Blue-chip Hacking List Scandal Grinds On

The blue-chip list is a list of around 100 major firms and a few celebrities that employed four disgraced – and imprisoned – private investigators
The blue-chip list is a list of around 100 major firms and a few celebrities that employed four disgraced – and imprisoned – private investigators

In recent months a row between the UK Parliament's Home Affairs Select Committee, chaired by MP Keith Vaz, and SOCA erupted. Eventually, the Serious Organized Crime Agency (SOCA, now merged into the new National Crime Agency under director general Keith Bristow) handed the list to the Information Commissioner, who had sought it to investigate any possible breaches of the UK's Data Protection Act.

The Home Affairs Committee simultaneously demanded that SOCA reveal the content of the list, warning that if it did not do so, the committee itself would publish the list. Vaz had criticized SOCA for apparently sitting on the list while making no attempt to consider whether any of the companies should be investigated. Trevor Pearce, then director general of SOCA, politely refused, saying that it might jeopardize any potemntial or ongoing investigations. Vaz and the committee are still considering whether and when to publish the list.

Meanwhile, the UK's Information Commissioner, Christopher Graham, now also in possession of the list, came out in support of Pearce. On 7 September he issued a statement saying, "It’s not clever to start a criminal investigation by publishing the names of everyone and everything you’re investigating. That’s why we’ve stated we’re not publishing the list at this stage, and why I’ve written to Keith Vaz MP to urge similar patience on the part of his Select Committee." 

At the end of September he again wrote to the Home Affairs Committee. He and his staff had now examined the "31 lever arch folders of material handed to us by SOCA." In summary, 12 of the 90 clients of the private investigators now seem to be inactive, while 67 are clearly still active. "But of these 67," wrote Graham, "24 are located outside the jurisdiction. In the case of a further 11 clients we have at present insufficient information. This is due to the lack of an address or lack of an entry at Companies House, the public register or the internet. These 11 could be regarded as either active or inactive as new information comes to light. We believe six of these are based in the UK, four are out of the jurisdiction and the location of the remaining client is unknown."

He went on to say that for 19 of the active clients "there is evidence of a section 55 and/or a data protection breach;" but that further investigation is necessary before any enforcement action is considered. Those 19 clients are in the construction, financial, retail, insurance, legal, private investigation and security industries. He also added that 125 victims may have been affected by the actions of the 19 clients being investigated.

Graham again repeated his request that Vaz not publish the list. "I am concerned to avoid compromising any strands of my investigation," he wrote. "In this connection I should like to reemphasise the continued need for the Committee not to take any further steps to publish the details of clients on the so-called SOCA List."

In a new statement issued Wednesday, the Information Commissioner confirmed that he expected his investigation to take eight months to complete, and that he was looking to secure additional resources to do so. 

But the row between the Home Affiars Committee and the various law enforcement agencies involved is likely to continue. Vaz said that he was "baffled that for over four years SOCA failed to conduct a scoping exercise which has taken the ICO only two weeks to complete."

There is also concern over the 12 'inactive' clients, and whether SOCA's own inactivity might lead to illegality going unpunished. Tory MP and senior committee member James Clappison told the Daily Mail, "This begs many questions as to what has been happening over a period of years. There are many questions that need to be answered."

What’s Hot on Infosecurity Magazine?