Baroness Shields on preventing crime in the digital age
Baroness Shields speaks on preventing crime in the digital age at the International Crime and Policing Conference 2016.
Clearly our thoughts are with those who have been affected by the events in Brussels. I would like to echo the sentiments of the Prime Minister, who has spoken of his shock and concern. We will await information urgently during the course of the day.
Turning to the reason why we are all here today, I would like to extend special appreciation to the many colleagues who have travelled here to participate, from across the UK and overseas. I am pleased that we could come together for this important dialogue and that delegates come from such a broad range of backgrounds - law enforcement, academia, the voluntary sector, industry and government.
Over the next 2 days, we will hear from more than 30 speakers who will provide expert opinion and perspective on crime prevention - how crime is evolving and adapting in a changing technology landscape and how crime prevention must change as a result. These changes represent both challenges and opportunities to leverage the scale and global nature of a connected world for better, more effective crime prevention. And tomorrow, the Home Secretary will be with us here and will launch the government’s new modern crime prevention strategy, setting out our newest approaches to tackling and preventing crime in 2016.
In the UK, and indeed across much of the western world, we have witnessed a dramatic fall over the last 20 years in what you might call ‘traditional’ high-volume local crimes, such as burglary, car theft and street violence. The independent crime survey for England and Wales shows there were 19 million such crimes in 1995, compared to 6.6 million in the year to the end of September 2015.
Crime prevention has played a significant part in that reduction. And, we must recognise that prevention - whether through the introduction of better car and home security measures, more effective policing tactics, local neighbourhood watch schemes, or CCTV - whatever the innovation, has been extremely effective. This is as a result of the combined effort of government, law enforcement, manufacturers, retailers, builders, town planners, the voluntary sector and of course the members of the public.
But as crime has fallen, it has also dramatically changed and as a result, we now face significant new challenges. Advances in technology offer criminals, particularly organised criminals, the scope to commit new types of crimes on an unprecedented scale and across jurisdictions.
So the question for us here at this conference is how do we address crime that is being catalysed by the internet? The internet has no borders and perpetrators today can target thousands of potential victims with a single keystroke, and without ever setting foot in this country.
And, how do we tackle victimisation? Today more and more vulnerable people are becoming victims of online crime and access to information and greater awareness online, has resulted in many more people coming forward to report crimes. Often these crimes such as child sexual exploitation, domestic abuse and slavery have been under-reported in the past. Coming forward takes incredible courage and we need to support everyone who does so, and we need to do more to prevent this kind of victimisation and stop these crimes from happening.
And we must ensure that we stay apace of the changes in crime by putting in place new law enforcement systems that not only combat those challenges but also help us anticipate the ever changing face of crime in this digital age.
These challenges are reflected in the conference key themes with today’s sessions focusing on preventing crime in the digital age and tomorrow’s focus shifts to preventing crime against the most vulnerable people in our society.
Let me start with a few words about how we are using data and technology to prevent new internet facilitated crimes.
The use of data is a force for growth and vital to the expansion of the global economy. Technology enriches people’s lives and offers opportunities to our children that we, as parents, have never experienced. But whilst technology empowers the curious, the creative, and the compassionate, it also empowers the criminal, the corrupt and the coercive, opening up new opportunities for criminals to commit both financial and other crimes. Crimes often perpetrated behind the cloak of internet anonymity.
As Chief Constable Kavanagh recently said - and I am grateful that he is here with us today - the victims of online abuse are often unable to articulate what has happened to them. They are often not clear what offence, if any, has been committed against them and what they can do about it. But make no mistake, such abuse can and does ruin lives.
This is why social media companies and technology providers must have robust processes in place and act promptly when abuse is reported; including acting quickly to assess the severity and urgency of each report, to remove content which does not comply with the acceptable use policies or terms and conditions and, where appropriate, suspending or terminating the accounts of those breaching the rules in place. As the Home Secretary will outline tomorrow, industry has a significant role to play in modern crime prevention.
For example, the Home Office will undertake assessments of emerging technology and convene manufacturers and other experts to consider how to design out and eliminate more crime risks. We have already undertaken such efforts with the car industry to identify technical solutions to so-called ‘keyless’ or electronic theft of vehicles. And I am delighted that we are joined by representatives from the BMW Group today, who will take part in proceedings, and share their success stories and forward plans.
Another significant challenge involves the internet facilitation of financially motivated crimes. The Office for National Statistics is leading the world in developing robust measures of the scale of fraud and cyber-crime. Initial figures that were published last year suggest that there could be up to 5.2 million cases of fraud per year, and 2.5 million cyber-crimes.
That does not necessarily mean these crimes are rising, as some have claimed - in fact, previous indicators of plastic card fraud suggest it has fallen by around a quarter after the introduction of Chip and PIN. But it does make clear the scale of the prevention challenge we all face.
