> An employee was caught criminally stalking their family, and using the force of the government to do so.

So far he has not been caught criminally doing anything, because the system that found a brrach of process is not the system that determines criminality. Right now he has violated an internal process and been fired for that deriliction of duty.

> Rather than being prosecuted

He is very likely ALSO going to be prosecuted, since the system that found the violafion of the process also determined that such a violation is possibly illegal and activated the police. He is being investigated, and if they can prove anything criminal, he'll get convicted for that.

Obviously the bar for proving criminality is higher than the bar for dismissal.

> That this can happen without large alarm bells, means that the checks on access are not effective

This is exactly the debate that is happening right now because of this case. I'll end by quoting a professor that commented on this case recently:

"This should make us prioritize investing in security, investing in describing our processes and ways of working, such that you can find outliers. Maybe instead of investing in AI, which is fun to have but doesn't actually solve any of the serious problems"