Emerging threats and trends for vetting processes in 2023

On the 2^nd November 2022 His Majesty’s Inspectorate of Constabulary and Fire and Rescue Services (“HMIC”) published their report entitled; “An inspection of vetting, misconduct, and misogyny in the police service”. It was expected that the report would highlight concerns about the current vetting processes used within policing, but perhaps not to the degree that has now become apparent.

The Sarah Everard murder and actions of Jake Davison in Plymouth have brought to the fore the need to scrutinise the actions and behaviours of individuals who are entrusted with firearms and with trusted careers. Whether we are scrutinising an applicant because they want heightened levels of clearance to work in sensitive environments or they are seeking the permission to carry and use a firearm, we need to ensure that appropriate levels of care are taken at the point of application and regularly thereafter.

Within this blog I swiftly run through the findings of that report and explore the overlaps with the recent report from HM Prison and Probation Service, “The Internet and radicalisation pathways: technological advances, relevance of mental health and role of attackers”. From page […] onwards I conclude by highlighting the emerging trends seen by vetting and firearms licensing teams; establishing, where possible, how they can be combatted through greater use of technology.

Matt Parr CB, wrote the foreword to the HMIC report. He says this of the current vetting process:

“This too needs to be more stringent. We examined 725 vetting files. In most cases, we agreed with forces’ decisions to grant clearance. But we also found 131 cases where the decision was questionable at best. In these, we found officers and staff with criminal records, or suspicions that they had committed crime (including some serious crime), substantial undischarged debt, or family members linked to organised crime. In other cases, officers and staff had given false or incomplete information to the vetting unit. We also found officers who, despite a history of attracting complaints or allegations of misconduct, successfully transferred between police forces. This is wholly unsatisfactory.”

Whilst the report itself highlights clear areas of concern and rightly requires a tight time frame for improvements from April of 2023, one sentence which should not in any way be overlooked states what any right thinking member of the public would agree to be true,“The majority of police officers and staff meet – and often exceed – the standards of behaviour the public have the right to expect.”

The report sets out five key areas for improvement and makes 43 recommendations to strengthen the current systems. Those suggested improvements include:

• introducing more thorough pre-employment checks;
• establishing better processes for assessing, analysing, and managing risks relating to vetting decisions, corruption investigations and information security;
• improving the quality and consistency of vetting decision-making, and improving the recording of the rationale for some decisions;
• strengthening guidance for forces in respect of vetting processes, relationships, and behaviours in the workplace;

Dissecting these “improvement areas” we read that in many cases forces had not taken steps to mitigate risks or assessed the risks when they had chosen to grant vetting clearance to individuals with “criminal convictions, or whose family or friends have convictions, or where concerning information is held”. In these cases, forces did not have enough people within their counter corruption unit or vetting units to mitigate the risks, presenting a “significant corruption threat” for those forces.

Another concern was that where social media enquiries had found “language and comments on social media”, attributable to vetting applicants, that were “potentially discriminatory, inflammatory, or extremist”, in the examples they assessed those individuals did not have their vetting applications rejected. The forces in those examples had chosen to address the identified risks through “advice to applicants regarding their future use of social media”. I should stress that the decisions made by these forces may well be entirely appropriate; just because someone has at one time said something “potentially inflammatory”, one can understand why that should not prejudice them indefinitely from obtaining employment within a force.

Every case turns on its own merits and the key to making the right decision is in allowing adequately resourced vetting teams the time to evaluate all the relevant information about the applicant.

HMIC state there is, “a clear case for introducing more extensive and routine quality assurance processes” in this regard. We await the next round of guidance from the College of Policing APP, but no doubt from both a vetting and firearms licensing perspective there will be a call for heightened scrutiny of all social media and open-source intelligence relating to applicants.

Renewals are “too long”, they concluded. The standard 7 years between Management Vetting (“MV”) assessments and ten years for Recruitment Vetting (“RV”) assessments plainly leaves ample time for individuals who were of no risk to the force to have become radicalised, unwell or otherwise of more risk than when they first joined. In my opinion, it is only through the ability to routinely check individuals at least yearly that we will be able to mitigate the risks presented. Any intelligence or untoward actions noted should immediately trigger a review in addition to routine re-evaluations.

