ACPO guide advised spycops on online infiltration of political activists

A 2013 guide by ACPO (Association of Chief Police Officers) marked ‘Protected’ advised police on how to conduct undercover police operations online, including tips on forming (online) relationships with targets and how to best use fake I.Ds – all sounds very familiar. The guide also provides advice on when officers should not use police equipment for online surveillance (to avoid compromising the police). Extracts from the guide are discussed below. In addition, we also examine some of the associated training materials, provided by private industry to Britain’s police and government agencies, as well as an array of online investigation tools (available to anyone). An Appendix provides links to resources on how to avoid political police surveillance.

(Note: the ACPO guide complements the College of Policing Guide on Undercover Policing.)

First, an introduction…

Political policing has always been with us and takes many forms – from the Norman invasion onwards: the crushing of the Peasants Revolt, the decimation of the Levellers and the Diggers, the prosecution of the Chartists and their massacre at St Peter’s Fields, the transportation of early trade unionists, the blacklisting of workers from the General Strike onwards, the bloody world wars that saw hundreds of thousands of workers killed, Orgreave, Hillsborough, the framing of innocents for the Guildford and Birmingham pub bombings, the extra-judicial killings in the dirty war of Northern Ireland… And in more recent years, the physical infiltration of political protests organisations – Sizewell B, CND, Greenham Common, Faslane, Drax, Ratcliffe – and the exploitation of women whom undercover police used in long-term relationships as a means to gain information or merely to use as cover.

The Pitchford Inquiry into undercover policing is supposed to look into all of this – well, the last 50 years or so – though it is absurdly clear that if it was not for the heroic actions of many of the victims in exposing what has happened, or the research work of bloggers and certain sections of the press, Pitchford would have little to inquire about. Indeed, each week, if not each day, more revelations about undercover political policing are produced – in some cases real or false names of UCOs; in other cases, further details of their activities.

But the Pitchford Inquiry is already severely truncated in its scope – many of the spycops worked all over the UK and in other countries too – yet the Inquiry is limited to just England and Wales. Moreover, the Inquiry is limited by the known unknowns (to paraphrase a former notorious US politician): those undercover police officers who have been ‘outed’ so far – not the ones who have not, nor their supervisors, nor the people at the top who authorised everything.

And it is unclear if the Inquiry will look beyond the specifics of traditional undercover political policing – for example, current internet-based methodologies – never mind the very nature and raison d’etre of political policing and its role in protecting the establishment.

But an ACPO guide, published two years prior to Pitchford and which still has relevance today, provides some insight into how undercover policing ops online work. Training courses provided by private industry to the police and private investigators alike also indicate the direction of undercover surveillance…

A. The ACPO guide on undercover online policing (2013)

The ACPO guide, marked ‘Protected’, states: “This document is intended to provide guidance to police officers or staff engaged in research and investigation across the internet”.

The guide’s authors are listed as follows: Chief Constable Steve Kavanagh (ACPO Open Source Lead), Commander Richard Martin (ACPO Undercover Lead) and ACC Jon Boutcher (ACPO RIPA Lead).

UPDATE: for the unredacted (Powerpoint into pdf) version of the guide, click here.

The guide explains the difference between attibutable research (which should only be used via official computers) and non-attributable research (which involves deep surveillance, etc). It is stressed in the guide that law enforcement euipment should not be used for covert activities.

The guide also provides advice on the use of fake I.D.s (personas) – see extract, via image, below.

Screenshot from 2016-04-29 11:23:28

The guide explains that as most internet users use open source applications, monitoring their activity via such applications does not require authorisation via RIPA; similarly, storing bulk information about individuals under surveillance (though such storage has to comply with the Data Protection Act).

However, when it comes to accessing restricted information, such as information available on social media sites limited to ‘friends’, the guide advises that providing this has been authorised such information can be accessed and stored.

The guide then clarifies expectations of a CHIS (covert human intelligence source) – e.g. an undercover officer (UCO) – in relation to online activities, including forming relationships with targets: see extract, via image, below.

Screenshot from 2016-04-29 11:38:04

Regarding use of false identities, the guide quotes the Chief Surveillance Commissioner, who advises that false personas can be deployed once they have been authories: see extract, via image, below.

Screenshot from 2016-04-29 11:43:50

B. Training courses/materials

The above ACPO guide should not be seen in isolation but examined in the context of a range of training courses.

