IT in policing: what lessons have been learned?

“The failure of the i6 programme means that some of the benefits of police reform that should have arisen from implementing it, have been, at best, delayed. There is an urgent need for the SPA and Police Scotland to determine what the next steps should be, and to carry out an honest assessment of how to procure, develop and deliver the much-needed police IT system.”

This was Audit Scotland’s conclusion two years ago about the failure of the project to build a computer system for Scotland’s new single police force after the merger of the eight regional forces. 

In June 2013, the Scottish Police Authority (SPA) had awarded a ten-year, fixed-price contract of £46.11m to Accenture to develop a national IT system for Police Scotland, known as i6. The company was to provide everything from software development and implementation to user training, ongoing system maintenance and support. But in July 2016, after a series of difficulties and delays, the SPA and Accenture agreed to terminate the contract, with a settlement that saw Accenture pay £24.65m back to the SPA.

According to Police Scotland and the SPA, lessons have been learned. When questioned on this by the Scottish Parliament’s policing sub-committee in October 2018, just after Police Scotland presented its £298m ICT strategy to the SPA, then interim SPA chief executive Kenneth Hogg said: “Several lessons were learned from the i6 programme, one of which was about the risks in taking a big-bang approach to change in the ICT area. 

“The proposals that are now in front of us – the outline business case for the new digital, data and ICT programme was discussed and approved at the SPA board meeting last week – take an incremental, phased approach instead of a big-bang approach in order to deliver the benefits sequentially and not put all the eggs in one basket.”

Hogg said they would take “a broader approach” to develop an integrated digital, data and ICT programme than under i6. 

“Everything, from the way in which police officers engage with communities and with each other to the way in which they are able to tackle cyber threats, is different from what the i6 programme would have delivered,” he said.

Mobile working would now be included, as it hadn’t before, and some systems will be cloud-based while others are in-house, but instead of developing its own new technology, Police Scotland would look at the best of what was already available and being used in other forces.

“There is not a single force in the UK that has done everything that we propose to do, but everything that we propose to do has probably been done in one of the other 42 forces,” Police Scotland head of ICT Martin Low told the committee. 

And he denied claims by trade union Unison that the ICT strategy would “fetishise” cutting-edge technology such as drones and retinal scanners at the expense of basic ICT infrastructure.

This new approach can be seen in the recently announced award of a £21m contract to supply mobile services to Police Scotland to mobile operator EE. The three-year contract will give police officers use of mobile devices, enabling them to access information remotely and spend more time out in communities.

EE, part of BT Group, will be the mobile network supplier and main contractor, but the Pronto Digital Notebook software will be supplied by Motorola, the device handsets will come from Samsung and BlackBerry will provide the mobile device management solution.

While it might seem more complicated to deal with multiple suppliers compared with only one, as was intended with i6, it spreads the risk and does not rely on the capability of only one company, says Police Scotland ACC Malcolm Graham.

“What’s been shown is that if that one provider isn’t able to provide the critical link in one part of their system that underpins the rest of it, the whole of your system has become unviable. That’s a high risk that we’re not willing to take. 

“[Whereas] if you design a set of standards and you introduce a core database and you have one provider who not only is applying those standards to that core kind of dataset, but all the other applications will come from, but is also then charged with working with the rest of the industry to ensure that everything links together in an appropriate way, then the experience from elsewhere and our learning and the very carefully designed, managed, led, governed programme that we’ve put in place, shows that that is the lowest risk with the greatest benefit.”

The efficiency of having systems that link up and of mobile working are undisputed. A survey of police officers across the UK last year found that 91 per cent believed that they could save significant time each day if they were able to access all operational data via one search function, rather than using multiple systems and it will cut down on the time per day Police Scotland officers are currently spending inputting data.

Bringing together all the legacy systems from the old forces in Police Scotland into one is going to greatly advance the ability to collect and use data, something that hasn’t been possible with the mishmash of systems that have been used since the merger.

Graham says: “That’s been a huge challenge with trying to manage the split legacy systems that we’ve had up until now. Aggregating data which wasn’t necessarily collected or analysed in the same way in different legacy areas has meant that it’s been really challenging to produce that whole picture, and indeed, even to produce it, in some places, at a local level, so it’s absolutely critical to the programme. We’ll have a better understanding of what’s going on. We’re able to design into those systems the type of data that we need today.”

Some of this relates to changing priorities of policing. Whereas in the past the data that was collected focused mainly on crime types and suspects, with an increased awareness of vulnerability, the force would now want to be aware of victims, particularly repeat victims, and vulnerable people. In addition, the integrated national information will be better able to flag up things like regional anomalies and see how initiatives are working, as well as furthering the prevention agenda, along with other public bodies.

Graham explains: “One of the benefits of that that we’re now venturing into will be our ability to start sharing and interfacing that data with other organisations who are perhaps wrestling with some of the same issues and who are perhaps looking to try and improve outcomes for the same group of people, so into health services, into local authorities and community planning — and being able to use that data in a far more meaningful way, and that’s a really exciting prospect as well.”

They would have to do that “very carefully” in terms of what type of data they were gathering about people and what measures were put in place to safeguard the integrity of that and ensure that they are only sharing it in an appropriate way if it’s about an individual. However, at a population level, where that information is anonymised, Graham thinks the evidence that they’ll be able to draw will be “really significant”.

But understandably, people may be concerned about what data is held about them, particularly by police. This gained headlines just over a year ago, with concerns that the Vulnerable Persons Database was in breach of data protection rules because it had no policy for removal from the list. And people who were on it were offended, in some cases, that they had been classed as ‘vulnerable’ by police without their knowledge. However, this was intended for good, to flag up people who the force considered at risk of being victims, or repeat victims, of crime. 

More recently, a similar issue has arisen with the force’s purchase of ‘cyber kiosks’, devices that can rapidly read data off a mobile phone, an initiative that is intended to collect necessary evidence quickly. Police Scotland has had to halt a planned rollout of the devices across the force after concerns were raised about the legal basis of accessing phone data from witnesses or suspects’ phones, and the Human Rights Commission warned it could be in breach of human rights legislation. 

More regulation of biometric data is on the agenda, with a Scottish Government bill on the use and retention of data such as DNA and fingerprints expected this year, following recommendations from the Independent Advisory Group on the Use of Biometric Data in Scotland, chaired by John Scott QC, in March 2018, as well as a public consultation. The proposal is to create an independent Scottish biometrics commissioner and produce a code of practice for the collection, use and disposal of biometric data.

But there is much else that is currently unclear and more discussion as well as legislation is clearly needed about the pros and cons, the ethics and the legality, of organisations such as the police using data for particular purposes, which may be both for the public good, but potentially also open to abuse. 
ACC Graham notes that there’s a “high level of interest, legitimately and understandably” in issues such as cyber kiosks and says the police need to be very careful to engage as widely as they can. But he adds that it is perhaps “inevitable” that organisations like the police will seek to push the boundaries as to how information can be used in order to keep people safe and protect the vulnerable. 

“The law, the wider public debate, policy at a national level, and indeed across different organisations or sectors, has not kept up with the explosion of opportunity that digital technology means,” he says.

He adds: “I think it’s part of the police’s role to promote some of the discussion, to support it with information, professional judgement and opinion, but it’s unfortunate if it’s left to the police to determine what that should be, because actually, that’s not our role, and I think … that perhaps we’re having to push ahead into areas that the law and other public policy needs to move into at some speed. The reality is that the institutes and machinery that consider such matters don’t move at the same pace as technology has developed and perhaps we’re all to some extent as a society at the mercy of that.”