Select Committee on Science and Technology Minutes of Evidence


Examination of Witnesses (Questions 800 - 819)

WEDNESDAY 28 MARCH 2007

MARGARET HODGE, MR GEOFF SMITH, MR VERNON COAKER AND MR STEPHEN WEBB

  Q800  Lord Mitchell: I am very surprised, perhaps delighted, that you say 16 million use online banking, that is one in three of the adult population?

  Mr Coaker: Yes, 16.9 million.

  Q801  Lord Mitchell: I am staggered by that. I would have thought it was much less.

  Mr Coaker: These are APACS's figures and, as Stephen Webb has just said, we regard APACS's figures as very robust.

  Q802  Lord Harris of Haringey: That is not the number of accounts, that is the number of individuals?

  Mr Coaker: Yes, using Internet banking.

  Q803  Lord O'Neill of Clackmannan: In terms of credit card transactions, do you make any distinction between chip and pin transactions and transactions involving telephone and the ones which involve broadband, because obviously there are different kinds and there are different security systems involved in them? Have you made any attempt to differentiate within credit transactions the various types and have you any evidence, for example, to tell us whether chip and pin has made a lot of difference in crime reduction?

  Mr Webb: The APACS figures are broken down into a series of frauds and one of them is "card not present" and that would be quite a variety of crimes, including mail order over the phone but increasingly over the Internet. That is broken down and APACS's general point on "card not present" is that it has been increasing quite considerably, but they feel it has not been increasing as fast as the actual use of cards on the Internet and the use of Internet banking. So arguably the risk for any individual user has been declining and overall card fraud is obviously actually slightly declining too, which given the huge increase in the use of cards is again in real terms an improvement.

  Q804  Lord Paul: The UK has not ratified the Council of Europe Cyber Crime Convention. Could you tell us why it has not been done, and if we are going to do it when it is likely to be done?

  Mr Coaker: Yes. Thank you very much for that question, Lord Paul. We are committed to ratifying the Council of Europe Convention. We need to make some minor changes to the Computer Misuse Act, which until we have done that will actually delay the ratification. The minor changes we need to make to the Computer Misuse Act, the legislation, is actually contained in the Serious Crime Bill. That is obviously in the House of Lords at the present time and will come to us in due course, then that will be implemented and we will look to ratify that. We estimate that will be in about a year's time. We are committed to ratifying the Convention, it is just that there are some minor changes which we need to make to the legislation in order to do that.

  Q805  Lord Paul: The Convention contains a number of provisions relating to mutual legal assistance and to the expedited handling of cross-border requests. Have any steps been taken to speed up the glacial speed at which MLA usually proceeds?

  Mr Webb: This obviously goes a lot wider than the Convention. We have been generally looking at mutual legal assistance requests and there is nothing specific in this particular area which is being done. Therefore it is handled through the UK central authority.

  Q806  Lord Paul: What procedures has the Government put in place for responding to complaints received from overseas?

  Mr Coaker: I think we are looking to develop our whole system of reporting, whether it be from an international perspective or from the national perspective, which we may come on to later, and it is something which we need to consider, how we actually deal with that and do that.

  Q807  Lord Paul: Is Europe far ahead of us in this?

  Mr Coaker: From our estimation all countries are at various places and I do not think there is anybody who is a lot further on with this than we are. What is happening is that countries across not just Europe but across the globe are actually recognising the fact that if we are going to tackle this problem then we need international solutions and we need countries working together across the globe, frankly. What we need to do is, instead of trying to catch up with the criminals, to try and have a step change and move in front of them. As I say, there is a lot of work done on it internationally, both with the Council of Europe and, as I understand it, the EU and other bodies as well.

  Mr Smith: Could I just add to that? The European Commission has been telling us for some time that they are going to give us a communication on cyber crime[1]. It has been a long time delayed, but we have had a sort of peek behind the curtain last week and we think that it is going to say a lot about improving mutual legal assistance within the EU. So I think there is a new initiative underway on this front.


  Q808Lord O'Neill of Clackmannan: Would you support the development of a single UK or even England and Wales website for the reporting of cyber crime like there is in the FBI's US "IC3" website?

