the sheer amounts of data, how do we devise tests

for significance and how do we devise methods for weeding data?

6. How can the maximum benefit be gained from networking between databases while

minimizing the possibilities for hackers to gain access to them?

7. How big can a database be and how big should it be?

Some major enquiries need temporary databases, such as HOLMES (Home Office Major Enquiry System) which is used by the UK police. In the real world resources are limited. No police service will be allowed an infinite database. In the short term temporary databases will be preferable to permanent ones, for investigative purposes at least.

The same questions apply to the creation of the central criminal records database. Such a database may fill up with the records of the criminals convicted, yet it may be that the real need is for a database that simply shows who is wanted for questioning in connection with what and what objects are missing. This is not simply a management issue, but raises questions of proportionality and the safeguard procedures addressed later in the paper.

More research needs to be carried out into how existing databases are utilized in order to make decisions about how databases can be more efficiently organised. There is also a need to recognise the human role in turning information into intelligence. Raw data are incredibly interesting and there is a tendency to keep gathering them for their own sake, but they need to be turned into patterns to facilitate action.

The determining size of a database should be related to the ability of the investigator to use the information on it to prevent crime taking place or to arrest individuals who have perpetrated crime. There are obviously criminals who operate locally and criminals who travel all around the country and even cross borders. An investigator must be aware of the need to take decisions as to whether to alert a national or transnational database to the existence of a particular crime or criminal, or whether to keep the crime and criminal within his or her own database.

Sometimes these are management and policy questions, but we need systems where investigators can themselves make contact with each other. Both the English and the Dutch have gone for a similar system now, with a central crime intelligence service, regional crime squads and city based teams of detectives, each dealing with different levels of crime. The only thing that is unclear is what the uniformed constables' role is in investigatory terms. This in its turn relates to the question of access to databases by individuals.

ABUSES AND SAFEGUARDS

The final sections of the paper raise questions under consideration by the author and on which he would welcome comment. He would not wish to appear to have cut and dried ideas about these areas. He is in the process of discussing them both with academic colleagues and practitioners. There may be some repetition in these sections for which he apologises. It is, however, the duty of the academic to think the unthinkable, even if he can’t think it through clearly himself .

The following processes need to be considered by the manager of an investigation to prevent abuses. There need to be safeguards in place, and consideration needs to be given as to how these safeguards can themselves be abused unless investigators have a strong, internalised sense of ethics:

• Gathering data
• Sharing data
• Data Analysis [includes stereotyping and correlating things that shouldn't be correlated]
• Policy abuses: system management
• Prosecution/disclosure
• Proportionality /abuse of power

The technology of Networked services provides the opportunity to make databases accessible to individual members of police services and to members of other organisations, both in the private and public sectors. There need to be rules of procedure on what data in which databases are directly accessible under what circumstances to an individual police officer. Similarly there need to be rules of procedure for access to data held on databases by other organisations, clarifying the circumstances in which access is not legal. Geopolitical frontiers are no barrier to the networking of information. There is no clear legal framework that declares when information from another country is legally obtained via network access and when the method of obtaining it renders it legally inadmissible for court proceedings. Rules of disclosure of evidence to the defence ensures that this issue will be before the courts before too long. Indeed, British Telecom has already put a system in place of recording all requests from the police for details of calls made to or from a particular telephone number in response to a perceived need to demonstrate that a legally defensible procedure is in place and that that procedure was followed in a particular case.

A database is simply a sophisticated filing system. It replaces paper files, is easy to access, to add to, and to put away. In theory it removes the need for file clerks and saves money. In practice it requires computer operators, programmers and system managers. It is also fairly easy for determined outsiders to gain access to data - organised crime groups for example. Where a database is used by one person on one machine the issues are commonly:

• The type of information the person is allows to keep on the machine:
• The length of time they are allowed to keep that information on the machine.
• What other information they are allowed to juxtapose with that information for analytical purposes.

