Chapter 5: How well are the police training their officers in digital crime?
Real lives, real crimes: A study of digital crime and policing
Chapter 5. How well are the police training their officers in digital crime?
5.1. As we have set out in paragraph 1.14 to 1.16, the police response to digital crime should be capable of being provided by every police officer and member of police staff who deal directly with the public. Digital crime’s prevalence is such that it is no longer the exclusive domain of a specialist squad at a regional or national level, even if it were right that that had ever been the appropriate response.
5.2. We recognise, however, that bringing the handling of digital crimes within the general skillset of every police officer and member of police staff means that it is essential that they, in turn, have the necessary understanding of the technology.
5.3. We found a mixed picture when we considered the extent to which police officers and staff knew of, and were trained in, digital crimes and modern technology.
5.4. On the one hand, an officer summed up his views about social networking by commenting:
“I am 46 years old. I do not have a computer; what do I know about Facebook?”
5.5. On the other, another said:
“I do not see it as digital or cyber-crime; it is just crime that needs investigating. It is my job.”
5.6. Better understanding and appropriate training are crucial to ensuring that digital crime is dealt with appropriately by every officer and member of police staff, and that victims are treated properly.
5.7. Many with whom we spoke recognised this need but were uncertain how to go about obtaining evidence from digital media. They spoke of their lack of confidence that they were providing an effective service to the public. One said:
“[s]taff feel frustrated with their lack of ability to deal with digital investigations.”
5.8. Awareness that more is required in this area is the first step in providing a better service.
What advice and training is provided to staff?
5.9. Learning about digital investigation is currently provided for specialist and non-specialist staff. There are three courses provided by the College of Policing.
5.10. Non-specialist learning is predominantly provided through an online learning programme provided by the National Centre for Applied Learning Technologies. (The National Centre for Applied Learning Technologies, commonly referred to in the police service as NCALT, is a collaboration between the College of Policing and the Metropolitan Police Service. It assists the 43 Home Office police forces in England and Wales and the wider policing community in adopting new learning technologies.)
5.11. This programme was launched in November 2013. It is aimed at all frontline police officers and staff. The learning programme is divided into four modules:
- cyber-crime and digital policing;
- cyber-crime and digital policing – investigations;
- digital communications, social media, cyber-crime and policing; and
- cyber-crime and digital policing introduction.
5.12. We understand from data provided to us by the College of Policing that in 2014-15, 172,762 modules were completed.
5.13. A classroom-based course, entitled ‘mainstreaming cyber-crime training’, is designed for ‘first responders’. The contents of this course are currently being reviewed by the College of Policing.
5.14. This training course was rolled out nationally in February 2014. Between then and April 2015, 4,394 officers successfully completed it.
5.15. In addition, a level of training intended to ensure the provision of specialist knowledge within forces is provided by the digital media investigators course.
5.16. This course has only been available since January 2015. We understand that there are approximately 800 funded places available during the 2015-16 financial year. The course includes five days protected online learning and a further five-day classroom-based course. It is anticipated that the current Home Office funding for this course will stop in March 2016.
5.17. We comment further on this course at paragraphs 7.19 to 7.22.
5.18. With regard to the online training programme, we found good examples of frontline leaders using it as a group training tool, to encourage interaction between members of the team. Working through the training material together facilitates group discussions and enables specific points of learning to be highlighted. Staff commended these sessions as “beneficial and interactive”.
5.19. These instances seem to be isolated. More generally, we found a different picture.
5.20. The content and the format of the online training programme were considered broadly suitable by staff, but we heard consistent criticism of the equipment with which they were provided. We found examples where staff were expected to undertake the online training on computers from which the sound cards had been removed, thereby preventing them from listening to the online learning package.
5.21. Further, staff complained about the insufficiency of time with which they were provided to complete the training programme. In one force, so-called protected training days which staff are expected to use to maintain their continuous professional development were cancelled on a routine basis because of operational requirements.
