Notice board

From time to time articles of interest to the investigation industry will be written or reproduced on this page. Visitors are invited to submit items for inclusion, subject to approval.

Computer & Internet Security News
20 November 2007
Spammers pose as private detectives
By Brad Reed, Network World (US)
It looks as if Veronica Mars and Magnum, PI are getting into the malware business.

Commtouch, an Israeli security firm that specialises in protecting email integrity, says that it has detected a new malware outbreak that is spread through emails claiming to be from private investigators.
According to Commtouch, the emails tell recipients that a private investigator has been recording the recipients' phone calls and that an audio file of one of the calls is attached to the message. When unwitting recipients download the "call" to their hard drives, their computers become infected with malware.
"Preying on people's guilty conscience with a virus is an ingenious trick of social engineering," says Rebecca Steinberg Herson, Commtouch's vice president of marketing. "The email messages are written generically enough to fit almost every possible transgression one might wish to hide, ensuring people will open the attachments."
Some common subject headings for the malware emails include "I'm monitoring you," "You're being watched" and "The tape of your conversation." Commtouch says that the malware is sent in the form of a password-protected, compressed file that appears to be an MP3 sound file.
While Herson says she doesn't know the particular nature of the malware, she suspects that it isn't meant to overtly damage most computers but rather to get information from them or turn them into zombie machines.
"Nobody's bothering to create malware to wreak havoc with the machines anymore," she says. "Instead, they're creating malware that is stealthy and can steal information like passwords through mining information on hard drives."
Herson also notes that the private detective malware emails employ tactics similar to what the early Storm worm malware emails used. Those particular emails purported to be news alerts that lured recipients into inadvertently downloading malware by enticing them with sensationalistic headlines such as "Chinese missile shoots down USA satellite" and "230 dead as storm batters Europe."

Amendments to the Family Law Act 1986

Introduction
The Domestic Violence, Crime and Victims Bill received Royal Assent in
November 2004. The Bill was based on the Consultation Paper 'Safety and
Justice: the Government's Proposals on Domestic Violence' the aim of which
was to effect an improvement the protection available to victims of domestic
violence and reform the orders available under Part IV of the Family Law Act
1996, namely non-molestation orders and occupation orders.

The Domestic Violence, Crime and Victims Act 2004 (the DVCVA 2004) contains
three main parts. Part 1 addresses domestic violence, Part 2 deals with
criminal procedure and Part 3 deals with victims. The focus of this article
is on Part 1 and its changes to the Family Law Act 1996 (FLA 1996). It is
expected that the DCCVA 2004 will come into force in the Autumn of 2005.

Sectons 1-3 of Part 1 of the DVCVA 2004 amend the FLA 1996, making breaches
of non molestation orders a criminal offence. In fact, the DVCVA 2004
abolishes the power of arrrest for non-molestation orders and is likely to
mean that the enforcement of non-molestation orders will occur in the
criminal courts rather than the civil courts It also expands the definition
of associated persons to include same sex cohabiting couples and people in
intimate personal relationships of significant duration who have never
cohabited or been married.

Abolition of Power of Arrest
Until now, a breach of a non-molestation order has been punishable only as a
civil contempt of court. Speedy enforcement depended on whether the court
attached a power of arrest to the order. If no power of arrest was attached,
the victim had to apply to the civil courts for an arrest warrant.

The DVCVA 2004 s1 inserts a new section 42A into the FLA 1996 which makes
breach of a non molestation order a criminal offence. The offence is
punishable by up to 5 years imprisonment and the offence will be an
arrestable offence under section 24 Police And Criminal Evidence Act 1984.
Thus the police will be able to arrest the Respondent for a breach without
the need for a power of arrest or an application to the civil court for an
arrest warrant.

Under sec 42A(2), a person will only be guilty of the criminal offence if
s/he is aware of the existence of the order.

