Police Functional Adaptation to the Digital or Post Digital Age: Discussions with Cybercrime Experts

The Significance of Understanding the Dynamism Inherent in the Space in Which Functional Adaptation is Taking Place

Our research is concerned with how the police in England and Wales are operating (in an investigatory manner) within the digital arena, and establishing how far along the ‘digital world’ epoch development timeline they are. In other words what progress is being achieved in the functional adaptation of a role and an ethos forged and undergoing continuous development in parameters largely set in the physical world and not in cyber space.

Policing cybercrime requires adaptation to criminal justice in a quite different type of location increasingly affecting our daily lives and also, as a consequence, taking us into a new kind of legal space that is subject to regulation ¹⁷ and may also have to be policed. The digital environment that manifests that legal space, unlike the physical world, however, is almost constantly and rapidly reconfigured by technological developments or the possibilities offered by technological change that are rapidly exploited in novel and unanticipated ways, both positively and negatively. For example, the technology that even during the Covid-19 pandemic can keep grandparents and grandchildren in contact can be commercially exploited by criminals that live-stream vicious acts of child abuse. ¹⁸

In writing about the ‘Information age’ or ‘the Digital Age’ from the 1970s onwards, Berry depicts how the development of digital platforms shifted economic wealth creation that came from industrial production increasingly to computerisation or processes dependent on computerisation (including artificial intelligence). In particular, he describes the intricacies and development of this digital age, while drawing attention also to the almost every day dynamic whereby the cyberspace of the digital age is transformed to a ‘post digital age’. While the digital age was often specifically or narrowly associated with the physical locality of user and hardware, in the post digital age interconnected computing is pervasive and ubiquitous. ¹⁹ Users are no longer generally tied to known and relatively static physical locations in order to listen to a music CD, watch a DVD or send an email from a desktop. Instead, society is becoming increasingly reliant on the underlying computational code to create a space formed by computational activity within which information is increasingly created, analysed, disseminated and more. The geography of the digital world has progressed away from physical anchors that can be found on conventional maps to cartography of the new digital age. Traditional physical boundaries and specific locations have less significance, especially traditional legal jurisdictions in which devices, content, actions, intentions, the profits of criminal acquisition and consequences are physically located and vulnerable to real world policing at critical stages of criminal activity, such as when the proceeds of cybercrime are transferred into potentially tangible assets via banking money or purchasing land ownership or other high value assets. We envisage in the post digital age that criminal vulnerability to jurisdictionally based police intervention will be increasingly reliant on cyber technology rather than, for example, a monitored illegal delivery. For example, the only way to acquire evidence about access to extreme child abuse may be to undertake bulk data surveillance to find information about bank account payments linked to money transfers linked to that site. ²⁰ Equally, the suggested post-digital age of Berry poses questions on the understanding of computational code. Expertise is moving from the subject/topic to coding. The subject expert is now using advancing technology (computational code) that analyses, creates, manipulates and synchronises his/her data but can that expert explain how that is happening and why the code makes certain decisions?

Berry’s imagining of a post-digital age is supported by the International Data Corporation (IDC) ‘…unlike the physical universe, the digital universe is created and defined by software, a man-made construct’. ²¹ ‘And it is software that will both create new opportunities and new challenges for us as we try to extract value from the digital universe that we have created’. ²² . It would be a mistake, therefore, to see the process of adaptation as simply an adjustment from policing a physical world in which devices and software are used in discernible physical legal locations, but one in which the police are adjusting by taking on a more significant digital role, but where their investigations have to deal with an environment that is itself being transformed from the digital or the post-digital age.

Preliminary issues that have to be resolved for researching the policing of TOR therefore are (a) what is the internal UK policing context of investigating and dealing with digital crime, and (b) how are TOR investigations, as the most technically challenging investigations, impacted by the overall transformation of cyberspace? ²³ The remainder of this article is concerned with the first of these questions, which was more than enough for the first workshop. The second question has to wait (Covid-19 permitting) for the next phase of the research project.

