Examination of Witnesses (Questions 420
WEDNESDAY 15 MARCH 2000
Lord Woolmer of Leeds
420. Sorry: did you say tells you at that point?
(DCS Akerman) Yes. He checks with the credit card
company and finds out that the numbers have not been issued.
421. You actually said he tells you about it.
(DCS Akerman) Yes. Under our direction he e-mails
back and says, "Right, but unfortunately your credit card
limit is too low." "Oh, ever so sorry", and back
comes another e-mail. It goes on like this for a while. Our big
problem is, where are they? Okay, we have got an IP address but
they can all be altered or knocked up. However, if we report that
to the Spanish as it stands at the moment through mutual legal
assistance, if we go that route, the first thing the Spanish want
is the entire complaint translated into Spanish. What we have
got at the moment is, in real policing terms, a fairly low key
crime in terms of public priority. We have got an attempted deception
on a retailer. Are we going to spend the money to get all that
translated into Spanish, sent out through the FCO, eventually
to get to Spain to have a look at in the hope that the Spanish
will then go and try and trace the offenders? Irrespective of
all that, what has happened to the computer based evidence in
the meantime? If we try and follow that route then we are in breach
of I think section 30 or 60 of the Police Act. I cannot remember
off the top of my head. We are only acting as police officers
within the jurisdiction of the United Kingdom. As soon as we go
and retrieve information down the cyber highway, bring it back
and then produce it, we stand to be in breach of section 78 of
PACE because we have acted outside our powers There is a very
brief illustration of some of the problems and that is a simple
422. You have given a perfect example of Spain,
but if the man really plans a big fraud he will go to a country
which is much worse than Spain. Then where is the chance?
(DCS Akerman) Yes. I did not mean to infer the Spanish
were bad. I just used that as a recent example. The real problem
is this. If we take a good extortion, you could set yourself up
wherever you care to name, and let us take as an example Nicaragua.
You can then access the victim in the United Kingdom going through
various routes, and ask for the money to be deposited in France
and then ask for it to be transferred on to somewhere else. Our
problem is not tracking it. It is tracking it in sufficient time
(a) to be able to recover the evidence so that we can use it,
and (b) quickly enough so that we can apprehend the offenders
or we have lost it. Running parallel with all that is: are the
offences we are talking about offences in the countries that we
are visiting? Do they understand what we are investigating and
have they got similar offences? What are their standards in terms
of the way that they collect and produce the evidence? Will we
be satisfied? Would our court accept them? When we perhaps phone
up and say, "We want to hurry up. Please try and retrieve
some of this computer evidence", are they going to do it
in a way which is acceptable to us? We are talking about common
standards generally as well, so there is a plethora of problems
associated with your question.
423. You said that regulations put in place
by the United Kingdom alone would be irrelevant. If Europe was
to put them together does that mean that in world terms those
would also be irrelevant because Europe is only a small part?
When you had your conference, the IHCFC with 26 countries, did
you find that there was a feeling that one could attain agreement
throughout much of the developed world, or do you think that it
would have to be broken up into certain areas which would have
their own agreements but they would have to talk to each other?
In what sort of forum in the future do you think these sorts of
negotiations about regulations may take place successfully?
(DCS Akerman) The answer to your first question is
that it is irrelevant because Europe on its own is not sufficient.
What we want and what we must have is action on a scale which
hitherto has not been experienced. The closest we have seen it
is to drugs profit confiscation legislation. Because drugs are
such an insidious product there has been fairly universal agreement
that we should have some sort of action. That is the nearest correlation
I can give you. You have to have everyone do it or we are wasting
our time. As far as the 26 countries are concerned, I am skating
on very thin ice here but I am going to answer you very frankly.
The practitioners, ie law enforcement, will want to achieve a
practical solution and in fact inevitably will probably come to
some form of practical solution. The real issue is the political
agenda in terms of whether or not it is politically acceptable
to go down a particular route. That is a fact of life. We sit
on the G8 Hi-Tech Crime Sub-Group. I often wonder to myself how
the United Nations function if I am merely dealing with seven
other countries. That is not a criticism. I understand where some
of the issues are coming from, but those are the facts. From a
purely practitioner point of view there is a real will to get
this sorted out.
424. How far do you think it can go in world
terms? Do you think that the developed countries can try and produce
regulations that other people will accept? It would be nice if
the whole world came together and said, "Right, we will regulate",
as they have done largely with drugs. In practical terms where
do you think you can go?
