The unaccountable private company with a monopoly on public Police policies, the Association of Chief Police Officer of England, Wales & Northern Ireland, has published the
ACPO e-Crime Strategy August 2009 (.doc 267Kb)
What this document glosses over is the reduction of resources being allocated to fighting "eCrime", even compared with the inadequate, but now defunct National Hi-Tech Crime Unit.
A few observations:
There is currently no central reporting point for e-Crime. This is being addressed through the creation of the National Fraud Reporting Centre (NFRC), which will take national responsibility for the reporting of e-Crime alongside fraud. Changes are also required to ensure that e-Crime is included as a separate category within overall measures of crime and public confidence in the police, such as the British Crime Survey
We were promised that years ago when the National Hi-Tech Crime Unit still existed, so why did nothing happen ?
- Reporting and Recording of e-Crime
Currently there is no central reporting point for e-Crime in the UK, and as a result victims of e-Crime are often uncertain about how, and to whom, they should report an e-Crime incident. The National Fraud Reporting Centre (NFRC) will take on this responsibility under the stewardship of City of London Police. The NFRC is being created to provide a central reporting point for fraud, and will also act as the primary reporting and recording centre for e-Crime in England, Wales and Northern Ireland.
Where issues do not fall into the remit of the NFRC, callers will be referred to the most appropriate agency.
N.B. The National Fraud Reporting Centre (NFRC) is still not operational, despite having been announced last October.
Even when it is, there will still not be any public phone number or email address or secure web form, for the public or businesses to be able to contact properly trained staff, to report a computer virus infection or computer hacking intrusion which does not have an immediate financial fraud aspect.
- Produce and disseminate a hash set library to be brigaded nationally, in partnership with CPS and CEOP
What exactly does "to be brigaded nationally" mean?. The dictionary definition of "brigaded" i.e. to form up military units into Brigades, surely cannot apply to this sentence.
- Legal Issues
- Remit: To develop legal guidance for the police response to e-Crime
There are a couple of huge omissions in this "eCrime strategy":
What about potential international Extradition offences to or from the UK ?
Where is the clarity for the public, for the Police themselves, and for potential criminals, on whether someone accused of computer hacking or fraud or child porn etc. via the internet should be dealt with under the local laws of where they are arrested, or whether they should be Extradited to or from the UK ?
Given the international nature of the internet, this is a glaring omission in this "strategy".
Collateral damage to shared systems caused by eCrime investigations
Where is the ACPO commitment to prevent "collateral damage" to innocent businesses, not for profit groups and individuals during the investigation of a single alleged eCrime suspect, using shared computer and internet resources ?
Simply kicking in the door and "seizing computer evidence" may well bring online systems offline for longer than a natural disaster or a terrorist attack, and may cause more damage and disruption,to the UK, than the alleged eCrime being investigated.
the vague references to other vague, non-mandatory documents which may mention this, are not hood enough - this should be a clearly defined fundamental principle of this "National Strategy".
The Police Service has established standards for professional practice within e-Crime, such as the ACPO Good Practice Guide for Computer-Based Evidence published in conjunction with 7Safe, and the ACPO Managers Guide to e-Crime. The National e-Crime Programme will continue to identify and establish 'best practice' in e-Crime and promulgate this in collaboration with the NPIA.
See: ACPO Good Practice Guide for Computer-Based Evidence, (.pdf 2.4Mb)
This "Good Practice Advice" and the principle f avoidance of unnecessary "collateral damage", should ideally be made legally binding, with large fines and criminal penalties for negligence or abuse, on the Police and on private investigators or consultants, to whom this work is often sub-contracted to.