The scourge of data theft continues to threaten the privacy rights of the UK population. Whilst we welcome today’s sentencing of the private investigator, Graham Freeman, and his three accomplices, the outcome of the case underlines the need for a comprehensive approach to deterring information theft. If the Serious Organised Crime Agency had been restricted to pursuing this case solely using their powers under the Data Protection Act then these individuals would have been faced with a small fine and would have been able to continue their activities the very next day. This is not good enough.Blagging - aka pretexting - has gained major attention in the UK and Australia in relation to abuses by/for journalists, highlighted for example in Various Claimants v News Group Newspapers Ltd & Anor [2012] EWHC 397 (Ch); Bryant & Ors, R (on the application of) v The Commissioner of Police of the Metropolis [2011] EWHC 1314 (Admin) ; Coulson v Newsgroup Newspapers Ltd [2011] EWHC 3482 (QB), Coogan and Phillips v News Group Newspapers and Mulcaire [2012] EWCA Civ 48 and Andrew v News Group Newspapers Ltd & Anor [2011] EWHC 734 (Ch). Those abuses have led to calls for tighter media regulation, whether through some sort of industry body or through a government agency (as highlighted in the recently-noted Finkelstein report).
Unscrupulous individuals will continue to try and obtain peoples’ information through deception until there are strong punishments to fit the crime. We must not delay in getting a custodial sentence in place for section 55 offences under the Data Protection Act.
The Commissioner's site indicates that his Office
worked with the Serious Organised Crime Agency (SOCA) to secure today’s convictions under the Fraud Act. The ICO advised SOCA on the data protection issues connected to the case and will now be provided with additional material from the SOCA for further investigation. The ICO does not rule out taking further action against the organisations that received this information, if it becomes clear that they failed to comply with the requirements of the Data Protection Act.In September last year, in calling for custodial sentences for blagging and commenting that blagging on behalf of debt collection services was as bad as that for News of the World the Commissioner stated that -
There has been a lot of coverage in the media about the section 55 offence – or ‘blagging’ personal information, as it is known. But this offence is not just about private investigators finding out about celebrities’ hospital appointments. This crime has the potential to devastate ordinary people’s lives. The existing paltry fines are not enough to deter. The government must show they take this problem seriously by commencing the legislation Parliament put in place in 2008. If courts were able to impose the full range of sentences from fines to jail terms, including other sanctions such as community service where appropriate, we would at last have an effective deterrent to stop people engaging in this criminal activity.SOCA indicates that
Blagging isn’t hacking, but the issue has got caught up in the controversy over press behaviour. Unfounded concerns about press freedom were a distraction in 2008 and they should never have halted the introduction of stronger sanctions. They should not delay any further the commencement of the powers needed to combat this modern scourge.”
Section 55 of the Data Protection Act makes it an offence to “knowingly or recklessly, without the consent of the data controller, obtain or disclose personal data." The current penalty for committing the offence is a maximum £5,000 fine if the case is heard in a Magistrates Court and an unlimited fine in a Crown Court.
Four private investigators have pleaded guilty to stealing confidential information and selling it to paying clients.
Philip Campbell Smith, Adam Spears and Graham Freeman used the services of Daniel Summers, an expert in a technique known as blagging, to acquire personal and financial information on behalf of corporate clients and private individuals.
Searches during SOCA's investigation found quotes for Summers' services including £200 for obtaining a monthly bank statement. On his arrest Summers said "I know why you are here, this is massive," and "I'm in the biggest s**t imaginable."
Blagging is the art of bypassing security measures through skilled persuasion and impersonating someone else. Summers targeted banks, financial institutions, mortgage providers, government agencies and law enforcement databases. Evidence showed the men warning each other from time to time when their activity risked being noticed.
SOCA's investigation into the four men began when it received intelligence that Summers' computer may have had information about criminal activity stored on it. When Summers put his computer up for sale, an undercover SOCA officer succeeded in buying it from him for £590 cash. Despite Summers' attempts to erase the hard drive, SOCA's forensic analysts were able to retrieve a number of files showing Smith, Spears and Freeman tasking Summers to obtain confidential information in exchange for payment. Investigators collected further documentary and computer evidence from the other three men when they were arrested in May 2009.
SOCA's focus during the investigation was criminal conspiracy. However in recognition of the fact that the operation might also uncover information relevant to other authorities, SOCA worked in partnership with a number of bodies including the Information Commissioner's Office. SOCA will now hand over any such information to its partners to determine whether further action is appropriate.