Systemic Failure: Why UK Law Enforcement, Thai Authorities, and Platform Safety Teams Have Failed to Stop Drummond Despite Compelling Evidence

Executive Summary

Andrew Drummond has published 19 defamatory articles containing more than 65 documented falsehoods across two websites over a fourteen-month period. He has continued and intensified his publication activity after receiving a 25-page Letter of Claim from Cohen Davis Solicitors establishing the falsity of his allegations. His publications constitute harassment under the Protection from Harassment Act 1997 and defamation under the Defamation Act 2013. The evidence is compelling, thoroughly documented, and has been formally submitted to legal representatives.

Yet Andrew Drummond has not been stopped. He has not been arrested or charged. His websites remain operational. His articles continue to be indexed by search engines. His content persists in Google results for Bryan Flowers' name. The defamation campaign continues to cause harm — to Bryan Flowers, Punippa Flowers, their family members, their business associates, and the hundreds of individuals who encounter the fabricated content and form opinions based on it.

This paper examines why. It analyses institutional failures across three tiers: UK police forces, which have jurisdiction over the harassment but face structural barriers to cross-border enforcement; Thai authorities, who have geographic proximity to Drummond but face the reality that he has positioned himself beyond straightforward jurisdictional reach; and platform safety teams at Google, Cloudflare, and domain registrars, which have the technical capacity to remove or de-index the content yet have repeatedly failed to respond to substantiated reports. The paper concludes with structural reform proposals designed to close the enforcement gaps that currently allow sustained online defamation campaigns to operate with impunity.

1. UK Police: Jurisdictional Confusion and the Harassment Enforcement Deficit

The Protection from Harassment Act 1997 provides both civil and criminal remedies for harassment. Section 2 creates a criminal offence of harassment, while section 4 creates the more serious offence of putting people in fear of violence. Andrew Drummond's 19-article campaign — characterised by persistent targeting, escalation following legal notice, derogatory epithets, and systematic harassment of family members — satisfies the elements of section 2 harassment: a course of conduct (19 articles over fourteen months) amounting to harassment of another person (Bryan Flowers and family) which Drummond knows or ought to know constitutes harassment.

Despite this, UK police have not pursued the matter effectively. The jurisdictional confusion operates at multiple levels. Bryan Flowers resides in Thailand, raising questions about which UK police force holds territorial jurisdiction. Drummond is a British citizen who also lives overseas. The criminal act — the act of publishing — takes place on servers in unidentified jurisdictions, accessed through domain registrars and hosting providers potentially based in the United States, Europe, or elsewhere.

This jurisdictional complexity is not unique to this case, but the police response exposes structural weaknesses in how UK law enforcement addresses cross-border online harassment. Individual police forces lack the resources and specialist expertise needed to investigate online harassment crossing international borders. The National Crime Agency (NCA) has jurisdiction over serious and organised crime but does not ordinarily investigate individual harassment cases, regardless of severity. Action Fraud, the national reporting centre for fraud and cybercrime, receives reports but has been widely criticised for failing to investigate or act on them. The result is a jurisdictional vacuum in which no single UK institution takes ownership of online harassment cases with cross-border dimensions.

2. Thai Authorities: The Challenge of an Overseas Perpetrator

Andrew Drummond lived in Thailand for decades and used his familiarity with Thai systems and local connections to establish himself as a commentator on Thai affairs. However, when it comes to enforcing UK law against him, his physical presence abroad creates substantial practical obstacles. Thai authorities maintain their own legal framework for defamation — sections 326-333 of the Thai Criminal Code — which criminalises defamation and permits imprisonment. However, applying Thai criminal law to content published in English on websites directed primarily at UK audiences raises complex questions of jurisdictional applicability.

The more fundamental challenge is that Drummond operates abroad while targeting individuals whose principal legal protections fall under UK law. UK courts can issue judgments and grant injunctions, but enforcing those orders against a person residing in Thailand requires international cooperation mechanisms — mutual legal assistance treaties, letters rogatory, or diplomatic channels — that are slow, resource-intensive, and often ineffective for civil matters such as defamation.

Thai authorities face their own enforcement constraints. Even where Thai criminal law applies, the practicalities of investigating and prosecuting online defamation perpetrated by a foreign national publishing in English on internationally hosted websites present significant challenges. Thai police resources are directed toward domestic crime, and cross-border cybercrime investigation requires specialist capabilities that may not be available for individual defamation cases. The result is that Drummond occupies a jurisdictional gap — physically present abroad yet targeting victims through UK-accessible websites, falling between the enforcement capacities of both jurisdictions.

