Incident: Failure to Notify EU Member States of UK Criminal Convictions

Published Date: 2021-03-02

Postmortem Analysis
Timeline 1. The software failure incident happened at least six years ago as it was first discovered within Whitehall at least six years ago [112011]. 2. The article was published on 2021-03-02. 3. Estimation: The incident occurred around 2015-2016.
System 1. Police National Computer (PNC) - The database used by law enforcement organizations across the UK operated by the Home Office, which generates daily files of the latest updates on convictions [112011]. 2. Acro Criminal Records Office - The UK body responsible for international police data sharing, legally obliged under EU law to alert police in convicted criminals’ home country [112011].
Responsible Organization 1. The software failure incident was caused by the Police National Computer, a database used by law enforcement organizations across the UK operated by the Home Office, which generated daily files of the latest updates on convictions [112011]. 2. The failure to comply with EU law and notify member states was due to errors in the system, including issues with missing fingerprints, dual nationality, and incorrect country submissions, which led to a failure to notify EU member states of criminal convictions [112011].
Impacted Organization 1. Criminals’ home EU countries [112011] 2. UK police forces 3. EU member states
Software Causes 1. Failure to comply with EU law and notify member states due to a catastrophic computer error [112011] 2. Errors in the system leading to a failure to notify, including issues with dual EU nationals and missing fingerprints in the records [112011] 3. Daily activity files (DAFs) not being created as intended, leading to suppression of around 30% of DAFs [112011] 4. Files not being created when offenders were recorded as coming from certain small current and historic countries [112011] 5. Delay in implementing a detailed "change request" to correct the DAF software [112011]
Non-software Causes 1. Lack of compliance with EU law and notification to member states despite the issue being discovered within Whitehall at least six years ago [112011]. 2. Concerns about the "reputational impact" on Britain led to the failure to act upon a provisional plan to update the notifications [112011]. 3. Errors in the system, such as missing fingerprints in records and erroneous submissions of nationality, contributed to the failure to notify member states [112011]. 4. Delays in correcting the Daily Activity Files (DAFs) software despite a detailed change request being sent to the Home Office in January 2017 [112011]. 5. Nervousness from the Home Office about sending historical notifications dating back to 2012 due to potential reputational impact [112011].
Impacts 1. Failure to notify EU member states of 112,490 criminal convictions over an eight-year period due to a catastrophic computer error, potentially putting lives at risk [Article 112011]. 2. Lack of notification included serious cases such as aggravated intentional killing, aggravated rape, intentional killing, rape of a minor, unintentional killing, and other offenses, with 109 convicted killers and 81 rapists not being reported to the relevant EU capitals [Article 112011]. 3. Embarrassment for UK police forces as they lost access to EU databases due to Brexit and were relying on goodwill for continued cooperation on information sharing [Article 112011]. 4. Concerns raised about the UK's compliance with EU law and data-sharing arrangements, impacting security and trust between the UK and EU [Article 112011]. 5. Damage to the reputation of British policing due to the failure and subsequent cover-up by the Home Office in notifying other European countries of individuals convicted of serious offenses [Article 112011].
Preventions 1. Regular system audits and quality checks to identify and address any issues in the software system before they escalate [112011]. 2. Timely implementation of the provisional plan to update the system that was drawn up by the Criminal Records Office six years ago [112011]. 3. Prompt action on the warnings and change requests raised by officials within the Home Office and Acro to correct the software issues [112011]. 4. Ensuring proper data entry protocols to prevent errors such as missing fingerprints or incorrect nationality information that led to the failure to notify EU member states [112011].
Fixes 1. Implementing a detailed "change request" to correct the DAF software to ensure the generation of daily activity files (DAFs) for all relevant cases [Article 112011]. 2. Allocating significant funds and resources to process the missing records and engage with Home Office colleagues to address the issue at a senior level [Article 112011]. 3. Ensuring that the police national computer accurately records and generates daily files of the latest updates on convictions, especially for cases involving foreign offenders or individuals with dual nationality [Article 112011].
References 1. The Guardian [112011]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization, multiple_organization (a) The software failure incident related to the failure to notify EU member states of criminal convictions in the UK courts due to a massive computer error and subsequent cover-up has happened again within the same organization, specifically the Home Office. The article mentions that officials realized there was a serious problem in the system six years ago, and a detailed "change request" to correct the software was sent to the Home Office in January 2017 but was delayed [112011]. (b) The software failure incident related to the failure to notify EU member states of criminal convictions in the UK courts due to a massive computer error and subsequent cover-up has also happened at other organizations. The article mentions that the scandal raised questions over whether the UK would abide by the security and data-sharing arrangements agreed in the Brexit deal, indicating potential issues beyond just the Home Office [112011].