One such course on undercover policing is by the College of Policing and covers Covert Human Intelligence Sources (spycops) but aimed at their supervisors.

Other courses are provided to the police and non-police investigators alike via providers that specialise in online monitoring. One such provider – OSINT – publishes links to all sorts of interesting investigative resources, such as Domain and IP identification tools and Twitter monitoring tools and assorted other tools.

OSINT also includes listings of resources such as:

Tracking Emails – tracking emails, with a free & paid for service – tracking emails, with a free & paid for service – tracking email service

Fake Names / False Persona’s / Creating Identities – creates false identities with full details, very UK friendly – not as good as the fake name generator but still useful if you need to create a new on-line identity – not as good as the fake name generator as it only creates identities with addresses in the USA – basic but quick fake name generator, which can also create other things as well

UK Motor Vehicles – Vehicle Details – if you enter a registration number it will give details of vehicle make, colour, engine size, date of first registration etc., and also photograph of the model type – if you enter an UK registration number it will give details of the vehicle – allows you to search a registration number & make, to see when the vehicle was first registered and if it is taxed & mot’d – search the “Statutory Registers” for details of appeals for parking or congestion charges within London Boroughs, using the subjects name to read the case details, including their registration number – search for licensed London private hire vehicles by vehicle type or registration number – searchable database giving guide values for number plates – searchable database giving guide values for number plates

CCTV & Webcams – links to a number of UK based unsecured webcams – links to a number of UK based open webcams – links to a number of UK based open webcams searchable via a map – links to a number of UK based open webcams – links to a number of UK based open webcams – links to the cctv on the UK motorway system – links to the cctv at UK weather stations

OSINT also works closely with private companies contracted to run courses on online investigations, such as Social Media Surveillance.

One such company is Qwarie, which also specialises in QA – a “desktop application that supports Open Source investigations with a guided search…” Qwarie’s courses are designed for both police and non-police investigators.

Another company is K & T Research Services, which runs similar courses to those offered by Qwarie.

Here are the range of courses offered by these compaies via OSINT:

  • The Use Of Open Source Intelligence In Investigations “This will demonstrate to students what can be achieved with on-line investigations, the types of cases it can be used in and the dangers of when they are used against us.”
  • Advanced Searching Techniques “This will demonstrate to students the advanced searching techniques & provide them with an opportunity to undertake practical scenarios.”
  • Search Engines & Meta Search Engines “This will demonstrate how search engines operate and how websites can be manipulated to hide information.”
  • Computer Security & Footprints “This will demonstrate to students how a computer can be kept safe and how its on-line footprint can be identified & altered.”
  • Internet Structure & Domain Names “This will demonstrate to students how the internet that we have now has developed and is governed and give them an opportunity to undertake practical scenarios using the demonstrated investigative techniques into the domain name registration system.”
  • Using Audit Trails During An Inquiry “This will explain to students why they must save their research and will demonstrate ways to save their research in a structured and provable way and give them an opportunity to undertake a practical scenario to use these methods.”
  • Preparing Your Evidence For Court “In conjunction with audit trails this introduces delegates to a way of introducing their enquiries into the court/legal system.”
  • Understanding Emails As An Investigative Resource “This will explain to students the difference between email addresses and demonstrate techniques in tracing emails and those using various popular on-line resources and allow students an opportunity to undertake practical scenarios to try outthese techniques.”
  • Understanding Social Networking Sites As An Investigative Resource “This will demonstrate to students how social networking sites work and the investigative opportunities provided by on-line digital photographs. Students will also be shown and have a chance through practical scenarios, to access information on Twitter & Facebook.”
  • Legal, Policy & Ethical Issues “This will demonstrate and give students a chance to discuss the relevant legal, internal policies and ethical issues around making on-line enquires.”
  • Dealing With & Grading Intelligence From Open Source Resources “This will demonstrate and give students a chance to understand & discuss the differences and similarities between Open Source Intelligence and the more standard types of intelligence used within the National Intelligence Model and the additional evaluating that may be needed as a result.
  • Databases & How To Use Them As An Investigative Resource “This will demonstrate to students why certain information cannot be located using a search engine and how to work with various free to access databases to gain additional information, with an opportunity to try out these techniques with practical scenarios.
  • Useful Software & Other Internet Investigative Resources “This will demonstrate to students additional on-line investigative resources, including items such as recovering hidden data from office documents.


