Queensland's offender IT system used to extort prisoners

Queensland’s corruption watchdog has told the state’s corrective services agency to replace its offender management system after uncovering occasions where it was used by staff to extort prisoners.

In a damning review into corruption in the state’s corrective services facilities released last week, the Crime and Corruption Commission (CCC) identified major information management and security failings with the core line-of-business system.

It found the integrated offender management system (IOMS) used to perform case management for Queensland Corrective Services’ (QCS) lacked “appropriate access and use controls, and audit functionality”.

This means custodial correctional officers (CCO) are able to “view personal information about any prisoner”, with audit functionality unable to “systematically or accurately determine whether access to particular information is necessary or appropriate to the staff member role”.

“Approximately 13 percent of allegations involving QCS staff received by the CCC are about misuse of information and these allegations have significantly increased over the last three years,” the report from Taskforce Flaxton states.

The corruption watchdog said this had led to instances where CCOs were accessing IOMS “for purposes unrelated to their functions” and, in some case, “using this information to extort prisoners, or providing information about prisoners to other prisoners or third parties”.

As a direct result of this poor information security, prisoners – who were said to “understand these vulnerabilities” – felt uncomfortable providing information to corrections officers.

“Prisoners understand these vulnerabilities and do not feel comfortable providing information, which reduces the amount of intelligence being extracted from the prisons,” CCC said.

“Lack of information security can also expose intelligence to parties who should not see it or compromise investigations.”

The CCC has recommended that QCS implement “remediation strategies” to address issues, before replacing the IOMS with a system that “meets recognised information and security standards”..

QCS said it had begun to redevelop IOMS to improve records management and is planning to replace the system with a digital offender management environment (DOME).

The agency has, however, “issued a statement of works” for an independent ‘health check’ of the system for the time being to identity any underpinning issues and develop remediation strategies.