SOCA defends e-crime record as minister admits gap
NHTCU 'nostalgia' misplaced, says UK's FBI
Analysis The Serious Organised Crime Agency (SOCA) has defended its record in tackling cybercrime, arguing that it has more resources at its disposal in fighting e-crime than the more specialist police agency it replaced.
But the defence comes as a Home Office minister acknowledged gaps in UK e-crime strategy and announced plans to establish a new e-crime reporting and investigation agency.
SOCA opened its doors on 1 April 2006 following a merger of the National Crime Squad, the National Criminal Intelligence Service, the National Hi-Tech Crime Unit (NHTCU), the investigative arm of HM Revenue & Customs on serious drug trafficking, and the Immigration Service's unit dealing with people trafficking.
Its top priorities in fighting drug dealing and organised immigration crime have prompted criticism from sections of the IT security community, who reckon the fight against cybercrime is not getting the resources it deserves since the absorption of the NHTCU.
David Roberts, chief executive of the Corporate IT Forum, said last December that IT directors are starting to believe that the government is failing to prioritise the fight against cybercrime.
"There is no source to go to to report e-crime, other than the local police station – and they have very little understanding of it. It is a significant problem," Roberts said in comments typical of those from others in the industry we've heard repeatedly over recent months.
The battle against drugs gets 43 per cent of SOCA's budget while the fight against fraud - a category that includes cybercrime - gets just five per cent of the pie.
SOCA has a total headcount of 4,000, against which the specialist e-crime unit may look small, even taking into account that the majority of SOCA's workforce are support personnel. A spokesman for SOCA said whether the resources SOCA is allocates to the fight against e-crime are adequate is a question for ministers to answer.
But, he added, the number of specialists officers tackling e-crime has been maintained over the last two years at 58, more than it inherited from the NHTCU (though it wasn't able to say what this figure was).
The spokesman said these officers were able to draw on a larger base of support personnel, such as 140 liaison officers in 40 countries across the globe, than was the case with the NHTCU. Furthermore these officers have been freed of the burden of covering child abuse investigations, a task that's been passed onto the Child Exploitation and Online Protection (CEOP) Centre.
"The NHTCU had a smaller headcount and included people dealing with child abuse," SOCA's spokesman told El Reg. He wasn't able to say what NHTCU's lower headcount was but maintained that the number of staff aware of e-crime risks was higher in SOCA than at the NHTCU.
"Some of the staff we inherited who specialised in e-crime have transfered to other departments while we've maintained the headcount in the specialist department at the same level," he said.
Next page: Nostalgia ain't what it used to be
Not quite right
The article quotes: "the number of specialists officers tackling e-crime has been maintained over the last two years at 58, more than it inherited from the NHTCU (though it wasn't able to say what this figure was)."
By sheer coincidence, NHTCU had around 55 officers, so clearly SOCA has delivered a huge increase. When SOCA e-crime was launched it was budgeted for 150 officers, but failed to recruit anywhere near that figure. Numbers are only part of the story, as its what those officers are tasked with doing that makes all the difference.
Most complaints about SOCA e-crime stem from its perceived lack of focus on crimes that concern private citizens and businesses, e.g. fraud, DDOS extortion, targeted hacking etc. SOCA e-crime is doing valuable work, its just work that is largely invisible to most of us who suffer these crimes, and there is no one else who is capable of picking that up. So yes there is a major gap in law enforcement coverage that I for one hope PCeU will be allowed to fill.
All talk and no browsers
Cyberfraud is not the only area in which it seems difficult to discover the appropriate authority. The Home Office seems to leave open more than one "gap in e-crime reporting and cybercrime investigation that needs to be bridged."
Apparently they either don't know or won't say which department has responsibility in associated areas. See: http://www.publications.parliament.uk/pa/ld/ldcumlst.htm (retrieved 20 May 2008, 18:20)
"Cumulative list of unanswered Questions for Written Answer No. 23, 20 MAY 2008
"Tabled on the dates in bold and due for answer by the dates in brackets.
"The Government Department responsible for answering each Question is shown in square brackets...
"24 April (8 May)
"Earl of Northesk to ask Her Majesty’s Government which law enforcement agency, Department or other statutory body has responsibility for investigating and prosecuting possible criminal breaches of (a) the Data Protection Act 1998, (b) the Regulation of Investigatory Powers Act 2000, and (c) the Computer Misuse Act 1990. [HO] HL3267"
Given the SOCA spokesman's comment that "We have a good relationships with the IT industry which we intend to further improve," should we perhaps be watching for an announcement of a public-private internet surveillance initiative from the Department for Business, Enterprise and Regulatory Reform (BERR)?
Just a technical point
The National Hi-Tech Crime Unit (NHTCU) was actually merged with the National Crime Squad some time before SOCA was formed.