CHAPTER 9: LAW ENFORCEMENT
addressing and signalling information) in real time. The NCA believe that a similar
power could be useful in the UK.
9.71.
US law provides, secondly, for the pre-emptive seizure of intangible property, by
court order, so that control of it can be handed to law enforcement to use as if it is the
owner. Seizure of an IP address or domain name being used for the purposes of
crime (spreading malware, redirecting stolen data or hosting criminal forums) enables
it to be redirected to a sinkhole47 or to a web page used for public information and
crime prevention or mitigation.
9.72.
The only power which might permit such action under UK law, the Serious Crime
Prevention Order, is seen as a severe and cumbersome order, time-consuming to
obtain, which would inflict undesirable stigma on any service provider to whom it was
directed.48 I have been briefed on an international operation in which the lack of an
easily-available seizure order handicapped the NCA’s efforts in relation to a botnet
used for bank fraud.49 The point was also made to me that since the MLAT procedure
cannot be used to request another country to take action that is not available in the
UK, the NCA lacks the ability to request a sinkhole from the US.
9.73.
A third concern relates to user notification. An increasing number of US service
providers have a policy of notifying users before they disclose any information to law
enforcement, unless they are legally prevented from doing so, in order to allow the
user to file an objection if so advised. The NCA has no objection in notification taking
place, save in cases where it will hinder or undermine an investigation. In such cases,
however, I am told that the NCA has withdrawn requests rather than facing the
consequence of notification. The NCA and the police consider that it would be prudent
to have specific legislative provision in place so that an order prohibiting notification
could be obtained if appropriate.
9.74.
Fourthly, the NCA draws attention to the divergent and rapidly-changing policies
operated by overseas service providers in relation to the provision of communications
data: what it describes as an “ever-changing technical, jurisdictional and policy mishmash”. This causes much time to be devoted to tailoring a request correctly, and risks
resulting in the excessive acquisition of data, which is an “error” under the Code of
Practice.50 The NCA proposes that there should be an obligation on service providers
operating in the UK to provide regularly-updated information on what data they will
routinely provide to UK law enforcement, even if their position is that this is carried out
on a voluntary basis. It is also suggested that UK legislation needs to allow more
flexibility in how it refers to categories of data, including for example an allowance for
the “basic data package” that service providers retain on their users.
9.75.
Finally, the NCA raised with me the practice of CNE. It considers that targeted CNE
could give the whole communications picture of a subject at the early stage of an
47
48
49
50
Sinkholing is the redirection of traffic from its intended destination to one specified by the sinkhole
owners (in this case, law enforcement).
Serious Crime Act 2007, ss1 and 41, Schedules 1 and 2. I am told that the only successful application
to date, against a major drug trafficker, took three months to obtain.
A botnet is a large number of compromised computers that is used e.g. to generate spam, relay
viruses or cause a network to fail.
Acquisition Code, para 6.17.
182