Search for a speaker or keyword
Peter Sommer is a Visiting Professor in the Information Systems Integrity Group in the Department of Management at the London School of Economics and also a Visiting Reader, Faculty of Mathematics, Computing and Technology, Open University. He has acted as an expert in many important criminal and civil court proceedings where digital evidence has been an issue. He has been a Visiting Fellow in what was the Information Systems Department at the London School of Economics since 1994 and, with Jim Backhouse, has developed the current range of Information System Security courses, with their emphases on social science, management, law and policy.
As a consultant he is a well-established expert on computer security advising stock exchanges, large companies and insurance companies on systems risk.
Peter Sommer has been a Visiting Fellow in what was the Information Systems Department at the London School of Economics since 1994 and a Visiting Professor since 2008. With Dr Jim Backhouse he has developed and taught the current range of Information System Security courses, with their emphases on social science, management, law and policy. The aim has been to balance theory and analysis with the problems of implementation and is in contrast to the more usual approach which consists largely of finding technical solutions to what are wrongly perceived as purely technical problems.
He has examined at doctoral level at Cranfield and Oxford Brookes Universities. Academic interests include: Computer-related Crime, Computer Misuse, White Collar crime, Frauds, Industrial Espionage, Methods of Information Security research including case material collection and evaluation, Legal Implications of Information Security, Methods of Risk Analysis, Insurance of Computer-related risks, Ecommerce, Digital Signatures, Issues of Contingency Planning / Disaster Recovery, Electronic Publishing, Internet control issues, Intellectual Property.
In 2003-4, he was expert member of UK DTI Foresight Project Cyber Trust and Crime Prevention.
Other funded research included the forensic aspects of identity systems under FIDIS which was a European Commission-funded Network of Excellence and PRIME which was a European Commission Framework 6 Integrated Project on Privacy Enhancing Technologies (Reference Group member).
Together with LSE colleagues he has provided “Best Practice” consultancy to a syndicate of central government departments and UK clearing banks and to APACS. In September 2000 a LSE team headed by Professor Sommer was awarded a contract by the UK’s Financial Services Authority to provide advice on consumer use of e- commerce facilities in the purchase of financial products such as banking, insurance, pensions, savings, and share-dealing to assist in the development of a suitable regulatory regime.
In 2009 Professor Sommer won a contract from the UK National Audit Office to support its examination of Internet Crime. In February 2006 Mr Sommer was appointed a Visiting Research Fellow at the Faculty of Mathematics and Computing, Open University, and has since been elevated to Visiting Reader. He is the Course Consultant for a Masters’ course module on Computer investigations and Forensics – M889 – and is currently working on a Legal IT Course.
Public Policy Work
In December 1998 Peter Sommer was appointed Specialist Advisor to the House of Commons Select Committee on Trade and Industry to support their inquiry into ecommerce. This has produced four published Reports. Seventh Report (HC 187); “Building confidence in Electronic Commerce” . Tenth Report of Session (HC 648), “Electronic Commerce”, Fourteenth Report of Session (HC 862), “Draft Electronic Communications Bill”, Eighth Report of Session (HC66): UK Online Reviewed: The First Annual Report Of the E-Minister and E-Envoy. More recently he also has given evidence to the Home Affairs Select Committee and the All Party Privacy Group.
In December 2000 Professor Sommer and colleagues were awarded a European Commission contract to carry out the Intermediate Evaluation of the EC Internet Action Plan (on illegal and harmful content on the Internet). He is on the Advisory Council of the Foundation for Information Policy Research, is a Member of the Information Assurance Advisory Council and has Observer status at EURIM.
Between July 2003 and March 2009 he was a member of the Scientific Advisory Panel on Emergency Response (SAPER) run by the Government’s Chief Scientific Advisor. In 2008 he was appointed to the Digital Forensics Specialist Group which advises the Forensic Science Regulator.
In 2009, with colleagues in the LSE’s Public Engagement Network, he authored a study of the UK Government’s Interception Modernisation Program.