(DCS Akerman) First of all you have a culture to overcome
and the culture of the Internet is that it is non-regulation.
This is the beanbag approach, if I can use that expression. Everything
is up for grabs. This is real freedom of information in its truest
sense. This is where we can be philosophical and express our views,
lateral thought, bags of initiative, innovation and everything
you can think of. You have got a whole culture there which the
industry are going to be interested in developing (a) in terms
of providing a service, and (b) you are going to have the companies
who will want to make money and earn profit from their customers
for their stockholders. You have those sorts of issues to one
side. Then there is the issue of whether or not a law in one country
is going to have the same meaning as in another. At the moment
it clearly does not. We have seen some real practical difficulties
in our recent past in terms of our own terrorist legislation where
that has caused problems, and indeed, on a much more basic level,
there are issues about theft and criminal damage. It is not easy.
425. I am going to come at this from a slightly
different angle because of my involvement with police authorities.
First of all, might I ask youand we want you to be very
honesthow unready is the British police force to actual
deal with the problems? In my own police force I understand there
are two people employed and this is one of the biggest police
forces in the country, and certainly I have never heard at any
budget meeting or anything of the sort any emphasis being given
to the need to deal with this subject.
(DCS Akerman) If I answer the second part first, I
will reiterate what I have already said. The fact is that government
priorities direct our resources in another direction. We all know,
whether we like it or not, what gets measured is what gets done.
That is the bald fact. Unpalatable as that may be, that is the
426. That is what we want to know.
(DCS Akerman) The answer to the first part of your
question is that the practitionersand Nigel is a classic
illustration of this; you are talking about the DCs, the Detective
Sergeants and the Detective Inspectorsrecognised this as
a problem a long time ago and have been beefing very hard to make
management understand what some of these issues are. At the end
of the day we have to accept that we have budget issues, there
are the government priority issues, there is a whole raft of things
which have to be taken into account. There are pockets of excellence
in the country which are well equipped to deal with some of these
problems. The key issue is to enhance those pockets of excellence
and, more importantly, to spread them out so that it is universal
and not just focused in a few areas.
427. This is a slightly technical question,
Chairman, but does the policy of tenure in the police which is
tending to move people about from speciality to speciality run
totally counter to what you are saying?
(DCS Akerman) If I may say so, that is a dreadfully
low ball question to ask me.
Lord Bradshaw: I think we have got the answer!
Baroness O'Cathain: Do not commit yourself!
428. The third subject is that we have in the
police force in the country coming upon us a piece of technology,
the public sector radio communications project, which will equip
every police constable with a piece of equipment, assuming we
buy the hand-held equipment of the right quality, which is capable
of collecting evidence in digital form. In the same way we have
taken the fact that the law needs complete revision in respect
of e-commerce, and that needs to be done internationally, do I
also take it that our own Police and Criminal Evidence Act will
have to be taken to pieces if we are to be able to submit evidence
which is gathered digitally and electronically to the courts?
(DCS Akerman) Quite possibly. This is not a criticism.
When it was formulated people did not envisage the technological
leap that we have been making. Technology is at the stage now
where I doubt whether legislation will ever keep up, to be quite
honest with you. However, there are opportunities for us to be
more innovative and imaginative than we currently are. I can give
you two examples. The first one is identification parades. We
really struggle to get together six-foot-four, large-build, grey-haired
people. If I had to put Nigel on an ID parade I would be really
struggling to find a number of other people who broadly match
his description. However, if we had a CD Rom or a number of video
images of similar people, it would be ever so simple to do that.
We cannot do that. That is one illustration. Another good one
is that we are always complaining about the way that we use our
resources and we are being asked to maximise them, use them cost
effectively etc. The fact is that under the Police and Criminal
Evidence Act which you have alluded we have to review prisoners
on a regular basis once they have been arrested. Why cannot we
use technology to assist us in that process? At the moment we
cannot. It requires the physical presence of the inspector to
go and review it. Why cannot we have video conferencing? There
are two illustrations which go towards answering your question.
429. So that there is a need for a revision
of the law which has to have an international dimension so far
as international crime is concerned, and at the same time we have
to ensure that the police force has the resources to deploy people
to do the work?
(DCS Akerman) The trouble is that whatever occupation
you talk about they will always scream, "I need more resources."
