Investigation into Victoria Police's Management of the Law … · 2016-07-14 · My investigation found that the auditing of LEAP was a resource intensive and costly process often

Investigation into VictoriaPolice's Management of

the Law EnforcementAssistance Program (LEAP)

Office of Police Integrity

Victoria

March 2005

Investigation into Victoria Police’sManagement of the Law Enforcement

Assistance Program (LEAP)

Report of Director, Police IntegrityMarch 2005

Report of the Director, Police Integrity Victoria Police LEAP Program

1

EXECUTIVE SUMMARY I commenced an own motion investigation into Victoria Police’s Law Enforcement Assistance Program (LEAP) as a result of expressions of concern to my offi ce; a review of complaints; and criticisms made about LEAP in the media. A number of the complaints related to Police and public servants improperly accessing and in some instances disclosing information held on LEAP. The investigation included examining previous reviews of LEAP; interviewing a number of witnesses; and reviewing how identifi ed breaches of policy were dealt with.

My investigation found that the auditing of LEAP was a resource intensive and costly process often taking inordinate time, with little outcome. It also found a culture within Victoria Police which suggested that data on LEAP was “owned” by Victoria Police rather than recognising the need to manage and protect the information.

Previous reviews of LEAP found shortcomings in the system. This included a review conducted by the Victorian Auditor-General’s offi ce in 1996 which identifi ed that Victoria Police does not have ownership of the computer software which drives the LEAP system. Subsequent reviews conducted in 2003 identifi ed a range of issues warranting improvements to LEAP. For example a review in August 2003 by an external provider to undertake a gap analysis of Victoria Police information technology infrastructure, reported that there was an inconsistent approach to data classifi cation and management across Victoria Police.

My investigation identifi ed that there are numerous databases in use within Victoria Police in addition to LEAP. For example there are at least 200 separate intelligence databases and a reported 50 different roster systems. In addition the recent step to establish a mobile data network (MDN) in police vehicles is introducing Victoria Police to 21st Century technology. This excellent initiative runs the risk of being discredited as it relies on LEAP as the underlying platform.

While overall I found a strong commitment within Victoria Police to improve its information technology systems it is clear that without the immediate replacement of LEAP as the Force-wide computer based information system there is the serious risk of the system’s continuing vulnerability to improper accessing and release of data.


2

I have made a number of recommendations in this regard including:

• The replacement of LEAP with a Force-wide computer based information system;

• The introduction of a specifi c discipline regulation for unauthorised accessing of Victoria Police information;

• The need for a more proactive approach to dealing with breaches recognising that to improperly access and/or release information warrants strong discipline action; and

• That the capacity to identify individual users who access LEAP through interface applications be immediately facilitated.

In addition, Victoria Police should maintain a policy of ongoing random and targeted audits of access to each of its information systems with a view to identifying and pursuing unauthorised access and inappropriate use of information. Victoria Police should also provide its Ethical Standards Department with an enhanced computer based system, preferably as a partitioned component of the LEAP replacement, that has the capacity to provide case management, case tracking and trend analysis and monitoring.

Finally, I believe this is an opportunity for Victoria Police to wipe the slate clean by encouraging offi cers and staff to come forward and report to their supervisors any inappropriate accessing of LEAP, without penalty, before the introduction of a fi rm and clear policy on improper accessing and/or release of information. This leniency would not apply where such conduct was for fi nancial reward or personal gain.

The Chief Commissioner has conceded that the technology surrounding LEAP is outdated. However, she points out that substantial funding is required to change this and that it is for the government to determine what would be appropriate to commit to the enhancement or replacement of LEAP.


3

INTRODUCTION Legislative Framework

Under the Police Regulation Act 1958 (the Act) the Director, Police Integrity is authorised to conduct an investigation in respect of any matter that is relevant to the achievement of his objects (as defi ned in the Act), including an investigation into the ‘policies, practices or procedures’ of the Victoria Police Force, or the failure of those policies, practices or procedures.

After completing the investigation, I may make a written report on the results of the investigation to any one or more of: the Chief Commissioner, the Minister, the Premier and in the report, may request the taking of any action I consider should be taken. I have decided to make this written report to each of the above and request that the action outlined in the recommendations be taken.

Objectives - Own Motion Investigation

As a result of expressions of concern to my offi ce; a review of documents; and media commentary, I became aware of complaints that raised both specifi c and general issues regarding Victoria Police members accessing and making use of information contained on the ‘Law Enforcement Assistance Program’ (LEAP). A number of complaints related to police and public servants improperly accessing, and in some instances disclosing, information held on LEAP to unauthorised persons. The circumstances surrounding several complaints suggested that instances of unauthorised access and release of information may have been recurring, in part, because of defective Victoria Police policy, practices and procedures relating to LEAP.

For clarity, I regard ‘policy’ as a statement of belief and direction which ensures staff understand and discharge their duties in accordance with clear instructions. In the context of my investigation, ‘procedures’ should document the implementation of LEAP policy and describe steps to be followed by members and unsworn employees to ensure consistent and proper ‘practices’ are applied across the organisation.

I was concerned that pursuing individual complaints on a case-by-case basis may not have been proving effective in addressing underlying


4

causes nor engendering the appropriate level of public confi dence in control of access to LEAP. My interest extended to better understanding the culture within Victoria Police regarding security of information, the police perception of who ‘owned’ the information recorded on LEAP and how police regarded access to, use of and disclosure of personal details and information.

I was especially mindful of ongoing adverse media, political and public interest concerning LEAP. In my view this is causing widespread concern regarding the capacity of Victoria Police to adequately manage its responsibilities. Such concern impacts on the integrity of public administration. My objectives, under the Act, include ensuring that the highest ethical and professional standards are maintained in Victoria Police and that police corruption and serious misconduct is detected, investigated and prevented.

Following my decision to conduct this own motion investigation, as permitted by the Act, I gave written notice of my intention to the Minister and the Chief Commissioner on 2 December 2004.

The objectives of my own motion investigation were to identify:

• If Victoria Police has in place adequate and well understood policy regarding LEAP;

• Whether practices and procedures aligned with that policy and brought the necessary professional standards to bear; and

• To what extent, if any, Victoria Police policy, practices and procedures relating to LEAP may be failing.


5

BACKGROUND Previous complaint investigation outcomes

My investigation included a review of a number of complaints concerning access to and use of information from LEAP which had been investigated separately. Some investigations appear to have been terminated without what I regard as a full and complete enquiry. I also noted that over time penalties for unauthorised access and release of information had been, in my view inconsistent and surprisingly lenient. Annexure C and Annexure D contain case examples. Further comments in this regard appear later in this Report.

Previous reviews

Over the past decade strategies have been developed by Victoria Police to enhance LEAP, modify policy and adjust practices and procedures to ensure that the Force is better placed regarding the security of information. Yet essentially the same issues regarding access, inadequate capacity to audit and the potential for misuse of information continue to arise.

In 1996, the Victorian Auditor-General’s Offi ce published fi ndings after a review of LEAP (Special Report No.46). The Auditor-General’s fi ndings included the following:

• A number of critical problems associated with the implementation and use of the LEAP system continue to undermine realisation of the system’s full potential. These problems have been identifi ed and reaffi rmed by various internal reviews of LEAP over a lengthy period and include matters relating to training, user friendliness of the system, number of computer terminals, usage levels of LEAP, data integrity and ineffi cient data entry practices;

• Defi ciencies in the Victoria Police’s strategic planning and management of the LEAP system reveal that LEAP has continued to develop without clear direction and proper management control;

• Audit estimates that the cost of the development, implementation and fi rst full fi nancial year of operation of the LEAP system amounted to approximately $50 million; and


6

• Victoria Police does not have ownership of the computer software which drives the LEAP system, but does have a non-transferable and non-exclusive licence to use the software in perpetuity. The licence cost the Victoria Police $2.2 million and has locked it into using the one external contractor for software support activities.

While the current Chief Commissioner ought not be held to account for decisions made over a decade ago, the police executive team and members continue to grapple with the outcome of action taken in the late 1980’s and early 1990’s. Although the Auditor-General closely scrutinised the effectiveness, effi ciency and costs associated with LEAP, issues relating to access control, information security and use/misuse of information were not included in that review.

