Select Committee on European Union Minutes of Evidence

Examination of Witnesses (Questions 404 - 419)




  404. Good afternoon, gentlemen. Thank you very much indeed for sparing us the time this afternoon. Thank you also for the very comprehensive paper you supplied in advance which the Committee has found of considerable interest. Given that you submitted that to us, if it is agreeable to you we will move straight into questioning rather than invite you to make an opening statement. When we get to the end, if there is any sweeping up statement you might like to make please feel free to indicate that you want to do that. I would like to open and move us down to international issues. I know it is not in the precise order in which your paper was written but you will appreciate that this Committee's remit has a European dimension to it, so I would like to address those questions first of all and then I am quite sure we will come back to deal with United Kingdom issues primarily. You said that the CCWG liaises with the G8 Group and we were wondering why it appears that the G8 Group figures so significantly in the paper that you have put to us. I also notice that there is a reference to the Council of Europe Cyber Crime Convention which is expected to be completed in October 2000. I wonder if perhaps you would enlighten us as to what is happening on that front if you know anything about it. Thirdly, have you done much work in Europe, and, if not, why not? Do you not see this as being significant?
  (DCS Akerman) There is no deliberate plan of action in relation to why we have liaised with G8. It has just happened. The fact is that we were working as a group. G8 had formed their various sub-groups looking at issues like this, particularly cross-border search and seizure, data preservation and the rest of it, and we were invited to join the United Kingdom delegation. That was particularly the case because a lot of the issues that were being addressed in G8 were of particular significance and interest to us on the national side of things. As far as the Council of Europe is concerned, we did not have the arrogance to go and say to them, "I think you ought to involve us." However, as a result of the work with G8 we were invited to give a presentation recently. I did not go but Nigel did and he will be able to give you a full version of what happened there. As a result of that there is a strong possibility (a) that they have adopted some of the suggestions we have made, and (b) we may become more involved in the process.

  405. I am particularly interested in the Council of Europe issue because it was drawn to my attention by the Computer Consultants' Organisation—and I declare an interest here that I have a relationship with Andersen Consulting—that there was some material on the Net which apparently had been leaked from the Dutch Government about activities that were at Council of Europe level. We were not aware of what was going on, so that is how it came to our notice as an example of how the Net can work in a whole variety of different ways.
  (DS Jones) I can certainly deal with the informal meetings that are currently taking place, and these are under the auspices of the EC Directorate General for Information Society and the Directorate General of Justice and Home Affairs. The objective there is to discuss with states the need for an EU level of combating computer related crime effectively. I gave a presentation on the work of the United Kingdom Internet Crime Forum at the recent meeting in March. There is an industry meeting taking place today in Brussels and it is expected that a further joint meeting will take place in April following which it is anticipated that recommendations will be made. As far as the Council of Europe is concerned, the Cyber Crime Convention has been worked on for some two years. The United Kingdom delegation consists mainly of Home Office representation and also Customs and Excise representation. Many of the issues that have been discussed in the Cyber Crime Convention are in parallel with those being discussed within the G8 Group that we have documented in our evidence.

  406. Are they in secret?
  (DS Jones) I do not know because we do not attend those particular meetings.

  407. Do you think there is a case for a joint European Union initiative?
  (DCS Akerman) The main point we would make, whatever initiative takes place, is the importance of co-ordination of effort, not re-inventing the wheel, and making sure our resources are optimised in the right places. This is half the trouble. Certainly you have got G8 going on at the moment looking at a lot of stuff. The Council of Europe has certainly started, you have got the United Nations, you have also got Europol and Interpol, all looking at very similar issues. That is superb if we are going to get an end product, but if we are not—and that is our real concern—then frankly it is a waste of everybody's time. There are some key issues here to be addressed. The fact is that whatever the United Kingdom does on its own is entirely irrelevant if the rest of the world does not follow suit, and that is because of the nature of the technology. We can come up with some good standards and protocols here but you can go and set up in the Caribbean or South America somewhere and destroy every single principle that we have set out.