In February 2010 he took part in the work of the United Nations Counter-Terrorism Implementation Task Force..
In November 2010 he provided written and oral evidence to the Commons Science and Technology Select Committee’s enquiry into scientific advice and evidence in emergencies.
In 2011, with Ian Brown of the Oxford Internet Institute he wrote Reducing Systemic Cyber Security Risk for the Organisation of Economic Co-operation and Development (OECD), part of its Future Global Shocks Program.
Digital Evidence / Expert Witness Work
Legal expert witness activity has included:
• R v Michael John Smith – described by the Security Commission as the UK’s most important official secrets case involving scientific and technical espionage
• Rome Labs / Datastream Cowboy hack. A major global hacking case with USAF and NASA among the targets initially thought to have been perpetrated from North Korea and Lativa but which turned out to have been by two UK schoolboys. There were hearings in the US Senate at the beginning of the “Information Warfare/Electronic Pearl Harbour” scares. The UK case involved many novel issues of the handling of technical evidence, admissibility and the problems of evidence from US covert agencies
• R v Alibhai and others. A large conspiracy involving the commissioning and distribution of counterfeit Microsoft software and money laundering
• “NCS Operation Cathedral” – the first large UK Internet paedophile ring. At the end of the trial penalties for the related offences were increased and POLIT, the precursor to CEOP, was set up. At a technical level there were significant issues of case management arising from the large numbers of computers that had to be examined.
• “DrinkorDie” – an international investigation into organised software piracy – “warez” groups – led to the charging of 6 UK individuals. Because of the large numbers of computers involved and the extent of complex evidence from overseas agencies – this was a further challenge in terms of case management was well as of basic investigation of the contents of computers. The UK case was one of the most expensive trials in recent years. Also known as National Crime Squad Operation Blossom
• R v Ying Guo – illegal immigration conspiracy in which 58 dead Chinese were found in the back of a lorry at Dover. Defendant was a translator on whose computer was discovered apparent draft immigration applications
• “Chohan family” – a family killed by a criminal in order to take over a transportation company which was then to be used for narcotic trafficking. Some bodies were never found – a computer was found which held drafts of important documents
• Godfrey v Demon – an important Internet defamation case which helped define the extent of the “innocent dissemination” defence available to ISPs
• R v Waddon – an obscene publications act case which defines “place of publication” for jurisdictional purpose
• R v Atkins – a Protection of Children Act case which clarifies the strict liability test in “possession” and also the nature of the “legitimate research” defence
• R v Lennon, R v Cuthbert – two recent Computer Misuse cases in which the ambit of the 1990 Computer Misuse Act has been clarified
• Sorrell v FullSix and others – An aggressively-fought defamation action by the head of the advertising group WPP against Italian former colleagues suspected of publishing defamatory blogs. But the authors had used anonymising facilities to conceal their activities. The case tested the limits of the disclosure rules in relation to forensic artefacts as well as significant technical challenges.
• The “Red Mercury” terrorist case – this was an allegation by the News of the World’s “fake sheik” that material for a dirty bomb was being offered in the UK. (“red mercury” is a myth and the case was thrown out)
• Operation Crevice – the fertiliser bomb terrorist case – 14 months at the Old Bailey.
• “Scallywag” – a case under the Representation of the People Act, with place of publication and proof of involvement as the issues. Scallywag was a magazine that claimed to publish stories Private Eye thought too difficult.
• R v Deamer and others – large scale narcotics importation from Spain
• R v Murphy and others – long-running series of trials involving narcotics importation from Colombia – one issue was the provenance and reliability of overseas intercept material (which is admissible though the UK equivalent s not)
• R v B and others – the UK’s first “phishing” case involving allegations of money laundering against a number of individuals from a variety of East European countries. The trial against one alleged principal was abandoned as a result of her ill-health
• R v O – terrorism. Allegations involving assistance given to Jemaah Islamiah. Charges dropped after defence analysis and submissions
• Republic of South Africa v Jacob Zuma and Thint Allegations of corruption against a South African politician, now President of the Republic and the South African branch of a French armaments company. Case eventually dismissed. Large numbers of computers had been seized from Zuma, his alleged associates and from Thint.
