ICO receives blue chip hacking files from SOCA

ICO receives blue chip hacking files from SOCA
ICO receives blue chip hacking files from SOCA

The Serious Organized Crime Agency's Operation Millipede investigated the use of corrupt private investigators by British 'blue-chip' companies. The individual companies have never been told they were investigated, and SOCA has always insisted that they should not be named.

The media, however, has long been concerned about an apparent difference in treatment between the 'press' and 'business.' The journalists' use of 'corrupt private investigators' lead to the Leveson inquiry and attempts to control the press; business' use of corrupt private investigators has led to very little.

This concern has been aggravated by a series of incorrect statements from SOCA. On 12 July SOCA said that it had given the Metropolitan Police Service (MPS) full access to the computers it had seized years earlier; but this was subsequently refuted by the chairman of the Home Affairs Select Committee, Keith Vaz. And in February 2012, the ICO issued a statement saying that it "will now be provided with additional material from the SOCA for further investigation.”

That additional information, in the form of a list of 98 names and 20 files, was handed to the ICO eighteen months later. The names were handed over on 28 August 2013, and the files delivered two days afterwards. "On 28 August, the ICO took receipt of a list of 98 company and individual clients who SOCA had identified as part of their inquiry into private investigators and the ‘blagging’ of personal information," said the ICO in a statement yesterday.

But still no names are being made public.

"The ICO will now assess the SOCA material, as well as writing in due course to all the individuals and organisations listed, to establish what information the private investigators provided, and whether the clients were aware that the law might have been broken to obtain that information", said the ICO.

The ICO has pointed out that it has three primary enforcement options available: criminal prosecution under section 55 of the Data Protection Act, civil action for breaching the act (with fines of up to £500,000), or enforcement notices to oblige changes in policies and procedures.

It is difficult, however, to see how any of these will be relevant if the 'blue-chip' client merely sort lawful investigation from the private investigators. The BBC claims to have spoken to one of the clients, a solicitor. "She commissioned a private investigation agency to track down a man who had stolen £20m from those she represented," reports the BBC. "She insists she told the agency in writing not to use illegal means."

Nevertheless, the ICO statement says, "As we are yet to assess the material, and as that assessment may prompt criminal investigations, we will not be publishing the list of clients at this stage." The initial stage of the ICO investigation will take several months, after which, "we will publish an update."

What’s Hot on Infosecurity Magazine?