  408. Do you think that you may be ahead of the field in the rest of Europe?
  (DCS Akerman) In some areas yes, but it is only right and proper to say that some of our European colleagues have got some excellent expertise in different fields. For example, the Dutch are well ahead in terms of forensic issues. By "forensic" I mean the actual examination of the computer per se. The Germans are very good on investigations. I think the Swedes are particularly good as well. From our perspective where we are perhaps ahead of the game is because we saw a need to consult and debate with a whole range of other people. Nigel has already alluded to the Internet Crime Forum which is an excellent platform mutually to discuss problems. That has proved very effective in a whole range of areas, as a result of which first of all you heard that Nigel went across and gave a presentation to the European Commission and they look as though they want to take that initiative themselves. From the G8 perspective they have already adopted some of the principles there.

Baroness O'Cathain

  409. In your submission you say that the police do not collect statistics. Why not, on the basis that prevention is better than cure, and if you collected some statistics you might be able to prevent further excesses of problems rather than just waiting for them to hit you?
  (DCS Akerman) That is perfectly true and valid but the trouble is that the police service is inundated with requests for statistics. If you to talk to any chief officer he or she will quickly say to you, "Look; we are actually cheesed off with this. You keep demanding more and more information from us. For what purpose is it required?" The fact is that the chief officers already supply to the Home Office a whole range of statistics related to crime. The big problem here is divorcing the true Internet related crime from existing terrestrial crime. Most of the crime being committed through the medium of the Internet is terrestrially based in some shape or form, so the statistic has already been collected but it will not show up as Internet. That is part of the problem. The other thing is, and I am being absolutely frank with you here, that this sort of crime does not feature as a ministerial or government priority at the moment. Those have been set quite clearly for the police service, and they are burglary, motor car crime, reducing road casualties, answering 999 calls and so on. At the moment hi-tech crime, if I can use that expression, does not feature. There is an education programme to be embarked on from the very top to the very bottom.

  410. Knowing that the City of London Police are fraud experts, are they doing anything in the special category of Internet crime, do you know?
  (DCS Akerman) No, not particularly. The City of London Police, because of their unique position in relation to fraud, chair two of the three main fraud related working groups which ACPO have set up. That is the credit card one and the ordinary fraud working group. We have a strong liaison with them. But looking at it specifically the answer is no.

  411. What do you think the most prevalent types of crime on the Internet would be?
  (DCS Akerman) There are a whole range of them. Because I cannot measure them at the moment, for the reasons I have just articulated, it is very difficult.

  412. I said "think". I did not say, "What are they?" As you are working with this group all the time you must have some idea in your head.
  (DCS Akerman) The one that gets the most media attention, the one that the public worry about most at the moment, is credit card fraud. People are very concerned that if they use their credit card on the Net it will be hijacked and used for goodness knows what purpose. We have seen a proliferation of the use of the credit card in that way. In one particular case, and I will not name the company, over 9,000 fraudulent uses were made which is quite substantial. That could well have happened terrestrially as well, so we should not zoom off unnecessarily and think, "Oh, my goodness, we have got a hell of a problem here". The credit card generators—I do not know if you are familiar with the credit card generators on the Net.

  413. No.
  (DCS Akerman) It is a wonderful instrument, the Internet, for information and intelligence. The fact is that criminal and nefarious elements have set up a system where you can actually download some software on to your computer which effectively gives you a range of credit card numbers within those that will be issued by some of the credit card companies. Linked to that is essentially what is the voters' list for the United States, so if you want a Mastercard, for example, to use on the Net, you put in a bank, let us say the Bank of Nevada, so you just type in, "Bank of Nevada, Mastercard." Then you say, "I had better have something to say who I am", and as you are a lady you pick a lady, Mary Bloggins, 1 High Street, Nevada. That will check out, the number will check out, it is one of those issued to the bank and you can generate that number then and use it. If the person on whom the fraud is being perpetrated has got any sense they will check the numbers, but, depending on the volume of business, they do not. The big problem at the moment, certainly for us, is simply this, that on a lot of the indecency/porn sites where you purchase your material everything is done through a machine. With our legislation at the moment you cannot deceive a machine. That is fine. Not many people are worried about that at the moment because who cares about some idiot who has decided to access the site and get illicit material down? You cannot get too excited about that. However, you have seen just recently a number of major companies band together to sell particular items. Music is the key one. You are going to be able to purchase your music soon by downloading it on to your MP3 player and you are away and running. All that is going to be automated. You are going to have a lot of businesses who are going to be really annoyed when they are ripped off and with our legislation at the moment you cannot deceive a machine, and we will say, "Sorry".

