Internet and computer-related crime is stretching the UK's law
enforcement agencies to breaking point. Cybercrime expert Peter
Sommer reports on the issues facing the Government's attempts to
create a new high-tech crime squad
Lastweek Jack Straw announced he was giving the National
Criminal Intelligence Service (NCIS) £337,000 to draw up a detailed
plan for a high-tech crime squad. He had suggested such a squad a
year ago in a speech to the Group of Eight industrialised nations
(G8). It was also one of the recommendations of the UK's most
extensive official research in the area - the two-year Project
Trawler.
While it has been talked of since the mid-1980s, over the last
few months lobbying among law enforcement and other agencies for
the kudos and the new money that might come to a new unit has been
intense.
Law enforcement politics
Some of the politicking has had all the vigour and meaning of
school teams battling for a house challenge cup. But there are
substantive issues as well, not all of them immediately concerned
with cybercrime.
One has been the continuing arguments over the virtues of
locally-based and accountable police forces against a national
force. Another has been the police's relationship with industry. In
particular, why should public money be spent to protect sloppy
businesses, or software publishers who already have extensive
remedies against pirates from the civil courts?
Other issues include: what relationship should the police have
with the private security industry? And how far should the police
concentrate on crime prevention, as opposed to detection?
Britain has had a Computer Crime Unit, located within the
Metropolitan Police Fraud Squad, since 1985, but its remit has
always been more limited than many people realise. At one point it
had 10 members but last autumn, after a review of its workload,
some officers were re-assigned back to general fraud work.
More recently other factors have entered the equation - with so
much government emphasis on the knowledge economy, surely we need
to be able to fight abuses like e-commerce fraud and hacking?
In the US, concern about "information warfare" and a "digital
Pearl Harbour" led to the setting-up of the National Infrastructure
Protection Center in February 1998, as well as President Clinton's
demand for a budget of $91m (£56m) for a cyberspace security
initiative in January 2000.
So what should be the UK's response? How should we cope with the
increasing internationalisation of serious crimes such as money
laundering, narcotics trafficking and terrorism - all of which rely
on computers and networks?
There is legislation in the pipeline. The Regulation of
Investigatory Powers Bill, due at the end of January - which deals
with two important areas which need resourcing - updates the 1985
Interception of Communications Act (IoCA) to include warrants for
private as well as public telecommunications networks, and is
rewritten to deal explicitly with data traffic as well as
voice.
The Bill will also contain the controversial law-enforcement
powers to compel decryption of encrypted messages - a measure
dropped from the Secure Electronic Commerce legislation last
November. Both of these new powers will require law enforcement
agencies to develop new and difficult working relationships with
telecoms companies and ISPs.
What is the problem?
Much of the argument surrounding the powers of any new squad
depends on what problems you hope it might solve.
With "computer crime" are we dealing with wholly new crimes (and
new sorts of criminals) or with well-established crimes carried out
in new ways? If you believe the first, we need a new squad. If you
follow the second, then what we need is better training for all
detectives.
For many front-line investigators the argument is this: to
investigate a fraud you need skills in following transactions
through numerous accounts and in spotting "anomalous" lifestyles -
computer forensics is important, but secondary.
For example, at the sharp end of the most serious paedophilia
Internet cases are abused children whose welfare is paramount and
from whom statements may be needed. Skills in interpreting browser
cache and history files have a lesser role.
Detectives from this school are concerned that specialist
provincial skills might get lost - they also complain that the
current police policy of "tenure" means that no-one stays in a post
for more than five years.
Front-line officers worry about delays in obtaining computer
forensic support services, such as disc imaging, which sometimes
results in failing to charge suspects before statutory time limits
are exhausted.
All of this means that many of today's front-line investigators
want new funding for existing squads.
But there are strong counter-arguments. Computer crimes are not
always committed within the boundaries of UK local police forces.
Some computer crimes are incredibly complex and well beyond the
capabilities of any local force.
What would be the ideal squad?
It is quite easy to draw up a specification for an ideal squad.
It would be a central resource, it would provide training, research
and technical back-up, and its officers would tackle the most
challenging crimes.
That is not too far from what was proposed by NCIS' Project
Trawler last June. But the Metropolitan Police's Computer Crime
Unit (CCU) can claim that this has been its function for years -
its officers provide the core of the Bramshill Police College
training (as well as internationally for Interpol) and they have
made several successful complex hacker and virus prosecutions.
The problem is not specification, but police politics. The
Metropolitan Police has different squads who have different briefs.
The CCU's main remit is computer and telecommunications misuse,
while computer porn is handled by the Clubs and Vice Squad, who
nailed Internet porn baron Graham Waddon last June. Large-scale
fraud is dealt with by the separate Serious Fraud Office (who have
an experienced computer forensics unit), and other Metropolitan
Police officers literate in computer investigations can be found in
CIB3 - the anti-corruption squad.
