Last autumn I wrote a background paper on “Complexities in criminalising denial of service attacks” for the Internet Crime Forum (ICF) Legal subgroup. The idea was to give the lawyers some understanding of what DoS and DDoS attacks were all about, and how it can be hard to pin down concepts such as authorisation when one looks at how we use Internet resources today.

The Home Office has now brought forward the Police and Justice Bill, which contains amendments to Section 3 of the Computer Misuse Act 1990 to deal (they hope) with denial-of-service attacks. Thus events have overtaken the document – so there is little value in progressing the document through the ICF procedures needed to make it an Official Publication. Hence I’ve made it available on my own website, so as to provide a background resource to those considering whether the Home Office have got it right!

Tomorrow I’ll be at Parliament giving evidence to the Home Affairs Committee, who are considering a request from the police to be able to hold terrorism suspects for ninety days without charge, so as to be able to examine seized computers properly. My written evidence to them is here.

The police are short of forensic capability, sure; and that’s going to get worse until they get their act together. But they’re also short of interpreters. I don’t think they’d dream of asking for increased detention powers just because not enough coppers speak Somali. Parliament would just tell them to hire interpreters from commercial agencies. Why do people get away with such poor policy arguments when computers are involved?

Clause 35 of the new Police and Justice Bill will amend the Computer Misuse Act to make it an offence to make or adapt any article –

(a) knowing that it is designed or adapted for use in the course of or in connection with an offence … ; or

(b) intending it to be used to commit, or to assist in the commission of, an offence …

This would be OK if the “or” at the end of (a) were replaced with “and”. As it stands, it looks like criminalising much of what we do here. Time to write to your MP?

There’s a big change coming in the way that the UK police deal with “hi-tech crime” — and it might mean that a lot of Internet crime gets ignored.

For the past five years, since April 2001, the National Hi-Tech Crime Unit (NHTCU) has been the national unit for combating “national and transnational serious and organised hi-tech crime both within, or which impacts upon, the UK”. However, from April 2006 the NHTCU is to become part of the Serious Organised Crime Agency (SOCA), along with the National Crime Squad (NCS), National Criminal Intelligence Service (NCIS), part of the Customs Service (especially those dealing with class A drugs) and part of the Immigration Service (who deal with “people smuggling”).

The task of SOCA is to deal with “level 3” criminality, which is defined by the National Intelligence Model (NIM) as “Serious and Organised Crime — usually operating on a national and international scale, requiring identification by proactive means and response primarily through targeting operations by dedicated units and a preventative response on a national basis”.

Level 1 criminality, defined as “Local Issues — usually the crimes, criminals and other problems affecting a basic command unit or small force area”, will continue to be dealt with, as now, by local police forces. This is the type of crime you report to the desk sergeant in the local nick, and of course it’s seldom the model for crime involving the Internet!

That leaves “level 2” crime which is “Cross Border”. In this definition the border isn’t an international demarcation, but between police forces. Since there are 49 police forces in the UK, it’s pretty clear that almost all Internet crime that doesn’t involve mafias or gangs is going to be level 2.

Up until now, Internet crime has been investigated by the NHTCU (in so far as they have had the resources to manage this). They’ve had successes on phishing, software counterfeiting and DDoS attacks. However, if these crimes occurred this year, with the NHTCU personnel within SOCA, then few of them would be level 3 and so they would not be looked at.

So who will investigate these level 2 Internet crimes in the future? Your local desk sergeant may take down the details, but the Chief Constable, who is meeting targets on how well level 1 crime is dealt with, isn’t going to be interested in putting resources into investigating criminals who are likely to be in another force’s area — and possibly even in another country.

You won’t learn much about this change on any police websites at the moment… and this is partly because there’s another change being made by the NHTCU. Up until now they’ve been very media-friendly with loads of press releases about their successes and lots of information on their website to ensure that High Tech Crime gets reported appropriately.

However, in their new role they’ve decided to leave all this behind. So there will be no more NHTCU officers as speakers on panels at conferences, no more cuddly interviews in The Times. Their watchwords, they tell me privately, for the new style are “mysterious and menacing”.

Let’s hope that’s not how we end up viewing the Internet as the level 2 criminals run riot 🙁