Judge shocked to learn NYPD’s evidence database has no backup

Authored by arstechnica.com and submitted by Vertigostate

As part of an ongoing legal battle to get the New York City Police Department to track money police have grabbed in cash forfeitures, an attorney for the city told a Manhattan judge on October 17 that part of the reason the NYPD can't comply with such requests is that the department's evidence database has no backup. If the database servers that power NYPD's Property and Evidence Tracking System (PETS)—designed and installed by Capgemini under a $25.5 million contract between 2009 and 2012—were to fail, all data on stored evidence would simply cease to exist.

Courthouse News reported that Manhattan Supreme Court judge Arlene Bluth responded repeatedly to the city's attorney with the same phrase: “That’s insane.”

Last year, NYPD’s Assistant Deputy Commissioner Robert Messner told the City Council's public safety committee that “attempts to perform the types of searches envisioned in the bill will lead to system crashes and significant delays during the intake and release process.” The claim was key to the department’s refusal to provide the data accounting for the approximately $6 million seized in cash and property every year. As of 2013, according to the nonprofit group Bronx Defenders, the NYPD was carrying a balance sheet of more than $68 million in cash seized.

City attorney Neil Giovanatti continued that line of argument. He claimed that the NYPD doesn’t have the technical capability to pull an audit report from its forfeiture database—because the system wasn’t designed to do that.

But an expert witness for Bronx Defenders, which is suing for access to the data, undercut claims that the system could not produce a report on the cash. Robert Pesner, former chief enterprise architect for New York City’s Department of Housing Preservation and Development, told the court, “Based on the information I have reviewed about the technical specifications of PETS’s hardware and software, it is my opinion that it is technologically feasible to retrieve much of the data sought from PETS by running queries directly on the underlying [IBM] DB2 database.”

When it was activated in 2012, Capgemini vaunted PETS—which was built using SAP’s enterprise resource planning (ERP) software platform as well as IBM DB2 databases—as a flagship public sector project. The company went as far as submitting PETS as a nominee for the 2012 Computerworld Honors awards. But the system was apparently designed without any scheme for backing up the database or any sort of data warehouse to perform analytics on the data.

When told by Giovanatti that the police department’s IT department did not keep backups and only knew that the database “is in IBM," Judge Bluth responded, “Do you want the Daily News to be reporting that you have no copy of the data?... That deserves an exposé in the New York Times.”

Flatened-Earther on October 19th, 2017 at 01:15 UTC »

But a backup would make it twice as hard to delete evidence......

itty53 on October 18th, 2017 at 22:07 UTC »

Friendly reminder everyone: Backups are only as good as they're able to be restored. A scary amount of people spend hours a week making backups and never test if they can be restored easily. I've at least on one occasion seen this bite people.

So don't just backup your shit. Test that backup.

Course that's all made moot if you don't have a backup to start with. Nice job NYPD. Manage to have offices internationally and yet don't know basic safety protocol.

ThunderMountain on October 18th, 2017 at 21:58 UTC »

Yes, I am positive the case name is Casename'); DROP TABLE evidence;

Relevant XKCD

Relevant Stackoverflow