The Scoping Work and Our Initial Observations

We engaged in a significant initial scoping exercise involving literature searches, document examination, research group meetings with various experts ²⁴ and conference (professional and academic) attendance, particularly at police focused and sponsored conferences. ²⁵ The National Police Chiefs Council (NPCC) is the major sponsor of UK Police conferences and workshops, under arrangements where individual chief officers lead (as ‘portfolio holders’) major work streams, including cyber or digital policing issues. Because of the fragmented nature of police organisation in England and Wales, ²⁶ the NPCC seeks to provide national strategic development, although this coexists somewhat uneasily with the legal and political autonomy of chief constables and police and crime commissioners. To support the development of cyber surveillance in policing the NPCC facilitate an annual conference open to other state agencies whose staff also engage in cyber surveillance and investigations (The Home Office Border Force, HM Revenue & Customs, the Ministry of Defence Police and others) and other professionals and academics. The conference is of considerable impact, has significant attendance and a diverse professional audience. Attendance at these dynamic and highly interactive events proved to be much more effective for scoping purposes than the originally planned programme of individual interviews.

The scoping exercise resulted in two initial research findings about the situation in England and Wales: (a) police investigation of TOR activity is limited and extremely focused, justifiably, on high profile crime priorities such as terrorism or child abuse, and (b) TOR needs to be viewed within a cyber or digital environment that in general poses a diverse set of very significant scale, complexity, resource knowledge and proportionality issues to the police service. We found that: (a) in general, TOR and other ACNs were viewed as part of a more general set of problems created for the police by increasing anonymity throughout the web (the internet ‘going dark’ with encryption becoming a standard commercial offering for social media platforms) and (b) both policing activity and criminal behaviour was rarely compartmentalised within one level of the web (for example, the police need access to the ‘deep web’ to trace bank accounts linked to dark web child pornography sites and sex grooming might begin on the surface web but then lure potential victims into anonymised communication platforms. ²⁷

TOR activity is undertaken through regional and national units, acknowledging the boundary problems inherent to digital crime. Geographically bound police forces are reluctant to investigate a matter where crime location cannot be held to be within their own geographic limits, so often the case with ‘knows no boundaries’ digital crime. Posting material on TOR, abusive images, forum messages, items or services via market places predominantly becomes intelligence material, attribution being almost impossible to determine evidentially.

In 2019 Cressida Dick, the Commissioner of the Metropolitan Police gave a public lecture on the topic of digital policing. She explained that, while advances are being made to extend police technological capacity and capabilities, the sheer scale and complexity of digital data now being created presents a growing burden. As an example of scale by volume in major investigations Dick referred to how the multiple 2005 terrorist attacks in London (known as ‘7/7’), resulted in the seizure of approximately 4 terabytes of data. In 2019 she explained that ‘in just one of many hundreds of our CT [counter terrorism] investigations this year we have imaged 81 terabytes of data’. While scale by volume is a difficulty, the emphasis given is to scale by data complexity and managing investigations of almost any type that now do, or could, involve a significant level of digital data as society becomes ever more data-reliant and data-integrated. She also expressed concern about the anonymity built into TOR, and increasingly other digital communication services. ²⁸

The NPCC facilitated three short workshop sessions in 2018 for the research team to present the project and the initially proposed approach to research (conceived as a series of individual interviews with police officers) at their annual digital policing conference. Useful as part of the scoping exercise, the workshops exhibited factors that were important for identifying a methodology that might achieve positive engagement with police and regulatory body personnel. Little mention of TOR or other ACNs was made in the feedback gained; the second theme of barriers to the digital ‘business as usual’ functionality of policing was predominant.

Cumulatively the research team’s scoping exercise opened up our understanding of the contextual aspects of the barriers, professionally perceived or otherwise, to managing the functional adaptation of English policing to the increasingly cyber or digital world.

The Switch to the Problem Tree Day Workshop Approach

The research team was able to gain valuable insights from our initial engagement with the online investigatory world at the 2018 NPCC conference workshops, ²⁹ a conference open to non-police attendees, but with all the ambiance of a police professional venue and event, and therefore non-neutral ground. Such a professional facing biased environment potentially generates engaged participants as either ‘givers’ or ‘takers’. To be a successful ‘taker’ the individual/group (researchers) must have, and display, both legitimacy and adequacy. Both, however, are factors that take time to develop with an audience when the void between audience and presenter is mismatched in terms of professional experience and knowledge. While not negatively viewed the research team were seen as ‘takers’ but with little legitimacy or adequacy in that environment, a view that does not encourage non-police attendees to be ‘givers’. The research team decided that it needed to seek to engage instead with professionals in a neutral, participatory and ethically managed environment in order to be ‘takers’ of valuable knowledge provided by fully empowered ‘givers’.

