Professor Peter Sommer CV

He is now a Visiting Professor of Digital Forensics at Birmingham City University and a Visiting Professor at De Montfort University Cyber Security Centre. Until 2011 he was a Visiting Professor in the Information Systems Integrity Group in the Department of Management at the London School of Economics and a former Visiting Reader, Faculty of Mathematics, Computing and Technology, Open University. As a consultant he is a well established expert on computer security advising stock exchanges, large companies and insurance companies on systems risk.

He is a Fellow of the British Computer Society and also a Fellow of the Royal Society of Arts.

Digital Evidence / Expert Witness Work

A selection of the more interesting cases can be found here.

Other cases have included fraud on a National Lottery terminal, fraud via cloned credit cards, telecommunications fraud via cloned cellular phones, fraud on the Post Office’s internal Horizon system, an alleged theft of a large quantity of credit card numbers from hacked e-commerce sites – the credit card numbers were subsequently published as a “boast”, allegations of stolen data and computer programs, pirated computer games, and industrial espionage.

Civil instructions, not proceeding to litigation, have included requests to define the role of Wireless ISPs and the impact of the use of Internet “scraping” software on the Computer Misuse Act, Regulation of Investigatory Powers Act and the Data Protection Act. Advice has also been provided on the techno-legal aspects of implementing particular forms of behavioural advertising via ISP activity. There have also been a number of “internet paedophile” cases including some under Operation Ore (plus some instructions from the Ministry of Skills and Education about fitness to work with children).

The practical legal work has always gone hand-in-hand with an interest in professionalising digital forensics and developing “the reliability of digital evidence” as an academic discipline both on its own and as part of the broad Information Assurance agenda. Peter Sommer spoke at some of earliest law enforcement conferences on the subject and continues to do so, including a number of closed conferences.

In 1999 he was invited to speak at a FBI conference on cybercrime and in October 2000 he was part of the UK delegation to the G8 Government-Industry Dialogue on Security and Confidence in Cyberspace Workshops in Berlin. In January 2002 he was appointed by the Royal Military College of Science (Cranfield University) as an external examiner to their MSc course in Forensic Computing having previously acted as the external academic evaluator.

In April 2002 he became an advisor to the UK’s National High Tech Crime Training Centre During 2005 and 2006 he served on a Technical Working Group to develop a training scheme for digital evidence run by the US National Institute of Justice (part of the Department of Justice), one of only two non-US citizens to do so.

In November 2005 the Home Office-backed Council for the Registration of Forensic Practitioners (www.crfp.org.uk) launched a section devoted to digital evidence and Professor Sommer was Joint Lead Assessor from then until 2009. Until recently he also advised the Forensic Science Regulator.

In 2013 he was included in the List of Experts before the International Criminal Court at the Hague.

In 2013 also he was invited by the International Information Systems Security Certification Consortium – (ISC)2 – to act as the only non US reviewer of its Certified Cyber Forensics Professional – CCFP – program.

In 2014 he was appointed to the Home Office Digital Signature Expert Panel. Since 2014 he has acted as a consultant to NRGD, the Netherlands Register for Court Experts.

Since 2017 he has been on National Crime Agency MCIS register of expert witnesses and has carried out many instructions for the NCA and Regional Organised Crime Units.

He is on the Editorial Boards of Computer Fraud and Security Bulletin, Secure Computing, Digital Investigation and International Journal of Digital Crime and Forensics and has served on the conference committees of a number of academic symposia, including RAID (Recent Advances in Intrusion Detection) FIRST2000 Conference, Chicago, EICAR 2005 and 2007, DIGEV 2005 and WDFIA 2007, 2008 2009 and 2010, and DFRWS-EU from its inception.

He is a Board Member of the Foundation for Information Policy Research and a member of the Advisory Council of the Open Rights Group.

Previous Career / Information Security Consultancy

Peter Sommer read law at Oxford and spent thirteen years as a book publisher, first for Harraps, when it was independent and published trade books, then for Granada Publishing in its paperback division, joining initially to run the Paladin imprint. Granada later sold its interests to Harper Collins.

