MR DAREN GREENER, MR VINESH PARMAR AND MR GREGORY SMITH

14 FEBRUARY 2006

  Q160  Mr Malik: How widespread are the skills needed in telecoms forensics?

  Mr Smith: I think it has to be subject specific. If somebody has telecommunications experience coming into the wireless domain, which we are, then that is useful and the same would be quite right to say for computers. I think you need the discipline in the subject that you are dealing with and then to have the others use those other skills and to bring them together so you get a symbiotic relationship.

  Q161  Mr Malik: Are you a rare commodity? Is there enough of you out there?

  Mr Smith: The answer is no. Vinesh is one of the highfliers in this country and so is Daren. I have the longest track record in this country in dealing with mobile evidence.

  Q162  Mr Malik: Can one expert direct a team of less skilled assistants in this area of work?

  Mr Parmar: Certain organisations, not just law enforcement agencies, will have key people in key areas. They usually split the process up. When it comes to telecoms, they will have those that specialise in the data recovery process and those that specialise in the presentation analysis of that process. In some areas those processes will be split plus you will have a third element where there is somebody that is proficient in all areas. I believe that in order to be able to be in a position to do this type of work successfully you need to understand all the elements. You do not have to be an expert in all elements, but if you have an understanding of all elements and choose a specialist area then you should be quite successful. That is the view that law enforcement and other organisations need to take when they are recruiting and training their personnel.

  Q163  Mr Malik: Are there resources that the police have not called on that might make their work easier?

  Mr Parmar: It is not a question of not utilising resources, it is a question of the police understanding what it is they require. Too often we get requests which say we want everything, which in reality is not a workable request. What we find is that law enforcement agencies need to start understanding the data that is available and to start understanding what is possible evidence or what is intelligence and they need to split it and make valuable requests to us so that we can do the best job we can. At the moment a lot of work we do is fishing expeditions where we are basically requested to grab everything out of there and we do not know the case history.

  Q164  Mr Malik: Are there external organisations that could assist the police that are not being engaged at this time in your view?

  Mr Parmar: At the moment the law enforcement agencies do utilise the resources that are out there.

  Q165  Mr Malik: So to your knowledge it is not really an issue at the moment, is it?

  Mr Parmar: No.

  Mr Greener: If I could answer that, I am often instructed by defence solicitors and therefore on many occasions I go into police constabularies throughout the country to audit the work that has already been done by the prosecution. Going back to a previous question about the level of resource, it is often found that that level of resource does not match the resources which are outside the Police Service or is not at the same level of competence. It is often the case that a particular person who may be skilled in one particular package is used to examine a phone and things like that. I have had a number of conversations with various police officers and detectives at various times who say that they would like to use our skills but they do not have the authorisation to commission us to do any work themselves. It is often already pre-arranged at a contract level at some stage, so as an outside organisation we are excluded or we are not utilised and requested.

  Q166  Chairman: Can I just check one thing for my understanding? What I think you are all saying to the Committee is that the challenges here are not actually the handset issues. The challenge in terms of understanding and analysis is the records from the phone companies of the calls made and so on. Is that broadly right?

  Mr Smith: Broadly speaking that is correct.

  Q167  Gwyn Prosser: Mr Smith, you know our inquiry is trying to put together the estimate of time taken in particular cases with the 90 days which the Government wanted to put in place as pre-charge detention. When you were answering questions to Mrs Cryer you started telling us about pin numbers and access blockers et cetera, and you said that of course you had had a lot of these in some particular cases. I think you said in the worst case scenario that could take a long time "but we are not talking about that; we are talking about the general run-of-the mill case". But we are not here; we are talking about those particular cases which can have huge ramifications and might take 90 days. In that context, in the same way as Mr Sommer earlier on said that yes, there could be rare occasions when the work of the computer forensic people might take up that full 90 days, is that your view as well with regard to your technology?

  Mr Smith: Yes, I would say that is quite correct. There is a section where, if you allow an individual or an individual is smart enough to put all the passwords and identity numbers in place, you can have on the 3G up to 16 different passwords which would take you a long time to crack. Most people do not bother; that is the truth of the matter, so 90 days, yes, but I think that must be scrutinised very carefully as to the reasons for that.

  Q168  Gwyn Prosser: But perhaps a determined terrorist might bother.

  Mr Smith: I would not say they do not. I do not know. All I can say is that I think it is a balance.

  Q169  Gwyn Prosser: Mr Parmar, we have heard a lot of criticism and qualifications about the way the police use this technology. Would you say there is a need to re-assess the whole approach to telecoms forensics?