Legitimacy and adequacy become significant perspectives to develop in any professional environment. Much has been made of the social worker feeling personally both legitimate and adequate to foster roles with drug or alcohol dependent clients. Legitimacy is often seen as built in to the profession, the legitimate reason for seeking engagement, but also reflects personally on the social worker believing he/she has the right to approach certain client issues. Adequacy is competency in the particular field in question and work has found that a lack of (perceived) legitimacy and/or adequacy can result in the social worker veering away from tackling certain client problems. ³⁰ Baetens ³¹ analyses the educational delivery of international criminal law across countries. While looking at delivery, Higher Education staffing structures and other factors, the adequacy element to successful delivery is significant. In Higher Education both elements come to the fore with personal tutoring. To the student and the lecturer adequacy and legitimacy are core factors of positive engagement. ³² For policing research these perspectives interlink with the ‘givers’ and ‘takers’ theme.

Lessons learnt from the scoping exercise demanded a workshop approach that would be participatory in nature, foster significant stakeholder leadership in an environment that was professionally neutral for all involved and facilitated through an inclusive engagement tool. These four aspects were considered critical to the development of legitimacy, adequacy and therefore successful roles as ‘givers’ and ‘takers’ for all parties.

A full day workshop was developed by drawing on methodologies predominantly from the discipline of Disaster Management and Sustainable Development (DMSD). Financial aid providers, e.g. for third world countries, such as United Nations agencies, USAid, the UK Department for International Development (DFID), and the European Commission follow a common path in their requirement for full aid funding applications. That path will invariably involve the use of logical framework analysis (LFA) for project development and require certain analytical methods to be utilised. Strong emphasis is placed on stakeholder engagement throughout a project development process, and identifying the details of a problem to be tackled, including context, calls for the use of participatory problem tree analysis. This in turn feeds in to the LFA to capture a fully understood and justified aid requirement. ³³ Problem tree analysis generates participatory examination of an identified problem to seek the root causes and effects of those causes. It will often move on to objective and strategy tree analysis, identifying workable goals and delivery strategies. ³⁴ Problem tree analysis differs from cause and effect analysis (tending to focus upon the business environment) due to its ability to additionally examine conceptual and perception based problems. Dillon ³⁵ provides an intuitive working guide to the process and summarises the positive as ‘The value of this type of assessment is greatest if it is carried out in a workshop with the stakeholders, giving the opportunity to establish a shared view of the situation’, so emphasising stakeholder engagement as a pre-requisite. Successful positive understanding of a problem to be resolved and the context within which it exists through collaboration with a range of key stakeholders is intuitively core to any disaster management or sustainable development project development. Problem tree analysis becomes a high value context gathering tool in relatively wide use but rarely reported on outside of the disaster management or sustainable development themes.

Focus on DMSD stakeholder-led participatory engagement, utilising problem tree analysis as the discussion facilitator and setting a neutral environment resulted in positive engagement with the invited participants. A highly significant success factor was the venue chosen, displaying characteristics of:

a venue external to working practice for all participants,

These features enabled the workshop venue to be considered professionally neutral and to mitigate aspects of potential contestation and professional bias, confirmed by subsequent feedback from participants:

I do also think that the neutral venue was conducive to open group discussion. ³⁶

something that had a significant positive impact in creating the sense (as I saw it of collegiality). ³⁷

The problem tree analysis approach requires a problem to be set and in this case the broad question of ‘What are the problems of policing in the digital age?’ was put forward, ensuring discussion began openly with no pre-defined reference point, therefore prompting stakeholder-led participatory discussion. Generating strong participatory discussion was the second core factor in creating a successful workshop, so leading to the use of the problem tree analytical method as the facilitator of discussion. Participatory methods are recognised within DMSD as capable of encouraging sharing of diverse perspectives, needs, knowledge and ideas. They empower participants, enhancing both individual and collective knowledge and creativeness to generate an improved product.