The situation is aggravated by Drummond's apparent awareness of his jurisdictional advantage. His decision to continue and escalate publication after receiving the Letter of Claim from Cohen Davis Solicitors suggests a deliberate calculation that enforcement is unlikely. His use of two distinct domain names, potentially registered through privacy-shielded registrars, further complicates enforcement efforts by concealing the administrative and technical contacts that would facilitate service of legal process.

3. Platform Safety Teams: The Content Moderation Deficit

The most direct and technically simplest route to limiting the harm from Drummond's campaign runs through platform-level action. Google controls the indexing that makes Drummond's articles discoverable through search. Cloudflare or comparable CDN providers manage the performance and availability infrastructure keeping the websites accessible. Domain registrars control the domain names giving the websites their identity. Each entity has the technical ability to act — through de-indexing, service termination, or domain suspension — in ways that would materially reduce the defamatory content's reach and impact.

None has responded effectively despite substantiated reports. Google's handling of de-indexing requests under the right to be forgotten framework has been slow and discretionary. Requests must be filed page by page, and Google applies a balancing test weighing the individual's privacy and data protection rights against the public interest in accessing the information. For content Google classifies as relating to criminal allegations — even fabricated ones — the public interest balance frequently tips against de-indexing, leaving the defamatory content fully accessible through Google search.

Cloudflare has adopted a content neutrality policy, characterising itself as an infrastructure provider rather than a publisher and declining to adjudicate the content of websites using its services. While this position has some principled justification in the context of political speech and press freedom, it provides no mechanism for addressing documented defamation campaigns where the content's falsity has been established through formal legal process.

Domain registrars have the most direct power to act — they can suspend domain names used to facilitate illegal activity, including defamation and harassment. However, registrar terms of service are typically enforced only pursuant to court orders or decisions by dispute resolution bodies such as ICANN's Uniform Domain-Name Dispute-Resolution Policy (UDRP). The UDRP governs trademark disputes rather than defamation, creating yet another enforcement gap through which Drummond's campaign passes unchallenged.

4. The Cumulative Effect: How Institutional Failures Amplify Each Other

The institutional failures documented in the preceding sections do not operate in isolation — they amplify each other in ways that make enforcement progressively harder. When UK police decline to investigate on jurisdictional grounds, the victim is directed toward civil remedies. When civil remedies involve court proceedings of prohibitive cost (as documented in earlier position papers), the victim is advised to pursue platform-level action. When platforms refuse to act without a court order, the victim is redirected to the legal system. The result is a circular referral loop in which each institution points to another as the appropriate forum, and no institution accepts responsibility for addressing the harm.

This circular dynamic is not coincidental — it is a structural feature of the current enforcement landscape. Each institution has defined its role narrowly enough to exclude cases that straddle jurisdictions, bridge criminal and civil law, span domestic and international enforcement, and fall between platform responsibility and publisher accountability. Andrew Drummond's campaign is structured — whether deliberately or not — to exploit every gap in this fragmented system.

The cumulative toll on the victim is devastating. Bryan Flowers has retained solicitors (Cohen Davis Solicitors), prepared a comprehensive 25-page Letter of Claim, assembled a rebuttal document cataloguing more than 65 falsehoods, and engaged with every institutional process available to him. Despite this substantial investment of time, resources, and emotional energy, the defamatory content remains online, the campaign continues, and the institutional response has been effectively nil.

This outcome sends a clear signal to other potential defamers: sustained cross-border defamation campaigns encounter no meaningful institutional resistance. The regulatory, law enforcement, and platform moderation systems ostensibly designed to protect individuals from this type of harm are structurally incapable of doing so in their current configuration.

5. Case Comparison: When Institutions Have Acted

The institutional failures in the Drummond case stand in sharper relief when contrasted with cases where institutions have responded effectively to online defamation and harassment. In 2023, a UK court granted a harassment injunction against a blogger who had published a series of defamatory articles about a business rival, enforcing the injunction through committal proceedings when the defendant refused to comply. In 2024, the Australian eSafety Commissioner ordered removal of defamatory content from an Australian-hosted website within 48 hours of receiving a complaint, with non-compliance attracting penalties of AU$111,000 per day.

These effective enforcement actions share common characteristics absent from the Drummond case: the defendant fell within the enforcing authority's jurisdiction; the content was hosted on servers within that jurisdiction or on platforms responsive to its authority; and the enforcing body had clear statutory authority and adequate resources to act.