5.22. This caused pressure on those undertaking the training when they eventually did find time to do so, and some with whom we spoke admitted to “clicking through” the online packages without paying them much regard, simply so that they could complete the training programme. In one instance, we were told that:
“[t]o be honest, the probationer does the online training for the shift on nights.”
5.23. There are clear management issues here that need to be addressed.
5.24. The mainstream cyber-crime training course began in February 2014. For 14 months, the course was subsidised to try to ensure that as many officers as possible completed it. Some forces decided that the course did not meet their requirements. As it was a national course facilitated locally, those forces amended the standard course to include additional training aspects which they considered were absent from the national programme.
5.25. Home Office funding for this training course stopped in April 2015.
5.26. The College of Policing has responded to these criticisms and is currently rewriting both the online and mainstream cyber-crime training packages. We understand that it intends to provide two-tier training: cyber awareness in an online format; and cyber for investigators, the content of which will be integrated into the professionalising investigation programme. (The Professionalising Investigation Programme is designed to ensure that staff are trained, skilled and accredited to conduct the highest quality investigations. See the programme on the College of Policing website.)
5.27. It is the College’s intention that every police officer and member of police staff who is involved in the investigative process should have the appropriate level of knowledge and understanding in order to provide a professional response to the challenges which digital technology presents. (In June 2015 the national policing lead for cyber crime training and development wrote to all chief constables. In his letter he outlined proposals for the development of mainstream cyber-crime training, and the role of forces in implementing those proposals.)
5.28. We agree.
5.29. However, we do not underestimate the challenge which the removal of funding by 2016 for two of these three courses will present to police forces which are already financially constrained. We accept that chief officers will need to take hard decisions about which training should be funded at a local level.
5.30. All that we propose to say here is that the substantial increase in digital crime and its potential to cut across all types of crime indicate to us that raising the skill base of every police officer and member of staff who is likely to be required to deal with such crimes is essential.
5.31. And we make the point that just as digital crime occurs in every police force area in England and Wales, so should the training requirement, wherever it is facilitated.
5.32. We want to make one further point. In addition to redesigning the appropriate training packages, digital skills profiles should be completed. They should be for all frontline staff, starting with those who have first point of contact with the public, call takers, front desk staff, operational police officers and police community support officers, and carry through to those in specialist roles.
5.33. Once a baseline of core skills for each role has been established, the training framework can be developed and career pathways identified. This should help to inform the requirements of the training programmes being considered and better tailor them to the needs of the staff concerned. The College of Policing has already commissioned a training needs analysis which should help to inform such profiles and aid course design.
How is the private sector involved?
5.34. No matter the breadth and depth of the training provided by the College of Policing, there are highly technical enquiries, usually connected to serious organised crime or counter-terrorism, which require specialist knowledge.
5.35. There is a general acceptance that the College of Policing is unable to provide that level of specialised training, and, because of the relative infrequency of the need, there are strong arguments to support the assertion that it is not cost-effective for the College to do so.
5.36. The issue is likely to be exacerbated as the speed of technological advances which facilitate digital crime is likely to continue to outstrip the police service’s ability to keep pace.
5.37. The use of third party training providers is a clear way forward. They have the benefit of: allowing the police service to require a bespoke training programme to address an identified need; reducing costs in training development; buying training provision at a time when it is needed rather than maintaining a training infrastructure which may not be sufficiently used; and allowing the police service to benefit from the private sector’s knowledge base.
5.38. This approach has been adopted in the police counter-terrorism network, where, in April 2015, an agreement was reached in principle to scope options for designing a National Digital Exploitation Service to support counter-terrorism policing. This is intended to maximise the exploitation of digital technologies by encouraging engagement and collaboration between law enforcement agencies and security partners.
