which their application is based. This enables the SPoC to check that the applicant has
provided the correct data, and consider whether they interpreted the original information
correctly. In practice, applicants now include a digital copy of the source information or
a screenshot when submitting applications. Without exception, inspectors found that
SPoCs were undertaking timestamp conversions and asking colleagues to check their
conversion.
The capability for SPoCs to be able to electronically transfer (i.e. copy/paste) the
communications address and timestamp from the application to the CSP was less
consistent. The majority of public authorities receiving information from CSPs are
checking and double-checking against the original requirements to identify inputting
errors.
Many of the investigators who contributed to my review provided us with examples of
the research templates and guides that they use to undertake intelligence checks to try
to corroborate a physical address before applying for a search warrant.
Investigators targeting child sexual exploitation talked about their use of the “KIRAT
process” to assist them in assessing risk. The Kent Internet Risk Assessment Tool (KIRAT)
was developed by Kent Police and is part of an EU project called Fighting International
Internet Paedophilia (FIIP)1 that focuses on targeting offenders and developing victim
identification. The University of Liverpool2 is part of an EU consortium contributing to the
work and described KIRAT as follows:
“[KIRAT] is used to risk-assess people who view indecent images of children on the
Internet, helping police to assess the level of risk posed by a suspect and the likelihood
of that person becoming a contact offender - someone who commits sexual offences
against children.”
Some investigators are using both KIRAT and their internal ‘research templates’ as part
of the build-up to determining what follow-up action, such as seeking a search warrant,
may be appropriate. Inspectors concluded that KIRAT was not in common use, and
several investigators interviewed who work in this field were not aware of the tool. As it
represents current best practice, I encourage all forces to use it where appropriate.
Based on the review, I was satisfied that improvements have been achieved in this area of
work. In addition, in response to my letter, the police have created the Internet Protocol
Address Resolution (IPAR) Best Practice Group. This is welcome. Based on best practice
from around the country, the Group has already published three excellent guides. Each
guide sets out a series of standards required of police officers. I have been pleased to note
that during recent inspections, my inspectors have seen evidence of public authorities
using these guides.
However, errors are still occurring, in part due to lack of awareness of the availability of
1 https://www.insight-centre.org/content/fiip-fighting-international-internet-paedophilia
2 https://www.liverpool.ac.uk/research/news/articles/researchers-and-police-receive-eu-funding-to-aid-child-protectionefforts/
www.iocco-uk.info
23