The police force are no different from anyone else. What I am
saying to you is, look: there are some opportunities where we
could use technology to our advantage so that we make better use
Lord Bradshaw: I understand that point.
430. There seems to be some slight contradiction.
You started off by complaining, if that is the right word, that
there were too many cooks spoiling the broth, Europol, Interpol,
etc. But now you are also saying that there does not seem to be
anybody who is taking the lead. Why cannot we get a country-wide
or worldwide Interpol who will take some of these points and run
(DCS Akerman) First of all, I do not think I was complaining
at all. I was merely stating the facts. The facts are that there
are too many people doing it. There is no reason why one particular
country could not take the baton and run with it provided they
could get everyone else to run with them. The problem is that
what we see quite often is that the person who picks up the baton
looks behind him and finds he is running on his own. That happens
far too often.
431. I am just saying: is there something that
one should be putting together in trying to bring all the European
countries together with Interpol and so on? Are you finding that
there are so many different cooks around that you cannot get the
(DCS Akerman) Oh no. The position is quite clear,
is it not, about e-commerce, computers to schools? All communication
with government is to be electronic in a certain time. This government
has signed up to the G8 principles, there is no doubt about that,
and is working very hard on the G8 front. They also go to the
European Cyber Crime Convention. The point I was making was that
what is really important is to co-ordinate the effort and I do
not see any obvious signs of co-ordination of effort so that the
practitioner sees the realistic product at the end of the day.
Lord Sandberg: That was the point I was trying
to get from you. I think it is a very important one.
432. When we have been speaking about anti-terrorist
legislation, in this House especially, many people have argued
for evidence which is accumulated through electronic/telephonic
means to be able to be used in evidence. It would appear that
we are one of the few countries where that is not so. You have
so far talked about somebody running and having nobody behind
them. Are we not the ones who are behind on that and therefore
in that simple way could we not do some catching up?
(DCS Akerman) The interception of communication is
not my area of expertise. However, there are some very good reasons
why the United Kingdom have adopted that position. Certainly there
is no evidence worldwide that an opening up in the way that you
have indicated actually is a huge advantage.
433. So it is not part of this problem?
(DCS Akerman) The interception of communications is
going to be a problem, yes. As we see a merging of data and voice
and the ordinary mobile phone, instead of being the low memory
base that it is at the moment, being capable of holding something
like 6.8 gigabytes so that you will get your text and voice and
be able to e-mail the world, and we have not got a clue where
you are doing it from, that is a real problem. Existing legislation
in terms of e-mail is problematical. We have only two avenues
open to us in terms of how we secure that evidence. The first
one is the Interception of Communications Act where you have just
articulated what the problem is: we cannot use it in evidence.
The other one is the Police and Criminal Evidence Act, Schedule
1, where we go to a High Court judge and get an order to allow
us to get it. There are a couple of problems associated with that.
The first is that it has got to be serious, and that is defined,
so not all offences are serious. The other thing is that it also
only gives you historical data so you are going to be saying to
Lord Justice X every day possibly, "I want another order",
to keep up with the data. The other thing of course is that there
is no requirement for people to preserve the data. There is no
legislation to ask them to retain it. From our point of view that
is a nightmare.
434. Can I start first of all with the extent
of the problem or otherwise, because you spoke in very convincing
terms about the nature of the problems but we have not really
got a feel for the size of them. If you face the problem of burglaries
at home, your first answer would really be, I assume, to encourage
people to make their homes such that they cannot be burgled as
opposed to spending a lot of time chasing burglars, in other words
you prevent rather than cure. Taking that analogy, the answer
to the dramatic example you gave of the credit card crime is to
put the onus upon the industry to say, "You are the people
who are getting ripped off", the credit card companies. "You
set up the devices to avoid that happening." It is the equivalent
of putting things on your house to stop you being burgled. You
did not really talk much about preventing it happening as opposed
to chasing the criminal. I understand that because the question
was about chasing the criminals as it was happening rather than
preventing them. My question is this. Industries always say to
us, "Self regulation. We can look after ourselves."
Is that not in reality the way for the next few years that things
are going to go? Being realistic police forces around the world,
home secretaries around the world, are most unlikely to move at
the speed that the people being damaged by these crimes are going
to move, so what is your comment on the strategy for prevention
rather than cure?
(DCS Akerman) There is a range of questions in that.
Nigel has done a lot of work on the credit card one, so I am going
to let him answer the credit card one and I will come back to
your more strategic question.
