Cops aim to enlist volunteers in fight against cyber-crime

The Home Secretary has announced her plans to grant police forces powers to recruit expert volunteers with policing powers to help fight crime online.

Theresa May: looking for cyber-security professionals to work for free
Theresa May: looking for cyber-security professionals to work for free

The home secretary Theresa May has announced she wants to invite volunteers to help the police combat cyber-crime in the UK. 

May announced earlier this week that as part of the new Policing and Crime Bill, police forces around the country will be allowed to recruit expert volunteers with special skills and grant them powers normally only afforded to regular police officers.

The UK's police already employ around 16,000 volunteers, called special constables, who are trained in the same way and granted the same powers as sworn officers.

The volunteers that May is proposing, however, will assume a more specialised role. As part of the Crime and Policing Bill, the Home Office is calling for specialists in IT and accountancy to help with investigations.

The home secretary announced that while “we value the essential role they play”, police officers “cannot do this on their own”. To that end, said May, "We want to help forces to create a more flexible workforce, bring in new skills and free up officers' time to focus on the jobs only they can carry out."

The National Police Chiefs' Council lead for citizens in policing, chief constable Davey Jones, echoed the home secretary's remark, saying, “The new approach to designating police powers will help the police service be more flexible when it comes to attracting and deploying volunteers with valuable skills, especially in situations where the full powers of a constable are not necessary.”

Dave Prentis, general secretary of the public sector union UNISON, gave a statement to press saying, “Police staff will be pleased that they are to get new responsibilities and powers that will stand them in better stead when it comes to fighting crime in our towns and cities.”

However, the same does not go for volunteers who, according to Prentis, “cannot be deployed to tackle serious crime in the middle of the night, and they are free to absent themselves from the workplace at any time, because they have no contract of employment. This makes volunteers totally unsuitable for police forces that need to know they can turn out staff in an emergency.”

What kind of volunteers police forces will accept is not yet clear. Law enforcement across the Atlantic has typically been saddled with the burden of not being able to hire those with a criminal record, who unfortunately happen to be some of the big talent in the world of IT professionals.

Recently FBI director James Comey told the Wall Street Journal that “I have to hire a great work force to compete with those cyber criminals and some of those kids want to smoke weed on the way to the interview”, which unfortunately prevents them from working for the FBI. UK law enforcement has similar regulations, stating that no one with a criminal record can work for a policing body.

This volunteering drive may be a handy way around that problem. A Home Office spokesperson told SC that “there will be a vetting process, but it will be down to chief constables in a local forum” to decide who will be allowed to volunteer.

The importance of cyber-security was thrown into sharp relief in the minds of the public just as police cuts were expected to come into place. The Talk Talk, VTech and Wetherspoons breaches which exposed the personal data of millions of people all came right around the expected cuts in police budgets in the Chancellor's Autumn statement.

While the Chancellor did not do what was widely expected and froze police budgets instead this may mean that fighting crime on the new frontier of cyber-space may get harder and harder.

Despite the freeze, police numbers have been in long term decline. Since March 2010, national police numbers have dropped by 17,000, with support staff taking an even larger hit, losing close to 20,000 staff and community support officers.

What is more is that though crime has been on broad decline, the recent inclusion of cyber-crime and computer enabled crime such as fraud in national statistics has shown that cyber-crime is the most common kind of crime in the UK, nearly outmatching numbers of traditional crime.

Is this drive for volunteers an attempt to bridge the gulf between the increasingly large problem of cyber-crime and the shrinking resources to fix that problem?

Prentis certainly thinks so: “Having cut police budgets relentlessly, the government is clearly pinning its hopes on a volunteer army to plug the huge gap left by the loss of so many dedicated and skilled police staff. Ministers are making a big mistake.”

Norman Shaw, CEO and founder of ExactTrak, had typically frank words for the scheme: “Getting volunteers to work on cyber-crime rather than investing in full time talent to deal with this very real crime is wrong and a step backwards both in terms of sending out the message that cyber-crime is a real and serious thing and that the police are in a position to combat it. I can almost see the hackers at their computers, typing, 'ooh they're getting volunteers to hunt me down, I'm so scared!'”

Shaw added, “Giving volunteers extra powers seems like a short-sighted answer and not a very good one at that. Real police officers need to be recruited and trained up in specialist divisions to deal with cyber crime.”

Thomas Fischer, principal threat researcher at Digital Guardian, had a critique of a different nature. While the announcement was welcome, it seems to assume that these crime-fighting volunteers exist: “The announcement implies there are large quantities of trained infosec personnel out there that are willing and able to help for free, which simply isn't the case.”

If the cyber-security industry has trouble finding highly skilled individuals for lucrative positions, then the police won't have much luck getting the people to do the same jobs for free:  “For many years the infosecurity industry has faced a recruitment drought. As a result, individuals that do meet the required training standards are highly sought after assets, likely to be in well-paid positions, with very little time to do volunteer work on the side.”