Provision of information held by Northumbria Police made under the Freedom of Information Act 2000 (the 'Act')
As you may be aware the purpose of the Act is to allow a general right of access to information held at the time of a request, by a Public Authority (including the Police), subject to certain limitations and exemptions.
1. How does your police force currently access and manage its data and applications?
• On premises
• In a public cloud
• In a private cloud
• Hybrid cloud model
• Other, please state:
2. What approximate percentage of your data and applications are currently ‘in the cloud’?
• All of our applications and data are hosted in the cloud
3. Is your police force considering investing in cloud infrastructure and technologies - such as software, platform or infrastructure as a service (SaaS, PaaS or IaaS) - in the next 12 months?
• Don’t know
4. Is your IT department outsourcing or downsizing its physical IT infrastructure, e.g. on premise servers and physical hardware, in favour of a cloud model?
• Yes – we have already done so
• Yes – we are planning to do so in the next 12 months
• Yes – we are in the process of doing so
• No – we do not plan to do this
5. Are all of your police officers that work with IT / computers able to access data files and applications when working remotely / out in the field?
• Don’t know
6. How much has your police force spent on outsourcing IT in the last five years? This refers to budget spent on devices used by third parties/contractors/outsourced employees as well as outsourcing itself
7. Does your police force report back on information technology use related greenhouse gas emissions?
• Yes – and we have specific targets to meet
• Yes – but we don’t have specific targets to meet
• Don’t know
If your police force does have 2020 targets on information technology use related greenhouse gas emissions, please answer:
8. Are you on track to meet your 2020 targets for information technology use related greenhouse gas emissions?
• Yes – we’re on track to exceed that target
• Yes – we’re on track to meet that target
• Don’t know
Following receipt of your request, searches were conducted with the ICT Department of Northumbria Police. I can confirm that the information you have requested is held, in part, by Northumbria Police.
I am able to disclose the located information to you as follows.
1. A combination of on premises and private cloud.
2. No information held. It should also be noted that we do not hold/record percentages and are not obliged to create new information under the act in order to satisfy a request,
6. The force has not outsourced any services in the last 5 years.
Northumbria Police can neither confirm nor deny any further information is held with regards to questions 1 to 5, and by doing so we rely on the following exemptions:
Section 24(2) National Security
Section 31(3) Law Enforcement
These exemptions are qualified and prejudice based exemptions and therefore the legislators accept that there may be harm if released into the public domain. The authority has to consider and describe the harm that would occur if the information were released and carry out a public interest test. In accordance with best practice, I detail the harm first.
Overall Harm in Confirming or Denying Information is Held:
Modern day policing is intelligence led and law enforcement depends upon the development of intelligence and the gathering and security of evidence in order to disrupt criminal behaviour and bring offenders to justice. As criminals adapt and exploit new technology, the police need to respond by overcoming hi-tech barriers in order to meet their responsibilities. In this case the information relates to cloud based data and applications. By revealing whether information is held in relation to the specific technology, will in itself be revealing tactical information which would undermine the process of preventing or detecting crime and the apprehension of prosecution of offenders.
Public Interest Considerations:
Section 31 - Factors favouring confirming or denial
Confirming or denying that Northumbria Police holds information would raise the general public’s awareness around technology used to access and manage its data and applications.
Section 31 - Factors against confirming or denying
By confirming or denying whether information is held could compromise Northumbria Polices’ law enforcement capabilities and the effectiveness of the force will be reduced. To confirm or deny if information is held could undermine current and/or future strategies when carrying out investigations and gathering evidence may be compromised.
The personal safety of individuals is of paramount importance to the Police Service and must be considered in response of every release. A disclosure under Freedom of Information is a release to the world and, in this case, confirming or denying if the information is held in relation to cloud based data and applications, would undermine the evidence gathering process of any investigative inquiry relating to offences, some of which may be serious cases such as murder or rape.
Section 24 - Factors favouring confirming or denial
Confirming or denying that any other information exists relevant to the request would lead to a better informed public and the public are entitled to know how public funds are spent. The information simply relates to national security and disclosure would not actually harm it.
Section 24 - Factors against confirming or denial
To confirm or deny whether Northumbria Police hold any information would allow inferences to be made about the nature and extent of national security related activities which may or may not take place. This could enable terrorist groups to take steps to avoid detection, and as such, confirmation or denial would be damaging to national security.
By confirming or denying any policing arrangements of this nature would render national security measures less effective. This would lead to the compromise of ongoing or future operations to protect the security or infra-structure on the UK and increase the risk of harm to the public.
As always the Freedom of Information Act has a presumption of disclosure, unless when balancing the competing public interest factors the prejudice to the community outweighs the benefits. In this case, there is an argument for confirming or denying, inasmuch as the public have a right to know that every effort is made to gather all relevant evidence, including the use of cloud based data and applications, but this must be balanced against the negative impact these disclosures can make.
Law Enforcement is reliant on community engagement, intelligence and evidence gathering and when it is appropriate, information is given to the public. What has been established in this case is the fact that confirming or denying that information relating to technologies and applications used would be harmful and have an adverse effect on the investigative process and on the public prevention or detection of crime and the apprehension or prosecution of offenders. This places the victims of such offending at a greater risk towards their health and wellbeing and is not an action the Police Service would be willing to take. These negatives outweigh any tangible community benefit and therefore the balance does not favour disclosure at this time.