When a database is networked that means there are a multitude of users that have a) an ability to input information, b) an ability to abstract information, c) an ability to juxtapose information. Thus there needs to be a way of recording who has access, about what they have access, and what they have juxtaposed.

This is one level of problem where the database exists in a single organisation. New levels of complexity arise when someone from another organisation wants to access the information in somebody else's database. Here the issues are:

• Recording the reasons why a request was made to access that information.
• Recording who permitted the access of that information.
• Recording the reasons why that access was authorised, as well as all the other previous matters that need to be recorded.

When the information concerned is to be used by the police or prosecuting authorities, or the police are asking for access to data held in the database that exists for a purpose other than the recording or identification of criminal activity, other issues are raised. The abilities that make a good constable are not the same as those that make a good manager or policy maker. As to supervisors, this is a more complex question. The advent of databases further exacerbates this question, as it has to be decided at what level process scrutiny will take place.

When the police of one country require access to the database held by the police of another country, or to the database of a private organisation situated in another country, additional issues are raised:

• Compatibility of judicial systems
• Roles of police, prosecutors and judges in investigations
• The nature and admissibility of evidence
• Established legal procedures for cross-border requests
• The legal status of an electronic communication [as opposed to one on paper]

Overall there is an argument to be resolved as to the correct balance between personal privacy and personal security. The police argument is always that the innocent have nothing to fear, although a whole series of miscarriages of justice in recent years have proved that this is simply not true. It is the case that once the police have decided that someone is guilty of an offence, there are all sorts of things they can do that will make that person guilty. We have seen instances of obtaining confessions by false means, or even by force. We have seen this approach justified by the production of false forensic evidence, or at least as a result of the misinterpretation of forensic evidence by scientists who should have had higher standards. One of the dangers of networking databases is that they can become a way of giving the stereotype a false scientific basis, and therefore make it appear to be evidence rather than a supposition.

Corroboration

In any given offence there is a statistical probability that is measurable that any one individual may have committed a crime. The range of statistical probability is from zero to 100%. That someone was in a particular place, increases the probability from zero to X%. That they possessed a particular car, they further increase the probability. The danger is that a random set of factors can be turned into proof even where there is no witness evidence that a person was or was not present at the crime. The principle of corroboration becomes important here. Expert witnesses are going to battle in court over the interpretation of statistical probability

The software available to the investigator is the great demander of databases and perhaps the greatest possible threat to privacy. The danger is that the investigator presented with the possibility of using a database will fill it with every possible piece of information, just in case it turns out to be useful. In fact, a crime pattern analysis system is likely to prove of greater advantage. Once the pattern of crime and the variables with which the pattern correlates both become visible, it becomes possible to use scarce personnel resources more effectively. Time-of-day or time-of-year will obviously be a highly significant variable, but others will vary from culture to culture and will have to be discovered by analysis of the data and interview of experienced police professionals. Projection of crime patterns into the future is an important part of the policy-making process.

PROTECTION OF THE INDIVIDUAL

Privacy

There are two quite different issues to be discussed in terms of protecting the individual's rights to privacy and to dignity. One involves the conditions under which the police can keep information on an individual. The other concerns the conditions under which the police can suspend the confidential nature of data held by non-police organisations on an individual. Both should be seen as involving the usual considerations over police powers to suspend civil rights as in the case of arrest, search, crowd dispersal and telephone intercept. The principles covering police-work are not changed by new technology. Where there is a role for judicial supervision, that should remain. Where it is possible to obtain permission from a court, that process should be extended to cover personal data. Where there is an emergency and there is immediate threat to life, an officer should remain entitled to use discretion, but be accountable to the courts for the appropriate use of that discretion.

