How should the police deal with industry and, particularly, the Internet service providers (ISPs), when collecting evidence?
This is an important question for a number of reasons. First, an increasing number of extortion and abduction cases are involving evidence from email, chat rooms and Web pages, meaning that investigators have to track connections and individuals through ISPs.
Second, a growing number of companies are falling victim to extortion demands, hackers, and leaked business information  and the evidence exists on their business-critical systems.
So the question of how police should handle the collection of evidence often arises? For freestanding, straightforward computer systems there is an agreed procedure. Developed over several years, with involvement by leading police specialists, legal experts and industry figures, a Good Practice Guide for the Collection of Computer Based Evidence was issued by the Association of Chief Police Officers (ACPO) and is the standard to which police forces and most government agencies operate.
However, the protocol is of only limited use for some difficult problems. For example, it gives limited details of how investigators should approach records held by ISPs, or how they should preserve evidence from hacked computers where the fact of the hacking casts doubt on the accuracy of data.
The most important ISP data are the records of users' connections, or the link between a dynamically assigned IP address and the telephone number or subscriber details needed to track individuals. This information may be held for anything from two or three days to two or three minutes, or even less.
How then are the police to obtain this crucial information, if indeed they can? In at least one European country, a novel but unsafe mechanism has been provided: the police have direct, administrator-level access to ISPs' computer networks, giving them privileged access to the material they want, immediately.
This approach presents new dangers. With no controls on how this administrator access is gained or exploited, the challenge of establishing the verity of any material obtained must be insurmountable, and would be certain to be successfully challenged in court. And it would place an impossible burden on officers to prove they did not inadvertently pollute the material.
Instead, the information should be collected according to agreed rules by those most able to collect it  the ISPs. It should be preserved for a known period of time, subject to the restrictions imposed by the requirements to protect privacy; and should be obtainable only under controlled circumstances and at a fair price, paid by the investigators. The information should be used only for the purposes of the investigation for which it was obtained.
And this is exactly what is being done in the UK with those ISPs that are cooperating with the police under the aegis of the Internet Crime Forum, set up by ACPO for this purpose. It's nice to see the UK once again in the lead in tackling such important issues