During August 2003 Victoria Police commissioned an external provider, 90East, to undertake a gap analysis of its information technology infrastructure and develop a costed, integrated security strategy. The review identifi ed the need for eight core projects at an estimated cost of $12 million. Leaving aside specifi c fi ndings that if made public may impact on security, and confi ning the issues to those most relevant to my investigation, the 90East review identifi ed:

• Contracts with service providers did not contain specifi c agreements for security management;

• There was no consistent approach to data classifi cation and management across Victoria Police; and

• User activity monitoring was inadequate and not supported by policy and operational doctrine.

An internal review was conducted in 2003. On 3 December 2003 the Victoria Police ‘LEAP Access Task Force’ (the Task Force) reported its fi ndings and recommendations. The Task Force was established to identify improvements to policy and practices concerning LEAP data following community and political concern about the police use of confi dential information. Recommendations made by the Task Force led to a wider police review of systems and development of a business case for consideration by Government. A number of Task Force recommendations relate to access control to LEAP, audit and accountabilities. As part of my own motion investigation I have taken advice from Victoria Police regarding the status of each recommendation. The Task Force recommendations are set out at Annexure B.


7

The LEAP audit process

I understand that the audit process is not actually part of the LEAP system. Audit is provided by software produced from the system that predated LEAP. Basically every transaction on a day-to-day basis is downloaded from LEAP to a tape system administered by IBM. This produces a large volume of data, stored at a central repository.

The audit data can be searched on a month by month basis to reproduce each screen that matches a given search parameter, also known as a search ‘string’. The complexity of the audit process is caused, in large part, by the volume of material that must be searched. The data from each archived period is reloaded onto the system manually and search parameters for each monthly search must then be individually entered by an operator. Once stored as readable text fi les it is possible for investigators to examine names, similar names and other features in order to identify instances of individual access that require further examination. This then requires extensive examination so that a judgment can be made regarding authority to access and relevance to duty. Secondary audits to access information viewed during a LEAP session or on or about the same time/date require this convoluted procedure to be repeated.

This complex process refl ects an approach to systems audit in use twenty years ago. Today’s technology provides same day, if not real time tracking of user access and a suite of analytical tools. Where the system owner is a police agency, management is then more accountable and better informed regarding access to confi dential information. Investigators are better placed to gather information, resulting in more timely and effective investigation outcomes and, importantly, the ability to generate quality evidence for presentation before a Court or disciplinary tribunal.

The present capacity to undertake random and specifi c audits of LEAP is problematic, costly and resource intensive. The delay in determining the outcome of an audit and reliance on the recollection of the person involved regarding the reason for access does little to assist the presentation of evidence before a formal tribunal, when required. The need to audit access to each information system used by Victoria Police will continue to arise. A commitment to random and selective audits should be ingrained in Force philosophy.


8

Recommendation 1: That Victoria Police maintains a policy of ongoing random and targeted audits of access to each of its information systems, with a view to identifying and pursuing unauthorised access and inappropriate use of information.


9

OWN MOTION INVESTIGATION In the course of my investigation I interviewed and consulted a number of people to broaden my understanding of LEAP and better appreciate the practical problems faced by Victoria Police regarding LEAP access. These included members of the Force, contractors and others. I thank each person for their cooperation and frankness. A number of suggestions made by interviewees have been taken up in my recommendations.

The LEAP system in 2005 - asset or liability?

Before turning to the specifi cs of my own motion investigation, it is useful to refl ect on the history of LEAP and extent to which it now provides basic security and other features required by Victoria Police. LEAP was the culmination of developmental activity commenced in 1985. During 1992, the Force executive approved the implementation of the system in all police districts. The Victoria wide rollout of computer operations deployed 5300 personal computers, 200 servers and a standard operating environment at more than 500 locations.

The contract for the delivery of ‘Technology and Information Services to Victoria Police’ was awarded to IBM Australia Limited to run for an initial 5 years with 2 additional 1 year options. It was due for renewal in 2004 and is currently under review. IBM has been operating and supporting mainframes, mid range servers, desktop equipment (PCs, printers, scanners etc) and the wide and local area network. Provision of software, system administration, security administration and applications support were included in the contract.

LEAP is the primary mainframe corporate application and information system utilised by Victoria Police. It is used to record crime incidents and personal particulars and captures a range of information including details of lost and stolen property and vehicles of interest to law enforcement. LEAP provides an online interface to internal and external systems to facilitate name, vehicle and place searches. It is also used in relation to fi ngerprint classifi cations, case management and intelligence collation. Access to LEAP peaks at around 350,000 transactions daily and the system is linked to over 5,000 terminals 24 hours per day. The system is extensively used in support of operational policing and as a resource to provide management data.


10

Information stored on LEAP is, in large part, sensitive and personal. It must be protected against unauthorised access by effective policy, procedures and appropriate technology - to the satisfaction of Victoria Police, its law enforcement partners and other stakeholders. Integration of information security principles into all Victoria Police information systems must be mandatory.

The Victoria Police ‘IT&T Strategic Plan 2003/04 - 2007/08’ published in August 2003 outlines the results of an operational and performance review of current information systems, which revealed the following:

• Incompatible systems;

• Impeded information sharing;

• Application gaps and functional overlaps;

• Uncoordinated management information;

• Variation in user interfaces;

• Platform variety;

• Multiple logon and security profi les;

• Lack of common data standards in stand alone data repositories;

• Over 200 repositories of unlinked intelligence information;

• Inability to link business intelligence with factual information about incidents; and

• The LEAP system requires considerable enhancement.

Each of these observations raises serious concerns regarding the functionality and ‘value for money’ aspects of the information technology environment within Victoria Police.

My investigation indicates that similar concerns to those attached to LEAP also apply regarding other systems utilised by Victoria Police. LEAP is but one data repository amongst at least 200 used by police. This fi gure does not include, for example, small purpose built data bases, including a reported 50 separate roster systems. I am advised this ‘network’ of systems does not have a capacity to audit access or the release of information. The record of access to some systems


11

holding sensitive information is overwritten at regular intervals, thereby obliterating the audit trail.

An alternative

I understand that a number of strategy drivers for business systems have been identifi ed by Victoria Police. These include the need to complement developments in other jurisdictions such as the federal Crimtrac initiative and accommodate State whole of Government policy and IT initiatives. Cross agency projects such as Criminal Justice Enhancement Project - E Justice (CJEP) are also relevant.

In my view, the primary information system utilised by Victoria Police should provide a suite of audit and data tracking tools, deliver programs that support wider Force needs and, importantly, provide the Victoria Police senior executive with the data it requires concerning information security and management. It should also meet current best practice standards such as ‘once only’ direct data entry by employees and be based on an IT platform that has the fl exibility to accommodate emerging business practices and strategic needs. Encryption of data and communication transmissions would be desirable. My investigation indicates that, in almost every area, LEAP falls short of these ideals.

LEAP also needs to be assessed against emerging and wider issues. For example, concerns relating to the cost and time associated with audits must surely deepen as a result of the introduction of the Mobile Data Network (MDN). I am advised that the installation of mobile data terminals is progressing within Victoria Police with about 200 vehicles fi tted with this equipment. I understand the 700 MDN terminals are to be deployed in the immediate future in the greater Melbourne area. MDN is projected to generate around 580,000 vehicle enquiries, 120,000 name enquiries and 92,000 licence enquiries per month, which is an estimated 800% increase in enquiries currently processed over the voice radio network. This increased demand for information will be primarily serviced through LEAP access.

It is clear that law enforcement will for the foreseeable future operate in an environment requiring greater access to sensitive personal information and intelligence. From my perspective this can only serve to heighten the need for Victoria Police to have an information management and storage facility protected by the best technology.


12

Only then will Victoria Police be truly accountable to Government and the public of Victoria concerning access to and use of personal information.

A question of direct relevance to the objectives of my own motion investigation is, ‘How effective can Victoria Police policy, practice and procedure relating to access to and use of sensitive information be while it has to rely on LEAP as its primary information technology application?’ The system is driven by an outdated ‘green screen’ presentation and keyed entries rather than a graphical presentation similar to Windows or other modern environment. It delivers very little of the functionality of systems now available at marginal cost.

