Computer Crime Research Center


Cybercrime fight lack funds

Date: May 17, 2005
By: Peter Sommer

National Hi-Tech Crime Unit should give piracy a lower priority

Earlier this month sentences were handed down to UK members of DrinkorDie, the international software piracy "warez" group. The judge, the National Hi-Tech Crime Unit (NHTCU) and the Crown Prosecution Service (CPS) all stressed the amount of damage they thought the group had caused.

This was one of the first of NHTCU's really complex cases to achieve completion. It cost the criminal justice system - funded by the tax-payer - several million pounds, but was it a good use of resources?

The original investigation was carried out by the US Customs Service as Operation Buccaneer and it was entirely right that NHTCU should pick up the UK leads in what was alleged to be a global activity by many interrelated warez groups.

However, it soon became clear that UK DrinkorDie members were motivated by the glory of being the first to "get out" new software with the copy protection removed, rather than by direct financial reward. This was a crime that required organisation but it was not, as NHTCU and CPS press releases hinted, traditional organised crime in the sense of extended criminal families engaged in illegal activity to make a profit.

The CPS had a choice: charge each suspect individually with substantive offences under trade mark or copyright law, or go for the much more ambitious and glamourous "conspiracy" indictment.

The first option meant single trials of a day or two and evidence limited to what was on each of the accused's computers, with the possibility of custodial sentences.

The second meant proving a common purpose to defraud. Each of the defendant's computers held potential evidence against all the others. There were no convenient "let us conspire" e-mails, so intentions had to be inferred via actual activity and through hours of jargon and slang-infested chat logs.

As this was an alleged global conspiracy, with leaders in the US, it meant looking at their computers too, and also at the plea bargains made across the Atlantic where the more "help" that was provided, the shorter the eventual sentences would be.

This meant UK defence lawyers had to examine terabytes of data rather gigabytes, determine whether US-originated testimony was tainted and if there had been a US agent provocateur operating under conditions unacceptable in UK law. Defence teams made extensive demands for disclosure from UK prosecutors, which placed a significant burden on NHTCU investigators.

Even before the trial started last September, several million pounds must have been spent in police, prosecution and defence expenses. The Old Bailey trial then ran for nearly six months.

Let's step back a little. This was not a victimless crime. Losses in software piracy are very hard to quantify because no one knows how many copies are made, how many represent lost sales and whether those would have been at full or discounted price.

Certainly a lot of the DrinkorDie archive I saw was of specialist software for particular industries, where piracy is financially pointless because the customers also want supplier support.

There were victims, but not defenceless ones. DrinkorDie did not defraud the vulnerable public, trash essential computer systems or trade in confidential personal data, for example. Software houses have remedies in the civil courts and techniques like online verification to protect themselves.

It is obviously convenient for the software industry if it can persuade ministers, police and prosecutors to provide enforcement at public expense. But resources to fight cybercrime are scarce because they come out of a general policing budget, which must also cope with terrorism, anti-social behaviour, street crime and traffic.

Software piracy should be part of the cybercrime agenda, but given a low priority. The millions the DrinkorDie case cost could have been spent investigating more serious crimes and extending the training of police and prosecutors.

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo