Firms fear lack of e-crime action after police merger

Businesses and security professionals have warned that the merger of the UK's National High-Tech Crime Unit into a new FBI-style organisation could leave a large gap in the policing of technology-related crime.

Businesses and security professionals have warned that the merger of the UK's National High-Tech Crime Unit into a new FBI-style organisation could leave a large gap in the policing of technology-related crime.

The Serious Organised Crime Agency (Soca), which began operations on 1 April, will investigate computer crime as well as trying to disrupt organised crime, particularly in the areas of drugs and illegal immigration.

But security professionals are concerned that Soca's creation could leave a dearth of police resources to fight day-to-day computer crime, such as hacking and denial of service attacks.

Jim Norton, senior policy advisor at the Institute of Directors and a member of the National High-Tech Crime Unit's stakeholder group, said businesses that were previously able to report crimes to the High-Tech Crime Unit are being redirected to local police forces, which may be ill-equipped to deal with IT crime.

"Their ability to deal with high-tech crime is highly variable. It has not been a priority for some chief constables. They have not put the resources into it," he said.

Norton is particularly concerned that level-two high-tech crime, which involves crime conducted across more than one police region, will fall into the gap between Soca, which is charged with fighting international crime, and local forces.

Soca said this week that the work of the High-Tech Crime Unit would not change, and that its incorporation into a bigger unit would bring more resources for fighting high-tech crime. The agency said it would continue to support local police forces' computer crime units.

But Norton said, "There is a real risk that the role of the High-Tech Crime Unit in helping police forces will be lost with [the advent of] Soca."

Peter Sommer, visiting professor of security at the London School of Economics, and Malcolm Hutty, regulation officer at the London Internet Exchange, echoed Norton's concerns.

"If there is a really complicated matter, it will be dealt with by Soca. If it is smaller in scale and it happens in a police force where the chief constable has high-tech crime as a priority, it will be handled. In other areas where it is not a priority, it will not get a response," Sommer said.

Hutty accused the government of a "complete abdication of responsibility" over level-two computer crime.

"The High-Tech Crime Unit was under-funded, but at least those concerned could make the case for increasing funding. Now we need to make the case for an act of parliament to create some body that has responsibility for level-two crime," he said.

David Lacey, security consultant and former head of security at the Royal Mail, said he doubted whether local police computer crime units would be able to help most businesses.

Paul Vlissidis, security consultant at NCC Group, agreed. "High-tech crime units in local police forces are overstretched as they are." A lot of crime will go uninvestigated, he said.

Richard Starnes, president of the Information Systems Security Association, said the lack of centralised reporting for high-tech crime would leave a gap in collecting intelligence on computer crime that crossed police boundaries.

"There is a complete and utter lack of discussion of high-tech crime in the Soca manifesto, despite Soca absorbing the High-Tech Crime Unit. I think it is very worrying for UK plc," he said.

The Confederation of British Industry was more positive. Although there were concerns about the ability of local police forces to fight computer crime, it said Soca represented an overall increase in the resources devoted to computer crime.

"Structurally it is in a better position than the High-Tech Crime Unit. Whether that works out in reality to be an improvement, we will have to wait and see," said Jeremy Beale, head of the CBI's e-business unit.

The Home Office said that even though there was no central reporting point for high-tech crime, information would be passed to Soca by local forces.

"Effective working relationships with local forces will be critical to Soca's success, and there will be a two-way flow of information between Soca and local forces," said a spokesman. "Local forces will liaise closely with Soca on all Soca-related crime, including high-tech crime and level-two crime, to blend excellent traditional law enforcement with some new ways of working."

Read more on IT risk management