HomeTech NewsDatabase retrievals contrary to instructions: Berlin police investigate in their own ranks

Database retrievals contrary to instructions: Berlin police investigate in their own ranks

During regular checks, the Berlin police found irregularities in queries made by 83 officers in their central IT system, Poliks.

The Berlin police never stay out of the headlines when dealing with their state system for information, communication and processing (Poliks). During “regular checks” “violations of an internal directive for queries” were found, the police authority said on Friday. 83 of the more than 20,000 authorized users “repeatedly failed to comply with the specifications for the free text additions to the reason for the query”.

“This is not directly related to the legality of the query, but is ‘only’ a violation of internal instructions,” said the Berlin police. In all cases, official or disciplinary investigations were therefore initiated. As part of this, the responsible law enforcement officers now also checked whether and to what extent the queries were legal and whether data protection violations actually existed.

The handling of personal information requires “a high level of data security and responsible handling,” said the authority. The company’s own employees would therefore not only have to meet the “basic access requirements” for access to Poliks. They are also required “to name the reason and a free text supplement in advance of each query”. This serves to check the plausibility and a quick traceability of the access. All those entitled have been repeatedly informed and made aware of this.

The former Berlin data protection officer Maja Smoltczyk had already complained in her 2018 activity report that access to Poliks was repeatedly misused to “spy on friends, family, neighbors or third parties and their living conditions”. The supervisory authority has therefore initiated several criminal complaints and fine proceedings. The cases at hand only concerned unauthorized access to the database by police officers themselves.

In 2019, Smoltczyk complained that there was generally no regular access control at Poliks, but “only a random and, in our view, insufficient review” of the queries made by police officers by superiors. Access to the IT system was also insufficiently logged: ” General keywords such as ‘processing’ or ‘other reason’ were sufficient for the query”. According to the inspector, any characters could be inserted in the relevant supplementary field, such as “xxx”.

At the same time, Smoltczyk complained that law enforcement officers had not deleted any entries in the extensive database since June 2013, thereby violating storage requirements. This not only affected information on suspects, accused and criminals, but also on other participants such as witnesses or victims. In 2020, the data protection officer formally complained that the police, contrary to their duty, were not helping to check abusive access to policies. In such a case, it is said to have been right-wing extremist death threats.

Depending on their authorization, Poliks users also have access to the national police system Inpol and up to 130 other databases after their authentication at the “multifunctional workplace” (MAP). In the central information system Inpol-Z, which the Federal Criminal Police Office (BKA) operates, millions of facial images and fingerprints of the accused and suspects are stored, among other things. Not everything is going right there either, as evidenced by a test report issued by the Federal Data Protection Commissioner Ulrich Kelber in response to a statement on freedom of information.

During a control visit to the BKA, Kelber’s team found at least three cases in which data from those affected was stored without the legally required “prognosis decision”. Instead, the officials only entered “the copy of the pure wording of the law in a free text field”. The inspector therefore suggested examining whether it was “a fundamental problem in the BKA”. Even with an additional data field, with which police authorities in some countries can mark their “co-ownership” of identification data, there were “incorrect applications across participants”. Inpol is also used for administrative offenses, although investigators are only allowed to enter personal data relating to criminal offenses.


(tw)

Latest articles

What are the best smartphones tested by Voonze in September 2024?

Here is our selection of the best smartphones in 2024, all tested and validated...

Nvidia GeForce Now in September 2024: the start of the school year promises to be fantastic with Final Fantasy XVI and Age of Mythology

In this rainy back-to-school season, Nvidia unveils the list of games that will join...

More like this