Examination of Witnesses (Questions 220-239)|
Mr Philip Geering, Ms Carmen Dowd, Superintendent
Mike Flynn and Mr Rob Wainwright
1 NOVEMBER 2006
Q220 Lord Corbett of Castle Vale: Can
you say whether there is any statistical data available on the
use of SIS and SIRENE by other Member States? Is there any information
available on the number of complaints made about inaccurate data
and other exercise of data protection rights in other Member States?
What is the experience so far on the ground?
Superintendent Flynn: First of all, regarding
the use of the system I have brought along the statistics for
the amount of alerts on the existing system as of midnight on
17 October. I can provide these to you because it covers all the
alerts and all the Member States. I have also brought along the
latest set of statistics regarding the number of hits as reported
by the various SIRENE bureaux around Europe, and, again, that
breaks it down by country, by year and by Article. So we can actually
illustrate the amount of use and the amount of success that they
get from the system.
Q221 Chairman: If you are prepared to
leave that with us afterwards it would be very helpful; or send
it to us.
Superintendent Flynn: I think I am entitled
to, yes. Then regarding complaints, there is not any standard
reporting of complaints regarding data protection inquiries because
each Member State deals with them in their own way and it could
well be that a complainant or an inquirer will get in touch with
the data owner in the actual country, so they could be getting
in touch either with a SIRENE bureau or they could be getting
in touch with a police force or a Customs agency without any reference
to their Information Commissioner, and so there is no central
reporting. I got in touch with the member of the Council in Brussels
who liaises with the Joint Supervisory Authority, which is the
co-ordinated data protection mechanism. He said that there were
no central statistics available, but anecdotally he said that
the bulk of the small number of complaints that there are are
really queries regarding Article 96, and this is where people
have tried to get a visa to enter the Schengen area, have found
that they are on the system and wish to query why they are on
the system. So that is the extent of the reporting so far.
Q222 Lord Corbett of Castle Vale: In
September the Commission adopted a new version of the SIRENE manual
which governs the exchange of supplementary information between
Member States. Do you know why this text has not been made public
and are you aware of any significant changes having been made
to the previous version? Do you anticipate whether further changes
will have to be made in the light of SIS II?
Mr Wainwright: Yes, I think you are referring
to the updated SIRENE manual for SIS I Plus, I think it is, which
was adopted, as you say, earlier in the year. As we are not members
of SIS currently of course we were not party to the drafting of
that manual and did not receive an official copy, nor should we
have, although we have now of course been given a copy, if you
like, as an information addressee. I understand that it has not
been made public because the Annex to the document is classified
the equivalent of UK restricted, and that is because it has the
contact details of SIRENE bureaux and their officers and that
is classified in the way I have described. A draft of the SIS
II manual is currently underway and is expected to be issued by
January next yearso quite soon nowand is likely
to be adopted in April or May of next year. We are involved in
that drafting committee work and in fact we do anticipate in that
case that that particular manual will be made publicly available.
Q223 Lord Corbett of Castle Vale: Are
you aware of any changes between the two? Are there major changes
or is it tidying up?
Mr Wainwright: I think it is mainly tidying
up; there are no significant changes.
Chairman: Baroness Henig.
Baroness Henig: I think you have covered
what I was going to ask in Mr Geering's opening statement. I do
not know if you want more detail?
Chairman: No, thank you. Lord Avebury.
Q224 Lord Avebury: Could we turn to the
question of biometric information and what is currently taken
from persons in the UK for criminal justice and law enforcement
purposes, and could you say what the process will be for transmitting
this information to SIS II? Will the UK procedures for taking
biometric information be amended in the light of the planned application
of SIS II?
Superintendent Flynn: My Lord Chairman, essentially
fingerprints and photographs are taken either by consent during
investigation or from suspects when they are detained at a police
station in consequence of being arrested for a recordable offence
or when another legal requirement exists for them to be provided.
It is envisaged at this stage that biometric informationwe
talk about fingerprints in the first instancewould be posted
centrally on to the SIS and linked to an alert, and really in
this case we are largely looking at extradition alerts. We would
do that from the National Automated Fingerprint Identification
System that exists in the UK. It is possible that we could provide
fingerprints for specific vulnerable missing person cases as well
and possibly photographs. There is no intention of routinely circulating
on the SIS any other biometric records; we have to keep a strict
separation between the national system and the Schengen Information
System. So ideally we would be looking at a situation in the first
instance where somebody is arrested, they give their details to
a police officer in whichever country they happen to be; there
is then the opportunity of being able to download from a central
system the link to fingerprints to confirm the identity. So that
is how it is envisaged in the first instance. What they are then
considering is whether we will be able to use them for identification
purposes, which we consider to be particularly valuable because
we know that criminals tend to lie about their identity and therefore
it would be much more useful to be able to check their fingerprints.