By providing a firm framework to be followed (from a blank canvas) within a neutral environment after explanation of ethical practices and anonymity guarantees, the potential barriers surrounding perceptions of legitimacy and adequacy were successfully mitigated. As Participant M ³⁹ stated in workshop feedback:

The problem tree process and the way that the process was managed to create trust encouraged (genuine and quite stark) frankness and also a sense of collegiality. I would like to stress the management point because of the advantage of facilitation by someone who is familiar with the participants’ mind-sets as well as the subject matter and methodology.

Suitable diversity of professional background was acknowledged within the workshop setting, with the invited attendees ranging from front line digital police investigators, mid and senior police managers, independent training providers, academics offering particular expertise, independent police consultants and a digital investigator from a non-police public sector. ⁴⁰ The workshop was facilitated by the corresponding author, assisted by the two co-authors who are now independent researchers. The themes discussed at the workshop were not pre-determined, introduced or suggested, all came from the participating non-academic stakeholders, this ensuring that all themes were developed with integrity and in a manner that made it possible to indicate the comparative strength of each issue’s significance. Comprehensive contemporary notes of the discussions were recorded throughout. Anonymised copies were circulated to all attendees post-workshop, providing the opportunity for feedback, comments or potential correction. No disagreement with the final version of workshop notes was forthcoming.

Management, Leadership and Organisational Ethos (Issue 2.1)

It emerged from the workshop discussions that there are major questions about whether the existing management structure, ethos and tools available to senior staff (including status recognition, pay and career progression) is suitable for facilitating the changes needed to enable police forces to adjust to new ways of working required in response to cybercrime. This view is not a criticism of the management structure itself, but more frustration that direct knowledge and experience of cybercrime policing is insufficiently influential in decision making. (‘The management structure is fine, but the skills and leadership style … don’t keep up to the fast paced world we live in, … need a more bottom-up approach than what exists now’. ⁵⁶ ) This problem might reflect how today’s police force senior managers are of the wrong age to have had the opportunity to become involved in cybercrime investigations at the early stages of their career and, faced with more politically immediate issues ranging from fiscal austerity to counter-terrorism, would be unlikely to have sufficient time to develop a genuine appreciation of the problems faced by cybercrime investigators. Alternatively, it could reflect more fundamental weaknesses within police force management. For example, the general lack of detective experience at very senior levels of police management has been criticised even by a chief constable as a barrier to adaptation to respond to scientific or technological change. ⁵⁷ The highly fragmented nature of English police organisation ⁵⁸ inevitably means that there are no cyber-disciplinary specialists with high level managerial authority at either a national or regional level, leaving the power to implement transformational change concentrated in the hands of senior officers approaching the end of their career. ⁵⁹ Also the creation of directly elected police and crime commissioners ⁶⁰ is likely to make it more difficult for policing to develop strategy in contrast to policy setting with an eye to the local electorate that generally cares far less about seemingly remote cybercrime than nuisance neighbours. ⁶¹

In terms, however, of the daily experience of investigating cybercrime three core issues provided the focus for discussion among workshop participants:

a risk-averse culture within policing;

A deeply engrained risk-averse culture within policing is often manifested as a blame culture that threatens individual careers and opportunities to contribute to investigative work, whether the avoided risk (and subsequent blame) is personal judgement or conduct, legal error, or reputational (personal and organisational). ⁶² Managers and leaders often avoid risk in conventional policing, but this tendency is more pronounced with cybercrime policing because of its non-conventional environment, not the ‘well-trodden ground’ of traditional policing. ⁶³ The following quote illustrates the reluctance management have when faced with risk:

‘I’d be criticised if…’—this viewpoint holds them back because they do not do what they necessarily should do. ⁶⁴

The close interrelationship of risk-aversion and hierarchical management styles was also linked by at least one participant with leadership tending to come from an older ‘safer’ generation with warranted officer status and a less inclusive attitude than younger generations of officers. Both characteristics were seen as detrimental to the kind of leadership needed for the creation of investigative teams with higher levels of cyber investigative skills:

– so easy to say they can bring in outside people with specialist skills, but you have to have an environment where these skills are nurtured and these just are not. ⁶⁶

While the first two issues might apply to policing more generally, the final management and leadership point discussed by workshop participants is specific to cybercrime policing and resonates with the comments noted earlier about the lack of knowledge about such work within police management and leadership tiers. This arose from a discussion about the rare matching of leadership and digital expertise. There were no easy short term solutions to this question, but, conventional organisational change policies (not a point made by the participants)—cyber focused career pathways and better support for individual staff development, specialist recruitment and retention packages, and changes in remuneration—might all be suitable for strengthening police cybercrime investigative capabilities and capacity.