Victoria Police is currently working towards securing funds from Government through the budgetary and the expenditure review process in order to upgrade LEAP in accordance with the LEAP Task Force recommendations. LEAP enhancement is presently part of a much larger package of IT and operational projects linked to Force needs regarding security and wider anti-crime and policing initiatives. Similarly, the need to enhance information security has been drawn into a wider bid generally focused on organised crime.

I acknowledge the initiatives and energy within Victoria Police to move towards improving its information technology environment. However, irrespective of the strong commitment in this regard, the outdated technology of LEAP as the underlying platform means enhancements are disproportionately costly, if not beyond the capability of the system. This is a matter I consider requires urgent attention.


13

Recommendation 2: That as a matter or urgency Victoria Police replace LEAP with a Force wide computer based information system that provides, at least:

• The capacity to conduct audits of all user access and data transfer in a cost effective, timely and effi cient manner;

• Information security features to protect classifi ed and personal information according to Victoria and Commonwealth Government policy and Australian Standards;

• Electronic recording and monitoring of authority to access, password management and the capacity to produce access alerts and exception reports;

• A suite of programs that provides the senior executive with data required to effectively and effi ciently manage its responsibilities in this area;

• Meets current best practice standards such as ‘once only’ direct data entry by employees and encryption of data and communications;

• The capacity to incorporate data held on (and make redundant) stand- alone data bases currently utilised by Victoria Police; and

• An information technology platform that has the fl exibility to accommodate emerging business practices and strategic needs of Victoria Police and applications that interface with the Force system.

Victoria Police Association views

As part of my own motion investigation I was keen to obtain the views of operational police concerning LEAP - those people who have to rely upon it during their day-to-day duty. I acknowledge that, as might be expected, there is a wide range of experience and opinion amongst operational police concerning LEAP.

In July 2004 I had discussions with the Victoria Police Association concerning matters of interest. Following that conversation the Association made available a copy of a letter written in February 2004 by the Association Secretary to the Chief Commissioner concerning the enquiry that followed police access to LEAP after the death of a well known sporting identity. The Association understood up to 35 members were then under investigation as a result of access to information relating to the incident.


14

In raising concerns in relation to this incident, the Secretary expressed views concerning LEAP access and the use of information by police. The Secretary raised three areas which he thought needed to be considered:

(1) Access to LEAP relative to a members duties.The Association expressed the view that members directly involved in the investigation, for the furtherance of the investigation or for the operational requirements of future policing and member’s safety were justifi ed in accessing LEAP. The Association took the view that there is no issue regarding checks conducted in these circumstances.

(2) Access relative to knowledge for use in the course of a member’s duties.The Police Association advanced the opinion that members who conducted checks into the incident as part of an expansion of their operational policing knowledge base or genuine self-education should not be considered in breach of LEAP policy. It was stated that members must have access to information regarding the modus operandi of offenders and suspects that is of greater reliability than as might be reported in the media. The Association asserted that a core of policing is knowledge relating to:

• Names of Offenders;

• Home addresses and places frequented by offenders;

• Associates of offenders;

• Vehicles driven by offenders and their associates;

• Prior convictions; and

• Any propensity for violence of offenders.

(3) Where access may not be justifi ed.The Association took the view that the issue of appropriate access turned on how the information is used, rather than access itself. The view was put that access may not be justifi ed, dependant on the circumstances and whether the access was connected to the information being passed on to an unauthorised third party. It was argued the Police Regulations and the Privacy Principles refer to the use of information, ‘not with police accessing their own information for their own, work related, knowledge.’


15

Concern was expressed that ‘pressure from politically motivated members of Parliament is actively discouraging police offi cers from increasing their knowledge and, as a direct consequence, adversely impacting upon the effi ciency and effectiveness of their levels of service delivery to the community.’

I support the view that members should have access to information that allows them to go about their duty in a thorough and professional manner. However, the essence of the problem is not dealt with, in my view, by stating that access to and/or use of information held on LEAP is validated where access is relevant to, in furtherance of an investigation or for the operational requirements of future policing and member’s safety/self education.

The Association observation that the determining factor should be how the information is used rather than the access itself is interesting. It also was of the view that improper accessing and/or disclosure “should be addressed individually and decisions made having regard to the specifi c circumstances of the case.”

In my view, information on LEAP is not ‘owned’ by Victoria Police or members. It remains private information which must be guarded by strict and rigorously enforced policy and procedures. My concern is that the comments by the Police Association may refl ect more widely held police views that LEAP information can be accessed by police as a general right or entitlement of offi ce.

Later in this report I refer to information and suggestions obtained from discussions with representatives of the Victoria Police Association during my investigation. Those discussions were useful and I thank the representatives for their cooperation and for the several ideas presented on behalf of their members.

Victoria Police policy regarding LEAP

In my Annual Report of 30 June 2004 I note that as a result of allegations of misuse of the LEAP database by police, and the fi ndings of investigations undertaken, the Chief Commissioner introduced stringent new guidelines and protocols to govern police access to the data. Police members are now required to formally agree to the conditions under which access is made.


16

During this investigation I examined Force policy concerning LEAP. Leaving aside mechanical aspects relating to use of the system, explanations regarding entries, fi elds and the like, the policy which deals with access and use of information includes the following:

• Policy concerning the release and use of LEAP and related information is contained in Victoria Police Manual (VPM) - Instruction 208. The primary VPM Instruction (208-3) issued 11 July 2003 contains the following policy statements:

‘Information recorded on LEAP is confi dential and must not be disclosed to unauthorised persons.

Employees accessing LEAP are responsible for the security of the information that they access. They must treat any information copied, deleted, added, used or disposed of in any way sensitively and professionally with regard to the individual’s right to privacy.

Use of LEAP must be authorised and within the user’s area of authority and responsibility.’

The Instruction does not contain specifi c defi nitions. At 4.1 of the Instruction the following statement is made regarding inappropriate use of Victoria Police data:

‘The misuse or abuse, either deliberate or reckless, of LEAP and related information or data is considered to be a very serious matter. Any inappropriate use may lead to disciplinary action, which, depending on the individual circumstances can result in an employee’s dismissal’.

Similar cautionary directions are provided regarding access for personal use, inappropriate use regarding relatives and friends, and sanctions on disclosure with reference to State and Commonwealth legislation.

VPM 208-1 deals with the release of information - general principles, providing that employees must not release information except as authorised by legislation, and/or Victoria Police policy.

The remainder of VPM 208 covers the release of information to the media, Courts and the release of criminal conviction and accident records.


17

• More general instructions regarding information security are contained in VPM 206 (1 - 5) (information security and privacy), and the Code of Conduct (concerning confi dential information). Instruction 08/04 published in the Gazette on 29 November 2004 also deals with the introduction and use of Mobile Data Terminal’s and refers users to VPM 206 and 208. VPM 206 comprehensively outlines what amounts to breaches of information security, misuse, sanctions and, importantly:

‘Reporting breachesKnown or suspected misuse of information system resources must be reported. Reports should be made through a workplace manager, or directly if this is not appropriate.

The following incidents should be reported to the Superintendent, Services Division, ESD:

– Attempts to access information by unauthorised users;

– Attempts to access information for an unauthorised purpose; by an authorised user;

– Unauthorised use of information by authorised users that could be categorised as instances of corruption, criminality and/or serious misconduct.

All other incidents of known or suspected unauthorised access to, or use of, information system resources (including breaches of privacy) should be reported to relevant System Sponsor/s’.

VPM Instruction 206-4 and 206-5 of 1 November 2004 deal with information systems access and user responsibilities. The policy outlined in 206-5 provides that information is only to be accessed where a demonstrable, legitimate need directly related to the performance of duty exists and that information can only be used released or disclosed in accordance with legislation and policy and procedures.

• In late 2003 Victoria Police developed an information sheet relating to LEAP which provides guidance to users, the substance of which was reproduced in the Victoria Police Gazette of 5 April 2004. The Gazette is a primary journal of reference for all Victoria Police members and staff. That Gazette entry indicated some


18

police were unsure of the defi nitions of ‘inappropriate access’, ‘confl ict of interest and privacy’, and were not using the system for fear of being disciplined. The advice given was that LEAP should only be accessed where the member has a legitimate operational or administrative need and does not have a confl ict of interest. Consultation with supervisors was encouraged.

