Examination of Witnesses (Questions 800
WEDNESDAY 28 MARCH 2007
Q800 Lord Mitchell:
I am very surprised, perhaps delighted, that you say 16 million
use online banking, that is one in three of the adult population?
Mr Coaker: Yes, 16.9 million.
Q801 Lord Mitchell:
I am staggered by that. I would have thought it was much less.
Mr Coaker: These are APACS's figures and, as
Stephen Webb has just said, we regard APACS's figures as very
Q802 Lord Harris of Haringey:
That is not the number of accounts, that is the number of individuals?
Mr Coaker: Yes, using Internet banking.
Q803 Lord O'Neill of Clackmannan:
In terms of credit card transactions, do you make any distinction
between chip and pin transactions and transactions involving telephone
and the ones which involve broadband, because obviously there
are different kinds and there are different security systems involved
in them? Have you made any attempt to differentiate within credit
transactions the various types and have you any evidence, for
example, to tell us whether chip and pin has made a lot of difference
in crime reduction?
Mr Webb: The APACS figures are broken down into
a series of frauds and one of them is "card not present"
and that would be quite a variety of crimes, including mail order
over the phone but increasingly over the Internet. That is broken
down and APACS's general point on "card not present"
is that it has been increasing quite considerably, but they feel
it has not been increasing as fast as the actual use of cards
on the Internet and the use of Internet banking. So arguably the
risk for any individual user has been declining and overall card
fraud is obviously actually slightly declining too, which given
the huge increase in the use of cards is again in real terms an
Q804 Lord Paul:
The UK has not ratified the Council of Europe Cyber Crime Convention.
Could you tell us why it has not been done, and if we are going
to do it when it is likely to be done?
Mr Coaker: Yes. Thank you very much for that
question, Lord Paul. We are committed to ratifying the Council
of Europe Convention. We need to make some minor changes to the
Computer Misuse Act, which until we have done that will actually
delay the ratification. The minor changes we need to make to the
Computer Misuse Act, the legislation, is actually contained in
the Serious Crime Bill. That is obviously in the House of Lords
at the present time and will come to us in due course, then that
will be implemented and we will look to ratify that. We estimate
that will be in about a year's time. We are committed to ratifying
the Convention, it is just that there are some minor changes which
we need to make to the legislation in order to do that.
Q805 Lord Paul:
The Convention contains a number of provisions relating to mutual
legal assistance and to the expedited handling of cross-border
requests. Have any steps been taken to speed up the glacial speed
at which MLA usually proceeds?
Mr Webb: This obviously goes a lot wider than
the Convention. We have been generally looking at mutual legal
assistance requests and there is nothing specific in this particular
area which is being done. Therefore it is handled through the
UK central authority.
Q806 Lord Paul:
What procedures has the Government put in place for responding
to complaints received from overseas?
Mr Coaker: I think we are looking to develop
our whole system of reporting, whether it be from an international
perspective or from the national perspective, which we may come
on to later, and it is something which we need to consider, how
we actually deal with that and do that.
Q807 Lord Paul:
Is Europe far ahead of us in this?
Mr Coaker: From our estimation all countries
are at various places and I do not think there is anybody who
is a lot further on with this than we are. What is happening is
that countries across not just Europe but across the globe are
actually recognising the fact that if we are going to tackle this
problem then we need international solutions and we need countries
working together across the globe, frankly. What we need to do
is, instead of trying to catch up with the criminals, to try and
have a step change and move in front of them. As I say, there
is a lot of work done on it internationally, both with the Council
of Europe and, as I understand it, the EU and other bodies as
Mr Smith: Could I just add to that? The European
Commission has been telling us for some time that they are going
to give us a communication on cyber crime.
It has been a long time delayed, but we have had a sort of peek
behind the curtain last week and we think that it is going to
say a lot about improving mutual legal assistance within the EU.
So I think there is a new initiative underway on this front.
Q808Lord O'Neill of Clackmannan:
Would you support the development of a single UK or even England
and Wales website for the reporting of cyber crime like there
is in the FBI's US "IC3" website?
Mr Coaker: We have not come to any firm conclusions
about this, but it is something that we are actually happy to
look at in terms of the whole issue of reporting and how we do
that. Obviously the Attorney-General and the Chief Secretary last
week, in response to the fraud review, said that there was the
possibility of the establishment of a national fraud reporting
centre. We need to look at the whole issue of are we going to
have a reporting portal for fraud, are we going to have a reporting
portal for e-crime, or are we going to put all of that together?
