Troubling security flaws within the B.C. government’s justice computer system have prompted the auditor general to probe the province’s massive police computer database.
Auditor general John Doyle said he has started gathering information on the PRIME B.C. computer system, which shares millions of police files, criminal records, aliases and other sensitive data between municipal police departments and RCMP detachments.
The move comes in the wake of an audit this week in which Doyle found lax security in the JUSTIN computer system, which shares confidential court information such as prosecutors’ reports, witness statements, victim contact information and police investigative material.
Doyle found the JUSTIN system could be penetrated easily by attackers, had too many users with unnecessary access and used no tracking system to identify who had viewed files and whether information was inappropriately copied.
“I’m seriously looking at whether or not there’s further work we need to do” on other law enforcement databases, Doyle said.
That would include how they provide “access to information within the system for a purpose other than the conduct of justice operations,” Doyle said.
“We’ve been in contact with PRIME and advised them we would like to look at the system.”
Doyle is in the pre-planning stages of an audit, but he noted PRIME’s responses have been slow, and “the defences are going up.”
PRIME — the Police Records Information Management Environment — started as a pilot project in 2001 and has since expanded to almost all of B.C.’s municipal police departments and RCMP detachments, which pay user fees.
The system reportedly contains more than four million names, with information from police reports, suspicious activities, 911 calls and individual contact with police officers.
PRIME’s vast reach has concerned privacy advocates, who worry millions of people logged in the system could, without their knowledge, be recorded as having “negative contact” with police — even if they’ve done nothing wrong and have been accused of no crimes.
“They’ve got 85 per cent of the population in this database, and people have no idea what information about them is contained in the database,” said Josh Paterson, executive director of the B.C. Civil Liberties Association.
“It’s not entirely clear how that data is being used,” he said. “This is the kind of information that can prevent people from getting jobs.”
An investigation by Doyle would be “an excellent idea,” Paterson said.
Privacy commissioner Elizabeth Denham is working on a “best practices” guide for private employers who use PRIME to run police information checks on employees or job applicants.
Police and the B.C. government have repeatedly praised PRIME for its ability to instantly share information with B.C. police forces, dispatchers and officers on patrol using laptop computers.
They say it gives investigators the most recent information about suspects and witnesses during fast-moving and complex investigations, and can also be used to generate crime trends and statistics.
PRIMECorp — the private business entity that runs PRIME with representatives from police and the province — is in discussions with the auditor general about the anticipated audit, said Insp. Bob Gehl, a Victoria police officer seconded to PRIME as its director of business applications.
“PRIMECorp looks forward to working collaboratively with the auditor general’s office on this important initiative,” Gehl said in a statement.
Justice Minister Shirley Bond said she understands PRIMECorp is working to ensure it is transparent and accountable during the audit.
NDP critic Leonard Krog said he thinks PRIME is an excellent topic for Doyle to examine, given the serious concerns raised by the JUSTIN audit.