One of the main software tools used by UK police (and more and more law enforcement agencies across Europe) for intelligence gathering is SOCMINT, which was designed by GCHQ in the wake of the 2011 UK riots. (An article by former GCHQ head, David Omand, on SOCMINT, is available here.)

In May 2013 Umut Ertogal, the ‘head of open source intelligence with the UK Police National Domestic Extremism Unit’, revealed in a private report to the Australian police (then preparing for the Brisbane G20 Summit), that the Unit used a software tool called SOCMINT to monitor social media sites to gauge public mood. It was apparently extensively used during the London 2012 Olympics and for ‘predicting hotspots during the 2011 student protests’ – including a call for a protest against a visit of Prime Minister David Cameron to King’s Cross railway station that resulted in the arrests of 10 people.

It was also revealed that at the time SOCMINT (which stands for ‘Social Media Intelligence’, a name also given to this open source intelligence gathering technique) was being run by a staff of 17 people working around the clock, scanning Twitter, YouTube, Facebook and other public forums used by UK citizens. Ertogral reportedly said that YouTube effectively acted as CCTV and Google Glasses were ‘another channel for us to explore and look at’.

Training in SOCMINT is provided by King’s College London and IHS (which also offers training in SOCMINT to the Australian police). The EU training in SOCMINT and OSINT (a sister product) is handled by

Training includes: Evaluating Sources; Verifying information in a variety of media; Synthesising open source information; Developing a framework for Extracting Information from Social Media; Organisation, Legal and Ethical Challenges, Sentiment Analysis; Prediction and Early Warning; Searching and analysing social media information. Dealing with Tor users is also on the course agenda.

D. Guardian/ASS/ISIS

Agenda Security Services (ASS) is a UK company that works with Government Institutions, global corporations and small to medium sized businesses and boast its staff includes “teams of ex-police, ex-military, desktop researchers and security analysts”. It “combines high tech and secure systems with well trained and customer focused researchers and analysts…” Its main program is Information Security Investigation System (ISIS). ASS explains that it intelligence can be gathered on “threats to the organisation, animal rights, extremists, competitors and counterfeiters, to name but a few.”

ASS uses an interactive software system called Guardian, which it uses to to check over a billion web pages on behalf of clients.

See also:

2013-14 report by the Office of Surveillance Commissioners

How Many of Your New Facebook Friends Are Undercover Cops?

Police Trolls fake Social Media Accounts – How to Spot them

Appendix: Taking steps to avoid privacy invasion

Here are some simple steps in the form of guides to avoid your privacy being compromised…

If blogging you may also wish to note the following 12 tips:

  1. Use different PCs for different functions (i.e. one for everyday use as ‘you’; another for blogging) with different ISP for each PC.
  2. For your blogging PC, ensure it is secondhand, purchased in cash using a fake name/address; that it is professionally stripped and reinstalled with a suitable operating system – e.g. Ubuntu or Debian (never use MS); that it is encrypted; and that you use a pay-as-you-go account to access the internet (again, paid by cash).
  3. Ensure your blog is hosted by a non-UK firm (preferably based in a country with lax surveillance laws) and that all the blog’s privacy features are enabled.
  4. Always use Tor to access your blog and any social media accounts – e.g. Twitter – that is related to that blog.
  5. Never use your real name or refer to anything that can identify you on the blog or related social media accounts or in your blog searches; ensure social media privacy settings are applied.
  6. Ensure all docs/images/pdfs uploaded to the blog are created on your blogging PC and are stripped of metadata.
  7. Ensure cookies are disabled for the blogging PC, that sound and video are disabled (the in-built camera covered too) and that Flash is disabled (all features that can pass on information about you to sites).
  8. Avoid using any Wi-fi that can be used to identify you (e.g. that requires registration or is in an Internet cafe with CCTV).
  9. Ensure Javascript is turned off (you can always turn it on temporarily for certain sites) for the blogging PC.
  10. Do not register with search engines via your blogging PC.
  11. Use a VPN (doesn’t hide your location data, by the way) and, preferably, Tails on the blogging PC.
  12. Do not purchase anything online via the blogging PC that can identify you; never logon to your blog or associated social network accounts from any PC other than your blogging PC.

(Note: the above list is not exhaustive.)

This entry was posted in Intelligence, no category, Surveillance and tagged , , , . Bookmark the permalink.

One Response to ACPO guide advised spycops on online infiltration of political activists

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.