UK Law Inforcement Evidence

MR. WHITE: The next witness is given the grand title of representing UK Law Enforcement is Jim Gamble.

MR. WHITE: Let me start by thanking you for coming here. I ask you to introduce yourselves and to make any comments which you want to start off with.

MR. GAMBLE: Good morning. I am Jim Gamble. I am an Assistant Chief Constable in the National Crime Squad. I also chair the ACPO Data Communications Strategy Group, which recently changed its name from Telecoms Group to Data Communications Group, after much debate and consultation with many of our industry partners.

I have brought our policy secretary with me, who is John Donovan, because it is always helpful to have with you someone who actually knows what they are talking about when you are in this type of forum. We have made our case in respect of the law enforcement position and I am happy to answer any questions. For us it is really about crime prevention and crime detection. I was interested to hear some of the comments that the last witness made. For us the key issue is combining modern technology with traditional investigative methods, no matter how far advanced technology becomes. Some of the key issues are still met by applying traditional detection methodology.

MR. WHITE: Perhaps we could start with that point. Philip mentioned the example in Canada where people in the banking industry have special constable-type powers. Do you see a role in this country for using the skills of industry security officers?

MR. GAMBLE: Our view on that is that in individual cases where we require specialist assistance, we will seek that assistance wherever it can be found. We alluded to the National High-Tech Crime Unit earlier. That unit, in essence, is a partnership. Whilst the police officers who form part of that partnership will not have the level of expertise or knowledge that some individuals with a technical background would have, individuals with a technical background are very often part of the partnership, either through the provisions of specialists in the Armed Services and other specialist bodies who form that partnership or through our relationship with industry itself. So, yes, we absolutely recognise the need to bring to bear the best minds in respect of specific problems at the right time. We are trying to do that through the partnership called the National High-Tech Crime Unit.

MR. WHITE: If I can be cruel, the debate is often characterised that you are PC Plod and you do not understand the modern needs of industry. I am sure you will reverse it with industry, but how do you get the needs of industry and the needs of the police forces together?

MR. GAMBLE: That is an excellent question. We often talk about needed enabling legislation, but sometimes we end up enabling mindsets. The situation for us is that there was a time when that was accurate. I think the police have become much better at listening and thereby much better at learning. We recognise that we operate in a world where we are not masters of the technology, or our own destiny for that matter. The ACPO Telecoms Group, which is a data communications group, demonstrates that partnership in real terms because we have 40 other members of industry round the table who are very vocal in giving us their advice in telling us where we are going.

It would be wrong to suggest that we have remained PC Plod. Some of the technical expertise which UK Policing Plc possesses is used as a resource not simply in this country but around the world. An example is some of the work investigations into paedophile crime and paedophile activity. I currently chair the National Task Coordinating Group. We have people from around the world coming to us to see how we deal with that.

MR. ALLAN: One of the key elements in getting that dialogue right, and I guess it is in the interests of all of us, is having the right procedures in place at the law enforcement end. The single point of contact has been one of the areas which has received most attention. Industry has said that they would like to talk to fewer but more expert people when dealing with requests. Some of the evidence we have suggests that there are long backlogs — some suggestions have been up to six months — and delays in getting information through their SPOC, and that they are, therefore, trying to bypass them and go direct to industry and thereby cause a problem all over again. Do you have any comments on the working of the SPOC and whether the resourcing of them has kept up-to-date with the demand?

MR. GAMBLE: Yes. The provision of SPOCs was a response to the listening exercise with the industry who we partner with. The SPOCs were provided to provide them with a manageable conduit for information coming to them. The problem for us, certainly in the early days, was that many of the police services who we work with, as you say, were under pressure and went for the route of least resistance. Where industry themselves allowed them to capitalise outside of that on the SPOC system, then, clearly, that happened. That is an issue which we have addressed and we are addressing it in a very clear manner. SPOCs are all about understanding what we want and understanding what the industry can do. You have talked about backlogs. One of the issues for us is that whilst we try and create a single point of contact where you can have a single expectation from law enforcement, it depends which service provider we go to with what type of request and what type of service we can expect.

One of the examples I know you have alluded is about deletion. For example, if we go to a particular service provider, and there is a six months backlog, that backlog is not the fault of the SPOC. It is because of the requests that have come through, or the volume of work and the pressure that that places on industry. There is an issue there. But if there is a six months backlog, the particular CSP that I am thinking of only retains their data for six months. So the requests can be in on time for an on-going criminal investigation, but by the time it is processed the data has been deleted. So what we have done is engaged people in a process which has kept them busy which has delayed other requests going through, and by the time it gets there we are not able to harvest any form of evidence for the investigation.

