Unpublished official report shows industrial-scale ‘blagging’ on behalf of insurance, financial services and legal companies
The vast scale on which private investigation agencies have been used by the financial services sector to illegally raid institutions for personal data on members of the public can be revealed today by The Independent. British law enforcement and other government agencies have known for more than 12 years that sophisticated “blagging” tactics have been deployed by investigators commissioned by insurance firms, finance companies and solicitors.
They used the techniques to illicitly obtain private information by raiding official sources including the National Health Service, Customs & Excise, Social Security, Royal Mail, high street banks, utility companies, credit card firms and councils.
This newspaper has obtained a copy of a handbook, used by the blaggers, that helped to build up an entire illicit sector in the commercial raiding of government departments.
The manual has been in the possession of the authorities since 2001. It formed part of a wider “Baird Project” report compiled by The Information Commissioner’s Office, Benefits Agency (now part of the Department for Work & Pensions) and Inland Revenue on the growing threat to private data from illegal methods used by teams of tracing agents.
The report, which has also been seen by The Independent, identified “hundreds of thousands” of bogus calls made by tracers on behalf of banks, insurance firms and solicitors.
Its contents will raise fresh concerns that – while the press is now being held to account for phone hacking – the finance and legal sectors have escaped close scrutiny of their own criminal use of investigators.
The revelations come a day after this paper revealed that the Serious Organised Crime Agency (Soca) is refusing to identify the blue-chip companies that commissioned corrupt investigators to break the law. Soca is resisting demands from the Home Affairs Select Committee for the names to be made public, on the grounds that to do so might “undermine the financial viability of major organisations”.
Keith Vaz MP, chair of the Home Affairs Select Committee, said: “This is extraordinary that there’s so much detail in this [blagging] document that will allow individuals to extract so much private information. What is required now is that there should be full transparency into what these private investigators have been doing.
“We need to make sure Soca and the Metropolitan Police should be able to follow the evidence wherever it leads… to uncover the truth about what has been happening. More importantly, I think it’s necessary that those who have deliberately or unwittingly sought information about individuals or organisations should come clean and tell us precisely why they sought information and what they have done with it.”
Some of the businesses using the tracing agents were the forerunners of the Payday Loans sector and their clients were pursued relentlessly for debts. One of the first cases of illegal tracing involved a young mother who was tracked by private investigators to a woman’s refuge and was confronted on the doorstep.
The Baird – Benefits Agency, Inland Revenue Data – Project was a multi-agency Government investigation team set up in 2000. It revealed in 2001 that the finance sector was bankrolling a dirty trade in the illegal tracing of personal data. Hundreds of thousands of bogus calls were identified. One bank, the now defunct London Scottish, was raided by the Baird team as long ago as 2000.
Other clients for the blagging firms included high-security Category A prisoners who “were able to obtain information capable of persuading witnesses to change their evidence against them or ‘nobbling’ juries”, according to information in intelligence reports compiled by the Information Commissioner’s Office (ICO), which formed part of the Baird investigation.
Documents show that Operation Oval, conducted by the Metropolitan Police with the assistance of the ICO, led to the arrests of two male private investigators and disclosed suspected links to “corruption in public office, organised crime, money laundering, drug trafficking”. It said: “The areas being investigated include unlawfully obtaining information from a variety of sources including hospitals, banks, government agencies.”
In another case, investigated by the ICO, a private investigations agency – believed to have been hired by a foreign bank – was suspected of having orchestrated a violent robbery on the close female relative of a “target” to obtain phone contacts that could locate the individual. The woman was bitten by an attacker and lost her mobile phone and address book. Bogus calls were subsequently made to several people listed in the contacts files.
“The Telephone Blaggers Training Manual for Trace Work” makes clear how sophisticated the blaggers had become. It sets out in intricate detail methods of tricking public officials – from health workers to postmen – into disclosing private information about individuals. It also suggests “obtaining a subject’s bank details” by bugging rooms, carrying out physical surveillance, “mail interception” and “telephone interception”.
