Authorities in the United Kingdom have made unauthorized copies of data stored inside a EU database for tracking undocumented migrants, missing people, stolen cars, or suspected criminals.
Named the Schengen Information System (SIS), this is a EU-run database that stores information such as names, personal details, photographs, fingerprints, and arrest warrants for 500,000 non-EU citizens denied entry into Europe, over 100,000 missing people, and over 36,000 criminal suspects.
The database was created for the sole purpose of helping EU countries manage access to the passport-free Schengen travel zone.
The UK was granted access to this database in 2015, even if it's not an official member of the Schengen zone.
2018 report revealed violations on the UK's side
In May 2018, reporters from EU Observer obtained a secret EU report that highlighted years of violations in managing the SIS database by UK authorities.
According to the report, UK officials made copies of this database and stored it at airports and ports in unsafe conditions. Furthermore, by making copies, the UK was always working with outdated versions of the database.
This meant UK officials wouldn't know in time if a person was removed from SIS, resulting in unnecessary detainments, or if a person was added to the database, allowing criminals to move through the UK and into the Schengen travel zone.
Furthermore, they also mismanaged and misused this data by providing unsanctioned access to this highly-sensitive and secret information to third-party contractors, including US companies (IBM, ATOS, CGI, and others).
The report expressed concerns that by doing so, the UK indirecly allowed contractors to copy this data as well, or allow US officials to request the database from a contractor under the US Patriot Act.
Report confirmed this week
At the time, EU authorities never confirmed the report's validity. However, in comments made earlier this week, EU officials inadvertantly admitted to the report's existence, and its accuracy.
"Those are meant to be confidential discussions that we have with the individual member states," said European Commissioner for Security Julian King when asked about the report, as quoted by Schengen Visa Info and EU Observer, earlier this week.
"It is not just one member state that has some challenges in this area, there are a number of member states that have challenges in this area," he added.
As a result of these comments, Sophie in 't Veld, a Dutch politician and a Member of the European Parliament, has requested that the European Commission make the report public and reveal the real depth of the UK's abuse and mismanagement of this highly sensitive database -- which will also be at the core of a EU-wide biometrics system in the upcoming future.
Related government coverage:
- NSA to establish a defense-minded division named the Cybersecurity Directorate
- Telegram voicemail hack used against Brazil's president, ministers
- Louisiana governor declares state emergency after local ransomware outbreak
- Bulgaria's hacked database is now available on hacking forums
- Hackers breach FSB contractor, expose Tor deanonymization project and more
- Kazakhstan's HTTPS interception efforts target Facebook, Google, Twitter, others
- How Estonia became an e-government powerhouse TechRepublic
- Sri Lanka blocks social media after deadly Easter explosions CNET