Original URL: http://www.theregister.co.uk/2008/12/04/police_pc_seizure/

Plod punishes PC-reliant businesses

Innocent or not, you deserve to suffer

By Jane Fae Ozimek

Posted in Law, 4th December 2008 13:46 GMT

As police begin the tedious task of sifting through Tory frontbench spokesman Damien Green’s computer effects, politicians and professionals have expressed concern that computer investigations are becoming a source of serious injustice, in need of reform and regulation.

If you are suspected of an offence that involves the use of a PC, then at some point it is likely that the police will make a visit and remove the offending computer, or other gadget, for forensic examination.

The problem arises from the lack of standard procedures across the 43 police forces in England and Wales and an unwillingness to facilitate access to an individual’s data. Depending on resource levels, forces can take between three and 18 months to examine and return a PC. In some cases, where a trial is pending, they can take even longer.

Meanwhile, anyone whose work or business resides mainly on their PC – their address books, accounts, product information – must sit back and see their life put on hold. Individuals who are merely accused of a crime can suffer severe financial hardship or be bankrupted as the legal process grinds slowly on. Even where the police eventually decide there is “no case to answer”, lives can be ruined - yet the government appears uninterested in doing anything about the issue.

We contacted various bodies in an attempt to gauge the scale of the problem. While forensic experts agree that the number of PCs brought in for investigation is growing, year on year, neither the police nor the Home Office collect the figures. This leads, bizarrely, to some police forces cutting back on resources for investigating PCs at the very time when they need more.

In the absence of precise figures, industry experts estimated that between 80 per cent and 90 per cent of investigations involve the police looking for child porn. Other reasons include IP theft, fraud, terrorism or, rarely, breaches of the Official Secrets Act.

Equipment is then stored by the police, pending examination by both prosecution and defence experts. According to Simon Steggles, MD of DiskLabs, an organisation offering a commercial forensic service to either side in such cases, direct examination is carried out on clones of the hard drive, rather than the original hard drive, in order to preserve the evidentiary value of the data. He said: "We forensically 'image' data using various methods such as Encase or Forensic ToolKit software or Image MASSter SOLO 3 hardware copier, which is a faster option with a theoretical 3Gb per minute transfer rate, although we normally get around 800Mb per minute.

"We check the digital fingerprint – the MD5 Hash, or checksum – of every copy before removing it: if a single comma or full stop has changed, it will fail the 'fingerprint' test and we will start the process again."

In other words, standard procedure already allows for individuals to regain access to their data. However, several experts we have spoken to all confirm that this can be problematic, citing police attitudes and obstructiveness, as well as a failure by the courts and the legal system to understand the issues involved.

Chris Huhne MP, Home Affairs Spokesman for the Lib Dems, said: "In complex cases it is vital that the police have the technological capability to carry out thorough investigations and that suspects cannot tamper with the evidence. However, it seems unnecessarily punitive to stop people from accessing important personal or business information for as long as 18 months. A system needs to be created that serves the best interests of justice as well as individual needs." ®