Over-Complication and Exaggerated Distinctions Between Policing in the Physical and Cyber Worlds (Issue 2.2)

A major theme that emerged repeatedly during participant discussion was the deceptive separation or exaggerated distinction frequently made between cyber and conventional policing. Much to the research team’s surprise, this was identified as a core barrier to change. The warnings against allowing the development of a silo attitude to cyber policing are not inconsistent with the ideas for empowering and rewarding technical expertise and knowledge in the previous section. It is concerned with how those specialist skills should fit within the deontological, legal and institutional framework of modern policing.

A ‘silo approach’ springs from two misconceptions. Firstly, there is an internal belief that cybercrime policing or ‘the digital’ is infinitely more complex than conventional policing. Secondly, there is a separation between digital and conventional policing due to the lack of sound frameworks within the digital side of policing compared to the more conventional police work such as stop and search, or investigating burglaries or violence. Workshop participants suggested that procedural frameworks for traditional areas of policing were clear, historic and everybody knew their role because they were on ‘well-trodden ground’. However, the governance structure of the 43 police forces model and the limited cyber experience of senior officers were not less familiar with digital policing compared with the conventional policing experienced earlier in their career, with many, particularly senior investigators taking, ⁷⁰ as one participant put it, an ‘I don’t do digital stance’. ⁷¹ Investigators inexperienced in digital policing were unwilling to act outside their areas of experiential knowledge; to do so would create discomfort and this now manifests itself in a deceptive separation between digital and conventional policing. In contrast workshop participants tended to the view that, while the digital badge makes some of their colleagues wary:

online surveillance isn’t actually that different to offline surveillance. ⁷²

This theme of over-complication and creation of silos was repeated throughout the day, being particularly apparent in discussion about the final two core themes, ethical policing and knowledge and training.

Ethics (Issue 2.3)

The publication of the Council of Europe’s Code of Police Ethics (2001) ⁷⁴ marked the growing importance of this issue politically, but also professional engagement with a series of major reports: Nolan on standards in public life (1995), Macpherson (1999) on the death of Stephen Lawrence and Patten about policing in Northern Ireland (1999). ⁷⁵ Further impetus to improve the understanding of ethical conduct in policing in terms of wider conduct may have been delayed, however, by uncertainty and major changes in the law on fundamental rights and tort, with the Human Rights Act 1998 and the ECtHR’s controversial decision in 2000 (Osman ⁷⁶ ) until reversed in 2002 ⁷⁷ that engaged Convention rights (art 6) with the law of tort relating to police investigations. ⁷⁸ Uncertainty about the application of tort persisted, however, until calmly restated by the Supreme Court in Robinson as ‘the ordinary common law duty of care to avoid causing reasonably foreseeable injury to persons and reasonably foreseeable damage to property’. ⁷⁹ In the face of these numerous and complex developments, not surprisingly, Flanagan (2008) found that the police had become ‘risk-averse’ and needed to move on to become ‘risk-conscious’. ⁸⁰ From what has been noted above from the workshop discussions this has not been achieved, at least in the policing of cybercrime.

The Police Code of Conduct ⁸¹ that was introduced in 1999 failed to address the ethical complexity of policing. This short document is a remarkably basic list, ranging from fundamental concepts, such as honesty, the reasonable use of force and the protection of confidential information, to corporate standards of behaviour such as sobriety when on duty and always being ‘well turned out’. This topic of interest and concern for a number of years only comparatively recently came to the fore in English policing. In 2014, the College of Policing published a formal code of ethics in their drive to establish professionalisation of the Police Service and improve standards of professional behaviour. ⁸² It has legal force as a code of practice made by the Home Secretary for promoting the efficiency and effectiveness generally of English and Welsh police forces. ⁸³

The development of the code of ethics is one strand of a binary strategy to achieve ‘professionalisation’ or more accurately ‘re-professionalisation’ of the Police Service, ⁸⁴ the second being the transition of officer recruitment and training from sole police activity to all graduate entry via degree apprenticeships in policing (akin to the approach developed a little earlier for nursing) and now in place. Another significant change occurred in the police disciplinary system on 1 February 2020 as new conduct regulations ⁸⁵ came in to force together with new performance regulations (covering unsatisfactory performance, attendance and gross incompetence). ⁸⁶