MR. WHITE: Is that because you have too many things to do, such as too many low priority jobs?

MR. GAMBLE: No. The single point of contact is all about filtering out the low priority jobs, and that is what is happening. We currently have 62 single points of contact throughout the United Kingdom. On average, if you look at an average National Crime Squad SPOC, which is a good example, you have in excess of 2,000 requests going through each month. Many more requests would have come to them which they, in essence, would have filtered out. That building process is on-going. There is a massive volume of work and we place great pressure on the industry, and I recognise that.

MR. ALLAN: Can you give us an indication about this? Of the 2,000 requests which come through the National Crime Squad SPOC, how many of them are dealt with routinely? We have seen the response from the communications service provider where there has been no problem. How many fall into this category of difficult ones which you have just described, where it takes so long for you to actually get a response that it is worthless by the time it arrives?

MR. GAMBLE: It depends on the service provider who we go to for a particular service. What we do not do in SPOCs is collect negative data. So when something is filtered out — that is an issue for us, and it is one of the issues which, once we get RIPA fully implemented, will be much more codified — that will mean the central collection of statistics will be much more easily provided for and we will be able to answer these questions, and we will be answering them on the basis of inspection, which we welcome.

MR. ALLAN: So a SPOC would actually say that there is no point in going to them for that if they will not deliver?

MR. GAMBLE: Correct.

MR. ALLAN: And filtered out on that basis.

MR. GAMBLE: Correct.

MR. ALLAN: In terms of the SPOC system, are you confident that we are either at or going to reach the point where you can say, as law enforcement agencies to the industry, “We are perfectly happy for you to say no to any request which does not come through a SPOC”? Are we in the position today where you can say to industry, by giving a clear message, that they do not have to respond to a request which does not come through a SPOC?

MR. GAMBLE: Yes. Two years ago we were in that position. The difficulty and the anomaly arises when you have a threat to life. The industry is put in a difficult position whereby outside normal office hours they will be contacted and asked to provide information on the basis of a police officer telling them “This relates to a threat to life”. We have had a number of instances where that does create difficulties. We are looking at that at the minute to see how we can resolve it by way of national guidelines. Outside of that, then, yes.

MR. WHITE: One of the things which we heard about last week was that for the telco’s you have a terminal which allows them to get the information, but it was suggested that that was not human rights compliant, or compliant under different codes, yet that seemed to be the central way of getting information so you have got it automated.

MR. DONOVAN: My clear understanding is that it is not going to be an on-line system, but the primary legislation under which we retain data is the DPA. There is nothing illegal about it, but it is probably not ECHR compliant.

MR. ALLAN: So as we are clear, it is section 29(3) of the Data Protection Act?

MR. DONOVAN: Yes.

MR. ALLAN: There is a very strong likelihood that it would not be ECHR compliant?

MR. DONOVAN: Yes.

MR. ALLAN: Although it has not yet been tested in law.

MR. DONOVAN: It has not been tested in law, no. We hope it will not be tested before we get Chapter II. That is what Chapter II was about. Chapter II was to regularise that situation.

MR. ALLAN: You are strongly pressing for Part I Chapter II of the RIPA to be invoked, to avoid this legal challenge, because if section 29(3) of the Data Protection Act was challenged, the whole thing could collapse?

MR. DONOVAN: The problem is on the CSPs who are exposed to litigation under this. They would choose not to service DPA requests.

MR. ALLAN: Do you see a distinction between the subscriber data-type information and other information? My understanding is that most requests which come through are for subscriber data, which is perfectly understandable. If you are pursuing someone through normal investigation methods, you will want to know who they are, where they live and all of that. That does not seem to be particularly sensitive. As to the political environment, we are trying to understand what the general public feel comfortable with. I suspect that the subscriber data-element is far less sensitive than other information, such as which websites people went to, who they have been e-mailing and so on? The problem with Part I Chapter II is that it lumps it altogether. Do you see that as a problem from your point of view?

MR. DONOVAN: It does not lump them altogether. In fact it separates the subscriber data from other forms of data and it gives different authority levels, so, yes, that has been recognised. I do agree that subscriber data is probably perceived as less intrusive and, indeed, is recognised under Part I Chapter II.