The Gazette article records that ‘operational need covered any tasks performed by police as part of their duties, including investigations and intelligence gathering’. The use of LEAP for any other reason was defi ned as personal use and considered inappropriate. The Gazette entry of 5 April 2004 continued:

‘Members should not use LEAP to check on the progress of investigations being conducted by colleagues, to retrieve information about a current or former colleague, relative or friend, a person known socially or from private business, or a neighbor or person nearby’…’It is common for members to receive information about possible crimes or suspicious behavior from family and friends and then use LEAP to validate it. This is inappropriate access. In such circumstances, the appropriate response would be to pass the information on using an intelligence report to the relevant unit or area and allow them to make the required LEAP checks.’

• The Victoria Police LEAP Information Sheet provides the following defi nitions:

‘Operational duties

Investigating criminal offences or suspected criminal behavior

Reducing road trauma by ensuring compliance with road rules and regulations

Maintaining public order and community safetyEnsuring the operational safety of employees tasked to deliver policing services

Intelligence gathering

Collecting, verifying and analysing intelligence relating to a criminal offence or suspected behavior.


19

A MOU may exist which permits the exchange of information with another agency.’

I note concern expressed by the Force Privacy Offi cer that, in part, the LEAP Information Sheet does not refl ect the provisions of the privacy legislation and I am aware of further concerns that the instructions contained in the sheet are not underpinned by Force policy.

• LEAP now contains a ‘start up’ screen which must be negotiated by members logging onto LEAP which advises (inter alia) the member that:

‘Information on the system is confi dential and must not be disclosed to unauthorised persons;

Members are cautioned that they are not permitted to access or use this information directly or indirectly for personal use or in a manner inconsistent with the intent of the acknowledgement;

All enquiries and updates performed are recorded and logged to an Audit trail; State and Commonwealth legislation provide offences for the improper use or information;

Force policy regarding LEAP use is located at the Victoria Police Manual - Information Management & Technology - LEAP and Related Information; and

A discipline outcome as a result of breach of this policy can include dismissal from the Force.’

I have included this overview of relevant Victoria Police policy because I believe that, irrespective of whether Victoria Police retain LEAP or are provided with a replacement, Force policy must provide unambiguous instructions to users regarding responsibilities and obligations. Present policy provides information suffi cient to alert users to mandatory requirements regarding access to LEAP and the use of information. In my view, however, it needs to be strengthened in key areas, with clearer instruction regarding what is permitted and what is not.

With this done, management will be better placed to take the stance that ignorance of the policy or alleged confusion over personal accountability will not be accepted.


20

Victoria Police have also identifi ed the need to review current policy. I am advised that during December 2004 an updated VPM 208-3 was prepared for consideration by the LEAP Access Task Force and policy offi cers. It is intended that the draft be placed before the Victoria Police Corporate Committee for approval. I have examined a version of the draft returned to the LEAP Access Task Force on 27 January 2005, after input by policy liaison offi cers and the Organisational Performance and Development Department. In my view this draft adds little by way of extended defi nition, clarifi cation of the central issues or added rigor to the existing policy.

I consider that the Chief Commissioner should strengthen the nexus between unauthorised access to and improper use of information and the integrity of the Force. Greater emphasis needs to be given to the inappropriate practice of ‘browsing’. Failings in this regard represent a fundamental abuse of trust and duty by sworn members or breach of conditions of service by unsworn employees.

During their service, police make diffi cult decisions according to their knowledge, experience and professional judgment. I take the view that almost without exception, as a result of Force policy, instructions and training, police should be well able to distinguish between appropriate access and circumstances that will ‘get them into trouble’ when using LEAP. Where doubt exists they are instructed to refer to a supervisor for guidance and offi cially record their reason for access. This procedure is no different to that applied to other situations where uncertainty exists, for example, when a member is unsure of the suffi ciency of evidence to make an arrest or lay charges or uncertain of Force policy or procedure in other circumstances.

It seems, however, a signifi cant number of members ignore policy regarding LEAP and then seek to rely on their memory to justify access if questions are asked. Simply put, I believe members and unsworn employees need to be told in stronger terms to cease accessing LEAP for private purposes, using information in breach of policy or engaging in inappropriate browsing or, (in the absence of substantial mitigation) face dismissal. I am of the view that the choice is that simple.

To accentuate a stronger and unequivocal approach a specifi c discipline offence should be created to deal with instances of unauthorised access of Victoria Police data. Further, there does not appear to be a specifi c


21

criminal offence that might be applied to unauthorised access to LEAP, as distinct from the unauthorised disclose of information. I believe that when the unauthorised access is undertaken by a police member or unsworn employee of Victoria Police to facilitate an ‘unlawful or corrupt activity or the commission of a criminal offence by himself/herself or another person’, it should attract a specifi c criminal sanction. I regard this as a defi ciency that should be rectifi ed.

In lending weight to a higher standard of accountability I am mindful of the approach taken in other jurisdictions, law enforcement and intelligence agencies. Commonwealth agencies holding personal information such as the Australian Taxation Offi ce, generally apply the highest sanctions available when breaches are established. I also have regard for public expectations in this sensitive area of police responsibility. I am not satisfi ed that the reasonably strong commentary set out in Victoria Police policy regarding employee obligations and possible disciplinary outcomes has been refl ected in the ‘penalties’ awarded to transgressors.

Recommendation 3: That Victoria Police instructions regarding unauthorised access to systems, including LEAP and the unauthorised use/release of information be amended to strengthen the nexus between such activity and the integrity and standing of the Force.

Recommendation 4:That Victoria Police instructions be amended to defi ne and draw attention to the practice of unauthorised ‘browsing’ of systems by members/employees and the likely disciplinary action that will follow breaches of policy in that regard.

Recommendation 5: That the Chief Commissioner advise members/employees that as a general policy, unauthorised access and use of information extracted from Force systems will, if proven (in the absence of exceptional and extraordinary mitigation), result in dismissal.


22

Recommendation 6: A Regulation be created to provide a specifi c disciplinary offence of ‘unauthorised access to a Victoria Police information system’.

Recommendation 7:That a specifi c criminal offence be created to provide for circumstances where a police member or unsworn employee of Victoria Police engages in unauthorised access of a Victoria Police information system to facilitate ‘an unlawful or corrupt activity or the commission of a criminal offence by himself/herself or another person’.

Victoria Police LEAP practices and procedures

Response to complaints of improper access and disclosure

It is of concern to note the comparatively small number of incidents concerning misuse of information that have come to the attention of Victoria Police in recent years. In my view, the incidence of police unauthorised access and misuse of information within Victoria is unlikely to be any less of a problem than in other law enforcement jurisdictions. Fitzgerald (Queensland 1989) Wood (NSW 1997) and Kennedy (Western Australia 2004) identifi ed wider problems in each respective jurisdiction than appear to have been subject to investigation in Victoria. The recent Western Australian Royal Commission (Kennedy) observed that a survey of trends in police corruption in the United Kingdom revealed that disclosure of information was the most prevalent corrupt activity currently under investigation there.

The Kennedy Royal Commission found that the police service needed to substantially improve its control of access to information and take stronger action, including prosecution, when breaches of procedures are detected. The Commission also found that legislation in that State should be amended to clarify the ambit of criminal culpability for unauthorised disclosure.

Comments in a discussion paper issued by the Kennedy Royal Commission in February 2003 are relevant:

‘…Both this Commission and the Criminal Justice Commission (Qld) have been frustrated in attempts to require offi cers to


23

account for their computer transactions by seemingly stock responses including:

• They are unable to recall why they performed the transaction and their duty book, which might have assisted them to remember, cannot be located;

• There is a common practice to leave computer terminals open and it must have been someone else who used their user ID; and

• They could have been using the computer and someone else requested them to perform a transaction on their behalf but they have no recollection as to who that person might have been.