How would that work? How would you coordinate all of that? So
I think there is a lot of work to be done, but the point is that
there needs to be some coordination across the whole of this,
so the answer is, we are looking at it and it is something we
Q809 Lord O'Neill of Clackmannan:
One of the things we have come across repeatedly is that someone
may get ripped off for a few hundred pounds, but there is every
likelihood that simultaneously with that there is a whole range
of people who have been robbed in exactly the same way. Should
the police be trying to establish whether there is a lot of small
crime rather than a big one, because at the end of the day as
many people and as large sums could well be involved?
Mr Coaker: If you look at the law enforcement
activity and the work which SOCA's e-crime unit is doing and some
of the other activity which is being done, it is to try and piece
together what on their own look to be small, individual crimes,
to try and see if there is a pattern across the whole of the network
that they can then piece together. I visited the SOCA e-crime
unit recently to see that activity, where all sorts of reports
were coming in and where they were trying to identify patterns
of activity so that they can actually attack the criminals behind
what, as you say, may be one small attack in a computer somewhere
but if you take it across it would be thousands of £20 or
tens of thousands of £15.
Surely if you have a central reporting system you are going to
learn an awful lot more because most people will not go to the
police but, as has been shown in the United States, they will
log their problem onto a website if there is a common website?
Mr Coaker: That is something, Chairman, we are
certainly looking at because we are aware that that would be a
positive move. What we are trying to understand is what is the
best way of doing that when there are recommendations with respect
to fraud, with respect to e-crime and all of that, and how you
coordinate all of that activity and bring everyone together in
a coordinated and coherent way.
We are coming to the conclusion that there is quite a bit of urgency
in this because at the moment even your statistics show that the
overall level of this crime is relatively small and therefore
there is a relatively small community there. Not that it is that
small, and these people are clever, but as it rises that number
is going to increase, you are going to attract more people to
that and uncover unpleasant work, so we feel there is quite a
deal of urgency.
Mr Coaker: We agree with that. What we want
to do, however, is to move forward in a way which is actually
manageable. If we set up without talking to all of the various
partners involved, what we are concerned about is that the system
almost may be swamped with people coming forward with possible
problems and reporting potential fraud or losses, and the management
of that data is actually then initially for the law enforcement
agencies. We are not hostile to the idea and we recognise the
urgency, but we want to do it in a way which is manageable and
effective for the law enforcement agencies, so that it gives us
the outcome we want.
Margaret Hodge: Can I come back on that because
actually the challenge, even if the statistics are wrongand
it depends on how you identify the crime and which ones you are
interested inis that the level of crime relative to usage
or ownership, or whatever it is, is pretty high. I think the difficulty
with establishing that sort of framework or a legal framework
is how you then, within that, with what will always be constrained
resources, prioritise and target those crimes which create the
most distress or loss, whatever it is, to individuals. That is
the first thing and I think it is difficult. It is easy to say,
"Have a website, have a law," but it is actually the
implementation. You have got to be clear on the legislation. The
only other thing I would say to you, which I know you and many
of the Committee are highly aware of, is that this is such a vast
changing industry with so much happening through convergence that
actually framing a regulatory or legal framework which makes sense
today and then becomes out of date tomorrow is just a difficulty
that we have to think about all the time. So there has to be flexibility.
You do not want to lock in a framework which then maybe stifles
innovation, stifles change, and all those issues. So it is not
quite as straightforward as putting up a website or introducing
a new law, whichever it may be.
Q812 Earl of Erroll:
The first thing is, how come SOCA is looking at this? It is not
within SOCA's remit. SOCA only deals with crimes over £10
million or serious crime, so actually this whole question of level
2 crime which is perpetrated in small quantities but large volumes
is not in the SOCA remit, so how come they were looking at it
Mr Coaker: Because the point is that if you
have got hundreds of small crimes occurring, it may be that if
you look at the national picture you have actually got an international
threat, because although they are small crimes individually the
totality of it may be a serious crime.
Q813 Earl of Erroll:
So are you thinking possibly of rolling the proposed, let us call
it the national e-crime coordination unit, into SOCA as well?
Mr Coaker: What we are looking atand
again this is a moving pictureis that you have obviously
got the SOCA e-crime unit and international and national strategic
dealing with that level and what we need to look at is how we
then co-ordinate, as you say, the level 2, the support for forces.
I think, Chairman, you are about to see Commander Sue Wilkinson,
and I have been talking to her with the Home Office about how
we can deal with that as well.
Q814 Earl of Erroll:
Are you going to give her resources?