If criminal proceedings are not to be pursued an application may be made to
the civil court for an arrest warrant for breach of a non molestation order.
The response of the Legal Services Commission to funding such actions will
be awaited with interest. It would not be a great surprise if the Legal
Services Commission adopter a policy of refusing to fund the civil action on
the basis that criminal proceedings are more appropriate. Sections 42A(3)
and (4) provide that where an individual has been convicted of breach of a
non molestation order he cannot be punished subsequently for contempt of
court and vice versa.

A new subsection 42(4A) is inserted which places a duty on the civil court
to consider making a non molestation order when it considers whether to make
an occupation order under Part IV. Breach of an occupation order is not to
be made a criminal offence. The reason fir this is said to be that a history
of violence or molestation is not a prerequisite for the grant of an
occupation order.

It is obviously hoped that as the criminal implications of breaching the
order are actually contained in the order. a Respondent will know that the
court can sentence breaches with up to five years in jail and that this will
act as a greater deterrent than the sanctions available to the court dealing
with civil contempt. Most Respondents previously of good character would be
greatly affected by acquiring a criminal conviction. However, experienced
practitioners may take a slightly cynical view of any potential deterrent
effect. It is not unusual to witness a member of the judiciary carefully
explaining in plain terms to a Respondent the implications of the breach of
a non-molestation order and Respondents offering assurances dripping with
solemnity that there will, of course, be no such breaches may take a cynical
view of any deterrent effect. Sadly such a scene is sometimes followed a
further court appearance a matter of days (or sometimes hours) later when
the very same Respondent is brought back to court in custody having
committed a flagrant breach of the carefully explained non-molestation
order.

There may also be a material difference for an Applicant who complains that
a non-molestation order has been breached. Currently the victim of such a
breach would continue in their role as Applicant within the civil
proceedings and would give instructions to his or her own lawyers. Being a
Complainant within criminal proceedings may be a rather different
experience. The final decisions in any criminal proceedings are likely to
made by CPS lawyers and the lawyer-client relationship may be a more distant
one by an Applicant who previously instructed a local solicitor. The saving
grace for Applicants may be that they will now be served the trauma of
giving evidence in both civil and criminal proceedings running in parallel
and both engaged in adjudicating upon the same set of facts.

Undertakings -The End of The Road?
Practitioners should also be aware of the effect of Para 37 of Sch 10 to
DVCVA 2004. Para 37 amends s46 of FLA 1986 which restricts the use of
undertakings. Section s46(3A) of FLA 1986 makes it impossible for the court
to accept an undertaking where it appears to the court that either the
Respondent has used or threatened violence against the applicant or a
relevant child and for the protection of the applicant or relevant child it
is necessary to make a non-molestation order so that a breach may be
punishable by criminal proceedings. Does this mean that the court is obliged
to enter into a fact finding exercise to get to the bottom of the issues
raised by s46(3A) where undertakings have been agreed between the parties?
Or will the court simply sanction undertakings unless there is some
compelling evidence before the court that establishes that violence has been
used or threatened?

Cohabitants include same sex couples
Section 2 of DVCVA 2004 amends the definition of cohabitants to include same
sex cohabitants. It will enable same sex cohabitants to apply for occupation
orders under section 36 and section 38 of the FLA 1996, bringing their
rights into line with the rights of heterosexual cohabitants. It will also
enable them to apply for non molestation orders by virtue of being a
cohabitant rather than being part of the same household as the Respondent.
This new provision brings the law in England and Wales into line with the
approach taken in many other jurisdictions.

Schedule 4 replaces references to 'living together' as husband and wife in
part IV and schedule 7 to the act with the term 'cohabit' to ensure that any
reference in part 4 and schedule 7 to the act and living together as husband
and wife will encompass both heterosexual and same sex cohabitants. Schedule
4 also amends the term 'former cohabitant' to include former same sex
cohabitant.