We do use the National Automated Fingerprint Identification System;
the intention is that when either somebody is arrested or when
there is an incoming European Arrest Warrant, there will be the
opportunity to check whether we already know this person, whether
we know them by that identity, and sometimes it might even be,
where they are. For example, they could already be in custody
and it would be useful to be able to flag that up. At this time,
if you are talking about photographs, although there is a project
underway, and that is the Facial Image National Database, that
is only building the database at this time so we have no method
at this time of linking that to the SIS. Prior to the identification
side going live, that is where we have somebody in custody and
we would look to identify them primarily from their fingerprints,
there would be European Parliamentary scrutiny of this and the
Commission will actually put forward a report regarding the availability
of technology and the reliability of the technology to allow us
to make that important step, and we do view that as a very important
step. Regarding how it actually works, in the UK we use a technology
called "Livescan", which in many ways looks like a sophisticated
photocopier. It is much more reliable than the old ink fingerprints
and essentially takes a scan of the fingerprints to a much higher
quality than we were able to do before. That then gives you an
initial feedback as to whether you have a match and a high, medium
and low success rating. If the person protests that it is not
them, even though we have a match on the system, there is a further
stage where we actually go to a fingerprint expert and the fingerprint
expert carries out a check on the prints as well. That is most
important, to get the identity right, not to inconvenience people,
and we can actually turn those around typically in about an hour
and 20 minutes, which, again, is much faster than we were able
to do with ink fingerprints. Is there anything else you would
like to know about the system?
Q225 Lord Avebury: I would like to ask
you in particular about the use of DNA profiles. We have the largest
DNA database in the world, I understand. Is there any suggestion
that that can be used in SIS II?
Superintendent Flynn: At this time it is not
actually within the design; they are looking at fingerprints and
photographs. Although I think looking to the future it would be
extremely sensible to look at the availability of DNA profiling
to be able to exchange between Member States, but initially we
are looking at fingerprints and photographs.
Q226 Lord Avebury: Could you then say
how the UK procedure for taking biometric information compares
with the procedure in other Member States and whether there will
be standard rules on the enrolment of biometric data, so as to
make it comparable between Member States, and will that require
any changes in UK practice?
Superintendent Flynn: On that one, the UK is
actually something of a leader in biometric information, but there
are discussions between the Member States regarding standards,
and I know that my colleagues in SOCA work with Interpol on establishing
standards for photographs, fingerprints, and, again, we will be
looking at international standards on DNA. So on that one, there
are working groups where we agree the standards. As far as we
are concerned we are already well in advance of these and therefore
we collaborate with our other Member States to ensure that we
are working to the same standard, but they are usually the internationally
agreed standards that we all work to.
Mr Wainwright: Although I have to say that practices
are rather different so in some Member States biometric data is
taken for administrative purposes to support a national ID card
system, for example, whereas, as Superintendent Flynn has said
already this morning, in the UK we only take it by judicial authority.
So there is an important difference. But the application of those
standards in SIS will not require any changes to the UK system.
Q227 Lord Avebury: I am conscious of
the fact that some of the questions we are asking you ought to
be dealt with on the SIRENE website, which I had a look at, and
there is a Frequently Asked Questions page there, but
there are not any links from the Frequently Asked Questions
page to the answers. Are you planning to expand the SIRENE website
so that that will be remedied?
Superintendent Flynn: Thank you for that feedback;
we will make sure that is changed! Yes, we will update it. We
do not want to necessarily get expectations up as we are going
through a relatively long project, but the communications and
marketing strategy, at that time will be put in place to make
sure that people are aware of this new initiative. Then when we
do get questions coming into the website, if we get them often
enough we can extend the Frequently Asked Questions page.
Q228 Chairman: Can I just go back to
fingerprints for a moment? How often is there a false match in
fingerprint identification? Give me a rough idea, both from our
practice and, indeed, if you know it, from SIS's practice?
Superintendent Flynn: Thank you, my Lord Chairman.
On that one I discussed this issue with the director in the police
IT organisation, and what you can do on a fingerprint system is
you can change the algorithms regarding the sensitivity, so that
in fact you would get no false hits but actually you would miss
something where the computer was 99.9 per cent certain that it
was that person. So there was a balance to be struck; that is
why you get the high, medium, low response, and if there is any
further doubt you go to the verified ID stage, where you go to
a fingerprint expert. So to actually talk about percentages can
be quite difficult and misleading because you can actually vary
the accuracy of the sensors.