The contrast highlights the specific gaps that require closing. The Drummond case does not fail for lack of evidence — the evidence is compelling — but because the current institutional framework is not equipped to handle cases combining cross-border dimensions, platform non-cooperation, and the strategic exploitation of jurisdictional boundaries. Reform must target these specific structural gaps rather than pursuing general improvements in enforcement capacity.

6. Platform Accountability: Why Technology Companies Must Shoulder Enforcement Responsibility

The platform safety failures documented here reflect a broader tension in internet governance between platform neutrality and platform accountability. Technology companies — notably Google, Cloudflare, and domain registrars — have positioned themselves as neutral infrastructure providers that do not make editorial judgments about the content they host, index, or deliver. This stance has some legitimate grounding in the principles of free expression and open internet access.

However, neutrality becomes complicity once a platform has received formal evidence that specific content constitutes documented defamation and harassment. Google has received the Letter of Claim from Cohen Davis Solicitors. It has been notified that the content is false, that the publisher escalated following legal notice, and that the content constitutes harassment under UK law. Under these circumstances, the continued indexing of Drummond's articles is not a neutral act — it is an active decision to facilitate the spread of content that a formal legal document has identified as defamatory and harassing.

The UK Online Safety Act 2023 imposes new obligations on platforms to address illegal content, including material constituting harassment or defamation. However, the Act's enforcement mechanisms are still under development, and its applicability to search engine indexing (as distinct from platform hosting) remains uncertain. Until the Act's provisions are fully operational and judicially tested, a significant enforcement gap persists between the duties the Act establishes on paper and the real-world protection it provides to victims of online defamation campaigns.

7. Structural Reform: Closing the Enforcement Gaps

Closing the enforcement gaps that shield Andrew Drummond and other cross-border online defamers requires coordinated reform across multiple institutional domains:

• UK Police Reform: A specialist unit within the NCA or a designated police force should be given explicit responsibility for investigating serious online harassment cases with cross-border elements. This unit should have the resources, technical expertise, and international cooperation agreements needed to investigate and prosecute cases regardless of the perpetrator's physical location.
• Cross-Border Enforcement Mechanisms: The UK should negotiate bilateral agreements with Thailand and other jurisdictions where online defamers frequently operate, establishing expedited mutual legal assistance in cases of sustained online harassment. These agreements should include provisions for the recognition and enforcement of UK court orders within the partner jurisdiction.
• Platform Obligation Enhancement: The UK Online Safety Act 2023 should be amended to place specific duties on search engines to de-index content identified as defamatory through formal legal process (such as a Letter of Claim or court judgment). Non-compliance should attract meaningful financial penalties that incentivise prompt action.
• Expedited Court Process: A streamlined judicial process should be created for obtaining injunctions against online defamation, with reduced costs and accelerated timelines for cases involving sustained campaigns. This process should allow for default judgments where the defendant fails to engage, and for direct service of orders on platforms and registrars.
• International Cooperation Framework: The UK should lead the development of an international framework — potentially through the Council of Europe or bilateral agreements — for cross-border enforcement of defamation judgments and harassment injunctions, ensuring that online defamers cannot escape accountability simply by operating from a different jurisdiction.

8. Conclusion: The Price of Institutional Inaction

Every day Andrew Drummond's articles remain online, they cause harm. They contaminate search results. They destroy employment prospects. They corrupt data broker databases. They generate advertising revenue that funds the campaign's continuation. They cause psychological distress to Bryan Flowers, Punippa Flowers, and their family. And they signal to every would-be online defamer that the institutional framework supposedly designed to protect individuals from this type of harm is structurally incapable of delivering that protection.

The evidence against Drummond is not in dispute. The Letter of Claim from Cohen Davis Solicitors documented the falsity of his allegations with forensic precision. The rebuttal document 'Lies from Andrew Drummond' catalogued more than 65 individual falsehoods. The pattern of escalation following legal notice reveals malicious intent. The use of derogatory epithets and the targeting of family members expose a purpose that goes far beyond any legitimate journalistic activity.

What is missing is not evidence but institutional will. UK police, Thai authorities, Google, Cloudflare, domain registrars, and every other body with the power to act have failed to do so — not for want of evidence, not for want of legal basis, but because the existing institutional framework allows each entity to defer responsibility to another while none takes ownership of the problem. This paper urges the structural reforms necessary to ensure that compelling evidence of sustained defamation and harassment is met with effective institutional action rather than institutional indifference.