The potential for abuse of a computer system that lacks the robustness to identify with certainty the user at any point in time is self-evident. The lack of a fear of detection in the fi rst instance and the availability of acceptable excuses in the second militates against efforts to control these illegal practices. …It is axiomatic that the elimination of the excuses listed above through the application of enhanced security protocols on computer systems would do much to aid in prevention, detection and deterrence’.

As often observed, ‘sunlight is the best disinfectant’. I am not convinced that the requisite degree of light has yet been shone on problems of this nature within Victoria Police. There is not the required amount of valid data available on which to form an informed opinion. The true extent of unauthorised access and improper release of information is diffi cult to judge. Whatever the extent of the problem, it seems likely to continue at least at current levels, unless it can be more readily identifi ed and effectively dealt with.

Unauthorised disclosure of information from the LEAP database can amount to a criminal offence under section 127A of the Police Regulation Act 1958. Section 69 of the Act (breaches of discipline) is also relevant in circumstances where a member of the Force commits a breach of discipline by failing to comply with a standing order or instruction of the Chief Commissioner. I am advised that while Victoria Police have suggested on a number of occasions that the criminal sanctions be applied, the Offi ce of Public Prosecutions has indicated that a conviction was either unlikely or that it was equally viable to use the discipline system to deal with the matters.


24

Details provided by Victoria Police Ethical Standards Department (ESD) of LEAP related disciplinary action taken between 1 July 2001 and 30 June 2004 is attached at Annexure C. 310 complaints relating to information access/disclosure were received by ESD in this period. I note that despite 66 employees having substantiated outcomes only one was dismissed.

Although ESD has a database I was advised it took in the order of twelve hours staff time to extract what I regard as simple case data. Clearly, ESD ought to have a computerised case management and record keeping system that facilitates case tracking, trend analysis, monitoring of outcomes and strategic advice to the Chief Commissioner and to my offi ce.

In discussions with representatives of the Victoria Police Association I raised the concept of voluntary disclosure without risk of penalty as it might be applied to LEAP access and the use of information. I sought a view on whether there might be general support amongst members for this approach. In much the same way as applied to other situations (for example fi rearms amnesty, taxation matters and police confi dant programs) members uncertain of the appropriateness of past action could be advised to make the facts known without risk of disciplinary action. It would of course not extend to corrupt activity where LEAP information was, for example, traded or sold.

I see merit in Victoria Police taking action to ‘clear the books’ of these issues, as part of the package of initiatives set out in my recommendations and as a precursor to increasing the intensity of its focus in this area. Initial advice from the Association was that, if properly implemented and widely understood, members would likely lend support to the concept. To move the program away from any preconceived notions of blame and wrongdoing, it would also seem best for voluntary disclosures to be made at ‘district’ supervisory level rather than to ESD. As noted previously VPM 206 deals with reporting requirements. What is under consideration here is the opportunity to self-report without fear of penalty, for a limited time and prior to the implementation of the strengthened policy and sanctions.


25

Recommendation 8: That Victoria Police provide the Ethical Standards Department with an enhanced computer based system as a partitioned component of the LEAP replacement that has the capacity to provide case management, case tracking and timely trend analysis and monitoring of data for the information of the Chief Commissioner and Director, Police Integrity.

Recommendation 9: That prior to the implementation of amended policy, the Chief Commissioner consider the practicality and appropriateness of allowing an ‘amnesty’ period for members/employees who believe they may have breached LEAP access policy and procedures to make known their actions, without penalty, provided their actions were not motivated by fi nancial reward or other corruption.

Training and awareness

Training in the use of LEAP is provided to police recruits. There are a variety of training manuals that have been developed for specifi c needs. The Introduction to the LEAP Training Manual contains a section on the ‘responsibility of LEAP users’ and advises that information contained in LEAP is confi dential.

Victoria Police have undertaken several relevant initiatives during the past two years, including:

• A review and redrafting of the information security policy;

• Publication on the Force Intranet of information security awareness resources for individuals, managers and system sponsors;

• Publication of information regarding information classifi cation; and

• Development of a teaching/learning resource kit which is being adopted by the Force Education Department.

My offi ce also participates in police recruit training, during which emphasis is given to integrity and the need to be accountable. I am satisfi ed that Victoria Police has in place appropriate training and information facilities for members concerning LEAP.


26

The Police Association advised my offi cers it considered several joint opportunities exist where it could work with Victoria Police to refi ne policy regarding LEAP access and use of offi cial information by members and participate in member education initiatives. It was stated that at the current time police members have at best an incomplete understanding of when access is justifi ed. The confusion is said to have been caused by public commentary, media articles and political comments. Directives from Victoria Police management are alleged to have created an environment where police are not fully utilising LEAP for fear of being disciplined. The representatives felt it would be useful for scenarios and case studies to be developed for the information of members and to enhance understanding. I support this concept.

Further, the suggestion was made that proactive audits need to target users who sell or release confi dential information, or who may use information to further criminal activity. Random audits by system managers who understand their own systems and data holdings could assist to identify remedial action to improve accountability. I support each of these suggestions. I also believe greater encouragement could be given to whistleblowers in this area.

Recommendation 10: That Victoria Police develop and regularly publish for the information of staff, scenarios, case studies and disciplinary outcomes drawn, in part, from Ethical Standards Department records relating to unauthorised access to systems and use of information.

Recommendation 11: That Victoria Police develop and implement a program to encourage whistleblowers to report incidents of unauthorised access to Force systems and improper use of information.

Recommendation 12: That Ethical Standards Department develop and implement a program of covert random and targeted audits directed at police and unsworn employees suspected of improperly accessing information, with particular focus on persons suspected of involvement in corrupt practices.


27

LEAP interface applications - standards and risk management

I was especially interested in concerns regarding interface access to LEAP through other applications. The LEAP Task Force observed that the CJEP, the Force Mobile Data Network (MDN) and other applications would view LEAP information via a standard PC-based LEAP session. It considered this may bypass modifi cations or enhancements made to the system as a result of its recommendations. The need was identifi ed for application owners to be made aware of their obligation to apply security standards used by Victoria Police LEAP Management Unit.

I understand that all security protocols applied by police do not apply when other application users access LEAP data. Although my own motion investigation did not specifi cally examine the information security aspects of the interface between LEAP and other systems, it appears that the audit trail (to the extent it does exist within LEAP) cannot be fully applied where other applications access LEAP. I consider that the proliferation of interdependent systems has the real potential for signifi cant increased risk to the integrity of LEAP information. This is an area that in my view warrants immediate examination by Victoria Police.

All Victoria Police information systems, not just LEAP, should meet uniform information security requirements. System users, including sworn and unsworn employees, contractors, consultants, and persons with access to LEAP interface applications such as CJEP/E-Justice, should be cleared to the required security level and all access should be subject to monitoring and audit.

Fundamental best practice in this area requires that authority to access be regularly reviewed and those without current authority must be prevented from entering the system. A new system should contain an electronic register of approved access and a facility to provide exception reports and alert management to attempts to gain unauthorised access. It ought to then be a simple process to deny access to those employees, for example, on long service leave, stood down for any reason, or transferred to areas where ‘LEAP’ access is not required. More effective monitoring of passwords would be possible. This is no more than basic risk management.

In the course of my investigation I became aware of concerns regarding the LEAP Alert Module. This Module is used to notify investigators/


28

analysts of another person’s interest in a particular person of interest, vehicle or address. In some cases the need to be alerted to this interest is based on a threat to the safety of the nominated person, such as a prominent public offi cial. I understand that checks done via CJEP/ E-Justice and the Traffi c Information System do not identify the specifi c member/employee who undertook the access in respect of the (for example) person of interest who is ‘fl agged’. The CJEP/LEAP interface provides access to Court, Corrections and other Government employees with viewing rights. I am advised not all of these people have undergone appropriate security vetting. This represents a serious fl aw in procedures and protocols and the capacity to audit access to information. I understand that an immediate remedy may be available through the application of software said to cost $20,000.

Recommendation 13: That the information security standards of each application with LEAP interface be reviewed by Victoria Police to ensure standards are at least consistent with those applied by Victoria Police LEAP Management Unit.

