Archives

Computer Forensics experts warn of possible imposters

Peter Warren reports on the rising concern over the lack of any certification or register for those offering specialist knowledge on computers to courts

Some of the UK’s leading computer forensics experts have warned that miscarriages of justice are occurring because of a lack of clear guidance over what an expert witness should know when giving evidence to do with computers.

According to others, computer forensics as a whole is in turmoil due to a whole raft of different qualifications, which has resulted in a situation where individuals either have a number of different certificates or none at all and that the situation is not expected to improve for two years at least. 

“There are currently a lot of people involved in computer forensics who have no qualifications at all,” said Neil Hare-Brown, managing director of QCC, a company that carries out forensic investigations for the police.
 
Incompetence rife
 
“I would say that 5-10% of the people working in this area are incompetent and that has led to problems with investigations.
“We have been given discs by the police that have been examined by people who have said that there is no evidence on them and subsequently found considerable amounts of evidence.”
Comments endorsed by Alan Phillips, managing director of 7Safe, a company that both carries out investigations for the police and certifies examiners with a course jointly run with Glamorgan University.
“Forensics is a fairly new profession but there are some people who have been working in the area for a long time and there are people who purport to be experts in the field who do not have qualifications.”
The warning has come in the wake of the sentence handed out last month to Gene Morrison, a conman who masqueraded as a forensic scientist and gave evidence in over 700 police cases, some of them involving rape and drink driving.
Morrison, 48, of Hyde, Tameside, who was found guilty of 22 counts of perjury at Minshull Street Crown Court, and was given a five year jail sentence after it was disclosed that his claims to be a forensic scientist were bogus and that Bsc and Phd qualifications Morrison claimed to have had were bought from a university that only existed on the internet.
A situation that could quite easily occur in computer forensics, with many top experts privately expressing the view that moves to create a system similar to the expert witness program of the General Medical Council are nothing short of a ‘shambles’.
 
Dire need for professional body
 
“This is an issue,” said Dr Andrew Blyth, Principal Lecturer at Glamorgan University Information Security and Computer Crime course and a frequent expert witness.
“What we need is a professional body that registers people and checks their accreditation. “We need to have some system in place that lets us differentiate between people who are trying to deceive people and people who are experts in this field and might not have a relevant qualification.”
One of the UK’s top computer scientists, who declined to be named, described the situation as untenable.
“Every form of crime that goes before a court has a computer involved in it in some way whether it’s a computer or increasingly, a smart phone so it is imperative that we find a way to sort this out.
“We need to arrive at a body of data that experts need to know, we need a body of practice that shows what work experts have done in the past, a set of formal qualifications that people should have and the co-operation of the courts to recognise all of that.”
A view supported by Dr Andrew Jones, head of BT’s Security Technology Research Group.
“At the moment I think the system for the registration of expert witnesses and the way that the courts use technological expert witnesses has to be defined. We have seen situations in the past where the accused has been allowed to be their own expert witness and that cannot be right.
“there are people who purport to be experts in the field who do not have qualifications”
“There is a burning need to sort this out. We have got by for 12 to 14 years now without one. Most of the cases that have gone wrong because of problems with expert witnesses have been ones involving medical expert witnesses, but that just means that it is a question of time before it happens with computers.”
Ironically the concern has occurred principally because of a sudden burst of activity by the groups most concerned with the presentation of credible witnesses in court cases.
For the last 18 months the Council for the Registration of Forensic Practitioners, which covers the entire spectrum of forensic investigators, has been publicising the existence of its register which includes a category for computer specialists.
 
New guidelines to be announced
 
In late March the Association of Chief Police Officers is expected to announce new guidelines informing businesses of how they should store and treat information they believe will be used in computer crime cases and the Institute of Information Security Professionals says that it will be announcing long-awaited plans for a registration scheme within the next two months.
According to Alan Kershaw, chief executive of the CRFP, its early days but a start has been made.
“The case of Morrison very clearly demonstrates the need for a register. The problem that there has been in the past is that there has been no lead body in this area but now we have defined the current competence and started to put people on the register.
“People applying to go on the list are assessed on their past casework by assessors who themselves have been assessed on their casework,” said Kershaw, who added that the CRFP’s process has already had some success in imposing standards.
“We’ve been shining a light and that is a great challenge for the industry and it’s exposure that some people are not happy about and we are seeing some start to scurry off into the darkness.”
A view that may be a little complacent. For an industry that claims to deliver exactitudes and efficiencies, computing can be a very inexact science and the world of computer forensics can often be a place of interpretation as well as fact.
Which has meant that the CRFP’s insistence on casework has led to grim mutterings among many would-be forensic practitioners who point out that there is no allowance for qualifications on the register, others claim that is a club and point to the fact that of the 13 names listed on the register’s two categories for computer experts there are in fact only 10 individuals with three names being repeated in a second category and of the 14 assessors three are drawn from the list of expert witnesses.
Infighting
 
“I think it’s one thing to slag off the CRFP, but it seems to me that it is being done by people who are scared of going out and passing an exam and getting the relevant experience,” said QCC’s Hare-Brown.
Those unhappy with the CRFP are praising the virtues of the industry champion – the IISP – which says that it will test both competence and qualifications for its register.
“At the moment pretty much anyone can represent themselves as a computer forensic expert,” said Nick Coleman, chief executive of the IISP.
“We’re aiming to produce competent professionals and we’re going to do that by subjecting individuals to a scrutiny of their knowledge and experience.”
Last month, Jim Gamble, the head of the Child Exploitation and Online Protection Centre admitted that he did not have the resources to investigate the flood of paedophile leads submitted to the unit.
Which when added to the growing row over just who can be an expert witness in the court cases that will try any paedophile cases can only mean that more miscarriages of justice are likely to occur. 
___________________________________________________________________________________________
First published in The Guardian, March the 8th, 2007