Examination of Witnesses (Questions 1032
WEDNESDAY 25 APRIL 2007
Q1032 Chairman: Thank you very much
for coming to give evidence to us. This is the House of Lords
Select Committee for Science and Technology and this is in fact
our final evidence session, at least as presently planned for
this inquiry, which we have been conducting for several months.
We very much appreciate you coming to talk to us. Welcome to members
of the press and the public who are here. I assume you have picked
up the documents that tell you what the Committee's mission is
here. Perhaps we could start with our witnesses introducing themselves
Ms Lemon: My name is Sharon Lemon. I am the Deputy
Director of the Serious and Organised Crime Agency and the Head
of e-Crime. Formerly I was the Head of the National High Tech
Crime Unit and before that the Head of the Paedophile On-Line
Investigation Team. On the first of April last year I handed the
ACPO lead to Commander Wilkinson, SOCA not being a law enforcement
agency. I chair the National e-Crime Strategy Group and chair
the steering group for Get Safe On-Line.
Mr Hughes: I am Bill Hughes. I am the Director
General of the Serious Organised Crime Agency which actually is
a law enforcement agency, not a police agency. Prior to that,
I was the Director General of the National Crime Squad. The National
Crime Squad and the National Criminal Intelligence Service are
part of Customs and Excise, as it then was, part of the Immigration
Service and were brought into SOCA at the beginning of April 2006
so we have just had our first anniversary of working.
Commander Wilkinson: I am Sue Wilkinson; I am
a commander in the Metropolitan Police. I have the lead for e-crime
in the Metropolitan Police but also last April I took over the
ACPO national lead within ACPO forces for e-crime. I also, within
the Metropolitan Police, have responsibility for fraud and economic
crime et cetera which is closely allied to e-crime. I chair the
Internet Crime Forum and I run the ACPO working group on e-crime.
Thank you. Is there anything you would like to say in an opening
Mr Hughes: No, I do not think so except perhaps
to say that when the National Crime Squad was abolished and SOCA
started there was a change over obviously from what was a specialist
unit within the National Crime Squad which was the National High
Tech Crime Unit and that has moved into a different approach within
SOCA. Some people would see that that showed a lack of interest
in e-crime; the reverse is the case. SOCA went to a situation
where we have a unit now called e-Crime which Sharon heads which
devotes itself to that type of criminality. The issues around
paedophilia on-line went into a separate unit called CEOP combating
child exploitation and on-line protection which is an affiliated
unit to SOCA. We marshalled our resources in a better way in order
to be able to deal with e-crime issues and at the same time working
with the Metropolitan Police and ACPO have started to look at
ways in which we can make sure that we spread that right across
the piece in a continuum rather than simply having different squads
dealing with issues.
That leads into my first question which is a very general one
which is: is there such a thing as e-crime? What I am really leading
to is whether e-crime should be formally defined and, if so, how
should we go about that?
Ms Lemon: We have defined it as two specific
areas. Firstly the type of crime that can now be committed because
technology exists which formerly could not be committed; I think
that is definitely e-crime because without the technology those
crimes could not be committed. More commonplace now is traditional
crime moving on-line in the virtual environment, traditional criminals
using and exploiting technology; that is traditional crime using
technology. That is where we need to mainstream the issues more
because I think the problem with policing is that anything involving
a computer or the slightest bit of technology is put into a specialist
bracket and it is confusing the issue and leaving a smaller number
of specialist resources dealing with what is traditional crime.
So we have a clear definition; we have type A and type B where
we are talking about technology that enables this crime to exist.
Normally traditional crimes, even so, the denial of services attacks,
is just current day extortion; phishing is just current day fraud,
and then there are traditional crime types. I think there is definitely
an e-crime but the biggest part of the issue is that all the crimes
that are exploiting technology just make it much easier to commit
Do you think you are now in a position to start gathering statistics
and setting targets for yourselves on e-crime?
Ms Lemon: I would not be so bold as to say that
we are anywhere near gathering statistics at the moment. We can
certainly look at the evolution of e-crime which has been well
documented from the people committing the crime just because they
could for kudos, to now people exploiting the type of crime because
of the revenue that comes with it. There is a very quick scale
and reach. We see traditional criminals committing their crime
on-line but I do not think I would be so bold as to say that I
would be able to give you an estimate of what it looks like in
the UK at the moment.
Are you trying to move towards a situation where you can gather
Mr Hughes: If I may answer that question in
a different way, that is the point that Sharon has made is that
whilst these are often old crimes committed with new techniques,
the issue is how do you deal with them. It is not so much a matter
of how you record them or how you see them as crimes per se for
investigation, it is how best to deal with them. I think that
is the issue that we all need to be thinking about now. The way
it is done is often because this is a global issue. This is not
just happening inside the UK so expecting UK law and enforcement
necessarily to pick up on it and to be able to deal with it on
its own is not feasible. There need therefore to be global alliances;
we need to be able to work with our colleagues in other countries
in other parts of the world. There needs to be another way of
actually pulling the information together. People simply coming
into police stations to report the crimes is going to end up with
an uncoordinated approach across the whole of the United Kingdom
and outside. What we need are better ways of gathering the data
about what is actually happening so that with our colleagues in
the private and public sector who are helping with thatwe
will probably come onto that laterthere are ways of building
up crime pattern analysis which can help us to attack and deal
with what is happening there rather than investigating each individual
case one its own. This is very much the way that SOCA is trying
to deal with serious organised crime per se and the way that the
police service is also picking up on dealing with crime pattern
analysis and taking out the root cause rather than addressing
the symptoms. This is a classic example where we need to change
the way that we work as law enforcement.
