Possibly the most important point in the press release announcing the new Police Central e-crime Unit is the statement “The unit will also seek support from industry partners”. The impact of the Internet was often compared to that of the railways – only more so. The policing of the railways was organised and paid for by the train companies. It still is in the UK.
The first police force in England and Wales was not set up by Robert Peel. It was that created to protect the track and signal cables of the Stockton and Darlington Railway from being stolen or sabotaged. It was the railway police who took the brunt of Fenian attempts to disrupt London in the 1890s by burning down signal boxes and bombing trains and stations. By the 1950s the railways accounted for the majority of reported theft in the UK. Today the British Transport Police Force is still paid for by the rail operating companies.
The Internet is not policed by the geographic police forces of England, Wales and Northern Ireland or their counterparts in France, Germany, the US or even in China. Nor is it policed by the 500 or so other UK agencies, regulators and departments which claim powers to demand access to retained communications data – or their counterparts running similar surveillance and censorship operations around the world.
It is policed by the incident response and transaction monitoring teams of the main network operators and e-commerce players: who are seeking to protect their services and their customers. They have to work within the legal frameworks of their host countries and they seek to work with local law enforcement where possible. But they, not your local police station, are the front line in the fight against on-line crime.
The final paper in the EURIM-ippr study on Partnership Policing for the Information Society was an attempt to look at the issues of accountability this raises. The aim was to move debate towards looking at rather better long term solutions than the British Transport Police – which still has problems of cross-boundary co-operation with geographic police forces: from hot pursuit of muggers who who run from railway station to shopping mall or housing estate to the stalled attempts to use railway stations as community policing hubs.
The key to the success of the PCEU will be its ability to work across boundaries. Here the released statements of support from ACPO, SOCA, the Fraud Intelligence Unit and the CIty Police are more important than the sums of money announced.
These need to be followed by similar statements of support from those in industry who are seeking to work with law enforcement to protect themselves, their customers and the families and children of their employees and customers.
If the unit can operate as the hub of a network of co-operation with those, in industry, who have the resources needed (people, technology and above all, contacts, trust and goodwill, around the world), under proper public policing accountabilty, then it will succeed.
It not, then no amount of additional funding will make up the difference.
That said, those in industry who wish to see it work should step up to the plate. Attack is the often the best form of defence. 10% of current information security budgets as a contribution to working with law enforcement to track, trace and remove active predators would make better business sense than yet more spend on passive security. Even 1% would make a massive difference. And those who look with envious eyes to supposedly equivalent operations in the US should also look at the size of the contributions from US industry (network operators, technology suppliers, financial services and e-commerce players) towards those operations.
P.S. I have just been reminded that Vernon Coaker, as Home Office Minister, also made a strong point, albeit not covered in the press release, on the way in which the new unit will work with the E-Crime Reduction Partnership – the first projects for which are expected to be announced on 16th October during workshop D of the Parliament and the Internet Conference.