Watchdog in dark on Net procedure

PUBLISHED : Wednesday, 15 March, 2006, 12:00am
UPDATED : Wednesday, 15 March, 2006, 12:00am

Police did not know names could have been deleted

A police complaints body was unaware it could have taken steps to remove from the internet the personal details of 20,000 people who have complained against the force over the past decade.

The safety of the complainants may have been jeopardised by a blunder that led to their names, addresses and identity card numbers being available on the Net.

Search engine Google said yesterday it had removed archived links to the list on Sunday, three days after the South China Morning Post inquired about the blunder.

Google spokeswoman Debbie Frost said the material was only deleted after the company became aware of the problem.

The Independent Police Complaints Council said on Saturday it had approached Google 'through the proper channels' when it became known that the list remained in the public domain even though the website on which it appeared had been deleted.

The information could have been removed from the internet days earlier using simple instructions offered by Google to webmasters on how to prevent webpages appearing on the search engine's cache.

Nevertheless, fears remain that those who downloaded the list may place it back on the internet.

Earlier, complaints council member Lo Wing-lok urged the public not to search for the data because this may lead to it remaining on the Web indefinitely.

A spokesman for the council admitted the watchdog did not know it could have removed the data from Google's cache by itself.

'We are only a small office and do not have any in-house IT specialist. We took all relevant steps to have the data removed, including contacting the police, servers in Hong Kong, and Google, asking them to remove the cache.'

Kwok Lau-for, associate professor at City University's computer science department, said if the webmaster of the site, on which the leaked data appeared, had been authorised by a supervisor, he could have deleted the information.

'He may not have been able to get rid of it without specific instructions,' Dr Kwok said.

However, he said the way to remove cached information from the search engine may not be common knowledge among IT staff, admitting he had not been aware that this was possible without intervention from Google.

The complaints council says it believes the blunder that led to the names appearing on the site was caused by an external contractor who took the information home and downloaded the names.

Computer security consultant Richard Stagg, from Handshake Networking, said yesterday the incompetence in failing to properly secure the information was staggering.

'There is no reason why this information should have been anywhere near the internet,' Mr Stagg said.