Non-cohabitants eligible
Clause 3 extends the availability of non molestation orders to those in
domestic relationships who have never cohabited together or have never been
married. This new category of associated person will also be able to apply
for an occupation order under section 33 of the Act provided the
requirements of section 33(1) are met. As section 33 only applies to homes
in which the Applicant and the Respondent have lived or intended to live, it
is unlikely that this new category of associated person will be able to
satisfy this requirement often.

The list of associated persons is extended by incorporating a reference to
those who have or have had an intimate personal relationship which is or was
of significant duration. It will be for the court to decide whether the
relationship meets these criteria. This covers a long standing relationship
which may or may not be a sexual relationship but which is an intimate and
personal one. It will not include long term or platonic friends or one night
stands.

Licensing

Are investigators licensed?

There is currently no direct regulation of private investigation under law. It is possible for any person to set up as a private investigator.

Currently some of the activities undertaken by private investigators may be indirectly regulated through other means. For example, depending on the activities undertaken, investigators may require to be registered under the Data Protection Act, and may require a Consumer Credit Licence.

Private Security Industry Act 2001

The Private Security Industry Act 2001 (as amended) allows for licensing of private investigators and precognition agents.

Precognition agents interview witnesses for the purposes of, or in anticipation of, criminal or civil proceeding in Scotland. Proposals for the licensing of precognition agents are being considered in parallel with the development of licensing for private investigators. This is because of a similarity in the activities undertaken by both groups.

During 2005 and 2006 the Security Industry Authority (SIA) consulted extensively with individuals and representatives working within the private investigation sector on the possible approaches for licensing.

The Security Industry Authority is the organisation responsible for regulating the private security industry.

The SIA are currently developing the approach to licensing Private Investigators. The approach will be based on the requirements of the Private Security Industry Act 2001 and will take into account the findings of their consultation process.

According to the Act private investigators will need an SIA licence if they are involved in any surveillance, inquiries or investigations that are carried out for the purposes of obtaining information about a particular person or about the activities or whereabouts of a particular person; or if they are involved in obtaining information about the circumstances in which, or means by which, property has been lost or damaged.

Partial Regulatory Impact Assessment

1 August 2007: The partial Regulatory Impact Assessment (RIA) for licensing private investigation and precognition agents has been approved by the Home Office and has been published.

A Regulatory Impact Assessment (RIA) is an important exercise that helps determine the most appropriate way to implement regulation. An RIA is designed to assess the costs and benefits of new proposals for addressing regulation issues and facilitates the development of creative, flexible and informed policies.

This consultation document sets out the options for the future regulation of the activities of private investigation and precognition agents. The partial RIA illustrates the need for licensing on the basis of the potential harms posed by these activities. It then shows different options for regulation of one or both sectors to address these harms. These range from doing nothing and allowing one or both sectors to continue to self regulate, to implementing a licensing scheme with core competency requirements attached. The partial RIA also sets out the likely cost and benefits of the options. The document seeks views on all the options presented.

The partial RIA is aimed at individuals or companies operating within the Private Investigation or Precognition Agent sectors, their Associations, Agencies and Forums. It is also aimed at purchasers of these services; such as insurance companies and the legal profession, and the subjects of either activity. It will also be of interest to other public or private sector organisations with an interest in the activities of private investigation or precognition agents, or those individuals or companies with a general interest in the wider private security industry.

A copy of the RIA can be obtained by following the link on the SIA website or via the Home Office page.

Individuals and organisations with an interest in this sector have until 24 October 2007 in which to respond with their comments. After this a full RIA will provide details of the approach that will be taken.