Recommendation 14: That where the review mentioned in the preceding recommendation indicates inadequate information security standards exist regarding an application, access to personal information retained on LEAP be restricted until Victoria Police is satisfi ed the risk of unauthorised access and improper use of information is minimised.

Recommendation 15: That all employees, contractors, consultants and other persons with or seeking access to LEAP via application interfaces such as CJEP be subject to a uniform security clearance (to a standard approved by Victoria Police), with responsibility for clearances vested in the application owner.

Recommendation 16: That the capacity to identify individual users who access LEAP through interface applications be immediately facilitated.


29

Relevant action taken by Victoria Police

On 25 October 2004 I met with the Chief Commissioner and it was agreed that my offi ce would receive a briefi ng from Victoria Police regarding possible improvements to LEAP. That has now occurred and Victoria Police are moving towards seeking budgetary and Expenditure Review Committee approval for the incremental enhancement of LEAP.

Australian and New Zealand Standard AS/NZS ISO/IEC 17799:2001 (Information Technology - Code of Practice for Information Security Management) sets the standard for information security. The Organisation for Economic Co-Operation and Development (OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security 2002) also provides guidance. These standards provide that personal information should not be disclosed, made available or otherwise used for purposes other than those specifi ed, except with the consent of the individual or by force of law.

The OECD guidelines regarding accountability provide that the ‘responsibilities and accountability of owners, providers and users of information systems and other parties concerned with the security of information systems should be explicit’ and further that ‘measures, practices and procedures for the security of information systems should take account of and address all relevant considerations and viewpoints, including technical, administrative, organisational, operational, commercial, educational and legal.’ I have considered each of the above against the policy and procedures of Victoria Police.

In 2004 the Victoria Police Information Security Group began developing a system security plan pro-forma for use by system ‘sponsors’. This work was based, in part, on the Standards Australia documentation and I am advised that when completed in mid-2005 it will assist Victoria Police in identifying and reporting compliance with Australian standards, strengthen information security responsibilities and serve to identify shortcomings.

A uniform information classifi cation system is not applied within Victoria Police. I am advised the Force does not have the capacity to store classifi ed information according to benchmark standards. In other words, if information was classifi ed it could not then be securely ‘stored’ in systems, according to the classifi cation it attracted. The Commonwealth of Australia Protective Security Manual 2000 (the PSM)


30

provides the foundation for security initiatives within Victoria Police in the absence of a defi nitive State Government standard. (See the draft Victoria Police Enterprise Information Security Manual Version 1.1 September 2004.)

It appears that the Victoria Police Enterprise Information Security Policy is yet to be fully implemented. Protective security features are therefore not mandatory within the Force and I understand that in light of this some Commonwealth agencies may be reluctant to pass certain Commonwealth classifi ed information to Victoria Police. To do so may put them in breach of Commonwealth requirements.

The dilemma faced by Victoria Police concerning risk management and information security is demonstrated by the following. An information system, threat and risk assessment methodology consistent with Australian standards has been developed. During 2003 and 2004 information and training sessions were delivered to system sponsors and information ‘owners’ within the Force. However, even when high-risk potential threat events are identifi ed the security capabilities needed to minimise the risks (eg: encryption of stored data, encrypted communications and effective audit logging and analysis) are not available. Although I am advised risk mitigation activity in specifi c projects provides some cover, Victoria Police appears to apply an ad-hoc approach to information security. It needs support in order to achieve compliance with Commonwealth standards and be better placed to apply mandatory information security requirements.

Progress has been made to co-locate Force organisational responsibilities for IT planning and management, information services (including information security) and business applications and development within the Information Management Department. The senior management committee with carriage of related matters now includes representatives from administrative and operational commands. I am of the view that the Victoria Police Information Security Manager should also be included in relevant committees and projects where information security needs to be factored into planning and systems re-engineering.

The above governance arrangements, insofar as they impact on information and systems security appear appropriate and should enhance the quality of advice to the Chief Commissioner concerning matters of interest to my investigation. However, it can only be a


31

piecemeal approach, when the underlying technology that must cater for information security is as ineffi cient as the current LEAP platform.

The Chief Commissioner is aware of the concerns regarding access to LEAP, misuse of information and what is required to fi x the problems. I am satisfi ed that steady progress has been made towards resolution of these concerns and that, through the Chief Commissioner, a strong commitment to best practice in this area exists. However, these good intentions are frustrated by a lack of funding to address the problems inherent in the LEAP system. I understand that the majority of recommendations arising from the LEAP Task Force commissioned by the Chief Commissioner have not been fully implemented because of lack of funding.

Recommendation 17: That Victoria Police fi nalise and implement the Enterprise Information Security Policy and take the necessary action to achieve compliance with Australian Standards and Commonwealth requirements regarding information security, as is timely and practical with regard for the decision concerning the replacement of LEAP.

Recommendation 18: That the Victoria Police Information Security Manager be included on relevant committees and projects to advise where information security needs to be factored into planning and systems re-engineering.

Recommendation 19: That Victoria Police incorporate information security principles as a mandatory requirement in all systems development or re-engineering undertaken by the Force.


32


33

CONCLUSIONS To what extent if any, has policy, practices and procedures

regarding LEAP failed?

I recognise that security of information is a major concern for all law enforcement agencies and other areas of government. Policing depends on decisions taken by informed employees who require access to information generally not publicly available in other employment circumstances. I accept that in policing the safety of the public and police offi cers can depend on the ready availability of such information. This presents law enforcement management with considerable challenges to balance its occupational safety obligations and corporate needs against the duty to preserve the confi dentiality of information and protect the privacy of individuals.

Effective policy and operational doctrine are essential to ensure that members understand what is required and that, where transgressions occur, they will be pursued with vigor and determination. Legislative provisions need to not only provide appropriate sanctions but facilitate the gathering of evidence so breaches can be proven before the relevant Court or tribunal. Investigative action needs to be well planned and undertaken in a professional manner. Policy and procedures must also be complemented by leading edge technology.

The greatest deterrent to unauthorised access to LEAP and misuse of information would be the knowledge amongst employees that management has the capacity to track and audit access in a timely way, and does so. Management must be able to profi le patterns of use, maintain ongoing random and specifi c sampling, analyse downloads and data transfer and call for an immediate explanation where it appears misuse may have occurred. Action is required in the public interest and as a matter of some urgency to move Victoria Police to this environment.

As outlined in this report, it is clear that further work is required. I am not satisfi ed that policy has been applied and enforced to the required extent. Nor am I satisfi ed that issue is suffi ciently at the forefront of employee’s minds so that they give it the attention it deserves. I have serious reservations regarding the functionality and accountability that LEAP provides to Victoria Police and whether it can be adequately updated to serve the best interests of the Force, Government or the people of Victoria.


34

Victoria Police has rolled identifi ed costs for enhanced information security and update of LEAP into a proposed bid to fund initiatives to fi ght organised crime. I appreciate the connection. Victoria Police credibility in large part rests on its ability to protect the information it gathers and holds and to conduct investigations free from compromise and disruption by organised crime and, in some instances, corrupt police offi cers.

In my view the Chief Commissioner has been conservative in the face of higher priorities and other demands on Government funding. Her advice is that in the order of $30m of new funding would be required to replace LEAP immediately, say over the next two years, with an effi cient and truly accountable state of the art information management system.

I strongly support a case for funding to allow Victoria Police to immediately replace the LEAP system. This should proceed, with due regard for the current contract and unavoidable lead time, as soon as possible. The new system should embrace all Victoria Police needs for the security of information it collects and uses. A whole of service approach is needed particularly in needs analysis and tender evaluation to avoid compartmentalisation of information and duplication of effort. Victoria Police, the general public and other stakeholders would then be presented with a very strong message from Government and the Chief Commissioner that the protection of personal information is considered a core responsibility.

For convenience, the recommendations made throughout this Report are brought together in Annexure A. In accordance with paragraph 86P(5) (b) of the Police Regulation Act 1958 I request that the action set out in my recommendations be taken.


35

ANNEXURE A RECOMMENDATIONS

Recommendation (1):That Victoria Police maintains a policy of ongoing random and targeted audits of access to each of its information systems, with a view to identifying and pursuing unauthorised access and inappropriate use of information.

Recommendation (2): That as a matter or urgency Victoria Police replace LEAP with a Force wide computer based information system that provides, at least:

• The capacity to conduct audits of user access and data transfer in a cost effective, timely and effi cient manner;

• Information security features to protect classifi ed and personal information according to Victoria and Commonwealth Government policy and Australian Standards;

• Electronic recording and monitoring of authority to access, password management and the capacity to produce access alerts and exception reports;

• A suite of programs that provides the senior executive with data required to effectively and effi ciently manage its responsibilities in this area;

• Meets current best practice standards such as ‘once only’ direct data entry by employees and encryption of data and communications;

• The capacity to incorporate data held on (and make redundant) stand- alone data bases currently utilised by Victoria Police; and

• An information technology platform that has the fl exibility to accommodate emerging business practices and strategic needs of Victoria Police and applications that interface with the Force system.

Recommendation (3):That Victoria Police instructions regarding unauthorised access to systems, including LEAP and the unauthorised use/release of information be amended to strengthen the nexus between such activity and the integrity and standing of the Force.


36

Recommendation (4):That Victoria Police instructions be amended to defi ne and draw attention to the practice of unauthorised ‘browsing’ of systems by members/employees and the likely disciplinary action that will follow breaches of policy in that regard.

Recommendation (5):That the Chief Commissioner advise members/employees that as a general policy, unauthorised access and use of information extracted from Force systems will, if proven (in the absence of exceptional and extraordinary mitigation), result in dismissal.

Recommendation (6):That a Regulation be created to provide a specifi c disciplinary offence of ‘unauthorised access to a Victoria Police information system’.

Recommendation (7):That a specifi c criminal offence be created to provide for circumstances where a police member or unsworn employee of Victoria Police engages in unauthorised access of a Victoria Police information system to facilitate ‘an unlawful or corrupt activity or the commission of a criminal offence by himself/herself or another person’.

Recommendation (8):That Victoria Police provide the Ethical Standards Department with an enhanced computer based system as a partitioned component of the LEAP replacement that has the capacity to provide case management, case tracking and timely trend analysis and monitoring of data for the information of the Chief Commissioner and Director Police Integrity.


37

Recommendation (9):That prior to the implementation of amended policy, the Chief Commissioner consider the practicality and appropriateness of allowing an ‘amnesty’ period for members/employees who believe they may have breached LEAP access policy and procedures to make known their actions, without penalty, provided their actions were not motivated by fi nancial reward or other corruption.

Recommendation (10): That Victoria Police develop and regularly publish for the information of staff, scenarios, case studies and disciplinary outcomes drawn, in part, from Ethical Standards Department records relating to unauthorised access to systems and use of information.

Recommendation (11): That Victoria Police develop and implement a program to encourage whistleblowers to report incidents of unauthorised access to Force systems and improper use of information.

Recommendation (12):That Ethical Standards Department develop and implement a program of covert random and targeted audits directed at police and unsworn employees suspected of improperly accessing information, with particular focus on persons suspected of improper involvement in corrupt practices.

Recommendation (13):That the information security standards of each application with LEAP interface be reviewed by Victoria Police to ensure standards are at least consistent with those applied by Victoria Police LEAP Management Unit.


38

Recommendation (14):That where the review mentioned in the preceding recommendation indicates inadequate information security standards exist regarding an application, access to personal information retained on LEAP be restricted until Victoria Police is satisfi ed the risk of unauthorised access and improper use of information is minimised.

Recommendation (15):That all employees, contractors, consultants and other persons with or seeking access to LEAP via application interfaces such as CJEP be subject a to uniform security clearance (to a standard approved by Victoria Police), with responsibility for clearances vested in the application owner.

Recommendation (16): That the capacity to identify individual users who access LEAP through interface applications be immediately facilitated.

Recommendation (17):That Victoria Police fi nalise and implement the Enterprise Information Security Policy and take the necessary action to achieve compliance with Australian Standards and Commonwealth requirements regarding information security, as is timely and practical with regard for the decision concerning the replacement of LEAP.

Recommendation (18):That the Victoria Police Information Security Manager be included on relevant committees and projects to advise where information security needs to be factored into planning and systems re-engineering.

Recommendation (19):That Victoria Police incorporate information security principles as a mandatory requirement in all systems development or re-engineering undertaken by the Force.


39

ANNEXURE B Victoria Police LEAP Task Force Recommendations

Recommendation Status

Recommendation 1 - The requirement for a Statement of Responsibility by LEAP users to be signed has been implemented. Longer-term maintenance of this procedure requires the Form 1024 to be altered to allow an acknowledgment of the Statement of Responsibility to be recorded.

Completed - Statements of Responsibility fi led at Districts

Recommendation 2 - That LEAP’s warning screen be enhanced to incorporate the suggested modifi cations.

Underway

Recommendation 3 - That LEAP be modifi ed to incorporate “reason for access” screens, and appropriate policies, marketing and piloting be undertaken prior to introduction for general operational use.

Funding required

Recommendation 4 - That LEAP be modifi ed to incorporate a logging system against names, vehicles, locations etc capable of recording all accesses to that information for a six-month period and available for inspection by any user later accessing that record.

Funding required

Recommendation 5 - An appropriate LEAP training database for training purposes be developed.

Funding required

Recommendation 6 -The LEAP taskforce recommends that the current contents of the LEAP training database be migrated to artifi cial data.

Funding required

Recommendation 7 - A training needs analysis be undertaken to identify training needs of Victoria Police staff in relation to LEAP use taking into account privacy issues.

Previously determined - overtaken

Recommendation 8 - That the process of identifying staff now underway (based upon signed Statements of Responsibility) be approved as requirement of future access of LEAP.

Completed


40


Recommendation 9 - That the Security Intelligence Group develops a signed protocol with the Clerks of the Houses of Victorian Parliament to outline the process for the request for a risk assessment and LEAP alert being placed.

Underway

Recommendation 10 - That a policy be developed for the reporting and investigation of hits on LEAP alerts under the proposed protocol.

Underway

Recommendation 11 - A review of the operations of the current HRM system to record details of any contractor employed by the Force required to access LEAP.

Underway

Recommendation 12 - As an interim measure contractors requiring LEAP access are recorded on RecFind.

Previously completed

Recommendation 13 - Research the viability of widening the scope of the current Outlook enhancements to include incorporation of a systems access querying function similar to that currently used by IBM.

Funding required

Recommendation 14 - Identify improvements that can be made to the HR:M system and its ability to LEAP link and automate many of the current manual processes required to refl ect changes in status of LEAP’s Force users.

Underway

Recommendation 15 - The LEAP taskforce recommends that the “Members Movement Form” be redesigned to include a prompt section for “Adjustments to Access of Victoria Police information systems.”

Underway

Recommendation 16 - A communication strategy targeted at management and personnel offi cers to highlight the need for accurate recording of work locations on Member Movement Forms and HR: M systems.

Completed

Recommendation 17 - Development of an annual HR: M compliance audit with a focus on “work descriptor” data.

Underway


41


Recommendation 18 - In principle approval is given to funding enhancements for LEAP. Final costing is to be verifi ed by the IT & T Standing Committee through a fi nal business case.

Funding required

Recommendation 19 - That in the future, new systems must comply with the recommendations contained in this report.

Noted

Recommendation 20 - That a function audit framework is developed for workplace managers to undertake local audits of LEAP access.

Funding required

Recommendation 21 - The LEAP taskforce recommends that all Victoria Police staff who have access to Victoria Police information systems attend the “Confi dential Information” training package prior to 31 December 2004.

Underway

Recommendation 22 - Staff who are not recorded as attending the “Confi dential Information” training package by 31 December 2004 will be disabled from the LEAP system.

Underway

Recommendation 23 - That a working party between the Victorian Privacy Commissioner and Victoria Police be established to develop solutions to the issues of concern raised by the Privacy Commissioner.

Underway - Matter pending outcome of Privacy Commissioner enquiry into LEAP access issues.

Recommendation 24 - That Victoria Police seeks from the Government a commitment to funding a replacement system for LEAP.

Underway

Recommendation 25 - Approval of incremental LEAP enhancements from February 2004, starting with the ‘Reason for Use’ menu screen, with work on the remaining two enhancements to follow.