He has always had a subsidiary career as author and journalist. His interest in computing dates from the late 1960s when he was a guinea pig in work carried out by the late Dr Christopher Evans at the National Physical Laboratory.

He was among the first generation of writers on micro-computers in the mid-1970s and entered professional computing via electronic publishing.

As an electronic publisher he set up a variety of services on Prestel, the pioneering public access database run by British Telecom, and on TOPIC, the information system of the London Stock Exchange and has also been an external information provider for Reuters and Extel. In the run-up to the Big Bang changes in the London markets he set up a prototype investment exchange for over-the-counter securities. He has also carried out a wide range of consultancy assignments involving the commercial exploitation of new technologies and system assessment.

In 1985 he wrote, under the pseudonym, Hugo Cornwall, the best-selling Hacker’s Handbook which was in the Sunday Times list for seven weeks and finally went into four editions, of which he wrote the first three. The book was about accessing the online world from personal computers and computer security.

From then on he moved into computer security consultancy, initially as a freelance for two leading UK security companies and then as a founder-director of Data Integrity where he was Technical Director responsible for surveys. One of his co-directors was Simon Mann before he moved into private military services operations. He left Data Integrity in March 1989 and since then worked principally for leading loss adjusters and corporate security companies, and under the umbrella of his own company, a specialist London-based computer security consultancy Virtual City Associates which provided services to insurers, lawyers and corporate security companies world-wide.

He helped develop one the earliest cyber crime insurance polices, the SPP, which was a computer-related consequential loss/business interruption cover, and has also carried out surveys for the Bankers Blanket Bond and Computer Crime policies as well as computer-related special covers. Survey subjects have included a major international payment system, a major global securities trading system, a large securities settlement service, an Internet-only bank and two fast-growing Stock Exchanges, advising insurers initially on formats for cover as well as later carrying out the risk analysis for the policy selected. More routine assignments have included insurance surveys / loss adjustment support on many large commercial and state-owned financial institutions in Europe, South America and South East Asia.

Non-insurance assignments have included advising a major UK-based international conglomerate operating in nearly sixty countries and about to install a series of complex local and wide areas networks, a large UK retailer with a suspected unwanted intruder on its internal computer networks, and an extended risk management survey for a European-based securities settlement service. Civil instructions have involved questioned emails and alleged hacking to obtain access to bitcoin wallets.

The Hacker’s Handbook was followed in 1988 by DataTheft and The Industrial Espionage Handbook was published in October 1999. His most recent publication is an ebook, Digital Evidence Handbook, available via Amazon/Kindle. Professor Sommer regularly appears in television and radio programs and at conferences for the commercial, academic, law enforcement and government communities.

Professor Sommer has been a Member of the British Computer Society since 1988 and has served on its Legal Affairs Committee. He became a Fellow in 2014.

Academic Interests

Peter Sommer became a Visiting Fellow in what was the Information Systems Department at the London School of Economics since 1994 and was a Visiting Professor 2008-2011. With Dr James Backhouse he developed and taught a range of Information System Security courses, with their emphases on social science, management, law and policy. The aim has been to balance theory and analysis with the problems of implementation and is in contrast to the more usual approach which consists largely of finding technical solutions to what are wrongly perceived as purely technical problems.

He has examined at doctoral level at Cranfield and Oxford Brookes Universities.

Academic interests include: Computer-related Crime, Computer Misuse, White Collar Crime, Frauds, Industrial Espionage, Methods of Information Security research including case material collection and evaluation, Legal Implications of Information Security, Methods of Risk Analysis, Insurance of Computer-related risks, ECommerce, Digital Signatures, Issues of Contingency Planning / Disaster Recovery, Electronic Publishing, Internet control issues, Intellectual Property.

