Watching over the detectives

Williams believes officers must show a good understanding of e-crime to have any chance of making it as detectives in tomorrow's police force

It is a mark of how seriously the police service is taking the threat and scale of e-crime that the officer taking the national lead for the Association of Chief Police Officers (ACPO) –­ deputy assistant commissioner Janet Williams of the Specialist Crime Directorate ­ – has previously been detective chief inspector and senior investigating officer in the Metropolitan Police anti-terrorist branch.

But it is perhaps less impressive that ACPO took until August this year to publish its first outline strategy for handling e-crime. And that the Police Central e-Crime Unit (PCeU, pronounced “peck-u” in cop parlance) has only been in full operation for about nine months.

Williams laughs at the idea that this could have all been done years ago. “Yeah well, I wasn’t here then,” she says, but she feels all society is playing catch-up with technology, not just the police force.

The fight against computer criminals in the UK has been a stop-start affair, and both a cause and effect of that is the lack of a national reporting mechanism for e-crime. The result, in Williams’ words, is that both ACPO and the government are only now beginning to get to grips with the e-crime threat.

“I don’t feel that society as a whole, and ACPO as part of that, has a comprehensive understanding of the risk and threat. One of the reasons is that there’s no one intelligence source on e-crime. There’s no intelligence accrued nationally. As a result, the understanding is fragmented,” she says.

Reporting is one aspect of the ACPO e-crime strategy, and will be handled by the National Fraud Authority’s national fraud reporting centre. E-crime will piggyback onto this, and the speed of its set-up is outside ACPO’s hands.

There are other challenges, too. “The gauntlet that e-crime hands to us is that we’re going to have to work in a different way. We’re going to have to work faster and smarter. We will have to be able to jump across jurisdictions like criminals can, and that means changes in legislation, and changes in the way we do business,” says Williams.

She acknowledges the police and partner agencies can be bureaucratic in the way they work, but dismisses the suggestion that this and securing fresh legislation is going to keep law enforcement some steps behind the criminals ­ even in terms of the technology they can access.

“We’ve got some real challenges in bringing e-criminals to justice if they’re working overseas. However, in terms of protecting the country, protecting our national infrastructure, protecting our financial sector, I absolutely disagree with you. People are investing a lot of brain power, money, time, and thinking into that –­ the agencies really are working together to do that,” she says.

“In protecting, patching and mitigating risk, we are very much ahead. It’s bringing people to justice that is a bit slower. But having said that, working with other organisations speeds us up –­ that’s why I’m keen to do that.”

This is an area where Williams feels she and her colleagues have been very successful. As well as industry and academia, good IT people want to work with the police.

“Absolutely they do,” says Williams. “Because it’s so exciting and new.”

Within the PCeU there are a large number of tech-savvy investigators, although Williams does not want to say exactly how many there are. “It sort of gives the opposition a bit more fire power,” she says.

The PCeU also benefits from secondments from industry, and has a number of part-time officers who work in industry. “They’re adding real value,” she says.

In addition, Williams is developing virtual task forces involving industry and academia working alongside the police on the biggest e-crime issues. Parties agree to share information and intelligence. She cites Chatham House, the independent international think-tank, as having been particularly helpful in bringing together partners and giving her set-up credibility.

“The police orchestrate this but lever resource from elsewhere to move faster, and have more brains on it. This is enabling us to start to really understand the problems, and deliver some really good outcomes,” says Williams. “We needed a new mindset for e-crime ­ – it doesn’t all have to be cops. Cops play a critical part but they’re by no means the total solution to this. For example, I might need academics who truly understand the nature of botnets, how they’re composed, how they potentially might mutate, and then what the risks are to our infrastructure. A combination of brains is required, and it truly isn’t just a policing solution,” she says.

Williams, a Met officer since 1982, became involved in e-crime when she led the investigation into the loss of HM Revenue & Customs (HMRC) child benefit data in 2007. An HMRC office junior burned the entire database onto two discs, and sent them to the post room for collection by TNT. It triggered the country’s biggest police investigation into possible identity theft, exposing 7.25 million families to the risk of fraud by organised criminals.

She’s not a techie: “Oh God no ­ – definitely not. But in a way that’s a strength, because I understand the business of policing; my background is serious and organised crime and terrorism,” she says.

But the next generation of detectives are going to have to be clued up on IT.

“I’ve been very clear that detectives most definitely need to understand e-crime,” says Williams. “They need to know their way around technology to be effective. I don’t think people will be capable as detectives in two years if they can’t do that.”

Williams considers that the £7.4m she has been given to fund the PCeU until 2011 has been spent proving a concept. She is hoping to be able to put figures against how much the operation has saved individuals, communities, and the country by preventing e-crime attacks, and to then get the budget boosted.

The high-profile successes this year have included taking out about 100 web sites that claimed to be selling tickets for Premier League football matches. Fans received either fake tickets or nothing at all. Operation Phyllite was the result of co-operation between the PCeU, the Premier League, FIFA and various ISPs.

The PCeU also worked with the FBI in Operation Lumpfish, which targeted a fraudulent music sales web site that collected banking information for a gang.

“The PCeU has already started to have a very good reputation in industry. The financial sector is particularly keen to work with us, as are the retailers. We’ve already had high-profile sets of arrests, recouped millions of pounds. We’ve already started to prove our worth,” says Williams.

She considers the level of funding the PCeU received meant that she has had to be creative in getting resources, which has benefited the police approach to tackling new crimes.

Williams and her team have to have their antennae up for all possible threats. Counter-terrorism is part of her portfolio in the Met, and the exploitation of technology as a terrorist weapon is something she has naturally considered as part of her ACPO brief.

”There is no intelligence or evidence to suggest that Al-Qaeda or a terrorist organisation is looking to use technology in that way,” she says. “However, it is incumbent on all agencies to do the thinking, and to be prepared.”