MR. ALLAN: Would you be trying to get subscriber data or call logs under 29(3) at the moment?

MR. DONOVAN: We do.

MR. ALLAN: And both of those would be Part I Chapter II?

MR. DONOVAN: We have self imposed different authority levels under the DPA which, strangely, mirror the RIPA authorities. So it is an inspector for subscriber details and a superintendent for anything other than that.

MR. GAMBLE: The key thing we are doing is merging ECHR requirements. We are looking at proportionality and necessity and the level of intrusion that is likely to be caused. That is the key. I understand that what you are saying is that there are different levels of intrusion. We have to protect an individual’s rights to privacy and we have got to be seen as having measures which do that. That is why we have different authority levels and it is why we balance the proportionality of our actions.

MR. WHITE: Would you see getting information about visiting web pages and that that kind of information analogous to getting a search warrant to go and visit somebody’s house?

MR. GAMBLE: No.

MR. DONOVAN: In the Act, we are specifically limited. We are limited to the first slash. So, practically speaking, we are limited to www.trainline.com, for example, so we know we know that the person concerned is looking for Trainline. However, we are not permitted to go to www.trainline.com/trains_to_ whitstable. We are not permitted under comms data. If we want to look after the first slash, i.e., which page he is looking at on a specific machine, that is interception and has to be authorised by the Home Secretary.

MR. GAMBLE: The key there is what you are talking about is similar to cell site analysis. When we are monitoring or investigating criminal activity we want to know where that person has been. That helps forms a circumstantial case, so it is the build up of that evidence, whether it is cell site analysis or billing. What we have to be conscious of here is that we are in an environment which is changing and changing very quickly. We do not want to limit the scope of what we can do to the degree that when third, fourth and fifth generation mobile phones come in and we have a convergence of the telecoms and the Internet industry that we actually have to revisit this issue by sitting round the table again. It is about applying traditional methodologies from a law enforcement point of view in a proportionate way to gather circumstantial evidence which helps build a case for us.

MR. ALLAN: I think it is very helpful to clarify for people how the powers will be used. If the RIPA powers were in place then, can you clarify the procedure for, say, an Internet user for getting, firstly, their subscriber data and then their log of which website they went to, what you can access and who would have to give authority, and for the log of who they had been e-mailing, both to and from?

MR. DONOVAN: Essentially, it would be under the current process with RIPA authority. Up to the first slash is superintendent’s authority, and you need superintendent’s authority to find out that amount of data. I know the ISP store it in a variety of ways, and they cannot necessarily provide it to us, so they have to manually redact that. That is all that we are permitted, but anything beyond that is unlawful interception.

MR. ALLAN: Just to clarify that, the ISP would have to strip everything out and just give you that? If the ISP gave you everything, that would be a problem, would it not?

MR. DONOVAN: That would be a big problem, yes, and it has remained a problem. There are lots of technical problems around that. As to who has been e-mailed and incoming mail, again, that is also superintendent’s authority. The only thing you can get on inspector’s authority is “Who owns this account?”. Often, of course, in the ISP world that information is fictitious.

MR. ALLAN: At all times, the judgment the superintendent will be applying on whether or not to authorise this is the proportionality test?

MR. DONOVAN: Yes; proportionality and collateral intrusion.

MR. ALLAN: And collateral intrusion?

MR. DONOVAN: Yes. Those are all covered on the RIPA form.

MR. WHITE: It has been suggested to us that one of the things which ought to happen is if you looked at my billing records just to exclude me from an investigation, I should know about that on my records. I am not talking about being suspected of a crime, but that I might be something who has been eliminated from an inquiry, but you have had to look at my records.

MR. GAMBLE: I think the difficulty comes into practical operation of that system. On many occasions we will be investigating, for example, organised crime groups where you have those people who are central to the on-going activity and those people who are on the periphery. Those people who are on the periphery may, in fact, be involved in other crimes, but have been ruled out of this particular investigation. I think it would be unhelpful to disclose our methodology and unhelpful to disclose the facts that, in some cases, we have looked at an individual who we suspect of multiple crimes but, in this particular instance, that particular individual is found not to be involved. What we would then be highlighting would be someone who we may have a real interest in surveillance. They would then know that we are looking at them, when otherwise they would not know and they would immediately start to employ counter-surveillance methodologies which would undermine what we do. We are talking about the top end of criminality, at level 3. We are talking about people who are always looking for means, whether it is pay-as-you-go mobile phones or Internet cafes to hide what they do. Once they are aware that we are looking at them, that becomes even more focused.