These new conduct regulations bring about considerable change in dealing with unacceptable conduct with an important and new distinction between ‘misconduct’ or ‘gross misconduct’, and professionally inadequate performance described as ‘practice requiring improvement’. ⁸⁷ This is defined in the conduct regulations as ‘underperformance or conduct not amounting to misconduct or gross misconduct, which falls short of the expectations of the public and the police service as set out in the “Code of Ethics” issued by the College of Policing…’. ⁸⁸

These changes were marked by an interesting meeting of minds with the Home office press release stressing the intention of making ‘the discipline system more proportionate’ and encouraging ‘a much greater emphasis on learning from mistakes’. ⁸⁹ With the Police Federation equally positive about the significance of the changes, in a statement that places the concerns expressed by workshop participants about the police blame culture and risk-aversion as pervasive failings of institutional culture within the police that the new arrangements would address:

After many previous reforms and incarnations of the conduct regulations the Home Office has listened to our concerns and created a process to try and embed learning, performance culture into policing. The whole ‘blame culture’—a belief that any deviation from the standards of Professional Behaviour has to be put through a misconduct process—belongs in the past. There needs to be a shift in mind-set whereby forces are alive to the fact that mistakes, errors or poor working practice can be corrected and learned from—not just by the individual but by the whole service—and learnt from quickly. ⁹⁰

It became evident from workshop discussion that this major police reform strategy based on ethics, not just in terms of individual conduct, but as an attempt, as the Police Federation expressed it, to ‘embed learning, performance culture into policing’ faces innumerable challenges even in our narrowly focused area of cybercrime investigations. One of the most interesting insights revealed by the workshop process was a dependence on technological tools and solutions developed in a market driven by commercial considerations in which police procurement is often a less powerful presence than better resourced customers whose activities do not encompass anything like the ethical and legal complexity of criminal justice:

Fundamentally the mismatch is between a technological approach to solutions which is driven by vendors of those solutions seeking a new market, which are often secondary markets from the original one. In terms of technological procurement, the policing market is small. A lot of the products that are adopted in policing come from separate entities. Example: anti-fraud tech is driven by the financial service industry and not the law enforcement community. ⁹¹

Data volume, complexity and analytical techniques available through private sector tools and services also impact upon ethical conduct. Policing being almost totally reliant on analytical software from the private sector (but not purchased centrally for the Police Service) exposed questions about whether the police need to be more actively involved within setting requirements of such applications and understanding the data-driven analytical structure and methods. ⁹² One participant confirmed that the police were now creating requirements for technology acquisition that were underpinned by ethical judgements. ⁹³ Though there were contrary concerns about the risk of ‘stifling innovation’ ⁹⁴ and a lack of understanding about the interrelationship between ethics technology and capability development as discussed at the workshop that could result in the issue not being addressed as the ethics framework is developed. ⁹⁵ There was also a perceived tension between involving private sector employees on police force ethics panels over potential conflict of interest and both avoiding over-dominance by the police ⁹⁶ and the problem of finding members with sufficient expertise. ⁹⁷

The research team noted significant concern about the integrity with which the code of ethics could be applied within a digital world, which is changing so much faster than the Police service. In particular, the theme of operating within an untested ethical framework was discussed at length and brought out the sometimes ambiguous situation that digital investigators work within, particularly with jurisdictional uncertainty in the potentially digitally borderless context where evidence is ‘seen’ and ‘grabbed’, but where it is held, or by whom is not known. Investigators present acknowledged levels of ambiguity in their work, feeding back to previous comments of separation between conventional policing (‘well-trodden ground’) and the digital world.

The uncertain nature of the ethical code where it meets digital policing is inhibiting good policing according to the participants. Digital investigators need to feel comfortable ‘in the grey’, ⁹⁸ and this ambiguity prevents that. Whether untested conventional policing ethics would be fit for purpose for digital policing ethical practice became a significant question.