Phase (Design/Operation) design, operation (a) The software failure incident related to the design phase: The failure to comply with EU law and notify member states about criminal convictions was first discovered within Whitehall at least six years ago, and a provisional plan to update them had been drawn up by the Criminal Records Office. However, it was not acted upon amid concerns about the "reputational impact" on Britain [112011]. Officials noted in 2015 that the system was prone to errors, with several convicted criminals recorded as coming from a tiny atoll in the Pacific Ocean known as Wake Island when they actually lived in Wakefield, West Yorkshire. This indicates design flaws in the system that led to incorrect data entry [112011]. (b) The software failure incident related to the operation phase: The problem was caused by the police national computer, a database used by law enforcement organizations across the UK operated by the Home Office, which generates daily files of the latest updates on convictions. The issue arose when no fingerprints were recorded or when the offender had dual nationality, leading to the suppression of around 30% of daily activity files (DAFs) [112011]. Police continued to raise the issue with the government, but it was kept from European law enforcement agencies despite the legal obligation upon them. There was nervousness from the Home Office around sending historical notifications out dating back to 2012 due to the reputational impact this could have, indicating operational challenges in addressing the software failure incident [112011].
Boundary (Internal/External) within_system, outside_system (a) within_system: The software failure incident related to the failure to pass on criminal convictions to EU member states was primarily due to contributing factors originating from within the system. The failure was attributed to a catastrophic computer error within the police national computer, a database operated by the Home Office, which led to the failure to generate daily activity files (DAFs) containing updates on convictions. This issue was exacerbated by errors such as missing fingerprints in records and inaccuracies in nationality information [112011]. (b) outside_system: While the software failure incident was primarily caused by internal system errors, external factors such as concerns about the "reputational impact" on Britain and nervousness from the Home Office about sending historical notifications also played a role in the delay in addressing the issue. Additionally, the incident had implications for data-sharing arrangements between the UK and EU post-Brexit, raising questions about the UK's commitment to security and data-sharing agreements [112011].
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident in this case was primarily due to non-human actions, specifically a catastrophic computer error that led to the failure to send criminal conviction notifications to EU member states. The failure was a result of issues within the police national computer system operated by the Home Office, which failed to generate daily files of updates on convictions when certain conditions were not met, such as missing fingerprints or dual nationality of offenders [112011]. (b) Human actions also played a role in this software failure incident. The failure to comply with EU law and notify member states was first discovered within Whitehall at least six years ago, but a provisional plan to update them was not acted upon due to concerns about the "reputational impact" on Britain. Additionally, there were delays in implementing necessary changes to the software despite detailed change requests being sent to the Home Office, and nervousness from the Home Office about sending historical notifications due to potential reputational impact [112011].
Dimension (Hardware/Software) software (a) The software failure incident in the news articles was not directly attributed to hardware issues. The failure was primarily due to a catastrophic computer error within the police national computer system operated by the Home Office, which led to the failure to pass on criminal convictions to EU member states [112011]. (b) The software failure incident was primarily attributed to contributing factors originating in software. The failure was caused by errors in the police national computer system, which failed to generate daily activity files (DAFs) as intended, leading to the suppression of around 30% of DAFs. Additionally, the system had issues when no fingerprints were recorded or when the offender had dual nationality, resulting in files not being generated as required by EU law. There were also instances of errors in recording criminals' origins, such as individuals being mistakenly associated with locations like the Pitcairn Islands or Wake Island instead of their actual locations [112011].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident described in the articles appears to be non-malicious in nature. The failure was primarily attributed to a catastrophic computer error, system errors, and a series of other errors in the system that led to a failure to notify EU member states about criminal convictions [112011]. There is no indication in the articles that the failure was due to malicious intent or actions by individuals seeking to harm the system.