  Mr Parmar: Yes, I believe so. I believe a lot more resources and a lot more training and awareness have to be put into it for those who are involved in this type of work to understand exactly what they are doing and what they are responsible for. I think there is a general lack of understanding in that respect. What I do find—and this is no criticism—is that generally law enforcement will send the people who are responsible for this type of work on two- or three-day courses and no further training is offered. I do not believe that is a correct approach. I believe that it requires long term investment and long term resources just in the training to make sure that the people who are doing this type of work are up to date with current practice and current technology.

  Q170  Chairman: Would you know if that applied as much to specialist parts of the Police Service with largely anti-terrorist work as it would to general policing?

  Mr Parmar: I am not just making references to specialist areas or to general practices. It is not just applicable to law enforcement; it is applicable generally to all those technicians that do this type of work. There does not appear to be a mechanism in place where certain skills have to be attained throughout a certain period of time. Greg will back me up on this as a trainer, as to whether there is anything official about that.

  Q171  Chairman: You may not know the answer to this question, in which case say so, but would you say that those who specialise in anti-terrorism investigations have similar weaknesses in the way in which they approach telecoms analysis as you see in the Police Service generally?

  Mr Parmar: Are you making reference to the people involved in terms of doing this type of work?

  Q172  Chairman: Yes, because obviously the starting point for our inquiry is that the police are saying to us, "We need 90 days because various parts of our investigation, which may include telecoms analysis, take a long period of time". You have made some very important points about the general quality of the police understanding mobile telecoms issues. It is obviously relevant to this Committee to know whether those weaknesses are shared by those police officers who would be responsible for counter-terrorism investigations.

  Mr Parmar: I do believe there is an element of weakness there, but as to what quantity I could not comment.

  Q173  Gwyn Prosser: Mr Greener, some witnesses have argued that the length of time that telecom data is held should be increased by legislation. Would you support that?

  Mr Greener: I would very much support that. The existing legislation is at best historic data for 12 months, and one element that we have from the data is the ability to track historically people's movements or whereabouts at a particular time. In cases where we are conducting this type of cell site analysis, as it is termed, tracking where the mobile phone placed a call according to the various masts that are run throughout the country, if we are talking of a large network of phones which produce that sort of pattern that in itself takes a period of time and a lot of survey work and a lot of mapping work to produce that. It is often quite a way down the investigation before you find other phones that are coming into the fold, as it were, and therefore they require separate analysis in themselves, so 12 months' retention of that, for both the purposes of the prosecution and then afterwards therefore the defence to verify various things is often not long enough. On that basis of cell site analysis it can be the case that I am instructed some 12 months after the incident date and therefore there is not any further extended record in relation to that cell site and the movements of those particular phones.

  Q174  Gwyn Prosser: What about the standardisation of call data?

  Mr Greener: Yes. We have mainly have four network providers, all providing call billing data or cell site analysis data. There is a variance between those operators in terms of the level of detail that you get to work on, to analyse, so a standardised, across-the-board output would be beneficial to the analyst and would also minimise the skill set slightly across all analysts so that the data was understood by one and all.

  Q175  Gwyn Prosser: Are there any other gaps in legislation which you would like to see filled?

  Mr Smith: No, I think we already have it. The biggest problem that people have with legislation is that they do not bother to read it. Therefore, if they do not bother to read it or try to get some interpretation of it, they misunderstand it and they go on from that misunderstanding to make a mistake.

  Q176  Gwyn Prosser: I am talking more in terms of legislation which would be beneficial to forensic analysis.

  Mr Smith: Oh, I apologise.

  Mr Greener: For me, where we have discussed the legislation to extend the retention of the data, standardisation across that data would certainly be beneficial, but I cannot think of changes to the existing legislation further than that.

  Mr Parmar: I cannot see any issues with the current legislation.

  Mr Smith: Not at all with the CP Rules coming out, by the way.

  Q177  Mr Winnick: Mr Smith, in answer to Mr Prosser you said that there may be instances where the police require the 90 days to get the information. Would it not be also the case that you could say that the police require more than 90 days? If they require up to 90 days in certain instances, presumably very exceptional, the same surely would apply, would it not, to the argument that the police require double that amount of time in very complex cases?

  Mr Smith: There is always the potential for that to arise. It would be wrong to say otherwise.

  Q178  Chairman: I am going to put to Mr Greener and Mr Parmar a question that Mr Smith has answered about whether from your knowledge of mobile telecoms issues and the analysis of them you personally think that the pre-charge detention of up to 90 days can be justified by the complexities involved in doing telecoms analysis.

  Mr Greener: I think the 90 days will allow more time to galvanise the initial evidence that we are working with and to analyse it thereafter from the existing 14 days that I believe it is to gather in the phones.

  Q179  Chairman: Are you saying that on the basis that there are things that you simply cannot do within 14 or 28 days that you think are necessary to support a charge?

  Mr Greener: I am basing it on experience in cases where phones are being brought into the investigation along the way, so it is the gathering of evidence period.