The Italian example given above, and the SIRENE and IRENE examples discussed in "Cross-border criminal databases", provide good examples of supervision within the organisation of access to information held on databases. It is not a good idea for every officer to have access to any information all the time. This can only lead to abuses. The principle that inspection of a database is an unusual action and is itself recorded, means that the officer concerned has to think about the justification for the invasion of privacy involved. Similarly, recording who interrogates what database, about whom, ensures that supervisory officers can see whether databases are being used in a trivial manner or an effective one. This in turn will allow managers to determine whether useful information is being recorded or not. A database is relatively expensive and its use needs to be justified on economic grounds.

The SIRENE and IRENE procedures are, nevertheless, both vulnerable to investigators acting in other than good faith. A system that records who accessed a particular information domain needs extra safeguards against impersonation. A good Met CID officer would expect to have all his colleagues passwords before the end of the week, and a good team would have a dummy detective identity on the list of passwords before the end of the month. Whatever the system, investigators will find a way to beat it if they think that they need evidence to identify a suspect. The only way to prevent this is a code of ethics that investigators create for themselves and that they believe is functionally as well as morally important.

In any discussion of privacy it must be remembered that crime constitutes an invasion of privacy. A rape, a violent assault, a burglary, each invade both a victim's privacy and the sense of security of a whole society. Although a citizen has a right to privacy, this right has to be balanced on occasion against the need for police officers to invade that privacy at a minor level, in order to prevent a major, criminal invasion of privacy. That this balance is struck in the appropriate manner is a matter for legislation and for politicians and judges to oversee. The police must resist claiming to be the professionals who are the only people qualified to take decisions in these areas. What society is prepared to accept changes frequently and a police service at odds with society is an ineffective service.

Proportionality

There is also the principle of proportionality to be considered. Are databases really both appropriate and proportionate as a response to a perceived problem of cross-border crime? Are they even an appropriate and proportionate response to the problem of domestic crime. If the police argument is that we need to balance security of the person against privacy, then they have to convince us of the nature of the threat. Poveda argued some years ago that the average person is at risk from the opportunist thief who passes through criminality, and most of the people who act as opportunist thieves do not remain criminals. They tend to be juveniles, they tend to offend between the ages of 18 and 24, and they tend not to be the people who appear on databases. Databases tend to deal with people whose main crimes are against commercial enterprises and against governments and the commission itself. Just as the technological assistance given by the Germans to the Poles is primarily to enable Poles to catch offenders against Germans, and not offenders against Poles, so the amount of money spent on new technology makes the police more and more the servant of government and the commercial interest, and less and less the servant of the people as a whole. The database solution can thus be argued to be both inappropriate and disproportionate.

There is a counter argument here which is that the individual citizen ends up paying the cost of organised crime. Where a commercial enterprise is the victim, they will pass on the costs to their customers. Where the state is the victim, they will pass on the cost to the citizen in higher taxes. In the case of drug-dealing there is an argument strongly made that juveniles are the victims and need to be protected before they become adult citizens who can generally take decisions about themselves and their bodies. It can be further argued that the fraudster defrauds individuals of small amounts more often than they defraud institutions of large amounts, although the total amount defrauded from institutions is far greater than the total of small amounts taken from individuals. Equally the specialist thief targets homes increasingly. The final step in the counter-argument is that even the opportunist thief is part of a pyramid controlled by organised crime. Though they may steal when presented with the opportunity, they know what to steal because they have been told by the person who fences the stolen goods what is the value of the goods and what he would prefer to be brought for re-sale. Thus the opportunist's argument is not as strong as it appears at first sight.

REDRESS PROCEDURES FOR HOLDING INCORRECT DATA, OR MISUSING IT.

An important safeguard for the individual's privacy is the right to seek redress for the misuse of information. To store false information on a computer is as libellous as to store false information in written form. It certainly has the same defamatory effect, and if no-one has yet won a case on this basis it must only be a matter of time. It may be arguable in a court of law whether false information on a computer is equivalent to spoken or written information and thus whether it is libel or slander, but a rich litigant should be able to employ lawyers to win such a case. If the police do not want to find themselves involved in civil litigation they must set up administrative rules to deal with the following questions:

a. what data may be held on an individual?

b. who can input data on an individual and how is the input

recorded?

c. how long should data be kept?

d. who should read data regularly and have the right to remove it?

e. who can have access to such data, in what circumstances, and how is

this access recorded?

f.. who is responsible for system management and rule observance?

