On the 2nd November 2022 His Majesty’s Inspectorate of Constabulary and Fire and Rescue Services (“HMIC”) published their report entitled; “An inspection of vetting, misconduct, and misogyny in the police service”. It was expected that the report would highlight concerns about the current vetting processes used within policing, but perhaps not to the degree that has now become apparent.
The Sarah Everard murder and actions of Jake Davison in Plymouth have brought to the fore the need to scrutinise the actions and behaviours of individuals who are entrusted with firearms and with trusted careers. Whether we are scrutinising an applicant because they want heightened levels of clearance to work in sensitive environments or they are seeking the permission to carry and use a firearm, we need to ensure that appropriate levels of care are taken at the point of application and regularly thereafter.
Within this blog I swiftly run through the findings of that report and explore the overlaps with the recent report from HM Prison and Probation Service, “The Internet and radicalisation pathways: technological advances, relevance of mental health and role of attackers”. From page […] onwards I conclude by highlighting the emerging trends seen by vetting and firearms licensing teams; establishing, where possible, how they can be combatted through greater use of technology.
Matt Parr CB, wrote the foreword to the HMIC report. He says this of the current vetting process:
“This too needs to be more stringent. We examined 725 vetting files. In most cases, we agreed with forces’ decisions to grant clearance. But we also found 131 cases where the decision was questionable at best. In these, we found officers and staff with criminal records, or suspicions that they had committed crime (including some serious crime), substantial undischarged debt, or family members linked to organised crime. In other cases, officers and staff had given false or incomplete information to the vetting unit. We also found officers who, despite a history of attracting complaints or allegations of misconduct, successfully transferred between police forces. This is wholly unsatisfactory.”
Whilst the report itself highlights clear areas of concern and rightly requires a tight time frame for improvements from April of 2023, one sentence which should not in any way be overlooked states what any right thinking member of the public would agree to be true,“The majority of police officers and staff meet – and often exceed – the standards of behaviour the public have the right to expect.”
The report sets out five key areas for improvement and makes 43 recommendations to strengthen the current systems. Those suggested improvements include:
Dissecting these “improvement areas” we read that in many cases forces had not taken steps to mitigate risks or assessed the risks when they had chosen to grant vetting clearance to individuals with “criminal convictions, or whose family or friends have convictions, or where concerning information is held”. In these cases, forces did not have enough people within their counter corruption unit or vetting units to mitigate the risks, presenting a “significant corruption threat” for those forces.
Another concern was that where social media enquiries had found “language and comments on social media”, attributable to vetting applicants, that were “potentially discriminatory, inflammatory, or extremist”, in the examples they assessed those individuals did not have their vetting applications rejected. The forces in those examples had chosen to address the identified risks through “advice to applicants regarding their future use of social media”. I should stress that the decisions made by these forces may well be entirely appropriate; just because someone has at one time said something “potentially inflammatory”, one can understand why that should not prejudice them indefinitely from obtaining employment within a force.
Every case turns on its own merits and the key to making the right decision is in allowing adequately resourced vetting teams the time to evaluate all the relevant information about the applicant.
HMIC state there is, “a clear case for introducing more extensive and routine quality assurance processes” in this regard. We await the next round of guidance from the College of Policing APP, but no doubt from both a vetting and firearms licensing perspective there will be a call for heightened scrutiny of all social media and open-source intelligence relating to applicants.
Renewals are “too long”, they concluded. The standard 7 years between Management Vetting (“MV”) assessments and ten years for Recruitment Vetting (“RV”) assessments plainly leaves ample time for individuals who were of no risk to the force to have become radicalised, unwell or otherwise of more risk than when they first joined. In my opinion, it is only through the ability to routinely check individuals at least yearly that we will be able to mitigate the risks presented. Any intelligence or untoward actions noted should immediately trigger a review in addition to routine re-evaluations.
A large part of the reason for the lengthy renewal time frames must be the sheer volume of cases; many of which, the report notes, are born out of insufficient staff being employed within vetting units. We either need to find ways to make the existing teams more efficient so that they can get through backlogs and undertake more frequent renewals or we need to employ lots more people – ironically – all of whom would also need to be vetted somehow before being able to assist with the wider problem.
A focus for improvement lay in the noted concern that “forces need to do more to collect intelligence relating to prejudicial and improper behaviour”. The report recommends that “forces should routinely widen their enquiries to establish whether the matter under investigation is part of a wider pattern of behaviour.”… “Usually” forces did not carry out these wider enquiries.
