One danger of database searches making it easy for unscrupulous insiders to obtain data on vulnerable people
The Local Government Chronicle and The Sun have reported that a rapist posed as a care worker to access council data on vulnerable teenagers.
Simeon Kellman, aged 42, used a system at Greenwich Borough Council in South East London, to identify teenagers who had recently come out of foster care.
The police, as quoted in The Sun, said that Kellman had made a “substantial” number of computer searches on profiles of former foster children. “The lack of security at the council was breathtaking,” said the paper quoting a “police source”. It added: “Kellman was able to log on and cherry-pick kids coming out the care system.”
He was said to go their new home addresses, pretend to be a friend, then attack them. He was jailed for eight years for raping an 18 year-old in her flat. Police believe he has raped before.
A spokesman for Greenwich Borough Council said that Kellman had access to the council’s systems as part of his job and had been vetted to the standard of his colleagues. The spokesman denied the council’s systems were insecure.
The Leader of Greenwich Council, Councillor Chris Roberts said:
“We strongly support the custodial sentence given to Mr Kellman for an extremely callous and calculating crime and an unforgivable betrayal of trust.
“However, we totally refute any suggestion that a lack of security in the Council’s database system was in any way responsible for this terrible crime. This assertion is absolutely incorrect. It was the vicious actions of an individual and not a failing in the system which led to this crime.
“Alongside a range of measures to check his employment suitability, Simeon Kellman was CRB [Criminal Records Bureau] checked and cleared by the police to carry out his role, which included having access to restricted information. Councils use these checks to help judge a potential employee’s suitability. Under the current CRB system this person was not deemed to be unsuitable by the police to take on his role.
“Simeon Kellman was dismissed by the Council once he admitted his guilt and has been rightly imprisoned for a number of years.
“We continue to work with other agencies to provide support for the victim, and applaud her brave determination to seek justice following such a deeply traumatic experience.”
Comment: Audit Trails and the threat of disciplinary procedures are unlikely to deter an unscrupulous insider who wants to trawl databases for sensitive information. One answer is to make systems secure from fishing – or, if this is not possible, to keep access to particularly sensitive information to a very small number of vetted individuals. The incident highlights the dangers of creating large databases of sensitive personal information that are difficult to secure against determined and unscrupulous insiders.
Thank you to the “Arch” blog on audit trails which alerted me to the article on Kellman.