Responses are welcomed from any stakeholder with an interest in either sector. Responses should be sent to:

Private Investigation and Precognition Agent Consultation
Home Office
Crime Reduction and Community Safety Group
SIA sponsor team
Peel Building 4th floor
2 Marsham Street
London
SW1P 4DF
Or e-mailed to: consult.pi-pa@homeoffice.gsi.gov.uk

Press code, 18/05/2007

Want to know how to earn £100k as an investigator for a Sunday paper?
From a Press Complaints Commission 12-page report into the Clive Goodman affair: he was a full time member of staff at the News of the World. A court heard that Glenn Mulcaire was an inquiry agent who was paid a retainer of £104,988 a year by the newspaper. The court also heard that he had received £12,300 in cash from Clive Goodman. As the PCC report notes, the case has coincided with a campaign by the Information Commissioner to raise awareness of the terms of the Data Protection Act, and the illegal trade in data, gained by blagging - that is, ringing people such as banks and the DVLA with information, to get it out of them by telephone patter; or by bribes. Goodman and Mulcaire had speculatively tapped into private mobile phone messages and used the information they discovered for royalty stories in the News of the World.

The Sunday tabloid in its defence argued to the PCC that the Goodman case was an aberration, or a 'rogue exception'. As for the £100k a year to the private investigator, the paper admitted it was substantial but added that the hourly rate probably averaged less than £50. "The editor added that there was nothing unusual about the employment of outside investigators; and that the practice was shared by solicitors, insurance companies, banks and many commercial organisations as well as newspapers."

What did Mulcaire do for his money? According to the Sunday paper, it was 'legitimate investigative work': "... gathering facts for stories and analysing the extent of the paper's proof before publication; confirming facts and suggesting strategies; credit status checks; Land Registry checks; directorship searches and analysis of businesses and individuals; tracing individuals from virtually no biographical details, including date of birth searches, electoral roll searches and checks through databases; county court searches and analysis of court records; surveillance; specialist crime advice; professional football knowledge (Mulcaire was a former professional footballer); contacts in the sports and show business worlds; and analysis of documents and handwriting."

But: Mulcaire had 'a second, clandestine relationship with the paper through Clive Goodman'. Goodman, the PCC was told, deceived his employers by disguising Mulcaire and claiming there was a confidential source.

The newspaper has reaffirmed that it tells its staff to comply with the PCC code of practice - Goodman had compliance with the code written into his contract; and staff would have to attend training on undercover journalism and its ethics and laws.

The PCC deplored the offences. It didn't find evidence of a conspiracy beyond the two jailed men: however, 'internal controls at the newspaper were clearly inadequate'. Overall: "It seems to the Commission from the exercise it has just carried out that the DPA is taken seriously across the industry." While it did not want a repeat of the Goodman snooping, the PCC was against over-reaction as a threat to press freedom. And the PCC is running a seminar in July 2007 specifically on 'subterfuge and the public interest'.

Meanwhile the PCC has published six new recommendations to UK newspapers and magazines on compliance with the Code of Practice and law in undercover newsgathering.

It follows an inquiry into the press's approach to subterfuge after the convictions and jailing for phone message tapping of Glenn Mulcaire and Clive Goodman, both of whom worked for the News of the World, in January 2007. Briefly, telephone voice mails of princes got tapped, and the Sunday paper got exclusive 'insider' stories. The paper's editor at the time resigned as a result.

The Commission recommended that:

Contracts between newspapers and magazines and external contributors should contain an explicit requirement to abide by the Code of Practice;

A similar reference to the Data Protection Act should be included in contracts of employment for staff members and external contributors;

Although contractual compliance with the Code for staff journalists is widespread, it should without delay become universal across the industry;

Publications should review internal practice to ensure that they have an effective and fully understood "subterfuge protocol" for staff journalists. This should include who should be consulted for advice about whether the public interest is sufficient to justify subterfuge;

There should be regular internal training and briefing on developments on privacy cases and compliance with the law;

There should be rigorous audit controls for cash payments, where these are unavoidable.

According to the commission it found numerous examples of good practice throughout the industry, both as regards the Code of Practice and the Data Protection Act. So far as the latter is concerned, it recommends that the government assesses the impact of recent initiatives aimed at raising awareness of the Act before proceeding with plans to increase penalties for journalists who breach it.