But what, dare I say, are these wider enquiries? Surely the only way to establish if someone has shown or continues to show “prejudicial or improper behaviour” is to evaluate all potential data sources about them – in particular their activity online, on social media, in chat forums and within all available intelligence and policing data bases. In the absence of absolute scrutiny of all these areas surely, Chief Constables are carrying huge risks within their workforce?
So what recommendations have been made and when are the Chief Constables of the UK to have adopted these recommendations by:
By April 30th 2023 –
By October 31st 2023 –
By December 31st 2023 –
What test applies to vetting checks?
The current Vetting APP gives guidance for forces to assess information and intelligence gathered during the vetting process by applying a two-stage test:
It is this last bullet point, which obviously creates the greatest range of possibilities and takes the most amount of time to get right, “Any concerning adverse information” could not be expressed more widely and yet the response to this issue appears (from the HMIC report) to be where forces most often fall down. In this next section I examine why that might be, where the best sources of adverse information appear to be and how they can be better investigated.
Identified trends in locating extremist behaviour and radicalisation processes online
Within the recently published article from HMPPS authored by Dr Jonathon Kenyon, Dr Jens Binder and Dr Christopher Baker-Beall, they explored the role of the internet in radicalisation pathways of convicted extremist offenders in England and Wales, applying specific consideration upon technological advances and changes in online activities. In my opinion there is much to be gleaned from this report, as it applies to vetting and firearms licensing processes. The key findings are summarised below:
The report concludes that “the internet has become increasingly prominent in radicalisation pathways and offending over time for convicted extremists in England and Wales. Technological advances have led to changes in the types of applications/platforms used over time.”
If the vetting industry is to combat these changes, they need to be vigorously reviewing the same “open social media platforms” used by extremists. What becomes evident in reading the HMPPS report is that extremist websites themselves are no longer the place to trace individuals linked to these behaviours. However, chat rooms, online discussion forums and the full plethora of Open Source sites remain a potent source of intelligence linking individuals of concern.
It is these chat rooms, forums and open source sites, which by their nature are more attractive to those looking to radicalise as they’re easier to access and have higher levels of traffic, which the Scout® platform now targets. The activity of those responding to or inciting extremist behaviour can now identified within an automated workflow, without the need for manual analysis using search engines.
Two further emerging risks in the vetting sector
From our own research at Synalogik, we have identified a variety of other vetting risks whereby applicants are seeking to utilise emerging technologies in order to evade being linked to “concerning adverse information”.
Disposable contact details
“Disposable” email addresses and phone numbers allow individuals to bounce communications via different numbers or addresses to their own. These “disposable” points of contact can appear as if they’re legitimate UK mobile phone numbers or from a variety of other different countries. Those individuals seeking to use this technology nefariously can make multiple applications using these fictitious details, knowing that any communication sent back through the disposable contact would revert back to their actual devices unknown to the vetting authority. In consequence, bad actors can make representations that they are currently based within the United Kingdom when they are not. To combat this emerging technology our team have created a “bot” which automatically detects and remembers all such disposable points of communication. When applicants seek to use any one of them, the Scout Vetting platform can notify the vetting team, in near real time, that this major red flag has arisen, protecting your force from the get go.
Breach databases
For decades hackers have sought to illegitimately obtain names, emails, credit card details, passport numbers, phone numbers and passwords. Vast volumes of this information is then made available to purchasers on the deep, dark and open web. Thereafter, this illegally obtained data has been used to gain control of systems, obtain money fraudulently, launder money and blackmail individuals.
The team at Synalogik could see how this sensitive and personal data could be used to either manipulate / blackmail police officers with vetting clearances or even to hijack details of individuals to clone their identity and seek vetting clearances as non-police personnel. As a result of Government funded in-house research and development, the Synalogik team have scraped and aggregated the deep, dark and open web for breach datasets – in particular those linked to Law Enforcement Agencies and Government organisations – and can now offer automated checks against them.
In the first week of these advanced new data sources going live through the Scout® platform, Synalogik were shocked to see the volume of large scale data breaches within police forces – many of which were overseas, but we could see officers’ email addresses AND access passwords!
When our clients use Scout® to perform firearms licensing, vetting or general intelligence enquiries, we can give you the results of whether this email address, phone number or individuals’ details have been compromised. As a result, when performing remediation checks upon existing applicants you can now advise them of such breaches and protect your force, but most importantly, when new applications are submitted you will know whether there is the chance that this has been done from a hijacked account, before any risks to your force’s data have been incurred…
As regular Scout® users will know, our platform is “Evergreen” and constantly evolving. Our team of former police officers, lawyers, intelligence officers and much more strive to find the latest threats and incorporate them into our system, so as to put our clients at the forefront of technology and able to fight back.
If you would like to know more or to see a demonstration, please contact our sales team on: public.sector@synalogik.com