Robust cyber security underpins the entire digital economy and it is our duty to keep our citizens, businesses and our public services safe. The UK is a world leader in the use of digital technologies for e-commerce and so we must be a world leader in cyber security and online payment systems and protecting those as well.
Last year, the Chancellor announced government plans to invest £1.9 billion in cyber security over the next 5 years to ensure that Britain is one of the best-protected countries in cyberspace. But as we have seen of late, the pace of innovation in criminal cyber attacks is breathtakingly fast, in fact the truth is that we have to run to just stand still.
Later this year the government will publish a new national cyber security strategy. This strategy will strengthen the UK’s leadership position in the next generation cyber security agenda, helping us meet our ambition of ensuring this country is one of the safest places to do business online.
Allow me to highlight some elements of the strategy. On a national level, we will create the National Cyber Security Centre, which is a single agency that businesses can go to for advice and help. The centre will be a unified source of advice, replacing the current array of bodies with a single point of contact for businesses. The centre will have a strong public face and will work hand in hand with industry, academia and international partners to keep the UK protected against cyber attacks.
We must be able to defend ourselves online, disrupting the criminal marketplace and ensuring those who commit offences are brought to justice. This includes boosting the capabilities of the National Crime Agency’s National Cyber Crime Unit, so that - in partnership with our counterparts around the world - we can attack the assumption among too many, that cyber crime is risk free or comes with little risk of consequences.
I know Jamie Saunders, the Director of the National Cyber Crime Unit, will address the conference later today and he will elaborate further on the strategy and the goals of his unit.
Overall, we must collectively step up our efforts to disrupt the criminal marketplace, and make sure that anyone committing cyber crime against our citizens and companies will be brought to justice.
Here in the UK, government will put in place stronger defences for government systems; installing capabilities that can detect attacks against public services, find where our services are vulnerable to attack and fix those vulnerabilities. We will also introduce a cross-government IP Reputation Service, which will warn government websites when they try to do business with known bad addresses.
The government is also putting in place a range of actions to allow us to respond to an attack, including offensive cyber capability through the National Offensive Cyber Programme. As part of this police forces across the world need to work together to ensure that less and less of the world is a hiding place for cyber criminals.
Finally, the government will develop people and businesses with the cyber skills this country needs, identifying and supporting young people with cyber talent, training them and giving them the diversity of routes into cyber careers and supporting the best cyber start ups.
There is considerable work being done across many agencies to strengthen our response to cyber crimes, and we are certainly moving in the right direction.
But tackling cyber-crime must be a collective effort. Businesses and the public can - and should - do more to protect themselves against the cyber crime threat. We need individuals and businesses across the UK to act to reduce vulnerability to cyber attack in the same way they lock their doors and windows to reduce the risk of burglary. This includes following some basic rules of keeping themselves safe - installing security software, downloading software updates, using strong passwords.
We have seen a number of high profile cyber attacks over the last year or so, for example against Sony in 2014 and TalkTalk last year. A few years ago mounting a sophisticated cyber attack meant having all the skills that each stage of the attack required, from gaining access to the network to designing the payload that was to go into it. But in the past few years, an online marketplace has emerged, which means all the elements of an attack can now be bought and assembled by nearly anyone with a base level of capability and the money to pay for it.
So companies need to protect their own networks and harden themselves against cyber attack and the government is working hard to ensure that UK businesses have the tools to protect themselves.
Let me address the next significant challenge. This is the online abuse of vulnerable people.
The ubiquity of internet communications platforms and applications has enabled offenders to contact children directly. These criminals used to be isolated but now they can connect, plot and victimise online along side other offenders.
Perpetrators are committing child abuse and sexual exploitation on a mass scale. And this is driving new and horrific forms of abuse. Criminals with a sexual interest in children can now pay to watch children being abused, live streamed online all over the world, and children are being coerced into producing sexually explicit images of themselves - often times having been groomed online by people they have never met in countries far away.
Faster internet, anonymous access and cryptocurrency mechanisms all provide more opportunities for criminals to access illegal sexual abuse images and to participate in online abuse. These are heinous crimes but given the global nature of the participants, it is not something that one nation can tackle alone. This crime transcends borders and it requires both a global co-ordinated response combined with a robust national response to protect victims and bring criminals to justice, this is why I founded WePROTECT.
WePROTECT is a global, co-ordinated multi-stakeholder response to combating online abuse and exploitation, it involves over 60 governments, technology companies and civil society. And whilst no single partner is more important than the other, it is a fact that developments in technology are enabling these crimes and we need significant co-operation to tackle them.
WePROTECT seeks to galvanise global action to empower everyone with a responsibility to protect children online to identify and protect victims, to remove child sexual abuse material from the internet. Its success depends on the ability to bring a range of partners together with the singular mission to eradicate online child sexual exploitation.