The document’s authorship is unknown – it was seized during an ICO raid – but it was used by entire departments of tracing agents. The ICO has been in possession of the manual since at least 2001, five years before it published What Price Privacy?, a document that revealed how media organisations, in particular, were using “tracing agents” to illicitly obtain personal data. The Baird report sets out in detail how the methods disclosed in the Blaggers manual have been put to use in real cases. It identifies a series of blaggers – based in various parts of Britain – who were used by the finance sector.
Some were identified by the false names they used when procuring information, such as “Becky Price from the Prescription Pricing Authority”, “Jonathan Adams from the Legal Department”, and “John 215” (who always gave officials a call back number with the extension number 215, to make it sound authentic). The purpose of the Baird Project was to specifically address the illicit data raids being targeted at Government departments.
“The main aim of the initiative is to impact upon companies who are regularly attempting to obtain information from the Department of Social Security and Inland Revenue by means of impersonation and deception,” it said.
The Baird Report lists the activities of a number of investigations agencies involved in blagging. One woman based in Wales, who was the subject of a search warrant by the ICO in 2000, was “responsible for thousands of bogus calls”. The report said that much of their work was for the now defunct bank London Scottish, which was itself raided by the ICO in November 2000, several years before it collapsed in 2008. “They did a great deal of work for London Scottish and were also dropped like a hot potato as soon as London Scottish found out involvement of [ICO],” said the report.
The raid on London Scottish’s Manchester offices on 19 November 2000 “caused a great deal of consternation not only with them but within the financial industry as a whole,” said the report. “While they claim they are giving every assistance they are in fact being deliberately obtuse, and using every legal delaying tactic in the book.” Investigators in the Baird team expected summonses to be issued against the bank for aiding and abetting the unlawful procurement of information – but no such action was ever taken.
The Baird report makes clear that the ICO was unhappy with London Scottish’s use of a network of tracing agents, including the companies Intersearch, V Chasers and Solent Credit, all of which were later prosecuted for unlawful activities. No prosecutions were brought against London Scottish.
As a result of the Baird Project, one tracing agent, Alistair Fraser, trading as Solent Credit Control in Portsmouth, pleaded guilty to having unlawfully obtained personal information from the Department for Work and Pensions through blagging and “pretext enquiries”. He asked for 66 similar offences to be taken into consideration and East Hampshire magistrates fined him £1,400 with £1,000 costs in 2002. The Baird report linked Fraser – known as “John 215” – to invoices seized during the raid on London Scottish.
Details of the illicit use of private investigators by insurance firms and solicitors also formed an adjunct to the original prosecution file related to Operation Motorman, the ICO inquiry that exposed the use of blagging by media companies and formed a substantial part of the Lord Justice Leveson’s inquiry into press standards.
The “Schedule of Sensitive Material” for Operation Motorman, included a bundle of material for one household name insurance company. It listed three yellow floppy discs which contained information on 32 cases where tracing agents had been asked to gather material on accident and insurance claims. Some 11 cases were direct applications from solicitors’ officers for bank account details and other personal information.
The material was gathered during a raid on the offices of a Surrey-based investigations and surveillance agency in 2002 but was not considered pertinent to the prosecution of private investigator Steve Whittamore who was convicted of illegally accessing data in 2004. Whittamore worked almost exclusively for media companies.
But the prosecution file’s “unused material” also contained “handwritten instructions on how to obtain information from the Inland Revenue,” seized during the investigation from a different tracing agent. The same raid produced a request from a named firm of solicitors for “criminal records checks”, a prima facie criminal offence. Also taken was a 51-page blaggers manual “of notes and instructions on how to obtain information from various data holding departments and public bodies”, a different manual from the one obtained by the ICO more than a year earlier.
Also on the Motorman schedule was a “brown envelope” containing 162 instances of inquiries from various insurance companies. These were pro forma instructions for checking suspected fraudulent accident claims. “It shows that solicitors and insurance companies were using private investigators left, right and centre,” said one source.
