Government hints at new national computer crime force

The UK Government is considering setting up a new national police unit to tackle computer crime, just two years after the National High Tech Crime Unit (NHTCU) was disbanded.

The NHTCU was dissolved into the Serious and Organised Crime Agency (SOCA) when it was formed in 2005, but critics have said that the change resulted in a loss of focus on computer crime, which some experts claim is growing faster than any other kind of crime.

The Home Office has said that it will consider the setting up of a new national body. The news came as part of the Government’s response to the House of Lords Science and Technology Committee’s report into personal internet security.

“The Government will consider the proposals to create a law enforcement unit to tackle crimes involving computers,” said the response. “This will be done in conjunction with the proposals for the development of the National Fraud Reporting Centre, and with regard to the needs of other agencies.”

Since the disbanding of the NHTCU computer crime has been dealt with by local forces except where it is deemed to be serious or organised crime. Critics of that policy say that local forces have neither the expertise nor the resources to deal with computer crime and the technical issues it presents.

London’s Metropolitan Police Service (MPS) itself said earlier this year that it cannot cope with computer crime and called for the reintroduction of a dedicated service.

“The MPS assessment is that specialist e-crime units can no longer cope with all e-crime," said DCI McMurdie in a report from the MPS to the Metropolitan Police Authority, the body that oversees the Met. The report says that e-crime is a much bigger problem in the UK than has been previously thought.

"It is widely recognised that e-crime is the most rapidly expanding form of criminality, encompassing both new criminal offences in relation to computers (viruses and hacking etc.) and ‘old’ crimes (fraud, harassment etc.), committed using digital or computer technology," said the report.

The Home Office admitted in its response to the House of Lords report that there were problems with the current set up.

“We know that [computer] crime is not a problem that sits comfortably within local policing structures, and that historically most forces have underinvested in their capacity to respond effectively to it,” it said. “We therefore believe that national co-ordination would bring some obvious benefits to the policing of these crimes.”

It said that the Government would consider the issue as part of its consideration of the setting up of the national fraud reporting centre.

The Association of Chief Police Officers told OUT-LAW.COM that it did not believe a new centre needed to be created. A spokesman said that its e-crime unit was available to assist local police forces for some computer crimes, and that SOCA should be able to deal with others.

Elsewhere in the response, the Government said that it was not convinced of the need for a law forcing companies to report publicly all losses of customer or employee data. Some US states have security breach notification laws, but the government said there was not sufficient evidence that those laws were beneficial.

“We are clearly not so convinced as the Committee that this would immediately lead to an improvement in performance by business in regard to protecting personal information and we do not see that it would have any significant impact on other elements of personal internet safety,” said the Government’s response.

“The experience in the United States has yet to be fully analysed but there is a strong body of opinion that doubts whether there has been significant differences to corporate behaviour and may, in fact, have desensitised consumers to security issues and undermined confidence in the internet as a business medium.”

The response also dealt with claims that a recent amendment to the Computer Misuse Act would criminalise security researchers who created or got hold of computer code that could be used for certain attacks.

“We note, but do not accept, the Committee’s view that security researchers are at risk of being criminalised,” said the government’s response. “We believe that it is right that those in the legitimate IT security sector, who make, adapt and supply tools as part of their daily work should have confidence that the new offence will be used appropriately and be assured that their practices and procedures fall within the law. The CPS is currently drafting guidance on how the new section 3A offence will be dealt with and this will be issued shortly.”