Managers should remember that there is a tendency for data to build up and for information systems to become logjammed by excessive and irrelevant information. These procedures are not only important for the protection of human rights but contribute to the efficiency of the organisation.

In the long term, there needs to be discussion as to whether the manager of a criminal records/analysis database with networked access can properly supervise what is in effect a judicial procedure without having judicial status and responsibility. In Continental Europe, such a person can be responsible to the Ministry of Justice, rather than the Ministry of the Interior. The UK has problems here. A Detective Superintendent, whose career depends upon successful prosecution of suspects may not be the most appropriate supervisor of this process. On the other hand, police officers are more likely to discontinue an investigation on the grounds that the resources being committed are disproportionate to the results likely to be achieved. Perhaps market considerations really are more likely to produce "democratic" consequences than judicial agonising about human rights.

LEGAL SAFEGUARDS

Data Protection legislation may produce problems for various forms of police database. One essential principle has been that a citizen has the right to know what data are held about them on computer. This compelled English universities to reveal examination marks to students for the first time, compelling them also to accept a student's right to appeal against a particular result.

Where normal police records of arrest etc. are concerned, there seems to be no good reason why a citizen should not know what is held and have the right to correct it if it is incorrect. Problems arise where data is being held as part of an investigation in progress. The presence of the independent body overseeing such procedures and lay inspection of such databases, exactly like lay visitors to police stations and prisons, would certainly enhance public confidence.

There also need to be legal regulations governing the holding of information by private companies. These should be obliged to notify citizens when and where they hold data on them. They should also be subject to oversight. The recent campaign by British Airways against the entrepreneur and owner of Virgin Airlines suggests that companies are beginning to gather files on individuals and run campaigns to vilify them. There are much greater threats to privacy coming from the private sector, than from the police at present.

This needs to be backed up by a legal framework for the Press. This is not the place to begin a discussion on the balance to be achieved between the need for a free Press and the right for privacy, but the publication of data by the press is probably a greater public fear than the police keeping data on an individual. Public exposure raises greater fear than police investigation.

BY WAY OF A CONCLUSION: MOVING TOWARDS DISTRIBUTIVE JUSTICE BY CREATING DIFFERENTIAL CLASSES OF CITIZENS UNDER SUSPICION

This paper represents work in progress. This is not really a conclusion, more a set of other ideas that are being integrated into the author’s work. Given that this is a course about co-operation between police and judicial authorities, the following paragraphs deal with subjects that either already, or soon may be expected to cause anxiety to citizens in general.

Where organised crime is concerned, be it drug trafficking, trade in people, terrorism, fraud or simply specialised theft, it is often the case that police officers have identified individuals as being engaged in organised crime, but are not certain what particular crime they are engaged in. They therefore look for their contacts and their movements in order to build up a picture of crime about to be committed, or being committed. To be identified as involved in the pursuit of organised crime is to lose the right of privacy therefore. To be deprived of rights should not be a decision for a judge. Even an prosecutor/procurator should not be able to take that decision. Thus a police database must be in some way supervised by the judicial authority. A domain manager is in effect taking judicial decisions and should have judicial training. This is to some extent being recognised as both Belgium and the Netherlands have recently created a legal framework for "proactive policing" as van Kamp informed the course in his presentation.