The NCIS took the lead in the UK part of Operation Cathedral
which investigated Wonderland, the international Internet-based
paedophile club. But its main job is fighting top-league villainy -
its would not want to tackle low-level Web-hacks. NCIS can claim to
be good at research, co-ordinating with other police forces,
industry and overseas law enforcement agencies, but it is not an
operational organisation. Among front-line police, NCIS is not
universally admired - it is funded by grants from all UK police
forces.
The Association of Chief Police Officers (ACPO) has gained
considerable influence because it has become a forum for national
police issues while respecting local forces. It has a Computer
Crime Committee, most visible in the forum set up with ISPs, but
which has also produced a Good Practice Guide for Computer
Evidence. But, unlike the police forces, NCS and NCIS, ACPO has no
statutory basis.
Hovering in the background, always eager to market its ability
to tackle serious crime as well as spies and subversives, is the
security service, which is mistrusted by some in the the police.
The security service (MI5) has an obvious role as the chief
consultant (with Cheltenham's Communications Electronic Security
Group) on the security of government computers.
The same group of MI5 officers provides important input on
potential threats to the Critical National Infrastructure - the
muted UK response to the US information warfare agenda co-ordinated
from the Cabinet Office. Thus the security service can offer
technical and investigatory expertise and would, in any event, need
to be involved in any attacks on government and other critical
systems.
But, say critics, MI5 has always been stronger on intelligence
collection than assembling evidence which has to be produced and
tested in open court. And their officers' preference for pseudonyms
reduces their courtroom credibility.
What are the solutions?
At the moment NCIS looks as though it will be the winner. NCIS
already mediates police requests for telephone interception under
the current IoCA regime by filtering and forwarding requests for
ministerial warrant. It also passes on the "product" of intercepts
to the requesting police. Under the proposed Regulation of
Investigatory Powers legislation this role will have to expand to
include non-traditional telecoms companies, ISPs and owners of
corporations owning large Lans and PABXs.
NCIS is also a prime candidate to "own" the new
encryption-related Government Technical Assistance Centre (GTAC)
with set-up funds of £25m. The Cabinet Office Performance
Innovation Unit's May 1999 report, Encryption and Law Enforcement,
said that such a centre was needed both to liaise with industry and
to carry out decodes where expected "co-operation" is not
forthcoming.
Such a centre would have to be within law enforcement rather
than the Home Office, hence NCIS' role. But Whitehall rumours
suggest that the centre may take advantage of the offer of secure
accommodation, not at NCIS but at Thames House, headquarters of
MI5. In any event, expertise and resources would inevitably have to
come from Cheltenham.
NCIS is currently favourite to become the home of the high-tech
crime squad too, although there are strong suggestions that the CCU
might evolve into a national operational unit.
What is clear though, is that whoever runs such a squad will
need to develop more than just knowledge about high-tech crime. One
of its greatest challenges will be to form good relationships with
sections of the IT industry, without whose confidence crimes will
go unreported and technical assistance will be unforthcoming.
Who's who in UK cybercrime squads
- CCU: Metropolitan Police Computer Crime Unit, located within
SO6, the Fraud Squad. Handles computer and telecommunications
misuse cases. Established 1985
- CESG: Communications and Electronic Security Group, part of
GCHQ, Cheltenham. Provides technical support and some specialist
industrial liaison
- Clubs & Vice: Met Police unit concerned, among other
things, with computer porn
- Customs & Excise: Remit includes smuggling and VAT. Has
separate resources for interception and computer
forensics
- Forensic Science Service, Met CSL: Technicians who make secure
"images" of seized hard discs. Assists in analysis of Internet
caches
- GTAC: Government Technical Assistance Centre. New unit to
provide decrypts for law enforcement and liaise with cryptography
service providers
- Home Office: The responsible ministry. Develops policy for the
police and other agencies including interception and encryption
issues
- NCIS: National Criminal Intelligence Service. Responsible for
the gathering of strategic and technical intelligence on serious
crime. Provides liaison with security service and international
bodies. Responsible for "tapping" warrants under the Interception
of Communications Act. Chartered under the 1997 Police
Act
- NCS: National Crime Squad. Made up from the older regional
crime squads. Tackles serious organised crime. Set up in
1998
- Provincial police fraud squads: there are 43 of these. They
usually have at least one computer forensics officer who is also
lent out to other specialist squads
- Security service: MI5 is responsible for UK internal security.
Provides consultancy to government ministries, departments, and
agencies as well as tracking cyber threats to national
security
- SFO: Serious Fraud Office. Not part of the police service,
contains lawyers and accountants as well as policemen on
secondment. Has its own computer forensics facilities