Following commitments made at the 2014 summit held here in London, the Internet Watch Foundation has now shared nearly 19,000 hashes or digital identifiers of child sexual abuse images known to UK law enforcement with 5 of the largest technology companies in the world. These hashes correspond to images that are removed from these companies’ platforms and services and this co-operation provides more opportunities to identify and support victims and enhance investigations to bring more offenders to justice. But we need to go further to develop the technology infrastructure that will allow the sharing of these hashes globally, including increasing the number of hashes available to companies and increasing the number of companies able to use them.
At last year’s WePROTECT summit in Abu Dhabi, 63 countries and international organisations, as well as major multi-national companies, signed up to ambitious statements of action affirming their commitment to tackling this crime head on and adopting a model national response.
Along with global summits, WePROTECT hosts industry events all around the world, involving established multinational companies as well as small businesses from around the world, to share tools and techniques for removing child sexual abuse material online and protecting children online. Companies who normally compete for market share, came together, and collaboratively shared knowledge in order to reduce online child sexual exploitation. All of this is driving real and tangible action, action that is reducing online child sexual exploitation, but of course, we must do more.
Since the start of the WePROTECT initiative and the partnership with Google, we have seen an 8-fold reduction in attempts to search for child sexual abuse material online by using advanced machine learning technology.
Microsoft has developed, and shared for free, its photo DNA technology, this helps companies remove thousands of images from the internet. This is significant as every image of a child being abused depicts a crime scene and for every one of those images removed, it reduces the chances of the child in that image being victimised again and again. And I am pleased to say that every day, hour-by-hour, tech companies all over the world are applying this technology and relentlessly taking down and removing this sickening and illegal content.
In addition a major objective for WePROTECT is to help marshal the collective efforts of all of those dedicated to building global capacity to tackle this crime. So I am pleased to say that the UK, US, and EU Commission have completed the merger of WePROTECT with the Global Alliance Against Child Sexual Abuse Online. This week in London we are hosting our first joint board meeting. This combined organisation further strengthens our global efforts to combat online child sexual exploitation and will ensure that the expertise, the influence and the resources to protect children from harm worldwide are unified in a single global organisation.
We have far more to do through WePROTECT but by working in partnership with industry, and beyond, we will continue to make strides in the fight to eradicate these appalling crimes.
Finally, let me turn to the subject of how we work together - how we develop new enforcement ideas and systems that can tackle the continued growth of technology based crime over the next few years.
Domestically here in the UK, we have created the child abuse image database also known as CAID. The database provides law enforcement with a new and effective national system to prioritise analysis of a suspect’s devices, and identify victims of abuse more quickly, ensuring cases can be shared with international partners via INTERPOL.
I am delighted this powerful database has now been rolled out across the UK to all police forces and the National Crime Agency (NCA), and is at the core of our commitment to deliver real improvements in how we tackle online child sexual exploitation. Recently, for example, West Yorkshire Police, working in partnership with the NCA’s Child Exploitation and Online Protection Centre, was able to use the CAID system to quickly identify and safeguard an 18 month old child who was a victim of abuse by a close family member.
The database was developed by the Home Office with input from the police, industry partners and British and international small businesses. We are pleased with the progress to date but we can’t stop there. As long as one child is being abused, this is one child too many. We will continue to take advantage of new technologies to extend its capabilities and increase effectiveness of investigations and success of prosecutions.
Finally, I would like to reiterate that these examples and many more that will be shared with you over the course of these proceedings prove that technology - used properly - is one of the most powerful tools in preventing crime. We will hear later today from the National Police Chiefs’ Council, who are working to drive the development of digital policing here in the UK, putting in place capabilities for digital public contact and the capture, exploitation, storage and sharing of digital intelligence and evidence. This will enable improved accessibility and the seamless management of data from creation at initial contact through investigation, prosecution and retention. The Home Office has provided £4.6 million of transformation funding to help deliver this digital capability.
In conclusion, whilst we continue to make great progress in reducing and preventing crimes in the physical world, we have to evolve our approaches and capabilities to address these new and evolving digitally enabled cyber crimes and internet enabled crimes. These are indeed very ‘modern crimes’, that are facilitated by the scale and ubiquity of the internet, and they go beyond our traditional borders and jurisdictions. We must be at least one step ahead of the criminals to keep people safe. We must leverage those same technologies in both a robust national and global response.
The government’s ambition is for Britain to be one of the best-protected countries in the world. It will give our companies and citizens the tools they need to stay safer from cyber attack; and it will also create jobs and prosperity. We are also making sure our agencies have the technology, the powers and the capabilities they need to tackle the perpetrators of online child sexual abuse, and other internet enabled crimes.
Everyone in this room is part of that effort, including our international colleagues, with whom we must continue to work closely, as this is an issue that knows no boundaries. We owe it to society today and to our children tomorrow, to leave the world a safer place than we found it.
Thank you for listening and I hope you make the most of the next 2 days.