by Nick Newman and James Sides, PA defence and security experts
Police forces face some tough choices about the best way to access and share digital information and intelligence.
With its new emphasis on homeland security and in the wake of the Paris attacks, the 2015 Strategic Defence and Security Review (SDSR) will mean that, for the first time, the UK government is conducting a true security review. It will consider the wider impact on the UK of border and economic security and examine the effect of serious and organised crime, including cybercrime, online child sexual exploitation and human trafficking. This means the SDSR will put a spotlight on the scale of change and investment that is required to the structures and organisation of police forces and the security and intelligence agencies to enable them to keep up with the digital revolution.
Some changes have already been put in place. The formation of the National Crime Agency and publication of the Serious and Organised Crime Strategy in 2013 marked the beginning of a focus on digital collection of intelligence. This was followed in 2014 by the appointment of a chief constable to lead on digital investigations and intelligence for mainstream policing. This marked a growing realisation that front-line officers were increasingly ill-equipped to operate in an environment where almost all threats to the nation’s security are facilitated by the internet and mobile communications devices, and every crime has a digital witness.
However, until now, best practice has emerged in an ad hoc way and the intelligence agencies and chief constables have struggled to keep pace with the fast-rising cost and complexity of digital investigations, which require very different capabilities and skills. This is compounded by pressure to preserve an ethical balance between maintaining security and minimising intrusion into public privacy – a tension that sits at the heart of the debate about the Investigatory Powers Bill.
As a result, a number of forward-thinking officials, agency staff and police leaders are beginning to call for a revolutionary approach to bring about the digital transformation of homeland security. In July 2015, the chairman of the Association of Police and Crime Commissioners, Nick Alston, made headlines when he told the national media: “the front line of policing is your front room. If your parents are being defrauded by somebody on the phone, on the internet, if you have a teenage child who is being groomed, if you are being beaten black and blue by your partner, bobbies on the beat are going to make no difference.”
It is now clear that, over the next five years, police and security services will need to find a new operating model that avoids the need to develop expensive technology solutions and advanced cyber skills in every police force in the land. This process should start with learning lessons from previous police investment and change programmes. This includes deciding how much centralisation and automation is necessary to offset the rapid increase in data volumes and complexity. There will be a clear need to share investigative leads, intelligence and evidential material more widely, and more quickly, than is currently possible.
We see three possible approaches:
- Allow the ‘free market economy’ to persist, where local pockets of excellence evolve organically in response to local needs. This is currently the approach being used by digital forensics services, with many police forces arranging local contracts to cope with large backlogs. Without strong central governance, this model risks perpetuating inefficiencies and rising costs, and creating gaps and areas of duplication.
- Drive a federated model where individual organisations adopt ‘lead agency’ roles for developing specific capabilities (e.g. open source intelligence, digital forensics, cyber techniques) including responsibility for integrating these with the complementary capabilities of partner organisations. For example, the National Crime Agency may be best placed to provide advanced cyber capabilities (such as dark-web monitoring) on behalf of all forces, rather than permitting such intrusive capabilities to proliferate locally. This model would require far stronger enterprise management and co-ordination to integrate technologies and manage complex cross-cutting dependencies.
- Develop a centralised model where the responsibility for managing digital data is vested in a single national organisation responsible for data access and exploitation, new ways of working and skills development, as well as collaboration and partnerships. This is currently the model used for the provision of lawful interception and communications data services, which are centrally funded and delivered by the Home Office but locally accessible according to operational justification and authorisations. This option would extend this approach to other digital services such as open source, forensics, biometrics and cyber techniques.
The centralised approach risks creating a perception that the new model would be a domestic variant of GCHQ, which would inevitably raise concerns over mass surveillance and legal issues surrounding the government’s handling of bulk personal data, as well as create a tension with political drivers for decentralisation. However, it offers the greatest economies of scale and opportunities to exploit best practice. In the wake of the Paris attacks, this would be the best way to ensure that the benefits of investment in counter-terrorism can be used to help counter serious crime and support wider policing too.
Whatever option is pursued, it is clear that the digital transformation of the intelligence landscape cannot be bolted on alongside more traditional human surveillance and policing measures. New approaches will be needed. The Ministry of Defence, intelligence agencies and mainstream police all need to access and share information and intelligence in a reliable, timely, affordable and proportionate way. The Homeland Security focus in the SDSR shines a spotlight on the challenges of organising and funding these new capabilities and the choices that will need to be made between centralisation and local control.
PA's Defence and Security experts have analysed SDSR 2015, distilled its key themes and present a set of insights. These insights will help public and private sector bodies across the UK Defence and Security sector put the Strategy into Action.
download our analysis
Find out more about the authors of this article Nick Newman and James Sides