  Mr Coaker: We have not come to any firm conclusions about this, but it is something that we are actually happy to look at in terms of the whole issue of reporting and how we do that. Obviously the Attorney-General and the Chief Secretary last week, in response to the fraud review, said that there was the possibility of the establishment of a national fraud reporting centre. We need to look at the whole issue of are we going to have a reporting portal for fraud, are we going to have a reporting portal for e-crime, or are we going to put all of that together? How would that work? How would you coordinate all of that? So I think there is a lot of work to be done, but the point is that there needs to be some coordination across the whole of this, so the answer is, we are looking at it and it is something we are considering.

  Q809  Lord O'Neill of Clackmannan: One of the things we have come across repeatedly is that someone may get ripped off for a few hundred pounds, but there is every likelihood that simultaneously with that there is a whole range of people who have been robbed in exactly the same way. Should the police be trying to establish whether there is a lot of small crime rather than a big one, because at the end of the day as many people and as large sums could well be involved?

  Mr Coaker: If you look at the law enforcement activity and the work which SOCA's e-crime unit is doing and some of the other activity which is being done, it is to try and piece together what on their own look to be small, individual crimes, to try and see if there is a pattern across the whole of the network that they can then piece together. I visited the SOCA e-crime unit recently to see that activity, where all sorts of reports were coming in and where they were trying to identify patterns of activity so that they can actually attack the criminals behind what, as you say, may be one small attack in a computer somewhere but if you take it across it would be thousands of £20 or tens of thousands of £15.

  Q810  Chairman: Surely if you have a central reporting system you are going to learn an awful lot more because most people will not go to the police but, as has been shown in the United States, they will log their problem onto a website if there is a common website?

  Mr Coaker: That is something, Chairman, we are certainly looking at because we are aware that that would be a positive move. What we are trying to understand is what is the best way of doing that when there are recommendations with respect to fraud, with respect to e-crime and all of that, and how you coordinate all of that activity and bring everyone together in a coordinated and coherent way.

  Q811  Chairman: We are coming to the conclusion that there is quite a bit of urgency in this because at the moment even your statistics show that the overall level of this crime is relatively small and therefore there is a relatively small community there. Not that it is that small, and these people are clever, but as it rises that number is going to increase, you are going to attract more people to that and uncover unpleasant work, so we feel there is quite a deal of urgency.

  Mr Coaker: We agree with that. What we want to do, however, is to move forward in a way which is actually manageable. If we set up without talking to all of the various partners involved, what we are concerned about is that the system almost may be swamped with people coming forward with possible problems and reporting potential fraud or losses, and the management of that data is actually then initially for the law enforcement agencies. We are not hostile to the idea and we recognise the urgency, but we want to do it in a way which is manageable and effective for the law enforcement agencies, so that it gives us the outcome we want.

  Margaret Hodge: Can I come back on that because actually the challenge, even if the statistics are wrong—and it depends on how you identify the crime and which ones you are interested in—is that the level of crime relative to usage or ownership, or whatever it is, is pretty high. I think the difficulty with establishing that sort of framework or a legal framework is how you then, within that, with what will always be constrained resources, prioritise and target those crimes which create the most distress or loss, whatever it is, to individuals. That is the first thing and I think it is difficult. It is easy to say, "Have a website, have a law," but it is actually the implementation. You have got to be clear on the legislation. The only other thing I would say to you, which I know you and many of the Committee are highly aware of, is that this is such a vast changing industry with so much happening through convergence that actually framing a regulatory or legal framework which makes sense today and then becomes out of date tomorrow is just a difficulty that we have to think about all the time. So there has to be flexibility. You do not want to lock in a framework which then maybe stifles innovation, stifles change, and all those issues. So it is not quite as straightforward as putting up a website or introducing a new law, whichever it may be.

  Q812  Earl of Erroll: The first thing is, how come SOCA is looking at this? It is not within SOCA's remit. SOCA only deals with crimes over £10 million or serious crime, so actually this whole question of level 2 crime which is perpetrated in small quantities but large volumes is not in the SOCA remit, so how come they were looking at it with you?

  Mr Coaker: Because the point is that if you have got hundreds of small crimes occurring, it may be that if you look at the national picture you have actually got an international threat, because although they are small crimes individually the totality of it may be a serious crime.

  Q813  Earl of Erroll: So are you thinking possibly of rolling the proposed, let us call it the national e-crime coordination unit, into SOCA as well?

  Mr Coaker: What we are looking at—and again this is a moving picture—is that you have obviously got the SOCA e-crime unit and international and national strategic dealing with that level and what we need to look at is how we then co-ordinate, as you say, the level 2, the support for forces. I think, Chairman, you are about to see Commander Sue Wilkinson, and I have been talking to her with the Home Office about how we can deal with that as well.

