Can we trust the experts?

Your front door has been kicked in. The police have thundered up the stairs, pulled you from your computer, unplugged it at the mains and arrested you for violating child pornography laws. What's next? If there is child porn on your PC, you either downloaded it, received an e-mail containing it or scanned it in yourself, or someone else put it there. If you're innocent, or there's some justifiable reason why the images are there, how confident can you be that the police's computer forensic experts can prove this, or that you can find a defence expert to help you?

If you listen to Gordon Stevenson, the managing director of Vogon International, the answer would be: not very. Vogon supplies computer forensic tools to law enforcement agencies, and its staff act as expert IT witnesses in trials. Stevenson's opinion of computer forensic experts is not high. "Of the ones I've encountered, 95 per cent are dangerous. I would think people have been put on child-protection registers because of flawed forensic work," he says. His view is that, in this field, a little knowledge is a dangerous thing.

Other forensic IT experts think Stevenson is exaggerating the numbers, but he's not alone in believing that people have been convicted on the back of unsound work. Jim Bates, the managing director of Computer Forensics and (as the developer of early imaging software) arguably the founding father of the UK's computer forensic industry, also thinks so. He has attacked the technical competence of two experienced expert IT witnesses on his website (hosted outside the UK to avoid legal requests to take it down). He writes: "In such a new field as computer forensics, virtually anyone with a little knowledge of computers finds it easy to convince lawyers, barristers and judges that they are an 'expert' and their opinions are valid and reliable. Currently you can go into court and claim any expertise you like."

Though the police are establishing computer-crime units, and have formed the National Hi-Tech Crime Unit (NHTCU) for major cases, they need civilian investigators because – as a government White Paper on police reforms says – "too few officers currently have the necessary skills to deal with the most complex IT-based crime".

And there's too much computer-based crime and evidence for officers to handle. To remedy this, the Government's hi-tech crime strategy, announced in November 2000, earmarked £10m for local forces to set up computer-crime units and £15m for the NHTCU, over three years. Every police force should have at least one network investigator and one computer forensic analyst; these can be civilian or officer posts.

But there will still be police officers who don't have the IT skills. How do they know which expert to trust, especially if there is disagreement among established experts? The same problem faces defence lawyers. Anyone can call themselves an expert IT witness, but there is no formal qualification, and no ethical standards body vouching for its members. And the Council for Registered Forensic Practitioners is a long way from looking at the computer experts.

Dr Neil Barrett, the technical director of Information Risk Management and an adviser to the NHTCU, has worked with the police for 10 years. He too is unhappy with the way computer experts are drafted into police inquiries. He became involved with police investigations after he was asked to train officers at the Bramshill police college. This got him known in the right circles, he says. "Right now the way it works is accidental. A trusted senior officer might know the right person to lean on in a particular area. I know I'm competent, but how do I prove it to other people? What we need is a way of being able to say what qualifies me to give this expert opinion."

Barrett was the forensic computer expert in the prosecution of 19-year-old Raphael Gray, aka Curador, who hacked into e-commerce sites and gained access to customer databases in order, he claimed, to expose lax security. Gray was sentenced to a psychiatric and community service rehabilitation order of three years.

The defence expert in this case was Peter Sommer, one of the men whose technical competence is challenged on Bates's website. Sommer, a visiting research fellow at the London School of Economics, wrote the Hacker's Handbook in 1985 (under the pseudonym Hugo Cornwall). His expert witness experience includes "charges of international computer intrusions into US military sites". He also had a role in the investigation of the Wonderland Club's distribution of paedophile images.

Bates has said: "Sommer is a past master at bringing in doubt" to a trial, and Stevenson believes Sommer concentrates on looking at police procedural mistakes. "The Crown Prosecution Service will drop a prosecution if they get hard questioning, and the prosecution is very nervous if all they've got is forensic evidence." Which all suggests that Sommer is a great person to have on your defence team.

Sommer, confident of his record, says: "The police are perfectly capable of deciding whether an expert is competent." He accepts that the police system for recruiting experts isn't perfect, but thinks it's as good as it'll get. "The police try you out on something small first." If the expert isn't competent, "it'll get shown up in court".

Barrett, Sommer and Bates disagree on how to accredit someone as a forensic computer expert. Bates thinks membership of the Council for Registered Forensic Practitioners is the way to go. Barrett has high hopes for a postgraduate qualification from the Royal Military College of Science. The course started in January and Barrett, who will lecture, thinks the qualification could be a base level for all forensic computer experts. But Sommer, an external assessor to the course, does not think this will work. He welcomes the course, but feels the pace of change in technology makes it difficult for the qualification to vouch for someone's competence in the future. "Some of the best computer investigators lack formal academic qualifications. Some avoid publicity because of the nature of the work. For all these reasons, and because most people in computer forensics in the UK know of each other, I think the present informal recommendation arrangement is best for the police. Most defence lawyers rely on recommendations as well."

The system is probably no more flawed than any strand of science aiding criminal investigations. But if someone sent you child pornography as a sick joke and tipped off the police, or your surfing accidentally led you to a site you didn't mean to visit, would you be comfortable with the current set-up? It's easy to show what's been on your machine. The tough bit is convincing a jury that you didn't mean it to be there. On that point, you're probably on your own.