Saturday, 19 June 2010

Covert cops in cyberspace

I’ve recently been reading about the pretty thorough precautions cops have to take before they log into the internet and do a bit of investigating. It appears that lots of forms have to be filled in before they fire up their browser. It may feel like the Wild West for those of us who are stung by the cowboys, but these sheriffs have to deal with a pile of paperwork first.

They have to take due account of the mighty Regulation of Investigatory Powers Act and the Police & Criminal Evidence Act. Lots of human rights to consider here, obviously. Here are some of the highlights, though – as faithfully noted by Clive and Karen Harfield in their new book from Blackstone’s, 'Covert Investigation' 2nd Edition:

Interception warrants are required if anyone intends to intercept communications whilst in the course of their transmission made via computers. Usually, intercepted material is not able to be used in British courts. However, for years, emails have been allowed to be used in evidence, when an ISPs have first been told to divert them to another server and a court has subsequently issued a production order. (See NTL Group Ltd v Ipswich Crown Court [2002] EWHC 1585)

Sometimes, it’s felt necessary to deploy investigators or victims acting on behalf of investigators, to interact with suspects via a computer either by email, webcam or in chat-rooms. Paperwork has to be completed if it is proposed to use, for the purpose of the investigation, any information obtained by the investigator as a result of the on-line relationship in circumstances in which the other party will not be aware of the investigator’s true purpose in acquiring such information. There is obviously fine line to be drawn between entrapment and lawful investigations here.

Such covert on-line investigations create the potential for nightmare scenarios- say when two undercover, on-line investigators interact on-line and begin to investigate each other. Proper procedures have to be in place to avoid this, but I suppose this is pretty hard when investigators from different agencies go the same target at the same time. I would love to be a fly on the wall when these raids eventually take place!

While there is a general unease about the use of CCTV for general policing purposes, I’m sure that everyone agrees that It is good practice to video the interaction of undercover investigators on-line for evidential integrity purposes.

Lots of paperwork also needs to be completed if it’s proposed to use an informer to obtain information via an on-line interactive relationship. But fewer forms have to be completed where the informer is asked to get information from a database to which they have lawful access. Presumably, this is why informers may be asked to use their Facebook accounts to access their friend’s accounts, especially if the friend has recently taken advantage of the new privacy settings that Facebook have allowed their users to tweak.

Different forms need to be filled in if it’s proposed to access material stored on a computer, as this constitutes interference with property.

Finally, one of the most frequently asked questions from investigators involves accessing the email account of a suspect when the password to that account has come into the possession of investigators. ‘I have X’s password: can I access his email account?’ Without the informed (and preferably written) consent of the suspect, no: such action constitutes a criminal offence under the Computer Misuse Act 1990.

So, as you can see – our investigators are required to respect human rights just as much in cyberspace as when they are exercised on terra firma. Wherever our stuff is, we have rights to which govern how the state may wish to interfere with it.