A large part of the reason for the lengthy renewal time frames must be the sheer volume of cases; many of which, the report notes, are born out of insufficient staff being employed within vetting units. We either need to find ways to make the existing teams more efficient so that they can get through backlogs and undertake more frequent renewals or we need to employ lots more people – ironically – all of whom would also need to be vetted somehow before being able to assist with the wider problem.

A focus for improvement lay in the noted concern that “forces need to do more to collect intelligence relating to prejudicial and improper behaviour”. The report recommends that “forces should routinely widen their enquiries to establish whether the matter under investigation is part of a wider pattern of behaviour.”… “Usually” forces did not carry out these wider enquiries.

But what, dare I say, are these wider enquiries? Surely the only way to establish if someone has shown or continues to show “prejudicial or improper behaviour” is to evaluate all potential data sources about them – in particular their activity online, on social media, in chat forums and within all available intelligence and policing data bases. In the absence of absolute scrutiny of all these areas surely, Chief Constables are carrying huge risks within their workforce?

So what recommendations have been made and when are the Chief Constables of the UK to have adopted these recommendations by:

By April 30^th 2023 –

• Making sure that their professional standards departments and counter corruption units routinely carry out all reasonable wider enquiries when dealing with reports of prejudicial and improper behaviour,
• Establish and begin operation of a process to identify, within their vetting IT systems, vetting clearance records where applicants have committed criminal offences and / or their record contains other types of concerning behaviour,
• All intelligence concerning possible sexual misconduct by officers or staff is subject to a risk assessment process, with action taken to minimise any risk identified; and rigorous additional oversight arrangements are in place to monitor the behaviour of officers subject to the risk assessment process, especially in cases assessed as high risk,
• Implement effective risk mitigation strategies where clearance has been granted to individuals with “concerning adverse information about them”,
• Vetting decisions must be supported with a sufficiently detailed written rationale following the National Decision Making Model, including the identification of all relevant risks and taking full account of the relevant risk factors described in the vetting Authorised Professional Practise (“APP”),
• Chief Constables should make sure they comply with the Vetting APP by analysing vetting data to identify, understand and respond to any disproportionality,

By October 31^st 2023 –

• The College of Policing, working with the lead for vetting, should change the Vetting APP to give improved clarity in relation to several factors including “the weight to be applied to adverse information found on social media”,
• The Vetting APP should include a template for vetting decisions to standardise the decision making,
• Prescribe intervals “substantially shorter” than ten and seven years for the renewal of recruitment vetting and management vetting respectively,

By December 31^st 2023 –

• Make routine use of the Police National Database (“PND”) as a tool for revealing any unreported adverse information about officers and staff (the report notes at page 22 that this will require a change to the PND Code of Practise to include specific provision that allows for the PND to be used in this way),

What test applies to vetting checks?

The current Vetting APP gives guidance for forces to assess information and intelligence gathered during the vetting process by applying a two-stage test:

1. Are there reasonable grounds for suspecting that the applicant, a family member or other relevant associate:

• is or has been involved in criminal activity;
• has financial vulnerabilities (applicant only); or
• is, or has been, the subject of any concerning adverse information?

2. If so, is it appropriate, in all the circumstances, to refuse vetting clearance?

It is this last bullet point, which obviously creates the greatest range of possibilities and takes the most amount of time to get right, “Any concerning adverse information” could not be expressed more widely and yet the response to this issue appears (from the HMIC report) to be where forces most often fall down. In this next section I examine why that might be, where the best sources of adverse information appear to be and how they can be better investigated.

Identified trends in locating extremist behaviour and radicalisation processes online

Within the recently published article from HMPPS authored by Dr Jonathon Kenyon, Dr Jens Binder and Dr Christopher Baker-Beall, they explored the role of the internet in radicalisation pathways of convicted extremist offenders in England and Wales, applying specific consideration upon technological advances and changes in online activities. In my opinion there is much to be gleaned from this report, as it applies to vetting and firearms licensing processes. The key findings are summarised below:

