Security Experts:

Police Audit Finds Investigation Backlog Poses Significant Risk

An internal audit of the Royal Canadian Mounted Police (RCMP) has discovered a backlog that poses a significant risk to its cybercrime investigative progress, meaning some crimes may go without investigation, officials fear.

The audit focused on the RCMP’s technical crime program, which investigates cases ranging from child pornography to Web-based fraud, and discovered an “increasing backlog of requests” that required immediate attention.

“All five units visited had a backlog of requests, devices that had been received but not yet analyzed. The definition of what constitutes a backlog is unclear and units quantified their backlogs differently,” the final report explains.

Some units measured their backlogs in terms of turnaround time, while others measured on the number of items in queue. Some units were able to account for the number of request received in a given year, but “no historical data was being captured on the number of requests and devices processed year after year, nor the length of time it took to process each device. In addition, no information related to the backlog was reported to [Technological Crime Branch].”

According to the report, these backlogs constituted a significant risk to the technical crimes program. Responding to the audit, Line Carbonneau, RCMP deputy commissioner for policing support services, said that the program has found itself in a “period of unprecedented global technological change,” creating an extremely challenging operating environment.

“Furthermore, cybercrime is quickly becoming a phenomenon which has garnered the attention of the public, media, law enforcement and governments around the world... The risks associated with our ability to conduct and support organized crime and national security investigations is contingent on an effective and efficient Technological Crime Program, and therefore we are committed to addressing the deficiencies identified by the audit.”

The audit itself was conducted in early 2012, but was only recently released to the public. Parts of the official report were redacted before publishing, in order to account for operational security.

There was no timeline available to account for when the problems were to be resolved, including the breakdown in accountability and reporting between the various programs.

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.