In 2003-4, he was expert member of UK DTI Foresight Project Cyber Trust and Crime Prevention (http://www.foresight.gov.uk/cybertrust.html). Other funded research included the forensic aspects of identity systems under FIDIS (www.fidis.net) which was a European Commission-funded Network of Excellence and PRIME (http://www.prime-project.eu.org/) which was a European Commission Framework 6 Integrated Project on Privacy Enhancing Technologies (Reference Group member).

Together with LSE colleagues he provided “Best Practice” consultancy to a syndicate of central government departments and UK clearing banks and to APACS. In September 2000 a LSE team headed by Professor Sommer was awarded a contract by the UK’s Financial Services Authority to provide advice on consumer use of e-commerce facilities in the purchase of financial products such as banking, insurance, pensions, savings, and share-dealing to assist in the development of a suitable regulatory regime.

In 2009 Professor Sommer won a contract from the UK National Audit Office to support its examination of Internet Crime.

In February 2006 Mr Sommer was appointed a Visiting Research Fellow at the Faculty of Mathematics and Computing, Open University, and was later elevated to Visiting Reader. He was the Course Consultant for a Masters’ course module on Computer Investigations and Forensics. In 2012 he joined the Cyber Security Centre at De Montfort University as Visiting Professor.

He is now Visiting Professor of Digital Forensics at Birmingham City University.

Public Policy Work

In December 1998 Peter Sommer was appointed Specialist Advisor to the House of Commons Select Committee on Trade and Industry to support their inquiry into ecommerce. This has produced four published Reports. Seventh Report (HC 187); “Building confidence in Electronic Commerce”. Tenth Report of Session (HC 648), “Electronic Commerce”, Fourteenth Report of Session (HC 862), “Draft Electronic Communications Bill”, Eighth Report of Session (HC66): UK Online Reviewed: The First Annual Report of The E-Minister And E-Envoy.

In December 2000 Professor Sommer and colleagues were awarded a European Commission contract to carry out the Intermediate Evaluation of the EC Internet Action Plan (on illegal and harmful content on the Internet). He is a Board member of the Foundation for Information Policy Research, and was a Member of the Information Assurance Advisory Council and has Observer status at EURIM.

Between July 2003 and March 2009 he was a member of the Scientific Advisory Panel on Emergency Response (SAPER) run by the Government’s Chief Scientific Advisor. (SAPER is the predecessor of SAGE). In 2008 he was appointed to the Digital Forensics Specialist Group which advises the Forensic Science Regulator.

In 2009, with colleagues in the LSE’s Public Engagement Network, he authored a study of the UK Government’s Interception Modernisation Program.

In February 2010 he took part in the work of the United Nations Counter-Terrorism Implementation Task Force (http://www.un.org/terrorism/internet.shtml).

In November 2010 he provided written and oral evidence to the Commons Science and Technology Select Committee’s enquiry into Scientific advice and evidence in emergencies and in November 2011 to its enquiry into Malware and cybercrime.

In 2011, with Ian Brown then of the Oxford Internet Institute he wrote Reducing Systemic Cyber Security Risk for the Organisation of Economic Co-operation and Development (OECD), part of its Future Global Shocks Program.

In 2013 he provided written and oral evidence to the Joint Committee examining the draft Communications Data Bill and in the same year to the Commons Home Affairs Select Committee investigation of e-Crime. In 2014 he gave written and oral evidence to the Intelligence and Security Committee of Parliament in their inquiry into Privacy and Security. He also given evidence to the Home Affairs Select Committee, the All Party Privacy Group and the TOEIC APPG.

In 2014 he was invited to join the Home Office Digital Signature Expert Panel within the Office of Security and Counter Terrorism Communications Capability Development program.

Between November 2015 and February 2016 he acted as a Specialist Advisor to the Lords and Commons Joint Committee scrutinizing the Draft Investigatory Powers Bill.

In November 2023 he provided a submission for the House of Lords Industry and Regulatory Committee.

In March 2025 he prepared a report for the Ministry of Justice Call on The use of evidence generated by software in criminal proceedings.

In 2009 and again in 2017 he was part of the team that carried out an external audit of the Hotline of the Internet Watch Foundation.

Selected Publications

Please view Selected articles and links