Lord Faulkner of Worcester

  414. You make this point about it not being possible to deceive a machine. Are you saying then that if the credit card is stolen and is then used to make a transaction on the Internet without there being any contact with a human being, and it is all done in a chronology, no crime has been committed?
  (DCS Akerman) Apart from the theft of the credit card in the first instance.

  415. The use of it does not aggravate that original offence?
  (DS Jones) This was raised prior to the 1978 Theft Act being introduced. The issue there was people swiping a credit card into a petrol pump, and it was held then that no deception is involved when there is no human intervention. We have been looking for other offences which may have been committed, and we looked at the 1978 theft of making off without payment. But you then get into arguments about whether you make off from your virtual presence on a computer somewhere else in the world or your physical presence from where you are in the room. We think that may be too problematic to charge that offence. That is the case at the moment.

  416. So have you made representations to the Home Office saying you want the law changed?
  (DS Jones) Oh yes.
  (DCS Akerman) Absolutely. The Home Office has been very good, I have to say. We were invited to address their Crime Strategy Group about a fortnight ago and we laid out some of these problems to them. Over the past three or four years that Nigel and I have been involved in this we have submitted letters and papers like the ones you have seen before trying to get something done about it.

  417. That was all news to me until I read this paper. Can you say a word about the money laundering through Internet gambling because I thought the point about money laundering with gambling was that it was hot notes which went into a betting shop or into the casino and then went into the system, whereas with Internet gambling there are no notes involved.
  (DCS Akerman) There are a whole range of issues associated with Internet gambling. Let me deal with your specific point. The State of Nevada is a good one because gambling is legal in the State of Nevada. You say to a bank in the State of Nevada, "I have just won half a million pounds on X through playing poker", and you deposit it in a cyber bank, so you get cyber dollars back. You then go round the Internet and because of your position you fancy a Rolls-Royce, so you purchase a Rolls-Royce using your cyber dollars, paying the necessary importation tax and VAT, and you then perhaps buy a few other items, jewellery or whatever, and you have finished. You have spent X amount of your cyber dollars. You then go back to the bank and say, "Right; I have finished. This is the balance. Would you now transfer those funds to an ordinary bank", if I can use that expression. It is a poor one but I will use it. Because it is an inter-bank transfer it is not questioned to the same degree as it would otherwise be. That is just one illustration.

Lord Paul

  418. It is difficult enough in one's own country to investigate these things and taking it to other countries even now takes a long time to investigate. What are the chances of bringing people to book in a different country? Another question which worries me even more is that a man who does a big fraud plans it in a good deal of time, but what stops him from going to a country where you have no chance of bringing him to book?
  (DCS Akerman) Nothing is the answer to your question. I will give you a recent example, a very simple one. A retailer in this country is contacted via e-mail, because they have a website so they attract customers by e-mail, from Spain to say, "I would like 5,000 CDs" of whatever the latest single is. I am not up with it, I am afraid. Frank Sinatra; that is one I know.


  419. He is in cyberspace!
  (DCS Akerman) His music still sells very well. "I want 5,000 CDs of Frank Sinatra and here are my credit card details." This is a genuine case I am talking about. "There is a group of three of us so here are our three credit card details." At this time the victim, if I can use that expression, is a little bit shrewd and checks to see if the numbers are all right and finds that they have not been issued. It is the old credit card generator again. He tells us, e-mails back and says, "Right,—"

previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2000