Funding required


42


Recommendation 26 - Select and approve option(s) from online and tape audit RFS for implementation. Approved option(s) to be scoped for inclusion in current proactive audit project.

Funding required


43

ANNEXURE C Data from Ethical Standards Department

A total of 310 complaints relating to information access/disclosure were received by Ethical Standards Department in the period 01/07/01 to 30/06/04. Of these 153 were public complaints and 157 were internally generated.

Substantiated LEAP allegations 01/07/2001 to 30/06/2004

Total substantiated allegations 72

Number of employees involved 66

Sworn employees 58

Unsworn employees 8

The following outcomes were recorded:

Discipline hearing 14 (11 members)

Admonishment notice 32

Formal counseling 14

Informal counseling 2

Management intervention model 1

No action 2

No action (member dismissed) 1

No action (member resigned) 4

No action (member retired) 2

Outcomes from discipline hearings

Employee A:

The Senior Constable conducted fi ve LEAP checks on family members. No evidence of disclosure. Faced 2 charges and reprimanded on one and


44

fi ned $1000 on the other. The member appealed to the Police Appeals Board where the fi ne was reduced to $400 on the basis that the Force had been too severe.

Employee B:

The Senior Constable accessed hundreds of LEAP records of relatives, friends and associates over a period of time without cause. No evidence of disclosure. Reprimanded.

Employee C:

The Senior Constable conducted unauthorised LEAP checks for personal use. In addition, as a consequence of a request made to him by an associate, the member commenced an initial investigation with respect to a dishonored cheque that had been given to him (the associate). To that end the member interrogated LEAP and conducted a number of checks with respect to his friend’s former business associate and wife. Shortly after the member was requested not to take the matter any further. The member was fi ned $200 on one charge and the second was adjourned for the member to be of good behavior resulting in that charge being fi nally dismissed.

Employee D:

Action was commended against the Sergeant as a result of an audit. The audit revealed that he had: (1) written a reference for an acquaintance and saved it to his “H” drive. The acquaintance had several convictions; (2) Written a letter on a Victoria Police computer on behalf of an acquaintance, seeking leniency in relation to speeding charges. The letter was saved on his “H” drive. The letter contained false particulars; (3) Conducted a series of LEAP checks on motor vehicles and their owners. These checks were personal and related to potential purchase of the vehicles; (4) Sent a series of e-mails from his workplace e-mail address to colleagues (both male and female) containing obscenities, sexual suggestions and games. The access was for personal use and potential gain. 2 charges related to the reference and letter. 3 charges related to the information access with the following results. 1 - proved-no penalty, 2 - charge dismissed, 3 - fi ned $300, 4 - fi ned $350, 5 - reprimanded.


45

Employee E:

The Senior Sergeant attended the police station whilst on WorkCover and requested the watch-house keeper to conduct a number of LEAP checks. As a result of one check the member attended at an address and served civil process on the occupant. The member had not applied for permission to undertake any outside employment as a process server. There was one charge relating to the employment and one to the access of information. The information was not conveyed to a third party but appears to have been used to further the outside employment. The member was reprimanded on the fi rst charge and the second was adjourned for a period of good behavior resulting in that charge being fi nally dismissed.

Employee F:

The Senior Constable conducted an unauthorised check of a motor vehicle utilising LEAP and disclosed the registration details to a third party. One charge resulted in a fi ne of $250.

Employee G:

On three separate occasions the Senior Constable accessed LEAP for personal reasons. He was charged with two offences. The fi rst was adjourned for a period of good behavior resulting in the charge being dismissed. On the second the member was fi ned $200.

Employee H:

The employee (PAO 5) improperly accessed 50 LEAP records of work fellows, female sworn members and various other females he intended to socialise with. During this time he also agreed to assist in debt recovery for a female friend. In the process he strongly implied to the debtor’s family that he was a police offi cer and disclosed to his friend and her solicitor confi dential information he had obtained from LEAP. A breach of the PSMEA for serious misconduct resulted in the employee being reduced in level to a PAO 4 and being made ineligible for promotion for 2 years.


46

Employee I:

The Senior Constable logged on to LEAP and conducted a number of checks on a CEJA Task Force member in order to ascertain that member’s home address. CEJA Task Force was conducting sensitive investigations into the former Victoria Police Drug Squad. The member denied making the checks, however, further checks were made on a fi le the member was investigating within one minute of completing his checks on the Task Force member. There were two charges as a result. The fi rst was struck out. On the second, the member was transferred and also fi ned $2500.

Employee J:

The Senior Constable made inappropriate use of LEAP by accessing fi les relating to a female and her associates, which were not directly related to his duties. Three charges related to the access. On the fi rst, the member was fi ned $100, the second was withdrawn and the third resulted in a fi ne of $750.

Employee K:

The member conducted six person checks and four vehicle checks on LEAP not connected to the member’s duties but for purely personal reasons. The member attended the home of a person with whom he had had a previous relationship. On fi nding a vehicle there, he attended at a police station and checked the vehicle on LEAP. He then rang that person’s home and caused that person’s daughter signifi cant concern. Following this he re-attended the fi rst address and banged loudly on the bedroom window. He had to be asked several times to leave. Two charges related to the behavior. On the fi rst he was fi ned $1000 and the second was adjourned for a period of good behavior resulting in the charge being dismissed.

Employee L:

The employee resigned prior to hearing.

Employee M:

Hearing pending. There have been representations made.


47

ANNEXURE D CASE STUDIES

Case Study A

In 2002 the Complainant was told by a friend, whom she declined to identify, that her ‘police fi le’ had been checked (by unauthorised person/s). A Freedom of Information (FOI) request regarding access to police records concerning the Complainant was lodged. An audit of the LEAP database by Victoria Police for the subject period revealed access to LEAP concerning the Complainant. In February 2003 Victoria Police advised the Complainant of the outcome of the FOI request. Subsequent events led to a complaint investigation by Victoria Police.

In October 2003 the then Acting Ombudsman Victoria received a report from Victoria Police Ethical Standards Department (ESD) which raised issues concerning the mishandling of an earlier investigation by Victoria Police. As a result of the ESD fi ndings the Chief Commissioner made a public apology for inadvertently providing information based on the earlier investigation.

The Acting Ombudsman formed the view that the original audit of LEAP access in this case was dealt with as an opportunity to explain away or ‘regularise’ member’s inappropriate access to LEAP. It appeared to the Ombudsman that the process was not perceived to warrant any in-depth investigation and that the accessing members had treated the process accordingly. The Victoria Police response to the audit, in the opinion of the then Ombudsman, seemed to refl ect an attitude by many police that the personal information contained on LEAP is common property which is accessible by all members for any reason on a whim, without any need to justify a particular inquiry, without thought of privacy issues, and without any notion of accountability. The Ombudsman observed that his offi ce had on numerous occasions over many years highlighted such issues.

Five police were ‘admonished’ as a result of the Victoria Police investigation.

Case Study B

In May 2004 Mr A, a senior public servant employed in a policy area within Victoria Police commenced a close relationship with


48

a subordinate staff member, Ms B. Following the breakup of the relationship Mr A requested one of his staff, Mr E to conduct a vehicle registration check on the LEAP system to identify the owner of a vehicle parked at the rear of Ms B’s premises. Mr E provided Mr A with the owner’s name and address and failed to report what was clearly a private request for details of the registered owner.

Mr E acknowledged that he had accessed the LEAP database and disclosed confi dential information to Mr A without authorisation. He acknowledged that this was clearly in breach of Victoria Police policy. He said he was infl uenced by Mr A’s position in being his immediate supervisor and believed that Mr A would use the information responsibly. During the internal investigation Mr A resigned from Victoria Police. The only action taken against Mr E was formal counseling.

Level 3 South Tower 459 Collins Street Melbourne 3000 DX 210174 Melbourne Telephone 03 8635 6188 Facsimile 03 8635 6185 Toll Free 1800 818 387 Email [email protected] Website www.opi.vic.gov.au

Documents

Investigation into Victoria Police's Management of the Law … · 2016-07-14 · My investigation found that the auditing of LEAP was a resource intensive and costly process often