Q229 Lord Marlesford: Following up on
that, if I may, for example when one comes into the US now one
has one's fingerprints taken immediately. They presumably have
those on some sort of database.
Mr Wainwright: Yes.
Q230 Lord Marlesford: Is that database
available to SIS or to us?
Mr Wainwright: It is not available to SIS because
of course the United States is outside the European Union, but
it is available to UK law enforcement through other cooperation
channels that my organisation operate.
Q231 Chairman: Can we turn to flagging
alerts, and you may have to explain to me what I mean! In what
circumstances will the UK authorities be flagging alerts so as
to prevent action taking place on the basis of the alerts? How
does this compare with the practice of our fellow Member States
and will their practices be likely to change with the application
of SIS II, in particular in those Member States where the European
Arrest Warrant is currently inapplicable. Do you understand that
question and can you give me an answer to it?
Superintendent Flynn: We will try! First of
all, I will deal with flags. On the system there are flags which
are essentially markers for each Member State and when an alert
arrives in that Member State and they validate it, it might be
that for certain reasons they cannot action that alert. They would
then get in touch with the UK SIRENE bureau or whichever SIRENE
bureau had launched the alert and ask for their flag to be set
against it, and it just means that they will not be seeking to
take the action that we have requested.
Mr Wainwright: Indeed, most grounds for flagging
in the system to date have been around what is Article 95 alerts,
which have since of course been replaced by the European Arrest
Warrants, so most of the flags we used in the past around extradition
requests, the European Arrest Warrant provisions now supersede
that and so the grounds for the majority in the past have now
been taken away. It is still possible, of course, to flag in other
areas, particularly around missing persons and also the Article
that deals with the need for discreet checks, for example, discreet
surveillance of a subject, so it is still possible to do that,
but the amount of flagging that is now done in the system is considerably
Q232 Chairman: Can you give me an example
of flagging? Would it be your concern that action might in fact
ruin a surveillance operation?
Mr Wainwright: Quite, that is a very good example
and there might be others that Mike can provide.
Superintendent Flynn: A lot of this is still
under discussion for SIS II as they decide whether there will
be automatic changes of action requested or flags put on the system,
but, say, for example, we launched an alert for a vulnerable missing
person, they were found in another Member State and within their
national law they had to make an assessment as to whether this
person was suffering from a psychiatric condition that rendered
them vulnerable. Their specialists disagree with our view, therefore
they cannot, under their national law, do what we ask; they would
then get in touch with us because they would not want the person
to walk out, be stopped by the next police officer and the same
action commenced again. So they would ask that a flag be set on
that so that they did not do it. Similarly, there are some countries
where, if you ask for a specific check as opposed to a discreet
check, they would say that actually under their law they are not
empowered to do that and therefore they would automatically want
to turn all the requests for specific checks into discreet checks.
Q233 Baroness Henig: I think I understand,
so the flag is issued when the UK issues an alert, and then it
is flagged if the other country cannot take action. But is that
time-limited? Maybe they could take action next year, or how long
does the flag stay on? Is that it, is that forever?
Superintendent Flynn: If they cannot take the
action or, for example, we had sent an extradition request and
it was missing a key piece of detail, they might ask for that
piece of detail but in the interim they would flag the alert pending
us sending the information through, so that they could then ask
for their flag to be removed.
Q234 Baroness Henig: So there are different
categories of flags?
Superintendent Flynn: Again, much of this is
under discussion as to how it will work in SIS II and whether
we will have flags or automatic changes.
Q235 Lord Corbett of Castle Vale: You
want to talk to the Royal Navy!
Superintendent Flynn: But on this one the general
theme is that if temporarily or permanently they cannot do something
that we ask there is some way of marking the record so that law
enforcement officers do not take the action that we have requested.
Baroness Henig: I am thinking that it
might be useful to differentiate between the temporary and the
"that is it" one.
Q236 Earl of Caithness: I want to ask
about the working operation for the law enforcement officer? At
the moment there is a difference between the wording in the framework
directive and in SIS II about information that is taken for national
use and information that is spread between Member States. How
is the law enforcement officer actually going to operate this
in practice when he is taking data on a national basis under one
criteria, only to find that in due course that information is
then sent abroad to the SIS II system and is hawked around the
other Member States?
