Feeds

Study reveals gaps in UK system to track criminal and terror finance

Lots of data, but police can't or won't use it fully

  • alert
  • submit to reddit

3 Big data security analytics techniques

The new-look Elmer should give LEAs remote read-only, semi-searchable access to Elmer. This improves the previous regime in that some LEAs reported that the search request process was laborious and time-consuming, but also means that SAR data will have to be pulled by the LEAs rather than pushed by NCIS. A further phase of Elmer was scheduled for early 2006, and is intended to include advanced data mining. Fleming comments that this "places the onus on the use of SARs squarely on LEA shoulders. LEAs - particularly the MPS (Metropolitan Police Service) - will need to devise ways to find those SARs which represent a priority. The one-by-one manual evaluation of SARS upon receipt may forcibly become a thing of the past."

LEAs will therefore have moved from a position where they were given to large pile of data to sort through, but generally didn't, through a period where the pile was smaller and more targeted, to a point where the pile is central, and it's largely up to them to access it remotely and maximise its value. All LEAs will have online access to all SARs (with the exception of terrorism-related ones, which raises the question of how you define a terrorism-related SAR), but what we have here, although a picture of the new-look Elmer, is really only half of a system.

Fleming's ability to conclude that SARs are under-utilised was impeded to some extent by woeful management and record keeping by LEAs. There's very little data available on how effectively and extensively they use SARs, so it's not particularly practical to attempt a precise measurement of their performance.

As Fleming observes: "Few carrots or sticks drive the use of SARs, no performance indicators encourage LEAs to make proactive/reactive use of SARs (and only things which are measured appear to get done)." Which is not a climate wholly unfamiliar to many other Government employees. In the absence of carrots or sticks, SARs drop down the priority list. They're difficult to "sell" to operational teams (presumably pushing forms back and forward isn't sexy enough), the request process (the one Elmer ought now to be abolishing) is laborious and time-consuming, and there's little automation of cross-checking.

That last one's particularly interesting, in light of Fleming's view that manual checking will forcibly become a thing of the past. Many LEAs are using Word or Excel to track their SARs, and it's therefore not entirely surprising that there's not a lot of tracking data available from them. Either app is perfectly tolerable as something that allows you to look at a .CSV somebody's sent you, but if you want to check that data against a database then there are clearly a few other things you're going to have to do. LEAs' case management capabilities are limited (kind of makes you wonder, given their line of work), and Elmer is not a case management system. One of Fleming's recommendations is for greater use of case management, and he reports that many LEAs feel that the production of a uniform, nationwide case management system would make the regime far more effective.

Which one way or another will mean more expense, simply to get SARs to function with any great degree of effectiveness. A number of Fleming's "critical" recommendations will be familiar to students of Government IT disasters. The SARs regime should be given a clear owner (likely NCIS/SOCA). The regime's aims objectives and principles should be set down, and LEAs should make "constant, unwavering use of the Elmer database" (tricky one this, if you're just peering at a terminal and wondering what to do with your search results). LEAs should have clear performance targets and (here we enter tech challenge territory) "NCIS/SOCA should ensure that Phase II of the Elmer rollout - with its advanced analytical capabilities - is delivered on schedule." And even more challenging "database cross-checks between Elmer and relevant national databases (e.g. PNC, JARD [Joint Asset Recovery Database]) should be automated, such that database hits are highlighted when looking at a SAR or series of SARs on Elmer; this should be handled by NCIS/SOCA, perhaps in conjunction with the Police Information Technology Organisation."

There's clearly more expense associated with that last one, which sounds well on the way to being a more extensive and comprehensive national system, and it reminds us that the ability of police systems to talk to one another is still pretty limited. Overall, you could call it an everyday story of tech-happy Government, all data-ed up but nowhere to stick it. More and more data is scooped up in the name of greater efficiency, enhanced crime fighting ability, combating terror, whatever, but scant attention is paid to what will actually be done with the data until people start wondering why the system isn't working, loudly enough. Then, just maybe, the decision-makers will start to contemplate paying for the kind of joined-up system they should have commissioned in the first place.

Fleming's study is not obviously available on the Home Office's pretty ('Now with added dysfunctionality!') web site, but can be obtained here. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.