(DS Jones) The issue that crops up with credit fraud
across the Internet is that if I purchase something on the Internet
using a stolen credit card and I ask for it to be delivered to
my home address, which is not the address of the card holder,
from the merchant, who may be an on-line merchant in America or
anywhere in the world, the goods will be delivered to me at my
address where I have probably got millions of pounds worth over
a period of time. The merchant will then try and debit the credit
card number. If the card number has been self-generated or does
not exist, the credit card company will use a system called charge-back
where they charge back the cost to the merchant, so the merchant
is the victim. If the credit card number is a number that does
exist and belongs to someone somewhere in the world, that will
be debited to that card holder's account. The card holder will
probably notice this and tell the credit card company he did not
make the transaction. Because the card holder was not present
when the transaction took place and the goods were not delivered
to his address, the credit card company then have the right to
charge that back to the merchant. We have spoken to the credit
card companies about this and, to be perfectly frank, their concern
is not with the type of fraud where they are not the loser. Their
concern is with application fraud where the fraud is at the time
of the application for the credit card and they therefore then
suffer the loss. Our view is that in today's technological age
it should be possible for a merchant, when a transaction is taking
place, to make more checks than are currently available to him.
What we believe is that it needs a banging of heads if you like
between the on-line merchants and the credit card companies in
order to assist with the crime reduction. That is just one area
where we believe that this could help and through the forum one
of the next things we are looking at is an Internet fraud prevention
guide where we will be bringing on board people from the credit
card industry and on-line manufacturers. That is just one example
of where we think it may help.
(DCS Akerman) In terms of the broader issues raised
by your question, with burglary we invented an animal called the
architectural liaison officer. That individual, who was highly
trained, worked with the builders so that as the housing estates
were being built we did not create dark alleyways or enclosed
spaces which were opportunities for crime. The in-phrase at the
time was "design out crime". There is an obvious corollary
with that in what you are suggesting. It would be superb if law
enforcement and the other key agencies were able to work with
industry to look at ways of designing out crime in technology.
The big problem with that is market advantage and disadvantage
at the moment. Houses have been with us for ages. People have
got particular tastes but they are fairly limited. With technology
it is moving at such a pace that companies are very worried about
leakage of information, market advantage and disadvantage, and
it is an issue. If we can get involved in that, then that will
be absolutely superb. However, we would need to have the necessary
knowledge and expertise to be able to do that. What we are looking
for is an individual who is technically very literate and excellent
and has also got investigative experience and they are a bit of
a rare breed, I have to tell you.
435. Is it not possible there that you were
talking about a type of crime that could have been committed previously
without any recourse to the Internet? Coming back to the nature
of the relationship between the police and the private sector,
reading the paper, I see that you regret that you did not involve
the private sector early enough for the Internet Crime Forum.
I wonder whether you might care to comment on that and whether
you see other areas where perhaps the private sector in the industry
could be further involved with you and therefore will willingly
come forward to help?
(DCS Akerman) A small correction if I may. In the
Internet Crime Forum we are heavily involved with industry. That
was the international conference where we had a series of workshops,
which we set out as being designed really exclusively for law
enforcement. As that progressed, and this is very much a personal
view (which Nigel shares), we regretted not involving industry
more in those workshops. As far as the Internet Crime Forum is
concerned, we have got an excellent involvement with industry
in that. It is an issue that has been taken up by G8.
436. Not the credit card companies so far?
(DCS Akerman) No, but we are working there. Nigel
is dealing with some of that but there are a couple of initiatives
coming up. First of all, there is a DTI initiative called Foresight
which is looking at the credit card type of problem in association
with industry, the credit card companies and all the cash converter
type problems. At G8 they are launching an industry conference
in May to try and debate some of these issues. The Americans,
who like the whole idea, are following later this year, I think
in the autumn (or the fall as they call it) with something very
437. So things are moving?
(DCS Akerman) I think they are but we have to understand
that it is very easy for me to sit here and give you a wish list
and say, "Give me this, give me that. If you did this we
would achieve for you wonderful results." We have to be entirely
pragmatic and understand some of the problems that industry have
as well. For example, if I give you a very quick illustration,
we have seen in the newspapers over the years, have we not, about
phantom withdrawals from cash machines? We are all rather cynical
and we are not sure whether or not it is someone trying to have
the banks over or whether it is the banks denying liability. One
of the problems faced by the banks is that if they concede that
their systems are not as good as they might be, then business
evaporates. A good example of that was the Johnson baby food one
when there was the thought that some of their food was contaminated.
