Whatever the MPS has or has not been up to for the last couple of years in Tower Hamlets there is one investigation that has yet to be completed – the apparent data theft of the personal details of thousands of Tower Hamlets Homes tenants for the purposes of electioneering.
Fortunately the Information Commissioners Office (ICO), not the Met, are running this investigation.
And at eight months duration and counting it is one long investigation. Which is kinda odd because the facts are simple.
Data for sale! Cheap data!
In August 2015 as the dust from the Mayoral election rerun was just beginning to settling LW broke the story of the possible data theft of Tower Hamlets Homes (THH) residents personal information for political gain.
This explained the mysterious way voters had been seen text messages by Tower Hamlets First (THF) when they had never given their mobile numbers to THF or any other political party.
Cllr. Danny Hassell, (Labour, Bromley South) wrote to Ann Lucas, Chair of the THH board asking for an independent enquiry.
To its credit THH took this allegation so seriously that although not legally required to do so it reported the data breach to the Information Commissioners Office (ICO).
Demonstration of intent
Even better than that Tower Hamlets Homes requested their own lawyers, Trowers & Hamlins, to review the proposed investigation methodology and approach to ensure it was thorough and then asking Trowers to review the final investigation report. Which as a demonstration of intent to get to the truth is pretty impressive.
By November 2015 THH had completed the evidence gathering phase of its own investigation (LW knows because we checked) and was drafting a report which was submitted to the ICO just before Christmas.
In January 2016 the ICO enquiry was still ongoing. And in February too. LW checked in March and it was still going on.
LW checked this morning and in the absence of a reply we are assuming it is still, er, going on.
Sounds like the ICO are being very thorough indeed. Which is good.
Data theft sounds a pretty boring subject but with a little luck it might be that the ICO report into the alleged data theft at THH might be the backdoor that is prised open and provide access to the inner workings of all sorts of interesting things.
The sort of things no other investigative body or court hearing has discovered.
So what’s to investigate at THH? Quite a lot.
Arms and pockets
Tower Hamlets Homes might be an ‘Arms Length Management Organisation’ of Tower Hamlets council but they both have their hands in each others pockets. They are separate but not too far away from each other. Probably about an arms length.
The original data sheets obtained by LW clearly show for each address:
- UPRN (Unique Property Reference Number)*
- Property address
- Name of resident
- Phone number of resident
LW still has the original documents (see below) in its possession – odd that no one has ever asked to look at these during either the THH or ICO investigations.
The main question is how did the data sheets containing THH tenants personal details get from inside THH to the Tower Hamlets First offices inside the Town Hall at Mulberry Place? For this is where they were discovered.
The addresses of the data sheets are in Shadwell ward which was where Cllr. Rabina Khan (Tower Hamlets First / Independent Group) and Cllr. Harun Miah (Tower Hamlets First / Independent Group) were elected as councillors in 2014 and where Ms. Khan was defeated in her bid to become the successor to Rahman in 2015.
When in power Cllr. Rabina Khan was Tower Hamlets First cabinet member in charge of housing and so responsible for Tower Hamlets Homes.
There is no allegation or evidence that Cllr. Khan or Cllr. Miah had anything to do with the alleged data theft.
It is more than likely that the fact that the data sheets LW obtained just happen to be from Cllr. Rabina Khan’s ward is pure coincidence and nothing else.
Was alleged data theft borough-wide?
And LW has always assumed that this data theft was undertaken systematically in each of Tower Hamlet’s 20 electoral wards
If this is the case was the data theft just restricted to residents of the 22,000 THH properties or was this same procedure carried out in each of the 40 plus Housing Associations that also provide social housing in the borough?
Was whoever accessed the data from THH responsible for other data thefts in the other Housing Associations? LW is not aware of any other data thefts of this type. No doubt the ICO will have checked this.
Was this data theft restricted to Housing Associations or were other council run administration systems accessed as well?
Irrespective of the scale of the data theft being one HA or over 40 this sort of work is not something that an enthusiastic if misguided individual would decide to do at the spur of the moment.
Think of what needs to be organised.
First you have to know where the data exists and either have personal access to that specific IT system of THH or have someone working within THH who has access.
Then you have to ask your person on the inside to get what you want – in this case a computer print out of THH tenants personal details – and either provide you with an awful lot of paper or digital copies of the files.
It should be emphasised that these reports cannot be generated by just anyone at THH – because of their content.
This means that the person who asked for the reports can be identified, by examination of the audit trail of the THH computer system if nothing else. (An audit trail is a record of any activities on an IT system including generating and printing reports that is generated automatically. The audit trail can then be checked in future.)
Once you have your data you then need to ensure that the organisation that makes use of it knows that it exists and what they can do with it.
Which brings us to the use of residents mobile phone numbers.
Now it might be that a bunch of dedicated volunteers sent prospective voters text messages individually. Unlikely.
More likely is that the mobile numbers – as well as the other data – were transferred to another ‘IT system’ or just a laptop somewhere. The mobile numbers would then be sucked up into a piece of software that automatically sends out text messages. Job done.
So who organised that? Where was the data when it was being used? And where is it now?
The residents of Tower Hamlets want names.
They want the names of the people who allegedly stole the data.
They want the names of the people who told them what to do.
They want the names of the organisations involved.
And possibly most importantly residents wants to know if the alleged data theft at THH homes is linked to other dubious activities in the borough.
And there’s more
LW has spent the last two years investigating the murky world of Tower Hamlets politics. And it is our belief that it is almost impossible that the alleged data theft at THH homes is not connected to other odd goings on.
Same people? Same places? Same organisations?
Snouts in the trough
Motives might vary, personal greed for some, lust for power in others, political beliefs for a few. But all with their snouts firmly buried in the same trough.
The question that then remains is why is it taking so long for the ICO to work out who allegedly stole the data from Tower Hamlets Homes and how that data was then used by Tower Hamlets First?
Eight months since the story of the alleged theft was broken, at least three months since the ICO took over the investigation from THH, the truth has yet to be uncovered.
Let’s hope the sound of digging is honest public servants trying to reveal the truth, not those with dirty snouts who are trying to bury it.