  Q814  Earl of Erroll: Are you going to give her resources?

  Mr Coaker: We have not had the business case yet, so we need to look and see what proposals are coming forward from the ACPO lead on this and we will have to consider how we take that forward. We have made no commitment with resources at the present time, but it is something we need to look at and consider.

  Q815  Earl of Erroll: So you might make e-crime a KPI and it can be measured and something can be done about it?

  Mr Coaker: What we believe and understand is that we have got the SOCA e-crime unit dealing with it at that level, we are aware that individual police forces have been helped with funding since 2001 to develop their computer crime capacity in their individual forces, and then alongside that we need to establish how we coordinate the work at the ACPO level, which is something where we need to see how we take that forward and develop that. So it is not one strand or the other, it is all of those strands working together from the law enforcement point of view and the industry point of view in order to more effectively tackle this crime.

  Chairman: That leads us on to Lord Young's question.

  Q816  Lord Young of Graffham: Yes, which is really again for the Home Office. Do the police have adequate resources and even beyond that the right forensic skills to deal with cyber crime?

  Mr Coaker: If you will forgive me for repeating a couple of the points in answer to Lord Erroll's question, what we have done, particularly since 2001 where over and above the police grant there were sums of money given to each of the police forces to develop their own individual force capacity, we have been working to try and develop the capacity of the forces to deal with e-crime in their own areas. We also recognise that alongside that there is a need to develop and look at how we have a nationally coordinated response, working above that at level 2, and we need to look at how we can take that forward. I think the issue with forensic skills, if I can be honest and speak personally about this, is a very real issue. When I actually went to the SOCA e-crime unit I looked at the skills of the people working in law enforcement there and I have to say I just thought it was just astonishing to see the abilities of people and what they were doing with computers from a law enforcement aspect in order to try and catch the criminals. I am not an expert when it comes to the Home Office policy remit with regard to trying to prevent crime, but when you actually look at the techniques and the technical ability which is required to actually prevent this crime, I am not sure how many people have that skill, certainly at the SOCA e-crime unit. These were fantastically qualified people. At a local police force level, I think obviously this is something we need to work on to develop with the police forces, and I think part of that will be working with industry as well.

  Q817  Lord Young of Graffham: That really leads on to the next point I would like to make to you. In the United States the FBI have regional crime laboratories. Are we actually going to push it down to every single country police force, for every single police force in the country to set up its own laboratory, or are we actually going to look at it on a regional basis?

  Mr Coaker: I think this is part of the ACPO proposals for the coordination of e-crime which we will actually have to look at, what would be the most effective way of ensuring that every force has the capacity to deal with e-crime in their own area. Whether that is a regional type of approach or whether that is forces collaborating together I think is something we need to take professional advice on and, as I say, we are waiting for Commander Sue Wilkinson and others to come forward with the proposals.

  Q818  Lord Young of Graffham: Traditional crime is regional. With traditional crime the villains are in the patch where the police are. We are not dealing with that. They can be in other parts of the world and it does seem to me a little bit odd if we are saying to Rutland, or to any police authority anywhere, "You've go to do your own," for something which is almost global.

  Mr Coaker: I think that is right. What we are trying to do is to fill that protective services gap at an individual force level and how you do that will probably require a response which is above an individual police force, but I think what we have to do is to build confidence in communities across the country that e-crime is something which the law enforcement agencies, however they are configured and however they are set up to respond to it, are actually taking seriously and are actually trying to do something about.

  Q819  Lord O'Neill of Clackmannan: We had evidence earlier from the Met which I think mirrored your confidence in their competence, but they also made the point to us that they lose a lot of people because they are so good and the City and others will recruit them, but we were also given evidence to suggest that there was a dependence upon special constables, who were in fact volunteers coming from City computer firms and the like who were doing this almost as a hobby. Are you satisfied that you have got the skill levels consistent with the increasing demands, or are you going to always be chasing them?

  Mr Coaker: I think the forensic skill level necessary at an international level for ensuring that we have the capacity to deal with this, that individual forces have got somewhere they can go where they have the skill base necessary, is something which we need to look at and that, I think, will only come through collaboration and through working together. As I say, it is a developing picture but it is something which is crucial to us. I am not an expert when it comes to trying to work out what has happened with regard to computers, but we need the experts to help us if we are going to enforce the law effectively.


1   Due on 22 May 2007. Back


 
previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2007