Essex Chief Constable Stephen Kavanagh, National Police Lead for Digital Investigation and Intelligence, in a frank and revealing interview on the threat from cybercrime.
City Security magazine met up with Chief Constable Stephen Kavanagh to discuss the current policing approach to cybercrime and the significant changes needed to keep abreast of its industrial and diverse scale.
How would you describe the current threat from cybercrime?
The scale and nature of the threat is increasing at a deeply concerning rate that the private sector struggles with and the public sector poorly understands. It is an international policing challenge. Fraud, harassment, child abuse and conventional crime are all being underpinned by technology.
The Office for National Statistics crime reports now show that fraud and computer misuse offences outstrip all other types of crime. Government, police chiefs and partners must understand the level of harm that this represents.
How is UK policing responding?
The good news for law enforcement and partners in the UK is that, even though there is not enormous resource committed, transformation funding is enabling us to organise ourselves for the digital age: how the public contact us, how we develop intelligence, how we present evidence to court, in a way that is as good as anywhere in the world.
However, policing must take responsibility for the speed of the response. In particular, the police response to Action Fraud has not always been what it should be, with victims of fraud not dealt in a way British policing would want. But this whole endeavour is maturing.
How are the police upskilling for the digital age?
Modern technology with a motivated workforce is truly changing the way policing is working – not just digital crimes, but around mainstream crimes.
Our Digital Media Investigators, who work on the digital policing portfolio, are developing a range of skills – in fraud, harassment, Domestic Violence, digital forensics – to become part of a national network. And our First Responding Officers are being upskilled in their understanding of the digital footprint, how they can use open source intelligence and other forms of information analysis.
Here in Essex, we have two thousand mobile devices for our front line officers, allowing them to update intelligence reports. This means information on sex offenders, burglaries, descriptions of missing people are available immediately.
Sufficiently accessible mobile apps don’t need a tech wizard. Officers should be able to use a mobile device to complete a statement, a stop and search and an intelligence report. This makes the job easier, unlocking policing from the bureaucracy that has tied back generations, making our police officers multi-skilled.
We have invested millions but we are not really pushing the envelope around skills and capabilities with the resourcing we have. We won’t truly become a twenty-first century endeavour in policing in the UK until there is a step change in how we provide IT support and digital technologies to forces.
Is legislation keeping pace with these emerging crime types?
We are constantly trying to make the best of what is an outdated legislative model. There is a constant mend and make good approach: officers and the CPS make the best charges possible. We need a Criminal Justice System that is clear and helps victims understand when they been a victim of crime and the ability to prosecute those causing the greatest harm in a consistent way. We need a system that allows officers to know exactly what evidence to identify, secure and present to court.
As professional police officers, we must articulate our ambition and the risks we manage – whether fraud, online abuse or drugs trafficking – in increasingly complex times, with reducing resources.
How will the new National Cyber Crime Unit (NCCU) reduce the cyber security risk to the UK?
The international dimension covered by the security services and the National Crime Agency is well supported and developed, but we are being drowned by data. This new Unit will help us bridge the gap between the national and international digital challenge and what local forces and regional crimes forces are doing. It will enable us to understand where on that continuum of harm we are and how to manage and investigate it. This Unit will be an enormous step forward.
What can the police do to support the NCCU?
Forces cannot be child-like in their response. As the Unit develops, we must assist them: share intelligence on new and emerging crime types and methodologies and better crime prevention advice. Already we have good examples of individuals, forces and partnerships sharing information, but we need to be more consistent. There is an element of post code understanding and ability to deal with the threat that is emerging.
A key concern of yours is online child abuse; what are the challenges to tackling this crime?
In the past it was difficult for paedophiles to find like-minded people to share images. Now we have the echo chamber of social media, where these groups identify and coalesce, reaffirm their beliefs or values and encourage more depraved imagery. Then those locked away in the internet form dangerous sub communities, pulling away from the mainstream. This is not something you can arrest your way out of.
Policing now needs a greater level of confidence in what it does. Recently, the Chief Constable of Norfolk, Simon Bailey, tried to mature the debate around child abuse imagery. Some of the responses to his statements were crass and superficial in the extreme. The numbers of people viewing child abuse imagery, provided by NSPCC, show that we do not have enough prison places, by many times, even if we were able to prosecute them all. Police chiefs and government must start talking about how to deal with this. Of course, it is hugely wrong and corrosive to all concerned, but there is a capacity issue in the Criminal Justice System and law enforcement.
How can we keep children safe from this form of abuse?