• DPP v Kinsella Irish narcotics importation case relying on ETSI standard Dutch phone intercepts
• Pharm-a-Care Laboratories Pty Ltd v Commonwealth of Australia Large Australian case involving compensation after regulatory action: examination and reconstruction of computers
• R v Parker & Champkins-Howard Faked “Banksy” prints and faked email evidence
• UEA-CRU Independent Climate Change E-mails Review Support for the Muir-Russell team
• Inspire v Taylor Drew Productions Examination of computers to establish that intellectual property relating to computer-generated children’s cartoons had been fully removed.
Other cases have included fraud on a National Lottery terminal, fraud via cloned credit cards, telecommunications fraud via cloned cellular phones, fraud on the Post Office’s internal Horizon system, an alleged theft of a large quantity of credit card numbers from hacked e-commerce sites – the credit card numbers were subsequently published as a “boast”, allegations of stolen data and computer programs, pirated computer games, and industrial espionage. Civil instructions, not proceeding to litigation, have included requests to define the role of Wireless ISPs and the impact of the use of Internet “scraping” software on the Computer Misuse Act, Regulation of Investigatory Powers Act and the Data Protection Act.
Advice has also been provided on the techno-legal aspects of implementing particular forms of behavioural advertising via ISP activity. There have also been a number of “internet paedophile” cases including some under Operation Ore (some instructions from the Ministry of Skills and Education about fitness to work with children).
The practical legal work has always gone hand-in-hand with an interest in professionalising computer forensics and developing “the reliability of digital evidence” as an academic discipline both on its own and as part of the broader Information Assurance agenda. Professor Sommer spoke at some of earliest law enforcement conferences on the subject and continues to do so, including a number of closed conferences. In 1999 he was invited to speak at a FBI conference on cybercrime and in October 2000 he was part of the UK delegation to the G8 Government-Industry Dialogue on Security and Confidence in Cyberspace Workshops in Berlin. In January 2002 he was appointed by the Royal Military College of Science (Cranfield University) as an external examiner to their MSc course in Forensic Computing having previously acted as the external academic evaluator.
In April 2002 he became an advisor to the UK’s National High Tech Crime Training Centre During 2005 and 2006 he served on a Technical Working Group to develop a training scheme for digital evidence run by the US National Institute of Justice (part of the Department of Justice), one of only two non-US citizens to do so.
In November 2005 the Home Office-backed Council for the Registration of Forensic Practitioners (www.crfp.org.uk) launched a section devoted to digital evidence and Professor Sommer was Joint Lead Assessor from then until 2009.
He is on the Editorial Boards of Computer Fraud and Security Bulletin, Secure Computing, Digital Investigation and International Journal of Digital Crime and Forensics and has served on the conference committees of a number of academic symposia, including RAID (Recent Advances in Intrusion Detection) FIRST2000 Conference, Chicago, EICAR 2005 and 2007, DIGEV 2005 and WDFIA 2007, 2008, 2009 and 2010.
Information Security Consultancy Peter Sommer read law at Oxford and spent thirteen years as a book publisher with Harrap and Granada where he was responsible for paperback non-fiction. He has always had a subsidiary career as author and journalist. His interest in computing dates from the late 1960s when he was a guinea pig in work carried out by the late Dr Christopher Evans at the National Physical Laboratory.
He was among the first generation of writers on micro-computers in the mid- 1970s and entered professional computing via electronic publishing.
As an electronic publisher he set up a variety of services on Prestel, the pioneering public access database run by British Telecom, and on TOPIC, the information system of the London Stock Exchange and has also been an external Information provider for Reuters and Extel. In the run-up to the Big Bang changes in the London markets he set up a prototype investment exchange for over-the-counter securities. He has also carried out a wide range of consultancy assignments involving the commercial exploitation of new technologies and system Assessment.
