Some private investigators continue to work as the proxies of organised criminal groups. So wrote Trevor Pearce, the director-general of SOCA (Serious Organised Crime Agency), recently.
In our January issue, reporting the Leveson report into press standards, and corruption by the press, we noted that the authorities were silent on private investigators – who, it is on record, have been used as middle men by Fleet Street newspapers to get newsworthy facts about celebrities. The silence has continued – despite private investigators being one of the occupations to be regulated by the Security Industry Authority (SIA), according to the Private Security Industry Act 2001. That does not mean the issue has gone away. The Independent has made much of (to quote one July article) ‘blue chip dirty tricks’. In other words, the newspaper has claimed that the UK authorities have long known that ‘blaggers’ on telephones seek to deceive utilities, Inland Revenue, hospitals, DVLA – anybody with a database with addresses, national insurance numbers or other data on people wanted, for example to trace for debts.
What is new? As the newspaper reported in passing, the data protection watchdog the Information Commissioner’s Office (ICO) in 2006 brought out a report What Price Privacy? which set out a trade in blagged information. Such traders (paid by results) were working for insurers, law firms and others seeking to trace debtors or check insurance claims. What might be new – though arguably not as important as actual crimes of data theft – is (as with the Leveson inquiry) the question of who knows what and what (if anything) is done to bring data-criminals to justice. As the director-general of SOCA, Trevor Pearce, wrote to Commons Home Affairs Select Committee chairman Keith Vaz in June, SOCA produced in 2008 a report ‘The rogue element of the private investigation industry and others unlawfully trading in personal data’. Intriguingly, the chairman of SOCA, Sir Ian Andrews, wrote to Vaz in July that the report dated from 2007 and informed the then Labour Government’s consultation on whether investigators should be licenced by the SIA.
Only available on the SOCA website since last year, after Channel 4 featured it, the report presented the results of Project Riverside ‘into the harms inflicted on the UK by the rogue element of the private investigation industry’ and offered some ‘intervention opportunities to target-harden’ (not included in the document made public). As the report laid out, besides blagging (’unlawfully acquiring data’) the crimes by investigators have included interfering with electronic media and corruption (whether of police, council officials, or telecoms, banking and utility staff). The report pointed to ‘the absence of regulation in the industry, an abundance of law enforcement expertise either through corrupt contacts or from a previous career in law enforcement, easy access to specialist experts and abuse of legally-available technology’, or hacking, in a word. Blaggers might want to check the police national computer (PNC) on behalf of criminals, to see what police were doing against organised criminals. As reputable investigators and their industry bodies such as the Association of British Investigators have pointed out, seeking to distance themselves from such crime, such blaggers are not investigators at all, retained by newspapers (or indeed criminals) and, in SOCA’s words from 2008, ‘maintain contacts in current law enforcement agencies which they may then exploit’. In other words, as in any trade, there is a buyer and seller, which raises the equal question of the employee corrupted by the blagger. That corrupted people could be so widely across UK life – with access to the PNC, or Department for Work and Pensions databases, or bank records, or any company passwords – may explain why the authorities have made so little publicly of the problem. Or, it may be that those briefing blaggers are big and powerful names. In July Sir Ian Andrews of SOCA asked Keith Vaz that SOCA be allowed to keep confidential people or companies that ‘may have commissioned illegal activities when they instructed private investigators to acquire information on their behalf’. Clients might not have known that their agents (the blaggers) would do unlawful things; and to name suspects from police operations might in Sir Ian’s words ‘substantially undermine the financial viability of major organisations by tainting them with public association with criminality’. As with fraud and corruption generally, it may be hard to know the scale of the problem, and how serious it is for legitimate business. SOCA has said it’s sent alerts to private sector firms, for example telecoms and banks, to warn of ‘social engineering’ methods to get personal data. This was towards companies giving training and awareness to ‘vulnerable staff’.
What to do about the blagging – that is, the gathering of info on some pretext? As the SOCA report made plain, the blagging may not be over the phone but through socialising, for example in the pub, with police. However SOCA has much on its plate – as Trevor Pearce put it, its ‘priority threat areas are drugs, cyber crime, firearms, organised immigration crime and fraud’. In other words, private investigators by themselves are not part of SOCA’s remit. The ICO (as reported earlier this year) raided the offices running a black-list for the construction sector; but the ICO deals largely with telesales marketing calls.
Other ways to get personal data include second-hand hard drives sold online which may contain residual info. However, just as it proved long and hard to get to the bottom of News of the World and other newspaper interception of voice mails and other methods to get info, so it is by definition hard to catch blaggers, who may be ringing on pay as you go mobiles that cannot be traced. Or, associates might use the same email account and write and pick up emails from the ‘draft’ folder, so that emails need not be sent (and maybe intercepted). As for hacking phones, the trick there was to acquire the PINs for the mobiles,change the PIN back to the factory default setting, and retrieve voicemails sent to the phone owner.
Interestingly, Trevor Pearce of SOCA wrote to MP Keith Vaz in July that SOCA ‘engaged closely’ with the Home Office and the regulator the SIA ‘to inform the case for, and scope areas to develop the proposed regulation’ around 2008. As the SIA has said since, it was then advancing plans to badge PIs, only for plans to go on hold before the May 2010 election, and be shelved altogether by the Coalition Government’s ‘bonfire of quangos’.
In its annual report in July – its last, as SOCA is turning into the National Crime Agency – SOCA said that it ‘continued systematically to target the criminal trade in stolen financial information’: “In 2012/13, SOCA and its partners returned over 1.5 million items of compromised data to the financial sector.”
In its annual report, the ICO said that it will amend its CCTV code of practice to ensure that it dovetails with the new surveillance camera code of practice released by the Home Office, featured in the July issue of Professional Security. The ICO reported that it took enforcement action against local authorities who were requiring licensed taxis to have CCTV with continuously operating sound recording – unlawful data processing, according to the watchdog.
