As we enter the third term of elected Police and Crime Commissioners, it is now the time for them to play a more active role in the public consultation of how technology is used to protect the public; as well as in the role the police has in protecting the technology we use to go about our daily and increasingly digitally enabled lives.
All technology is a double-edged sword. It can be brought to great use for efficiently automating repetitive and mundane tasks. From the introduction of remote controls through to smart speakers, we save moments not getting up to turn over the television or not lifting our wrist to tell the time, preferring to ask Alexa, Siri or Google.
So too is technology a powerful tool in the hands of criminals, using military-grade encryption, and storing files on overseas computers outside of the reach of a British court order. These easily implemented technologies are increasingly frustrating law enforcement’s ability to investigate crime.
The realm of cyber dependent crime, the industrialisation of criminal activity in the form of viruses, malware, robo-dialing and hacking, has changed both the demands on the Police, Crown Prosecution Service, the Courts and the Government, but along with it the need to bring along the public on a journey that they may find frightening. We like to experience the lifestyle improvements technology brings, but sometimes balk at what is required to keep it safe.
In the crimeware technology arms race, it’s not enough to have the will and resources to build tools to stop crime happening. You need the techniques, tools and authorisation to do so. Because the tools we must use go by the name of artificial intelligence and they use personal or sensitive information. The right to privacy and the need to build appropriate technologies that are contextual will be part of the journey ahead, but who is best placed to do this? The Home Office, Police technology teams, the National Cyber Security Centre (NCSC)?
The recently published Integrated Review highlights this need. However when ambition turns to action we must bring the public with us. The public relations disaster of the Metropolitan Police using facial recognition demonstrates the need for better consultation and engagement. PCCs represent their communities, and are a catalyst for local government and agencies, local authorities, and Members of Parliament. They are well placed to consult about the ethics of using powerful new technologies to realign the balance between criminals using technology against us, and fully empowering those that would protect us in an ethical and transparent way.
The level of threat is global and complex when analysing a digital breach or an offence. It is not clear if a state actor, serious organised crime organisation, hacktivist group or lone wolf is the culprit and this will require increasing partnership working between government agencies with the appropriate safeguards. The challenges are enormous and time is against us.
In 1996 the first Mission Impossible film featured a scenario where Tom Cruise was lowered into a secure facility to steal the “NOC” list, a list of covert operatives identified as some of the most secret and valuable to government intelligence. The plot of the film revolved around the fact that, surprise, if it were to fall into the wrong hands, lives and years of intelligence work would inevitably be lost.
Fast forward to late March 2021, and the BBC and New York Times reported on how a similar list of criminal informants had been stolen from Washington DC Police Department, demanding they pay a ransom in Bitcoin. Far from an isolated incident, this was the third US law enforcement hack in the US over just six weeks.
In the UK we have the NCSC as part of the Government Communication Headquarters (GCHQ). The NCSC’s stated aim is to lead the world in this area, working closely with allies; but the time is now, the need is urgent, and actions of this magnitude need public support as this endeavour will span multiple Parliaments.
PCCs, with their power to ‘Commission’, working closely with government and the public could confer one of the greatest advantages any advanced democracy enjoys.
Police Cyber Alarm, a free tool provided by policing to local government, the NHS, GPs, schools and businesses offers a sustainable model: users sign up to share threat information with policing, in return for personalised advice, allowing for more efficient detection and investigation when these users are targeted by cyber criminal activity.
This is now a nationally funded technology, but started as a Police and Crime Commissioner initiative. It was born out of users’ needs, and was defined, created and tested in months for tens of thousands of pounds, not tens of millions. It delivered quickly, effectively and with the full support of the community. It is not the only UK cyber initiative, but it is arguably the most cost-effective and rapid go-to-market tool of its kind.
This model is proven, and can frame part of the future rollout of police innovation, seed-funded through PCCs, supported at scale by central government. The direction and ambition is clear. It’s how we get there that is the current challenge for our newly elected representatives. We cannot fail the public and the UK economy depends on it.
Congratulations to those (re)elected on May 6th. Now the work begins.
Simon Clifford is a former Director of Digital and Data at The Police ICT Company (now the Police Digital Service), and now works in the private sector. You can follow Simon on Twitter at @simonaclifford