The projects included a database for doctors on the BT public access service, Prestel, a technical, commercial and regulatory study of private teletext services (such as BBC Data cast), the commercial exploitation of some of the Financial Times’s editorial resources and support work on behalf of the International Commodities Clearing House’s LondonClear venture in paperless trading and securities confirmation.
The most extended work was devoted to building an electronic securities exchange, outside the London Stock Exchange, for what, prior to 1987 was called the OTC or over-the-counter market. The ambition of the exchange’s promoters was to create a share market in venture capital shares. The particular scheme failed when the Stock Exchange decided to open up the Third Market. Mr Sommer’s role initially was to set up a price and official news service on Prestel, Reuters and eventually TOPIC. Thereafter he designed a built a full working prototype exchange according to the draft regulations of the Securities and Investment Board.
The prototype permitted market makers to enter prices and bargains, provided a price information service in viewdata format with feeds to the Stock Exchange, Reuters and Extel (and from there to newspapers). The prototype generated audit trails for regulatory purposes and, despite its main function as a selling demonstration, had considerable security facilities.
In 1985 he wrote, under the pseudonym, Hugo Cornwall, the best- selling Hacker’s Handbook which was in the Sunday Times list for seven weeks and finally went into four editions, of which Mr Sommer wrote the first three. The book was about accessing the online world from personal computers and computer security. From then on Mr Sommer moved into computer security consultancy, initially as a freelance for two leading UK security companies and then as a founder-director of Data Integrity.
At Data Integrity he was Technical Director responsible for surveys and to provide the technical input to the development of what has become the Lloyds Systems Perils Policy (SPP). To this end he worked both on the policy wording and the development of the approved survey format. He helped in presentations to and negotiations with underwriters and executed and wrote the sample surveys upon which the line slip was signed.
He left Data Integrity in March 1989 and since then has worked principally for leading loss adjusters and corporate security companies, and under the umbrella of his own company, a specialist London-based computer security consultancy Virtual City Associates which provides services to insurers, lawyers and corporate security companies world-wide. Virtual City Associates provides the surveys for the SPP, which is a computer-related consequential loss/business interruption cover, and also carries out surveys for the Bankers Blanket Bond and Computer Crime policies as well as computer- related special covers. Survey subjects have included a major international payment system, a major global securities trading system, a large securities settlement service, an Internet-only bank and two fast- growing Stock Exchanges, advising insurers initially on formats for cover as well as later carrying out the risk analysis for the policy selected. More routine assignments have included insurance surveys / loss adjustment support on many large commercial and state-owned financial institutions in Europe, South America and South East Asia.
Non-insurance assignments have included advising a major UK-based international conglomerate operating in nearly sixty countries and about to install a series of complex local and wide areas networks, a large UK retailer with a suspected unwanted intruder on its internal computer networks, and an extended risk management survey for European-based securities settlement service.
The Hackers’s Handbook was followed in 1988 by DataTheft and The Industrial Espionage Handbook was published in October 1991.Mr Sommer regularly appears in television and radio programs and at conferences for the commercial, academic, law enforcement and government communities. Mr Sommer has been a Member of the British Computer Society since 1988 and has served on its Legal Affairs Committee. He is on the Editorial Boards of Computer Fraud and Security Bulletin, Secure Computing, Digital Investigation and has been on the program committees of RAID (Recent Advances in Intrusion Detection and the FIRST2000 Conference, Chicago.
Peter Sommer is an experienced commentator on television, radio and for newspapers. The LSE Press and Information Office should be able to give some guidance here, but he tends to do about 12-15 interviews a year for the major tv news bulletins and current affairs programs, usually on topics to do with information and computer security, cyberwarfare and Internet safety.
For enquires or bookings for Professor Peter Sommer please call us on +44 (0)203 002 4125 or use our contact form