Superintendent Flynn: Are we talking about the
creation of an alert, or the response to an alert?
Q237 Earl of Caithness: Tell me the answer
to both of those.
Superintendent Flynn: What we have done essentially
between ACPO and ACPO(S), SOCA and the Crown Prosecution Service,
we have worked out end-to-end business processes and rules regarding
the creation of alerts. Some alerts we would describe as optional:
that is, not every wanted person on the Police National Computer
goes to the Schengen Information System; it is only those where
we have been through the business rules and we have agreed that
there will be an European Arrest Warrant, there is CPS approval,
there is SIRENE bureau validation and off it goes. So from that
it is a strict business process. There are others, such as stolen
motor vehicles, where any reported stolen motor vehicle in the
UK that is placed on the Police National Computer will go to the
Schengen Information System because we could not put in place
any justifiable business rules saying that we will only put valuable
cars on the system, because we found from talking to our partners
in the other Member States that quite often it will be low value
cars that were stolen and were exported en masse perhaps
across Europe towards the Balkans where there was a ready market
for them. So in these areas, where we simply could not justify
it to ourselves or the public, putting some kind of barring, what
we are saying is that every stolen motor vehicle, firearm, trailer
that meets the rules that goes on to the Police National Computer
will automatically go to the SIS, and if it is found it will be
automatically cancelled. Again, we have put in some very strict
weeding rules to ensure that we do not leave data lying around.
Q238 Earl of Caithness: Does this pose
any operational difficulties for the policemen?
Superintendent Flynn: No, because national law
applies. In this one national law applies and if they come across,
for example, a stolen German motor vehicle then essentially the
system will give them some information, tell them what to do and
tell them where to get some more information and that is via the
SIRENE bureau. And then as soon as you are into the international
liaison and cooperation we rely on the work of the SIRENE bureau
to ensure that the officer operates within national law and that
any international liaison goes to the SIRENE bureau.
Mr Wainwright: If I may add, I think this is
about levels of confidence that police officers have between themselves,
not just within the UK but around the European Union, of course,
and I think, depending on the sensitivity of the case, one would
expect a British police officer to have every confidence in their
European colleague in terms of handling his or her case, and indeed
we would expect significant benefits to be derived from that,
and most police officers would want to know, of course, if a German
or a Spanish colleague has stopped a stolen vehicle as part of
his or her case. Where the case becomes more sensitive then there
are other channels for our cooperating with our European colleagues,
particularly with Europol, for example, where we can exercise
much more control over the extent to which information is shared
with colleagues. But we do work on the fundamental principle that
there is a level of confidence naturally within the European Union,
within which we can each benefit of course.
Superintendent Flynn: One of the huge advantages
we have is the decision made within SOCA to ensure that from the
law enforcement point of view we have a one-stop shop, and that
is, if there is an angle that requires Interpol or Europol or
the use of the Schengen Information System, you are actually dealing
with the same place all the time and the staff within the SIRENE
bureau are actually able to work out which route this inquiry
should take. And within the business rulessay, for example,
on a sensitive issue, we are asking for a discreet check to be
made on a serious criminalthen in-house we ensure that
all those alerts will go through a force intelligence bureau where
the sensitivity can be gauged before we go forward and liaise
with the SIRENE bureau.
Q239 Lord Dubs: It is not a question
of which you have had notice, so bear with me. As a Committee,
we looked some time ago in a previous study at Europol and Interpol.
Is it clear what the links are between SIS and Europol and are
there any difficulties as regards a possible overlap with Interpol?
Mr Wainwright: With Europol, we do support the
position which most Member States favour, that Europol should
have access to the SIS II databasethat is not yet the caseexactly
for the reason that you alluded to, which is so that we can manage
the potential for any cross-overs of information between cases
that Europol are working on and those SIS II have. In the majority
of cases, however, the two are dealing with a different level
of sensitivity, a different type of casework. Europol is much
less about volume casework, of the type SIS is, and much more
about quality casework around serious crime, including counter-terrorist
cases. Interpol however does deal more in volume casework so there
is a potential for there being a duplication there. Of course,
Interpol operates worldwide and SIS is just a European capability.
The management of the data between Interpol and SIS is a bit more
complex because of the particular framework within which SIS is
managed, which is distinctly European Union; whereas Interpol
of course operate on an entirely different basis. There are however
parts to the Interpol programmefor example, on DNA that
you mentioned earlier and on stolen passportsthat do have
a natural connection with SIS II and, in that case, I think it
has to be worked on a national level rather than through the central
European framework of SIS II.