Rogue private eyes: The next hacking scandal?
The agency often described as 'Britain's FBI' is being hauled in front of MPs to address allegations it has not done enough to deal with the threat posed by rogue private investigators who use criminal methods to access private information. So what does the Serious Organised Crime Agency know about the murky world of the private eye?
In January 2008 an internal report was circulated at the Serious Organised Crime Agency (SOCA), entitled "The Rogue Element of the Private Investigation Industry and Others Unlawfully Trading in Personal Data".
This was the product of Project Riverside, a confidential SOCA exercise to analyse five operations aimed at private investigators. The BBC has seen a copy.
Broadly it found that PI firms were illegally 'blagging' or hacking information from public bodies, banks and individuals.
They were sometimes working for the media, but also for debt collectors, insurance companies and criminals.
Often the technique of "pretexting" was used. This involves a PI ringing, for example, Her Majesty's Revenue and Customs, and getting an employee to disclose tax details.
The scams included using technical methods: Devices to intercept phone calls, or planting a "trojan" program on the target's computer to obtain their personal information, including their emails.
The Riverside report contains no names of the "clients" who commissioned the hacking or the investigators involved.
'Credit card trawl'
But one case, Operation Millipede, threw light on their activities.
SOCA had been watching one PI cell for some time, following up intelligence gathered in a previous criminal investigation.
In 2008 an officer bought a second-hand Apple computer belonging to one of the gang - Daniel Summers, a prolific blagger who charged £200 for illegally obtaining a bank statement and £50 for an illicit "credit card trawl".
Unfortunately for Summers, his former computer's hard drive had not been properly wiped. It led SOCA to three other men. Philip Campbell Smith, Graham Freeman and former detective Adam Spears.
They'd been paid thousands by their clients, often companies seeking to recover debts, to obtain information from targets including property companies and small business. Summers was their point man for gathering the information, using his blagging skills.
The four were jailed for between six and twelve months each.
However after the case, one of the four, Graham Freeman, defended his work, telling the BBC he was trying to track down fraudsters on behalf of clients owed money, or their solicitors, where the police were "not interested" in helping.
In one instance, this involved tracing a property dealer who had fled owing up to £20m.
But even after the convictions, Operation Milipede had legs. A source with knowledge of the case says it led directly to the Met's Operation Tuleta - which is investigating all the ways in which personal information has been illegally gathered, aside from phone hacking.
It's a massive inquiry. A recent Metropolitan Police Freedom of Information disclosure reveals 151 victims have come forward.
But this is where the SOCA investigation into rogue private investigators has recently become political.
SOCA's been accused of "suppressing" the Project Riverside report, and of doing "next to nothing" to disrupt the unlawful trade in private information.
The Agency's original report was confidential and never published. But last year, it provided a redacted copy to the home affairs select committee, and placed this version on its website, albeit four years after the report was first written.
The Home Affairs Select Committee is now demanding to see the unredacted version.
SOCA refuses to comment further on Riverside, but points to the Operation Millipede case as a success, and a sign that action is being taken.
However the agency has always refused to discuss the identities of the clients who commission PI's to illegally access private information.
When the BBC reported the Milipede case in 2012, we identified two of them - a foreign exchange trading company, and a law firm, but the names of others have never become public.
In response, SOCA said it had no proof those asking private investigators to obtain information knew it would be obtained illegally.
However, there is the risk that a private investigator will ignore a request from a client to "keep it legal" - especially when subcontracting the work to others.
In 2011, the BBC's Panorama programme revealed one of the conspiracies outlined in Riverside.
Former army intelligence officer Ian Hurst had a trojan placed on his computer in an attempt by the News of the World to read his emails. The paper was trying to find a double-agent who once penetrated the IRA.
The BBC has been told of allegations two other people allegedly had their computers targeted by the hacker involved in the Hurst case.
Ian Hurst believes the Riverside report is critical because it shows SOCA knew about criminality among PI's but didn't take action - including to prevent the hacking of his computer.
Yet the material collated in the report was never considered by the Leveson Inquiry prompting the accusation that Leveson was only interested in wrongdoing by the media, rather than others. The senior judge ruled it was outside his remit, and would over-complicate the inquiry.
Its also possible that SOCA made a similar decision during its investigations, as the Metropolitan Police made while pursuing phone-hacking. To limit the scope of the inquiry, to keep things manageable.
But unlike phone hacking one important piece of information has still not been revealed, even in the Riverside report - the number of known cases of illegality by private investigators.
Either way, the home affairs select committee is now going back to SOCA with the aim of discovering more about what the agency knows, and how it intends to tackle rogue private investigators.