MR. WHITE: If I am Joe Public and you just happen to have come across my number because there has been a phone call from one of these mobile phones that you are looking at, and I find out six months later, am I not going to have my confidence in the police totally undermined?

MR. GAMBLE: I do not think so. From the time of the common law it has been the duty of everyone to assist a constable whenever they are investigating crime. We can go around and ask questions as we have done from the time of Dixon of Dock Green, but we do not go and tell everyone later on, “Actually, we went to such-and-such and asked questions about you”. That is because we have to discover whether and by whom an offence has been committed. Where no offence has been committed, no further action is taken. I understand what you are saying, but I think that is where we are allowing the technology to make us look at it in a different light. This is about traditional law enforcement methodology. I think we need to come back to that on each occasion.

LORD NORTHESK: If I could change tack slightly and take you back to your introduction and, indeed, law enforcement methodology generally. I think we all understand how incredibly useful as an investigating tool data retention is. It is transparently obvious. What I am more intrigued about is how you perceive it playing a role in crime prevention, and is it possible to quantify that in some way?

MR. GAMBLE: I wish I could quantify it. With crime prevention, I could quantify it and we could never tell whether it was true or not because I could claim that it was a success. From a crime prevention point of view, detection and reassurance with the public is always good prevention. Where we are able to use cell site analysis, for example, and bring large networks of criminals into the criminal justice system, the fact we have done that, creates a deterrent factor with others. The fact that we have these intrusive powers is a deterrent to some individuals who may have become involved. I do not think our processes are as yet mature enough to deliver a crime prevention strategy simply on the back of how we employ this methodology.

LORD NORTHESK: The prevention methodology is a by-product of the investigatory function?

MR. GAMBLE: Absolutely.

MR. ALLAN: To take you back to the point about notification of whether an investigation has taken place or not, we have gone into this area and found that we have lots of conflicting laws which we make in this place, and then the poor old police officers and CSPs have to try and implement them, make them work and not be sued by anybody for treating any of them in such a way that they will meet the requirements of another one. One of the areas which came out was that under the subject’s access request provisions in the Data Protection Act, my understanding is that a CSP, probably, would be bound to inform a customer that their data had been accessed, and this is quite different from, say, surveillance and interception powers where they are expressly forbidden from telling people. Do you recognise that as the current state of the law, that a CSP would be in a difficult position if a customer came and said, “Have you given my traffic data to anybody lately?”?

MR. DONOVAN: Yes. That seems to be the situation which pertains at the moment if the CSP stores that data with that client’s personal data. If it chooses to do that, then that is the data which should be disclosed. We did, in fact, ask for a tipping-off clause in this legislation but it did not appear, although it did appear in other parts of legislation. Yes, a tipping-off clause would be quite useful to us.

MR. ALLAN: Otherwise, if a CSP had recorded the fact that it had handed the data over, it would —-

MR. DONOVAN: In the client’s personal record.

MR. ALLAN: —- in that client’s personal record —-

MR. DONOVAN: Then we understand that must be disclosed. That said, CSPs vary on this point. Some CSPs do not and some CSPs will.

MR. WHITE: One of the other things, of course, is that you come along and you say, “We need this data. Will you retain it?” One of the things that CSP said to us was, “Most of the time, we are quite happy. You are doing your job and we are doing our job. The problem is that that data is now available under data access for anybody else to use for anything they want so long as it legal”. Is that not a problem for you? I can see that it is a problem for the CSPs, but is it not a problem for you in that they are reluctant to hold it?

MR. DONOVAN: It is a problem and an advantage for UK Plc inasmuch as it is preserved for our purposes, but also when it comes to a criminal prosecution, it is preserved for defence purposes. That is how it should be. We make a prosecution case and the defence will make a defence case. If the data is only available to us, that would not be appropriate. I suppose wholescale data retention would be a problem inasmuch as the DPA only allows the ‘person the data relates to’ to access it and others with statutory authority. I do not see any great threat to privacy there.

MR. WHITE: It is a question of that data, which may have been used for something else completely outside of your investigation, because you have retained it, becoming available for that, whereas in the normal course of events it would have disappeared?