Their sales rocketed downwards instead of upwards. There is a
whole range of issues which law enforcement probably appreciate
and understand. There is a real need for an excellent dialogue
among everybody to make sure that we are all going that way running
with the baton.
Lord Woolmer of Leeds
438. I want to ask you a question related to
privacy. The nature of what is happening is that there is an explosion
because of the ease and the low cost with which people can communicate
with each other. People expect to be able to communicate privately.
Because that has exploded exponentially, the number of absolute
events of crime increases but not necessarily as a percentage
of the actions of communication. I must confess to some unease
about the logic of saying that to be able to combat a rising absolute
number of criminal activities that is in some way going to change
the relationship between privacy and communication. The nature
of the communications that have started to happen are more impersonal
than letters and telephone calls where one might get a sense that
one's phone call is being tapped or letters being opened, but
you have no idea if your electronic communication has been read.
I have to say that I have a concern about the logic that there
is this problem which I do not find quantified today, and I heard
you say that it is difficult to quantify it, and that that may
lead to police authorities feeling that they must in some way
intrude upon privacy in a way which they would not dream about
because technically you have got to intrude if you have got any
hope at all. There is a certain Catch-22 here. How would you respond
on that? As a politician with a small "p", I feel there
is a recognition that there is a problem here but equally the
means of communication is impersonal and that could lead to very
serious concerns with people on privacy if they feel that the
agencies tap in in order to be able to follow crime. What are
the protections for the individual?
(DCS Akerman) The law.
439. Globally. Your point about the law is that
nobody knows who is tapping and where. You used tapping into Spain
as an analogy, that the Spanish might not accept it. Could somebody
in Nicaragua tap into communications in Britain?
(DCS Akerman) I think, with the greatest respect,
you have slightly misunderstood what I was saying when I used
the Spanish example. As far as law enforcement in this country
is concerned, we are with you 100 per cent in terms of the right
to privacy of the individual, and what we are not suggesting under
any circumstances is that that should be breached willy-nilly
in order to satisfy the whim of law enforcement in any range of
issues unless there is a clear reason to do so. What I am saying
very clearly I hope is that on those occasions where there is
a very clear and demonstrable reason why we should do so we ought
to be able to do so without too much of a problem. The fact is
that if we came to your premises with a search warrant, which
we had gone to the court to get and we had had to satisfy the
court that we could have it, if in your house you had a locked
safe and you refused to give me the combination, is it not somewhat
ludicrous that I have a warrant to search your house and yet that
does not extend to your safe?
440. The argument of the industries for self-regulation
tends to imply that they may seek to invade privacy, whereas the
official police agencies cannot. Do you think that the various
self-regulating industry organisations and companies, to protect
their own interests, may, without the kinds of safeguards that
you would have to go through, invade people's privacy in order
to ensure their own commercial security? Does that happen currently?
What is your view?
(DCS Akerman) With respect, you cannot expect me to
answer a question on behalf of industry. What I will say is this.
Technology is such these days that very few of us are anonymous
and there is a plethora of information gathered on us these days
which allows all sorts of things to take place. If you take the
telephone, for example, the fact is that in order to bill you
they have to put in place something which allows them to do so.
That in effect is an invasion of your privacy, but there is a
perfectly understandable reason for doing it. Yes, it is like
anything. Everything is open to abuse. The beauty of this country
of course is that there are so many checks and balances to challenge
that. The problem is that I am not sure that everyone understands
the whole range of issues presented by technology itself. Here
is another quick example for you. Your children are probably more
computer literate than you. What happens? Where is the computer
put? It is put in the bedroom because Mum and Dad do not understand
it, whereas in fact it should be in the communal areas so that
Mum and Dad can see what is going on. That is another illustration
of the importance of making everyone aware of technology and educating
them in what it can do. Too many of us are technophobes and do
not want to know.
Baroness O'Cathain: This Committee is different.
Chairman: We have a lot more people who would
like to ask further questions, but I regret that time has run
out. On behalf of the Committee I would like to thank you very
much indeed again for the paper which you have put to us and for
being so open and honest with us in your answers. If there are
points which on reflection you would like to reiterate or if there
are new ones you would like to put to us, please feel free to
e-mail the Clerk. Thank you very much indeed.