All partners – social services, education, schools, health, courts, politicians – must take responsibility. And we must work with internet and social media providers. We need to make it more difficult for the predators and help protect naive individuals, who are sometimes vulnerable, sometimes just lonely and want to develop friendships, from harm.
Child abuse online is sadly industrial in scale and we need to deal with it more effectively. Our officers, more than ever, need the confidence and skills to apply limited resources to the highest risk and to take critical decisions in an unforgiving environment.
How has the internet age influenced terrorism?
I don’t think we can underestimate the opportunity the internet age has brought to those who wish to cause harm to our communities. Our security services are identifying more and more potential terrorists.
We know that the internet allows vulnerable individuals who want to believe in something and an identity, to connect to others who wish to manipulate them. We saw Roshonara Choudhry, a bright thoughtful individual, being radicalised by the internet and going on to stab Mr Stephen Timms MP. Individuals can access vile imagery of people being tortured and murdered in Syria and elsewhere and become drawn in and desensitised to it. We now have the awful attack at the Houses of Parliament.
The internet plays a vital role in terrorism today.
The dark web and other areas provide increased opportunity for those who want to get in involved in the black market to ply their trade. But it is manageable: there are some brilliant skills in our security agencies and they target the most dangerous criminality while the police get hold of the mainstream problem.
How can technology be used to support police efforts to counter terrorism?
If we are to tackle the scale and nature of the terrorist threat in the twenty-first century, we need to use big data and clever analytics on those who present the greatest risk. We need to see who is communicating with whom, where they have travelled, their social media profile. But we must do that with public consent.
In some ways, we have allowed the privacy lobby to dominate the debate. The government does not have the capacity to monitor everyone’s private movements, relationships or internet use in a way that is undermining their privacy.
Case studies will be key to reassuring the general public. They will provide examples of how we’ve used data analytics to investigate and bring terrorists to justice.
Is the Data Retention and Investigatory Powers Act 2014 (DRIPA) a snooper’s charter?
It is superficial and nonsensical to call DRIPA the snooper’s charter. The people working in counter terrorism are not snoopers. They are people who are trying to keep the very fabric of our society together. Recent events tell us this is more important than ever. Standards of integrity must be high, we must maintain public confidence, the police must be seen to be respecting legislation and human rights. If we push the interpretation of regulation for public good, it has to be transparent, it has to be recorded and we have to be held to account for what we’ve done.
Certain spokespeople say that we can use DRIPA to snoop on individuals’ dustbins and browser history. But the scale of internet activity means we need to go really fast just to keep up and focus on the greatest level of harm. There doesn’t seem to be an acceptance of the scale of data and the volume of harm. The police are being far more thoughtful on how they use a limited resource.
How can the internet providers help in the fight against cybercrime?
The scale of the problem is enormous and for some big providers their priority is to provide a seamless customer journey and to placate the privacy lobby. They don’t recognise that their customers are being abused, bullied, harassed – sometimes committing suicide – in the name of freedom of expression. There must be more responsibility taken by social media providers and more responsibility by policing in how we can intervene earlier. This has got to be a partnership.
How can business help?
We need a step change in how we work, to quickly identify when new methodologies are emerging and to protect the public from those crime types. We ask business to keep talking to the police, keep referring and keep challenging. The British police are great at taking a challenge.
We need the top tier of decision makers, at the peak of their game who understand the digital challenges, to become involved. If business and policing are ready to have younger, less conventional, experienced individuals helping with the challenge, then we can develop dynamic, positive solutions
The risk is that the business community has lost faith in the way we are managing some of these issues. But they should know that British policing is amongst the best policing in the world. Keep talking to us and please don’t disengage, don’t lose your faith, look for the opportunities, whether by identifying vulnerable individuals or supporting user communities. We know we have to keep improving, that the journey is going to be a long one.
How can individuals help?
We are developing the role of police specials for those people who work in IT and the cyber industry who want to volunteer regularly to support the police. Perhaps to investigate fraud or to support another type of investigation.
To find out more, you can contact www.essex.police.uk/join-the-police/special-constabulary/ www.hampshire.police.uk/join-us/special-constables/
How do you see the future?
Digital technology and the internet are ingrained in our everyday lives and are here to stay. How the police, internet providers, partner agencies, internet and social media providers and the business community deal with the level of fraud and harm should collaborative. This is vital to the reduction of harm in a digital age.
Police chiefs have asked me to coordinate our response. They now get the enormity of the challenge. It’s always going to be massive, it affects everyone.
City Security magazine interview Chief Constable Stephen Kavanagh in summer 2017.