• “the types of websites, platforms and applications used by convicted extremists had changed over time, with a steady decline in use of specific extremist websites/homepages and standard communication applications/platforms, and an increase in use of forums/chatrooms, open social media platforms and encrypted applications”
• the internet-related behaviours found to differentiate those who primarily radicalised online from those who primarily radicalised offline were general online activities relating to extremism, namely learning from online sources, interacting with 3 others online, and use of open social media platforms,
• Use of the dark web was reported infrequently, as were new developments such as online gaming and use of imageboards,
• “Radicalisation was found to now take place primarily online, as was evident for those sentenced in 2019–2021, although it remains at present uncertain to what extent this may be due to the onset of the COVID-19 pandemic and associated restrictions.”
• “the most marked increase in prominence of the internet in radicalisation pathways over time was found for convicted women and the older generation.”
• “The internet was also increasingly prominent over time in pathways for Islamist Extremists, those affiliated with the Extreme Right Wing and other political groups. Animal Rights activists were the exception, with in-person contact remaining a key feature of their radicalisation over time.”
• Those reported as being radicalised via online and offline influences were most likely to have committed a previous Terrorism Act (TACT) or TACT-related offence and most likely part of a small cell, consisting of two or three people.

The report concludes that “the internet has become increasingly prominent in radicalisation pathways and offending over time for convicted extremists in England and Wales. Technological advances have led to changes in the types of applications/platforms used over time.”

If the vetting industry is to combat these changes, they need to be vigorously reviewing the same “open social media platforms” used by extremists. What becomes evident in reading the HMPPS report is that extremist websites themselves are no longer the place to trace individuals linked to these behaviours. However, chat rooms, online discussion forums and the full plethora of Open Source sites remain a potent source of intelligence linking individuals of concern.

It is these chat rooms, forums and open source sites, which by their nature are more attractive to those looking to radicalise as they’re easier to access and have higher levels of traffic, which the Scout® platform now targets. The activity of those responding to or inciting extremist behaviour can now identified within an automated workflow, without the need for manual analysis using search engines.

Two further emerging risks in the vetting sector

From our own research at Synalogik, we have identified a variety of other vetting risks whereby applicants are seeking to utilise emerging technologies in order to evade being linked to “concerning adverse information”.

Disposable contact details

“Disposable” email addresses and phone numbers allow individuals to bounce communications via different numbers or addresses to their own. These “disposable” points of contact can appear as if they’re legitimate UK mobile phone numbers or from a variety of other different countries. Those individuals seeking to use this technology nefariously can make multiple applications using these fictitious details, knowing that any communication sent back through the disposable contact would revert back to their actual devices unknown to the vetting authority. In consequence, bad actors can make representations that they are currently based within the United Kingdom when they are not. To combat this emerging technology our team have created a “bot” which automatically detects and remembers all such disposable points of communication. When applicants seek to use any one of them, the Scout Vetting platform can notify the vetting team, in near real time, that this major red flag has arisen, protecting your force from the get go.

Breach databases

For decades hackers have sought to illegitimately obtain names, emails, credit card details, passport numbers, phone numbers and passwords. Vast volumes of this information is then made available to purchasers on the deep, dark and open web. Thereafter, this illegally obtained data has been used to gain control of systems, obtain money fraudulently, launder money and blackmail individuals.

The team at Synalogik could see how this sensitive and personal data could be used to either manipulate / blackmail police officers with vetting clearances or even to hijack details of individuals to clone their identity and seek vetting clearances as non-police personnel. As a result of Government funded in-house research and development, the Synalogik team have scraped and aggregated the deep, dark and open web for breach datasets – in particular those linked to Law Enforcement Agencies and Government organisations – and can now offer automated checks against them.

In the first week of these advanced new data sources going live through the Scout® platform, Synalogik were shocked to see the volume of large scale data breaches within police forces – many of which were overseas, but we could see officers’ email addresses AND access passwords!

When our clients use Scout® to perform firearms licensing, vetting or general intelligence enquiries, we can give you the results of whether this email address, phone number or individuals’ details have been compromised. As a result, when performing remediation checks upon existing applicants you can now advise them of such breaches and protect your force, but most importantly, when new applications are submitted you will know whether there is the chance that this has been done from a hijacked account, before any risks to your force’s data have been incurred…

As regular Scout® users will know, our platform is “Evergreen” and constantly evolving. Our team of former police officers, lawyers, intelligence officers and much more strive to find the latest threats and incorporate them into our system, so as to put our clients at the forefront of technology and able to fight back.

If you would like to know more or to see a demonstration, please contact our sales team on: public.sector@synalogik.com