Mr Coaker: We have not had the business case
yet, so we need to look and see what proposals are coming forward
from the ACPO lead on this and we will have to consider how we
take that forward. We have made no commitment with resources at
the present time, but it is something we need to look at and consider.
Q815 Earl of Erroll:
So you might make e-crime a KPI and it can be measured and something
can be done about it?
Mr Coaker: What we believe and understand is
that we have got the SOCA e-crime unit dealing with it at that
level, we are aware that individual police forces have been helped
with funding since 2001 to develop their computer crime capacity
in their individual forces, and then alongside that we need to
establish how we coordinate the work at the ACPO level, which
is something where we need to see how we take that forward and
develop that. So it is not one strand or the other, it is all
of those strands working together from the law enforcement point
of view and the industry point of view in order to more effectively
tackle this crime.
Chairman: That leads us on to Lord Young's
Q816 Lord Young of Graffham:
Yes, which is really again for the Home Office. Do the police
have adequate resources and even beyond that the right forensic
skills to deal with cyber crime?
Mr Coaker: If you will forgive me for repeating
a couple of the points in answer to Lord Erroll's question, what
we have done, particularly since 2001 where over and above the
police grant there were sums of money given to each of the police
forces to develop their own individual force capacity, we have
been working to try and develop the capacity of the forces to
deal with e-crime in their own areas. We also recognise that alongside
that there is a need to develop and look at how we have a nationally
coordinated response, working above that at level 2, and we need
to look at how we can take that forward. I think the issue with
forensic skills, if I can be honest and speak personally about
this, is a very real issue. When I actually went to the SOCA e-crime
unit I looked at the skills of the people working in law enforcement
there and I have to say I just thought it was just astonishing
to see the abilities of people and what they were doing with computers
from a law enforcement aspect in order to try and catch the criminals.
I am not an expert when it comes to the Home Office policy remit
with regard to trying to prevent crime, but when you actually
look at the techniques and the technical ability which is required
to actually prevent this crime, I am not sure how many people
have that skill, certainly at the SOCA e-crime unit. These were
fantastically qualified people. At a local police force level,
I think obviously this is something we need to work on to develop
with the police forces, and I think part of that will be working
with industry as well.
Q817 Lord Young of Graffham:
That really leads on to the next point I would like to make to
you. In the United States the FBI have regional crime laboratories.
Are we actually going to push it down to every single country
police force, for every single police force in the country to
set up its own laboratory, or are we actually going to look at
it on a regional basis?
Mr Coaker: I think this is part of the ACPO
proposals for the coordination of e-crime which we will actually
have to look at, what would be the most effective way of ensuring
that every force has the capacity to deal with e-crime in their
own area. Whether that is a regional type of approach or whether
that is forces collaborating together I think is something we
need to take professional advice on and, as I say, we are waiting
for Commander Sue Wilkinson and others to come forward with the
Q818 Lord Young of Graffham:
Traditional crime is regional. With traditional crime the villains
are in the patch where the police are. We are not dealing with
that. They can be in other parts of the world and it does seem
to me a little bit odd if we are saying to Rutland, or to any
police authority anywhere, "You've go to do your own,"
for something which is almost global.
Mr Coaker: I think that is right. What we are
trying to do is to fill that protective services gap at an individual
force level and how you do that will probably require a response
which is above an individual police force, but I think what we
have to do is to build confidence in communities across the country
that e-crime is something which the law enforcement agencies,
however they are configured and however they are set up to respond
to it, are actually taking seriously and are actually trying to
do something about.
Q819 Lord O'Neill of Clackmannan:
We had evidence earlier from the Met which I think mirrored your
confidence in their competence, but they also made the point to
us that they lose a lot of people because they are so good and
the City and others will recruit them, but we were also given
evidence to suggest that there was a dependence upon special constables,
who were in fact volunteers coming from City computer firms and
the like who were doing this almost as a hobby. Are you satisfied
that you have got the skill levels consistent with the increasing
demands, or are you going to always be chasing them?
Mr Coaker: I think the forensic skill level
necessary at an international level for ensuring that we have
the capacity to deal with this, that individual forces have got
somewhere they can go where they have the skill base necessary,
is something which we need to look at and that, I think, will
only come through collaboration and through working together.
As I say, it is a developing picture but it is something which
is crucial to us. I am not an expert when it comes to trying to
work out what has happened with regard to computers, but we need
the experts to help us if we are going to enforce the law effectively.
1 Due on 22 May 2007. Back