5.39. In support of counter-terrorism network requirements, a training development pathway has been created. It has 5 levels of accreditation: foundation; intermediate; advanced (levels 3 and 4); and expert. The training provided is to industry standards and is accredited by CESG. (CESG was formerly known as Communications – Electronics Security Group. It is the information security arm of GCHQ, the Government Communications Headquarters, and the national technical authority for information assurance in the United Kingdom.)
5.40. It also incorporates an online element produced by the Open University and, in the paragraphs which follow, we have set out the way in which one force has capitalised on the work of the Open University.
5.41. In that force, applicants for a specialist role are required to have completed a specific online course provided by the Open University before making their application.
5.42. The Open University has an introduction to cyber security course as part of its Future Learn project. The course provides online learning which is designed to develop the individual’s knowledge of personal digital security. The course is modular in format and takes 24 hours to complete. In addition to traditional course materials, such as filmed lectures and reading material, the course provides an interactive user forum to support discussion between students and facilitators. The course allows unlimited participation and is free to access.
5.43. The clear benefit to the force in question is that the learning provided through the course is directly relevant to the workplace. Such benefits have also been recognised by the counter-terrorism network which has incorporated the course into the training pathway for its officers.
5.44. Indeed, it has gone further. Following consultations with the Open University, counter-terrorism policing has purchased a three-year licence for the course. This will run parallel to the current open source version of the course, and guarantees that its staff will be able to access fit for purpose training within a relatively short timescale.
5.45. We were told that the aspiration for the course is that it will be shared with security partners and, if possible, police forces in the longer term.
5.46. We have gone into detail about this example as we are convinced it provides a substantial opportunity for the police service as a whole to forge links with external providers and build strong working relationships with others who can help the police to meet the threat of digital crime.
5.47. The link between the police’s training needs and academic institutions which also provide learning in this area of work is clear. We would welcome future initiatives that enable police officers and staff to undertake approved and regulated training programmes which are recognised by academic or vocational qualifications.
5.48. There are issues to be resolved concerning the commissioning, quality assuring and licensing of external sources of training. We consider that the College of Policing is ideally placed to act as the co-ordinator for these initiatives. It should set out the framework within which the private sector may play a crucial role in augmenting home-grown training programmes so that every aspect of digital crime is with the grasp of those who are required to investigate it.
What further guidance is available to staff?
5.49. In addition to formal training, forces often use their local intranets as a source of guidance and learning for staff.
5.50. On more than one occasion, senior officers told us that “all that they [the staff] would need is on the intranet”. Unfortunately, we found that, often, this confidence was misplaced.
5.51. Our study found that the guidance available to support frontline staff through force intranet sites varied considerably. Often, what guidance existed was hidden within other unrelated guidance, and it was seldom reviewed to ensure that it remained accurate and up to date. As a result, if staff members were able to locate the relevant page on the intranet, they had little confidence in its accuracy or relevance.
5.52. We encountered this problem for ourselves during our study. One senior officer told us that all the required information was on the force intranet. We were invited to search for it. We tried. We could not find it and we enlisted the help of local staff. They too were initially not able to find it. The relevant guidance was eventually found after 90 minutes of diligent searching by a number of technology-literate individuals. The guidance was inadequate.
5.53. We have much sympathy with the police officer or member of staff who, upon carefully trawling through the intranet to find the help that he or she is seeking and then finding it inadequate, decides not to undertake the exercise a second time.
5.54. Forces need to ensure that their intranets are better maintained and contain current, accurate and useful information for staff dealing with digital investigations and enquiries.
5.55. On a more positive note, a number of forces were piloting projects which provide frontline staff with digital tablets. This allows initial responders immediate access to the force intranet and to other sources of information. One of the best examples we saw was from a response officer who attended the report of a courier fraud. At the scene of the incident, she was able to access not only guidance on how best to investigate such an incident but also what advice should be provided to victims. This is a good example of how forces are able to use digital technology to support frontline staff.
5.56. Each chief constable needs to provide appropriate and continuing training and guidance for all those within his or her force who are likely to deal with digital crime and its victims.