Intent (Poor/Accidental Decisions) poor_decisions, accidental_decisions (a) The software failure incident related to the failure to pass on criminal convictions to EU member states was primarily due to poor decisions made within the UK government. The failure to comply with EU law and notify member states was first discovered at least six years ago, but a provisional plan to update them was not acted upon due to concerns about the "reputational impact" on Britain [112011]. Additionally, there were delays in implementing necessary changes to the software despite warnings and reports highlighting the issue [112011]. (b) The software failure incident also involved accidental decisions or mistakes contributing to the failure. For example, errors in the system led to notifications not being sent, such as individuals being erroneously submitted as coming from different locations or missing fingerprints from records [112011]. Additionally, the software failed to generate daily activity files as intended, leading to a significant number of records not being passed on to EU member states [112011].
Capability (Incompetence/Accidental) development_incompetence, accidental (a) The software failure incident in Article 112011 occurred due to development incompetence. The failure to comply with EU law and notify member states about criminal convictions was first discovered within Whitehall at least six years ago, and a provisional plan to update them had been drawn up at that time by the Criminal Records Office. However, it was not acted upon amid concerns about the "reputational impact" on Britain [112011]. (b) The software failure incident in Article 112011 also involved accidental factors. The failure to notify EU member states of criminal convictions was due to errors in the system, such as missing fingerprints in records, errors in nationality recording, and issues with the database used by law enforcement organizations across the UK. These accidental factors contributed to the failure to generate daily activity files (DAFs) and suppress a significant number of notifications [112011].
Duration temporary The software failure incident described in the articles can be categorized as a temporary failure. The failure to comply with EU law and notify member states about criminal convictions was first discovered within Whitehall at least six years ago, and a provisional plan to update them had been drawn up at that time by the Criminal Records Office. However, it was not acted upon amid concerns about the "reputational impact" on Britain [112011]. Additionally, a detailed "change request" to correct the software issue was sent to the Home Office in January 2017, but it was delayed [112011]. This indicates that the failure was not permanent but rather temporary, as efforts were made to address and correct the issue, although there were delays in implementing the necessary changes.
Behaviour crash, omission, timing, value, other (a) crash: The software failure incident in the news article can be categorized as a crash. The system lost state and failed to perform its intended functions, leading to the failure to notify EU member states of criminal convictions [112011]. (b) omission: The software failure incident can also be categorized as an omission. The system omitted to perform its intended functions of notifying member states of criminal convictions, resulting in a significant number of convictions not being passed on [112011]. (c) timing: The software failure incident can be related to timing as well. The system failed to perform its intended functions in a timely manner, with notifications of criminal convictions being belatedly made after a significant delay [112011]. (d) value: The software failure incident can be linked to a failure in value. The system performed its intended functions incorrectly by not sending notifications of criminal convictions to EU member states as required by law, leading to serious consequences and potential risks [112011]. (e) byzantine: The software failure incident does not align with a byzantine failure, which involves inconsistent responses and interactions. The failure in this case was more related to a lack of proper notification rather than erratic or inconsistent behavior [112011]. (f) other: The software failure incident can be described as a failure due to negligence or lack of prioritization. Despite the system being aware of the issue for several years, action was not taken promptly to rectify the problem, leading to a significant backlog of unnotified criminal convictions [112011].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, delay, theoretical_consequence (a) death: The software failure incident did not directly result in any deaths as per the articles [112011]. (b) harm: The software failure incident did not directly result in physical harm to individuals as per the articles [112011]. (c) basic: The software failure incident did not impact people's access to food or shelter as per the articles [112011]. (d) property: The software failure incident did impact individuals' data as criminal convictions were not passed on to relevant EU countries, potentially affecting the safety of those countries [112011]. (e) delay: The software failure incident did cause delays in notifying EU member states about criminal convictions, with notifications being belatedly made [112011]. (f) non-human: There is no mention of non-human entities being directly impacted by the software failure incident in the articles [112011]. (g) no_consequence: There were real observed consequences of the software failure incident, particularly in terms of failing to notify EU member states about criminal convictions [112011]. (h) theoretical_consequence: There were potential consequences discussed, such as the risk to lives and the embarrassment caused by the failure to comply with EU law and notify member states [112011]. (i) other: There are no other consequences described in the articles beyond those mentioned in options (a) to (h) [112011].
Domain government The failed system in the reported incident was related to the government sector. The software failure incident involved a catastrophic computer error within the UK Criminal Records Office, which led to the failure to pass on criminal convictions to the relevant EU member states [112011]. The system in question was responsible for managing criminal records and sharing information with law enforcement agencies across the UK and EU member states.

Sources

Back to List