Gallwch adael y wefan hon yn gyflym drwy wasgu’r fysell Escape Allanfa Gyflym
Rydym yn defnyddio rhai cwcis hanfodol i wneud i’n gwefan weithio. Hoffem osod cwcis ychwanegol fel y gallwn gofio eich dewisiadau a deall sut rydych yn defnyddio ein gwefan.
Gallwch reoli eich dewisiadau a gosodiadau cwcis unrhyw bryd drwy glicio ar “Addasu cwcis” isod. I gael rhagor o wybodaeth am sut rydym yn defnyddio cwcis, gweler ein Hysbysiad cwcis.
Mae eich dewisiadau cwcis wedi’u cadw. Gallwch ddiweddaru eich gosodiadau cwcis unrhyw bryd ar y dudalen cwcis.
Mae eich dewisiadau cwcis wedi’u cadw. Gallwch ddiweddaru eich gosodiadau cwcis unrhyw bryd ar y dudalen cwcis.
Mae’n ddrwg gennym, roedd problem dechnegol. Rhowch gynnig arall arni.
Diolch am roi cynnig ar fersiwn 'beta' ein gwefan newydd. Mae'n waith ar y gweill, byddwn yn ychwanegu gwasanaethau newydd dros yr wythnosau nesaf, felly cymerwch gip a gadewch i ni wybod beth yw eich barn chi.
FOI Reference: 899/2024
Request:
o The total number of emails blocked.
o The reasons for each blocked email (e.g., identified as spam, containing malware, flagged as malicious, phishing attempts, etc.).
o The number of emails blocked for each category (spam, malware, phishing, etc.) on a month-by-month basis for the last five (5) years.
I do not require the exact date each email was blocked but would appreciate monthly statistics over the requested time period.
Response 1 – 2:
I can confirm that Dyfed-Powys Police does hold the information requested, however the following exemptions have been applied to the information you have requested:
Section 24(1) National Security
Section 31(1)(a)(b) Law Enforcement
Section 24 is a qualified prejudice-based exemption where evidence of harm is required and a public interest test.
Section 31 is a qualified class-based exemption with a requirement to conduct a public interest test.
Evidence of Harm
A Freedom of Information Act request is not a private transaction. Both the request itself, and any information disclosed, are considered suitable for open publication. This is because, under Freedom of Information, any information disclosed is released into the wider public domain, effectively to the world and not just to one individual.
Whilst Dyfed-Powys Police confirm information is held regarding blocked emails, to provide the total number and an additional breakdown by type could undermine the safeguarding of national security, and operational law enforcement by allowing those with a criminal intent to gain an operational advantage over Dyfed-Powys Police.
Groups planning attacks are known to conduct extensive research and will take advantage of the ‘mosaic effect’ by combining information from different sources. To disclose data on malicious email attempts which have been unsuccessful, could be used in conjunction with other publicly available information to provide knowledge of where attacks have actually been successful and thus where possible weaknesses exist.
To further disclose a breakdown of the reason/type of email which has been blocked may also further assist potential attackers by indicating that a specific attack had gone undetected. With this knowledge, attackers may then be able to tailor their methods to increase their chances of success. This harm increases when further requests are made for similar data over time, as if disclosed, multiple data would cumulate to reveal a clearer picture of Dyfed-Powys Police’s cyber-security strengths and vulnerabilities.
Furthermore, in order to counter criminal and terrorist behaviour it is vital that the police and other agencies have the ability to work together, where necessary covertly, in order to obtain intelligence within current legislative frameworks to ensure the arrest and prosecution of offenders who commit or plan to commit acts of terrorism, whereby their modus operandi may involve cyber-attacks on secure databases. In order to achieve this goal, it is vitally important that information sharing takes place with other police forces and law enforcement bodies within the United Kingdom in order to support counter-terrorism measures in the fight to deprive terrorist networks of their ability to commit crime. To disclose specific details which would identify breaches of information technology and security would be extremely useful to those involved in terrorist activity as it would enable them to map vulnerable information security databases.
Public Interest Considerations
Section 24(1) National Security
Factors favouring disclosure
The public are entitled to know how public funds are spent and how resources are distributed within an area of policing. To disclose the requested information would enable the general public to hold Dyfed-Powys Police to account ensuring all such breaches are recorded and investigated appropriately. In the current financial climate of cuts and with the call for transparency of public spending this would enable improved public debate.
Factors against disclosure
Security measures are put in place to protect the community we serve. As evidenced within the harm to disclose the information requested would highlight to terrorists and individuals’ intent on carrying out criminal activity vulnerabilities within force systems which could be further exploited.
Taking into account the current security climate within the United Kingdom, no information which may aid a terrorist should be disclosed. The public entrust the Police Service to make appropriate decisions with regard to their safety and protection and the only way of reducing risk is to be cautious with what is placed into the public domain. The cumulative effect of terrorists gathering information from various sources is that over time a more detailed account of the tactical infrastructure of not only a force area but also the country as a whole will be revealed.
Any incident that results from such a disclosure would, by default, affect National Security.
Section 31(1) – Law Enforcement
Factors favouring disclosure
Disclosure of information relevant to this request would lead to a better-informed public which may encourage individuals to provide intelligence in order to reduce the risk of security breaches.
Factors against disclosure
Disclosure of information relevant to this request would suggest Dyfed-Powys Police take their responsibility to protect information and information systems from unauthorised access, destruction, etc., dismissively, and inappropriately.
Balancing Test
The points above highlight the merits and de-merits of disclosure. The Police Service is charged with enforcing the law, preventing, and detecting crime and protecting the communities we serve. As part of that policing purpose, information is gathered which can be highly sensitive relating to high profile investigative activity. Weakening the mechanisms used to monitor any type of criminal activity, and specifically terrorist activity would place the security of the country at an increased level of danger.
In addition, anything that places that confidence at risk, no matter how generic, would undermine any trust or confidence individuals have in the Police Service. Therefore, at this moment in time, it is our opinion that for these issues the balance test favours non-disclosure.
Response 3:
I can confirm that Dyfed-Powys Police does hold the information requested, however the following exemption has been applied to the information you have requested:
Section 21 – Information reasonably accessible by other means
“(1) Information which is reasonably accessible to the applicant otherwise than under section 1 is exempt information.
(2) For the purposes of subsection (1)—
(a)information may be reasonably accessible to the applicant even though it is accessible only on payment, and
(b) information is to be taken to be reasonably accessible to the applicant if it is information which the public authority or any other person is obliged by or under any enactment to communicate (otherwise than by making the information available for inspection) to members of the public on request, whether free of charge or on payment.
(3) For the purposes of subsection (1), information which is held by a public authority and does not fall within subsection (2)(b) is not to be regarded as reasonably accessible to the applicant merely because the information is available from the public authority itself on request, unless the information is made available in accordance with the authority’s publication scheme and any payment required is specified in, or determined in accordance with, the scheme.”
The information can be accessed via the following hyperlink –
Cyber Security Policy | Dyfed-Powys Police
(This is a response under the Freedom of Information Act 2000 and disclosed on 15/10/2024)