MR. GAMBLE: It is only available for access under the legislative permissions which are available, which will be based on proportionality, is it necessary and does it create collateral intrusion? Although safeguards are sufficient to reassure us that those records should be maintained and that there is a bonus not just for the police but for others who might need it, I can think of a number of cases recently where the defence have made good use of cell site analysis for their own case.

MR. ALLAN: The nub of the question is, particularly in respect of the Internet, is it all worth it? That is a serious question. Most of the data you have presented to us has been about the use of phones to track people down, particularly mobile phones, and we have had case studies. There is a question of workability for Internet data, and the cost to business question, which I think is a very serious one. If I can draw an analogy with your investigative techniques, if you turned up at a normal office building or something with a picture and said, “Have you seen this person?”, you would expect them to give you a reply, or you could say, “Can you ask all of your staff if they have seen this person?”, and so on. So, in other words — there is the data that they anyway have and would make available — what you do not ask them to do, normally, is to ask every public building to keep a log of everyone who has come in and out for a year just in case you might need it for the future. From the ISPs point of view, that seems to be what they are being asked to do. It is something they would not otherwise do and it is very expensive. They are being asked to keep data just in case. The nub of the issue is whether it is worth asking them to do that?

MR. GAMBLE: When we go and ask them, “Have you seen this particular individual?” and we leave, we accept that. We do not expect anyone to log that individual and to monitor unless we apply other powers that we have which are more intrusive. If you consider operation Ore, in 1999 towards 7,000 people in the UK sat at their computers and accessed child abuse websites. Three or four years later, that investigation is on-going. It is because we have been able to go back, because that data was captured at the time, that we are now able to hold those suspects, where we can collect and collate evidence, to account. That, potentially, has been brought about because the data was available to us. If that data had not been available, if it had not been captured and preserved, then how would we have investigated 7,000 people who accessed hard core child abuse sites? We could not do it. That was in one case. That was in 1999 before the proliferation of PCs into the home. Since then you have got to extrapolate that upwards and say “What are we going to have to face in the future?” We have to buy the tools today which will allow us to continue to investigate tomorrow. In order to do that, we have to make sure that the legislation is permissive but responsible. That is why, yes, we do have to ask for it to be retained and we can evidence that in many ways.

MR. ALLAN: On child abuse cases, is not the reality that that is with full cooperation with the industry where you have got a targeted group of suspects? In other words, that is data preservation. You are going along to the industry and saying, “We are interested in everybody who is going to this website. Can you secure it for us?”, or are you actually trawling through, if you like, the whole mass of Internet logs for it? My understanding is that that kind of investigation is targeted. I do not think there are any disputes about that. The dispute or the debate is whether we hold the whole mass of information just in case it turns out to be useful in a year down the line.

MR. GAMBLE: What we get two or three years down the line is e-mail addresses. What you then have to do is to work back from those e-mail addresses to identify a real person. So what you do not get is “Here is a list of 7,000 people” or “Here is a list of X amount of people”. The example I have given you is, perhaps, not the best. There are many where we will have an interest in someone with a paedophile activity and some with an organised crime activity who is using Internet chat rooms or Internet chat relay or boxes and we will want to find out the same as we would as if they were using a mobile phone. That is going to become more and more routine from a law enforcement point of view. So we have to have the ability to go back and check that. We do not capture and preserve it at the time. If we did it would be very easy for us and this debate would not be on-going. It is about when evidence comes to light years later being able to go back and recover the best evidence that was available at the time. There is a massive opportunity here to do that.

MR. WHITE: It has been suggested to us that one of problems which the CSPs face is that they are having to develop systems to retain the data, and that it would be dead easy for them simply to pass all 36,500 disks, and say, “There is all the data. You get on and deal with it. You develop the systems to analyse it and all the rest of it”. That is the nub of the debate, is it not? The sheer volume of information makes it like looking for a needle in a haystack.

MR. GAMBLE: That is why the earlier witness said it is about knowing what you want and using the industry systems to go directly to it. That is the most effective way of law enforcement gaining timely access to individual’s evidence. I absolutely appreciate the difficulty which that creates for the CSPs. Also, having talked to a number of them, I think they are very aware where they are working in an environment where they want to be seen to be operating ethical business practice. I think there is a corporate responsibility. How the cost is met is a different issue. We have always been prepared to pay for an appropriate quality service. I accept that sometimes the pressure put on CSPs is beyond that which you would expect them to have to tolerate.

