The busy life of a forensics expert

Winding my way through north London streets and avoiding the traffic, I finally find Peter Sommer's house on a quiet suburban road. I am five minutes late and he is waiting by the door. He invites me into a spacious Victorian house and shows me through to the conservatory, from where I can see a perfectly pruned English garden. The Wellington boots beside the door suggest that he's just been out there.

Sommer's green fingers are only one of his talents as he juggles several careers. After taking a law degree at Oxford, he became a "hacker" back in the 80s, when the term meant merely "computer hobbyist", and when no one knew about the internet.

His first book The Hacker's Handbook, written under the pseudonym Hugo Cornwall, was a bestseller in its day. Some 20 years on, Sommer is now a special advisor to the House of Commons, a security academic at the London School of Economics, regularly gives evidence in court for IT crime cases, and he's renowned as a computer forensics expert.

Currently, Sommer is working on Foresight – an organisation run by the DTI that looks at problems the UK could face in the future.

"We have a number of projects with the Home Office," he explains. "The purpose is to enable policymakers to think about the next round of legislation. There's quite a range of activity. When you do war gaming, you're told to speculate how you would react under certain circumstances. My [area] has been in future forensics. But they look at things such as future technologies and what problems there might be for law enforcement.

"One of things we've been looking at is a new file system for computers to replace FAT and NTFS," he says. "We know that it's going to have encryption built-in. There's the potential that it would have very strong encryption. How are the authorities going to cope with that?"

Sommer first stepped into the legal ring as an expert witness seven years ago. He helped to defend a British teenager who hacked into the US Air Force computers and accessed top-secret information.

"This was the very beginning of information warfare, and was taken as the first example," says Sommer. "The initial diagnostics of who was doing this were faulty – [the US] persuaded themselves this was coming from North Korea, Latvia, or wherever. It was only after a while that they discovered at least one of the operators was based in north London.

"It was finally traced to a 16 year-old. Initially, they said 'we'll go easy on you', and then they decided to throw the book at him.

"The family lawyer screamed that he couldn't cope," continues Sommer. "And I became the expert. He was always prepared to plead, because he knew he'd been a naughty boy, but what are you going to plead to? Almost starting World War III? Or just being an irresponsible 16 year-old?"

When Sommer last saw the boy, who was fined £1,200 for his antics, he was studying the cello at the Royal Academy of Music. Since then, Sommer has testified on a variety of cases, including the UK's first bust on an internet paedophile ring called the Wonderland Club. To join, members had to offer the club 10,000 pictures of unseen footage.

There were initially 60 defendants in the UK charged with conspiracy. The defence lawyers recruited Sommer to help them understand the concept of digital evidence. The case started in Sussex, but the National Crime Squad (NCS) soon realised the case extended beyond national boundaries.

"From the defence lawyer's point of view, the important thing was not to get the guys off come what may, but to make sure that the NCS had what it said it had," recalls Sommer.

"That goes on in defence anyway, to make sure that the courts know what [defendants] have done. In technical terms, [the Wonderland Club] were clever at concealing their presence.

"At first, the NCS was apprehensive about me seeing the material, but in the end it worked out quite well, and the squad was not obstructive."

One of the Wonderland suspects was later linked to investigations in Operation Ore – a crackdown on paedophiles linked to creditcard transactions on a child porn website site called Landslide.

"One of the defendants had taken video pictures of himself raping his seven-year-old stepdaughter," recalls Sommer. "He divided them up into stills and put them on one of the websites that was at the heart of the Operation Ore investigations. The people who were running this were tried in Texas. But in Texas, you can only get a conviction if you can prove that this is a real child whose identity is known. A UK police officer had to go over to Texas and say: 'I know who this child is,' and that's what convicted him."

Earlier this year, the All Party Internet Group (APIG) asked Sommer for his advice on reforming the Computer Misuse Act (1990). As a lobbyist for the law in 1990, he was already familiar with the issues, and pushed for harsher sentencing and more power for the police.

In its report, APIG followed his guidance closely. But Sommer still thinks that the police are struggling to tackle cybercrime because the public are more worried about local crime.

"One of the dangers is that people in the IT community think the funding for the fight against cybercrime is separate from the resources for fighting crime in general," he asserts.

"But, of course, it comes out of the same pool. If you were to give the public a list of things that they wanted the police to do more of, but taxes remained the same, almost all of the things that interest [SC] readers would be very low on that list of priorities.

"People are worried about yobs, street crime and terrorism," he says. "Where does cybercrime come in? Once you get away from the obvious paedophile stuff and spam, a lot of the other stuff is of very little interest."

Sommer says his security philosophy extends to SC readers. He feels that firms have to be more cautious and get used to using self-defence.

"You have to look after yourself," he explains. "It's no good expecting the police to do something. One needs to make a contribution, and IT workers are just not doing that. You have got to learn how to collect evidence properly. Beef up your security. The police are not going to go patrolling around your system – it's difficult enough patrolling the streets.

"Part of your security planning is to know how to collect evidence through backup," says Sommer. "The second is to have a routine for where the evidence might be, and knowing how to preserve it when there's been an incident. But that's not saying that everybody needs a forensic technician. You need a first-aider, you don't need a brain surgeon."

Sommer's CV is impressive, but it appears there are not enough hours in the day for him. While he is a forensics examiner at the Royal Military College of Science, he also advises the FSA on e-commerce and lectures at the London School of Economics. But he has yet to find the time to complete the PhD that he began back in 1994.

"My personal problem is trying to reach a balance," he says. "The trouble with academia is that it doesn't pay terribly well. The expert witness stuff does, but can be very demanding. How do you get that balance? I haven't worked that out yet."