Among a dossier of information seen by The Independent is the case of a wealthy Egyptian businessman who was being pursued by an Egyptian bank over a debt. The man’s family was put under surveillance by a British private investigations agency and his sister-in-law was the subject of a violent robbery in Paris in which her hand was bitten and her handbag and mobile phone stolen.
In the following weeks, friends and relatives of the businessman in various parts of the world received bogus calls asking about his whereabouts. “The facts as they stand appear to be much too much of a coincidence to rule out any connection between the robbery and the ongoing enquiries,” stated an ICO report on the case in 2002. “I therefore consider that this attack may well have been orchestrated by [name of British tracing agency] to obtain the telephone numbers.” Search warrants were requested for raids on premises in Wales and London but no action was ever taken against the bank.
The Baird Project, which was also referred to as the “Concordat”, concluded that: “The tracing agencies are clearly more than one jump ahead of the security systems currently in place by both BA [Benefits Agency] and IR [Inland Revenue].” But it also stated that Baird had been a “resounding success” and that “at the very least an awful lot of cages have been rattled”.
The project’s findings included an attempt to gauge the scale of the use of tracing agents by the finance sector. “Within an investigation which to date has only looked at a handful of ‘minor’ tracing agencies it has already been proven beyond any doubt that this handful alone are responsible for hundreds of thousands of unlawful procurements. Multiply this handful by the number of tracing agencies that we know exist and are in full time operation, approximately 1,500, even if only 50 per cent act illegally then the true scale of the problem truly becomes apparent.”
It said: “Even the largest firm of accountants would not telephone IR or BA as often as these tracing agencies do.”
The report said that one investigator alone had “amassed over 800 pages of itemised billing within a three month period, almost all of the calls being directed at BA and IR offices, yet only a handful of [internal] bogus call reports were ever found which could be directly attributable to him”.
It concludes by saying that because of “how professional many of the more larger and longer established tracing agencies have become in their illegal pursuit of information”, government agencies such as the Inland Revenue and Benefits Agency are not capable of resisting them. “They train their staff and even provide them with training manuals and scripts to be used in order to obtain the required information, not just from BA and IR, but from dozens of organisations.”
At the time of the Baird Project tracing agents were typically paid £30 for each successful search.
The Baird Project’s work merited only a single paragraph in the ICO’s 2006 report What Price Privacy?, which looked at private investigators, especially their use by media companies.
Last night, Paul Farrelly MP, a member of the Commons Culture, Media and Sport committee, said he was uncomfortable with the ICO’s approach to the problem of blagging. “Years ago we were not very impressed with the Information Commissioner’s Office in the way of the Operation Motorman investigation.
“As regards to the press, they simply bottled it and allowed many organisations to cover their tracks. If they were aware of far more widespread criminality with the wholesale commissioning of inquiry agents by lawyers, accountants and banks then that compounds the disappointment that we feel with them. This is something I will be taking further.”
The ICO said that in the past 12 years it had taken part in “many seminars and similar events involving government departments” to warn staff to be vigilant for blaggers and had “ongoing liaison” with public bodies.
It said the purpose of its publication of What Price Privacy? in 2006 had been to “bring the problem to the attention of government” and to “highlight the limitations of the law in relation to the offence”.
Blagging and hacking: A dirty tricks glossary
In the past four weeks, The Independent has exposed how private investigators and tracing companies have carried out dubious activities on behalf of blue-chip clients. The main offences are blagging and hacking.
An offence punishable under section 55 of the Data Protection Act, which carries a maximum fine of £5,000 but penalties are often as little as £100. The Information Commissioner, Christopher Graham, has described the punishment as “no deterrent”. He has called for such offences to be dealt with under sections 77 and 78 of the Criminal Justice and Immigration Act, which would allow the courts to impose a custodial sentence.
This is dealt with under section 1 of the Regulation of Investigatory Powers Act 2000 for unlawful telephone interception. It carries a maximum penalty of two years in prison. Computer hacking is punished under the Misuse of Computers Act 1990 and carries a penalty of up to six months in jail or a maximum fine of £5,000.