MR. ALLAN: So the principle of full cost recovery from CSPs for the work they are doing for you is one which you think is reasonable?

MR. GAMBLE: Full cost recovery, I think, is something we have to be a little cautious about. We are looking at that at the moment. We have to make sure that when we have these large corporations who do want to operate in an ethical environment and ensure that they are operating best practice to ensure that they are not accidentally hosting illegal activity, but that there is a partnership approach to that. I think that full cost in some areas would have a detrimental effect on what we could do. We have discussed with some of the CSPs the expectation that their systems will become more automated and thereby the costs in some instances should go down as opposed to go up as we become more expert and focused in our collection.

MR. WHITE: Where you have systems which do not record and do not bill, is it your view that they should record something? I am thinking of those telephone companies which do not give you itemised billing because you pay 100 in advance and those things. Are you saying that that actually provides a problem for you?

MR. GAMBLE: It does, yes. If I am an organised criminal, I will go for the line of least resistance. If I can get my telephone billing with somebody who operates a flat line rate, then that is what I will go for because it makes it much more difficult for law enforcement to identify my associates and to identify my activities. Similarly, if I identify a CSP which has a deletion policy which is much earlier than others, then I will go for that one.

MR. WHITE: One of the other things which came out last Wednesday was that a lot of this will apply to the big ISPs, the AOLs, Thus and Demon. All of this will actually be okay because you have established and recognised procedures with them. I do not know how we picked on West Dorset, but it was suggested that if you have a very small ISP which was below a certain threshold, then organised crime would go for that because it would be so small that you would not have a link with it and it could be easily rolled-up.

MR. ALLAN: Are we covered by Parliamentary privilege? (Laughter)

MR. WHITE: How do you actually deal with that kind of situation?

MR. DONOVAN: I think the question is relating to the fact that probably get the data from a larger backbone ISP. Yes, we can get quite a lot of the data from a larger backbone ISP upstream. The problem is that this is where, as we heard from the last speaker, the analogies from the ‘phone world do not necessarily carry across very well. We would not get subscriber details and we would not get e-mail details. Unfortunately, this system does not work so well. So we will require even very small ISPs to retain some of that data.

MR. WHITE: So if they have not got the actual infrastructure to do it, one of the things you are then doing is creating a barrier to entry to the market, is it not?

MR. DONOVAN: Yes.

MR. GAMBLE: I was at a meeting yesterday where many of the ISPs were represented. There is a lot of work going on at the minute in respect of creating memoranda of understanding and creating best practices that can be propagated. I want to recognise that. This is not us coming here and saying this is what we think. Industry itself is working hard at getting this right.

MR. ALLAN: Have you seen a trend of things moving abroad? One of the fears with ISPs is that if you impose all of these costs on all of the ISPs in the UK, effectively, they will have to jack their prices up to pay for this and the ISPs will simply move abroad. I wondered if you had seen this happening? I suppose, particularly in the mobile telephone market, if I were an organised based in the UK and bought a Spanish pay-as-you-go, I can use it in the UK quite happily, can I not? Have you seen that kind of externalisation and of people internationalising their telecoms in order to evade you?

MR. GAMBLE: I would not want every organised criminal to read this report and then go abroad to buy a mobile phone. They will be hosted by networks which are local.

MR. ALLAN: I wanted that reassurance.

MR. GAMBLE: Trust me. You can buy your phone abroad. Trust me, I am a police officer. We will be able to apply our investigation techniques against you.

MR. WHITE: So there are mechanisms for dealing with that.

MR. GAMBLE: Yes.

MR. WHITE: That is the reassurance we are looking for.

MR. ALLAN: In relation to the point made about the data retention timespan being so critical, the case you put forward is almost a case for eternal data retention. You never know when you will need that information. A lot of the fuss was caused when Roger Gasper, I think it was, who said originally that the time span should be six or seven years. The industry calculated the cost of six or seven years worth of data retention and took the view of “Well, we are all going abroad now. Forget it”, which I think was probably quite a realistic response. How do you now feel about timescales?

MR. GAMBLE: How long is a piece of string? It depends on the individual investigation. If we were in a situation today where we were able to bring to book one prolific serial rapist, paedophile or murderer six years after the commission of the commission actual crime, would we want to do it? Yes, we would. Is that proportionate? In respect of proportionality, I do not know that it is. I think we are looking at timescales of significantly less than six years. We would like six years. We would like to have access for ever and a day, but it is about achieving a balance which the CSPs and ISPs can manage and which gives us an enhanced approach. If you want me to put a figure on that, I would rather not because that is something which needs to be negotiated.