Commander Wilkinson: Obviously I am sitting
here representing the 43 police forces of England, Wales and Northern
Ireland and I would certainly hope that by the end of this session
the Committee has clarity around how the 43 police forces of England,
Wales and Northern Ireland will work seamlessly with the Serious
Organised Crime Agency in tackling what is a crime that is very,
very difficult to define geographically and in terms of numbers
of victims and geographic location of the crime is almost impossible
to really pin down or define. When I took over the national portfolio
on e-crime we reassessed the old ACPO definition of what was then
high tech crime and we redefined it and made it much simpler.
The ACPO definition of e-crime (it may be helpful for you to know
it sits comfortably with the SOCA definition) has been agreed
as the use of networked computers, telephony or Internet technology
to commit or facilitate crime. That is clearly very, very wide
indeed. When we are looking at e-crime we have to look at it from
being solely an e-crime, if you likesuch as a denial of
service attack, for exampleright the way through to traditional
crime such as fraud or kidnap or any other traditional crime during
the commission of which technology comes into it, whether it is
the use of text messaging or actual money laundering through computers
or the use of mobile phones, et cetera. The definition is incredibly
wide because it has to be so that we can pull everybody into the
fight against e-crime and we can mainstream it. It does also make
it incredibly difficult to count the number of so-called e-crimes
that have actually taken place.
Is there evidence that conventional crime is being displaced by
e-crime? Is it apparent to you that you can shift resources now?
You do not necessarily need new resources but you need to shift
resources and re-train people.
Mr Hughes: There are two issues there. There
is clearly evidence that we are seeing serious organised criminals
working in an area which is new to them. As always these are entrepreneurs
who go where the rewards are high and the risks are low. They
are looking at ways in which they can move into new areas of criminality.
In terms of law enforcement, we also have to look at ways in which
we train and restructure ourselves and resource ourselves better.
E-crime is a classic example. What we need from Sharon is very
much a specialist area of enforcement understanding, but if you
just parcel this off into separate squads or separate units within
law enforcement then you are missing the trick. The trick we have
to make sure people realise is that this is going to be the way
of the future. We have to mainstream it so that the detectives,
investigators or law enforcement agencies are starting to think
about how this impacts upon the type of investigations they are
dealing with. It is as simple as, for example, every time we deal
with serious organised crime there will be a laptop, a PDA, a
telephone or some very complex piece of kit and we need to have
the understanding of how this can be used and, more importantly,
how evidence can be gained from that technology in order to prosecute
our cases or to gather the knowledge and information we need to
be able to attack the source.
Commander Wilkinson: I totally echo that. I
think from the point of view of the police forces we need to raise
the level of awareness, understanding and capability across all
officers; uniformed constables for example and detectives will
need to have a higher level of capability and skill so that everybody
has some awareness and capability in terms of investigating e-crime
and there are certain types of e-crime that are so specialist
that there will need to be specialist units to deal with those.
I would echo entirely the point that it needs to be mainstreamed
because this is the way we live now and it is a developing way
that we live now and so it is important not to try to shift everything
into specialist units but to raise the level of awareness and
capability right the way across the board.
Q1038 Lord Mitchell:
Perhaps it is appropriate that as we speak the Serious Crime Bill
is going through our House and we may have to go and vote a few
times on it. One of the issues we have looked at quite a bit in
our deliberations is whether the legal framework for investigating
and prosecuting e-crime is sufficient. Do you feel it is sufficient
and are there any gaps that need to be plugged?
Ms Lemon: As far as I am concerned in the UK
I do not think there are any significant gaps. I would not want
to make legislation overly complexand this goes back to
the mainstreaming partas long as recognition is made in
forthcoming legislation of the need to include technology and
it is a neutral bit of legislation that would incorporate what
we need to achieve. Where it is difficult for us is in the international
space where legislation in different countries can cause problems.
The current procedures for sharing information and intelligence
can be extremely sluggish and sometimes we work despite those
arrangements, so that would be a problem I would like to raise.
Commander Wilkinson: I think for me the Computer
Misuse Act, the latest Fraud Act and existing legislation is proving
entirely adequate to incorporate the issue of e-crime into it
in terms of investigation, evidence gathering and prosecution.
However, the issue of the international nature of e-crime is probably
our biggest challenge and investigations can fall down because
of the fact that legislation does not really cover the international
challenge. We cannot prosecute offences that are committed abroad,
for example, and criminals can exploit that by originating the
Mr Hughes: If I may add just one further point,
that is the question about the prosecution as well. Of course
much of this revolves around how we present cases in court and
the abilities of the courts in the UK particularly to receive
particularly complex information from IT investigations or the
way it is presented is difficult. This is no fault of the courts;
this is simply that we are living in a fast moving world and perhaps
one of the things we should be thinking about is how better we
can present the case in court so that judges and juries better
understand exactly what is being presented there. In the same
way that you have a technological advisor here it may be useful
to do the same in some of the courts when we are dealing with
some of these cases.
Q1039 Lord Mitchell:
On that sort of related issue, would it be feasible for a computer
used to commit a crime to be brought out in court and sentencing
in a manner in some ways analogous to the aggravating factors
of bringing out a gun for other types of crime?
Mr Hughes: That is an interesting question.
You referred just now to the Serious Crime Bill that is going
through your House at the moment, and there may be some prevention
orders in there that we might like to think about as examples
of what we could do with those who had such criminality. There
is no doubt we could use that effectively.