I met with the Police Central eCrime Unit last year as part on an ISPA group that wanted to understand the issues that police have in fighting internet related crime and to see whether there is anything that we could do to help.
The police’s biggest problem is the speed that things can happen at over the internet versus the amount of time it takes the judicial system to crank their mechanical organisational cogs. PCEU staff can, for example, be following a suspect criminal, either physically or electronically, and sometimes have very little time to pounce. A gang might be planning a fraud using online resources – facebook pages, gmail, skype etc. Access via a service provider to look at these resources takes a court order (RIPA) which takes time to organise and by the time it has been effected the crooks are often long gone.
If the police did not require judicial consent to access these data then the whole process could be speeded up and more criminals prevented from harming us. The problem is that even if it was clear to everyone concerned that providing the police with what they ask for was the right thing to do the act of doing so puts the ISP in breach of data protection laws. If the suspect criminal happens to be innocent (or otherwise) this potentially leaves the ISP open to legal action. We can’t have ISPs being asked to perform the role of the judiciary because they don’t have the same legal protection or training.