MR. ALLAN: From your point of view as a law enforcement officer, you can recognise that there would always be value in as much data as you can have, and in actual fact you are not going to come to me and say “Give me less”?

MR. GAMBLE: Look at the examples that we have given you. Many of them fall within the three year span, but a significant number of high profile cases, which would have caused a lot of negative impact had they been successful, especially the terrorist cases, went for much longer, and up to six years.

MR. DONOVAN: It is a fact that we can still obtain data in certain circumstances up to six years old.

MR. ALLAN: And you would do that at the moment under section 29(3)?

MR. DONOVAN: Yes.

MR. ALLAN: On the section 29(3) forms, I understand you are trying to agree a new form?

MR. DONOVAN: Since 1st December it has been agreed.

MR. ALLAN: So you have a new form. Somebody suggested to me that it has “RIPA” at the top crossed out.

MR. DONOVAN: I deliberately structured it that way to make that point, that these are RIPA forms which we are accessing, so we are using the whole of the RIPA methodology for the whole of the ECHR compliant procedures. Yes, they are structured deliberately that way, and the form which the CSP gets gives written assurance that ECHR considerations have been considered and documented on the application forms. So, yes, it is deliberate.

MR. ALLAN: So your subscriber cannot sue you —-

MR. DONOVAN: We have had some problems with the take-up of the form. If I have any more problems I will have it struck through, which will really make the point.

MR. WHITE: I have one final question, which is something which Philip Virgo alluded to, which is the issue of training, particularly in local forces. As you say, as it becomes more and more commonplace, there is going to be a need for greater and better use of the technology by ordinary policemen and women up and down the country. What is the issue with training and how you are rolling out expertise?

MR. GAMBLE: It is a matter of finding appropriate levels of training for appropriate individuals. What I say there is that is where you see the partnership developing. Much of the police training today would not be possible without the input of the industry and the experts. That is on-going. Our training evolves because we are kept up to speed by contemporary experts from the field. We would not ever hope to be kept up to speed by simply having police officers teaching other police officers because they would very quickly fall behind. So we have learnt the lessons and they are being applied. Our SPOCs are becoming more and more specialist. That is because the industry provides us with up-to-date specific knowledge. There is talk about mutual understanding. This is one area of work in which we see that. It leads to mutual recognition. In the meeting we had yesterday, one of the largest ISPs was very willing immediately to facilitate training on our behalf. That is what we see in the funding. It is a funding issue for the industry because the police do not meet the full cost of training. To be fair, industry meet those costs.

MR. WHITE: This is about normal policing? It is not just about the high profile terrorist work?

MR. GAMBLE: It is about normal police work.

MR. WHITE: We are coming to an end now. Is there any area which we have not covered today which you think this Inquiry ought to address from your point of view? We have concentrated on the ISPs. Is there anything you would like to add?

MR. GAMBLE: There is nothing else we would like to add — everything else is in our submission — except that we would like RIPA Part I Chapter II now. I think that would make things a lot more streamline. It will codify what we do. It will provide for appropriate inspections which we would welcome, and it will help us do our job.

MR. ALLAN: Part I Chapter II of RIPA was intended to be implemented before anyone had heard of the Anti-Terrorism, Crime and Security Act. The evidence we have had suggests that there is a conflict there, where you are saying that the ACTS says retain data for one specific set of purposes, which are to do with terrorism, but RIPA never had that in mind. That was all about the spread of criminal activity. Do you recognise the problem we now have in the sense that as legislators we have created the problem?

MR. GAMBLE: I do. I think that RIPA is a more mature piece of legislation than the first you alluded to, because it recognises crime as being of primary concern. The Anti-Terrorism, Crime and Security Act went too far from this point of view to the terrorism angle. It is terrorism or crime associated with terrorism. That does create an anomaly which will have to be addressed sooner rather than later.

MR. ALLAN: Although RIPA does not have any mandatory retention powers in it at all?

MR. GAMBLE: You have the anomaly where, from the way RIPA currently stands, we will seek to access data which has been retained for a period on the basis of legislation provided for terrorism. That needs to be addressed.

MR. WHITE: Thank you. Your evidence has been very helpful and informative.