"Organised crime" as a concept is in effect creating a system of different classes of citizenship by default. In the UK, a senior police officer has rights to permit invasion of privacy that in the rest of Europe are the proper province of a Judge or Prosecutor. If an individual is "suspected of involvement in serious crime", then surveillance both human and electronic can be mounted and data gathered and held indefinitely. This constitutes the deprivation of a citizen of rights without recourse to judicial process. Opening a file on an individual as part of an investigation and enabling networked access to that file involves changing the status of a citizen. Keeping records of crime committed where the individual has been found guilty by a court is perfectly legitimate. To open a database for an investigation and keep information on interview and other matters is legitimate. What is not clear is the legal basis for making information about matters and individuals under investigation available to other investigators working on other cases. Networking makes this possible and, indeed, relatively easy. Investigating "organised crime" increasingly involves comparison and juxtaposition of apparently unrelated activity. Without hands-on judicial supervision of these processes, there is a danger of returning to security services style information gathering in the name of a new form of "national security"

Another category of sub-citizen is being created where an individual is a convicted paedophile or sex offender. After punishment, they are not restored to full civil rights, but are kept on a networked computer database [a "register"] and must register with the police when they move to an area. Is the same procedure in effect followed with regard to an "organised crime" suspect?

The right to privacy seems to have become a variable right, depending on how suspicious a police officer is of a citizen's actions and what offence is deemed by the officer to be contemplated by the citizen and his associates. It can also be varied by appearing on a networked database. Is there no principle in the European Convention on Human Rights that rights can only be suspended by judicial procedure? And could not such a principle be applied to Press and visual media intrusion into personal privacy?

Can there be protection against the investigator using the network database to reinforce what is a stereotypical approach rather than a genuine investigation ["round up the usual suspects!". " Who are the usual suspects sarge?" "I dunno lad, who does the computer say usually does this sort of thing?"] The point must come where the defence will demand the right to run a similar analysis on the same databases and see if they could come up with equally likely individuals by running the same sort of software. This is really no different from demanding that one's own experts examine the scientific evidence as well as those of the forensic science laboratory or from cross-examining the computer. What new issues of privacy does that raise? Will the jury have VDUs on which they can follow the re-examination of the evidence?

Ownership and disclosure:

There is a whole area for lawyers to consider with regard to ownership of data on a database, public or private. If it's about me, why isn't it mine? This precedes coming court disputes over the conditions under which it can be disclosed. Finally there will be attempts to relate admissibility to the existence of systems providing safeguards that data cannot be misused, even by solicitors for the defence?

Database analysis as evidence

So is database analysis submissible as evidence, either by prosecution or defence? If so what sort of evidence is it? Should it be treated as circumstantial evidence requiring corroboration, or should it be treated as a DNA-style statement of probability? Should the fact that it has been done be disclosed and what rights do the defence have in relation to it? Do they have the right to see the asset trails of the investigator? Does the prosecution have the right to present the evidence of the links between transactions on-screen in court, or must each individual transaction be proved?

The question of privatisation of information technology services to the police increasingly has to be faced, especially given the amounts of money required to run and set up databases. In The Guardian on October 4th 1995 there was a review of the report of the UN Human Rights Committee on the UK. The tenth point taken from the report by The Guardian goes as follows:

'The privatisation of core state activities "which involve the use of force and detention of persons" weakens the protection of Covenant rights.' (This is the International Covenant on Political and Civil Rights, to which Britain was a founding signatory in 1976.) The Committee stresses that the UK government remains responsible in all circumstances for the observance of those rights. Jurists from 18 countries, including the UK, thus gave notice to all legal systems and all criminal justice systems that privatisation does not absolve the state from responsibility to ensure that human rights are observed. These rights will of course include, as already discussed , the right to privacy.

Space precludes the discussion these questions require, but if privatisation takes place, or in any case that involves police access to private sector databases:

Are there any circumstances under which police can breach client

confidentiality where such records are concerned? If so, with what

safeguards, and what redress is there for the citizen if the data are

incorrect or are misused? What redress might there be if a corrupt police officer were to

commercial information with a competitor?

This final raising of the lid of Pandora's Box yet again raises those issues of constitutionality, judicial supervision and administrative law frameworks, that this author has examined in previous articles.