Evidently, there are problems surrounding ethics that predominately centre upon ambiguity and a lack of understanding. Two views were expressed about renewing or reviewing the code of ethics for its application to cyberspace policing, one that it should be reviewed urgently, with one participant commenting that the code did not work because ‘culturally there is a lack of understanding of it’ ⁹⁹ and another advocating delay in order to allow a code to develop organically through cyber policing cases and data. Fear expressed was that a contemporary review may halt progress and stop investigators moving towards what Flanagan had described as ‘risk-conscious’ decision making, ¹⁰⁰ informed by decisions that are focused on identifying whether proposed actions are ethical and proportionate. ¹⁰¹ In the meantime, some basic questions did not appear to have been adequately addressed in guidance provided by police forces and other bodies, such as the circumstances in which hacking is legitimate, ¹⁰² and RIPA could be portrayed as ‘overbearing’ and not understood as intended to ensure effective safeguards against the misuse of powers. ¹⁰³ There was, however, no dissent about the importance, implemented with the revised disciplinary code, of creating an effective link between ethically informed decision making and police discipline:

There are still police officers making decisions based on good reasons but having the wrong outcome and then being disciplined. ¹⁰⁴

Knowledge, Training and Development (Issue 2.4)

Throughout the workshop discussion on this subject there was a recurring thread: the lack of understanding of digital policing and security among many police officers, other criminal justice system colleagues (especially in the CPS) and the public. Two issues considered already in this analysis are highly relevant to this problem, firstly police management, leadership and organisational ethos (issue 2.1) and secondly over-complication and exaggerated distinctions between policing in the physical and cyber worlds (issue 2.2).

Neither the police nor the legal system appears to be particularly geared towards the digital world. Two examples of wasted and much needed training demonstrate flaws within the system.

Participants discussed how the police often send officers on cyber security courses yet, despite the positive feedback, officers cannot implement their new knowledge and skills because leadership structures do not empower them to do so or a shortage of the right equipment means they cannot use the skills that they have acquired, suggesting a contradictory approach to efficient practice. ¹⁰⁵ Training is overwhelmingly aimed at ‘front line’ digital investigators, yet in serious crime, those investigators are task-driven by senior officers with limited knowledge. Insightful, high value and enquiring tasking is significantly impeded in an environment with limited levels of senior investigator knowledge, for example, in understanding how well-focused (to avoid digital saturation) data extraction from recovered phones might quickly open potential avenues of investigation that would otherwise be lost or slow to develop. ¹⁰⁶ However, this was not seen only as a police problem, rather as common throughout the criminal justice system:

CPS do not know much about digital evidence, this presents itself when at trial. If it can be managed without presenting evidence, then it gets parked somewhere else so they just use conventional evidence…if they don’t understand technology, they will not pursue that element of the case. ¹⁰⁷

Questions were also raised about the organisation and scope of training. It was suggested that too much attention was being placed on training new recruits who would be already better educated in cyber-issues than existing staff. ¹⁰⁹ At a more senior level, it was suggested, that more specialist advanced knowledge and training was required, particularly as the police did not have experts in probabilistic rather than deterministic data interpretation. This was coupled with the idea of promoting greater skill transfer by using networks to access knowledge and expertise from academia and business. ¹¹⁰

Much of what was discussed about staff training and development is reminiscent of the implementation of major changes in policing at the turn of the century with the introduction of the National Intelligence Model (NIM). That initiative created an immediate need for data and intelligence analysts to inform tactical and strategic resource decisions, skills that were not previously cultivated or sought within much of the Police Service and in a similar manner to a recurring problem discussed during the workshop: senior investigators did not necessarily have the analytical skills needed to make good use of this new capability.

Over a relatively short period a trend towards the civilianisation of analytical posts was developed in all police forces. In order to challenge the rapid staff ‘churn’ of analytical positions from policing to the private sector and provide knowledge levels to allow evidential input of analytical products, a career pathways scheme was developed by the College of Policing’s predecessor, the National Police Improvement Agency (NPIA) resulting in the accreditation of specialist analytical skills. Most, if not all, police forces still operate such a professionalisation/accreditation route, and this model has been replicated where the College of Policing is currently operating a Cyber Digital Career Pathways Scheme for digital investigators together with a professional institution for such staff:

The Cyber Digital Pathways Project has created a specialist profession for cyber and digital investigations specialists. The Institute of Cyber Digital Investigation Professionals provides law enforcement agencies with recognition for specialist work performed on a daily basis. ¹¹¹