The Commission says that its report also sheds light on the background to the News of the World case and sets out how the new editor has improved internal controls, including more robust contracts of employment with staff members and external contributors.

About the PCC

An independently-run self-regulatory body, it administers a Code of Practice for the newspaper and magazine industry. Clause 10 of the Code says that "the press must not seek to obtain or publish material acquired by using hidden cameras or clandestine listening devices; or by intercepting private or mobile telephone calls, messages or e-mails; or by the unauthorised removal of documents or photographs". The PCC's Code of Practice committee chairman is Les Hinton, a senior man at News International, the parent company of the News of the World.

You can download the PCC code of practice at;

http://www.pcc.org.uk/cop/practice.html

As the code says, 'Engaging in misrepresentation or subterfuge, can generally be justified only in the public interest and then only when the material cannot be obtained by other means.' However, as the PCC admits, there is no definition of public interest. The PCC does not - and should not, it says - have statutory powers of investigation and prosecution.

Source: http://www.pcc.org.uk

[Non-text portions of this message have been removed]

Private Dicks fined for data 'blagging' from DWP
Breaching the DPA to find debtors

By Jo Best - Published: Tuesday 24 April 2007

A firm of private investigators has found itself on the wrong side of the law after pleading guilty to unlawfully obtaining data from the Department for Work and Pensions (DWP).
The company, Infofind, "blagged" information on 250 individuals from the government unit in an attempt to trace debtors, in order to sell the details on to a finance business, according to the Information Commissioner's Office (ICO).
The ICO said Infofind had signed an agreement with its finance client to work within the confines of the Data Protection Act (DPA) but breached it repeatedly by blagging information on individuals protected under the DPA.
The private investigation firm and its MD were convicted of 44 counts of unlawfully obtaining and selling personal information at Kingston Magistrates' Court and fined as well as having to pay £5,000 towards costs.
The firm was fined £100 for each of four offences, and the MD £700 for each of four offences.

News from the UK Press

Banks 'dumped personal information in bins'

Press Association
Tuesday March 13, 2007
Guardian Unlimited

A string of high street banks and the Post Office broke data protection rules by dumping customers' personal details in outdoor bins, it was revealed today.
The Information Commissioner's Office (ICO) found 13 firms in breach of the Data Protection Act.
They "carelessly" threw away customer information, according to ICO deputy commissioner David Smith.
The privacy watchdog ordered the firms to sign a formal undertaking to comply with the Data Protection Act in future.
Article continues

Failure to abide by the rules will result in further enforcement action and possibly prosecution.
The ICO investigation was sparked by a number of complaints from organisations such as the website Scamsdirect.com, the Sunday Mail and BBC Watchdog.
It found the following banks and other organisations in breach of the Data Protection Act: HBOS, Alliance & Leicester, Royal Bank of Scotland, Scarborough building society, Clydesdale Bank, NatWest, United National Bank, Barclays Bank, Co-operative Bank, HFC Bank, Nationwide building society, the Post Office and the Immigration Advisory Service.
Each of the firms dumped personal information in bins outside their premises, the ICO found.
ICO deputy commissioner David Smith said: "It is unacceptable for banks and other organisations to carelessly discard their customers' information.
"It is vital that banks and other organisations take security seriously.
"If they do not, they not only risk further action from the Information Commissioner, but also risk losing the trust of their customers.
"Individuals must feel confident that banks and other organisations are safeguarding their personal information."
The campaign group Scamsdirect.com last year told the ICO that Natwest and the Royal Bank of Scotland had dumped customers' financial details in bins near two branches in Hampshire.
It told the ICO that cut-up credit and debit cards, money deposit details and bank account information were left in outdoor bins.
The campaign website also told the ICO it found customers' personal details thrown into a post office bin in a public street in Southampton.
These included customers' bank details, National Insurance numbers and passport numbers.

The ICO is the UK's independent authority set up to promote access to official information and to protect personal information.

[Non-text portions of this message have been removed]