Here's my reading of the situation.
I first contacted Norfolk constabulary a week ago and was told by a very helpful press officer that there was no further statement at that time, but that I should keep getting in touch for further information. When I asked yesterday if they had at least ascertained if there was a leak or a hacking of the UEA servers, I was sent the statement which has caused so much interest. In the comments that thread, Jeff Id states that he has heard from Norfolk police too.
My reading of this is that the investigation has barely got off the ground, and some action was perhaps prompted by my questions. Six weeks on from the breaking of Climategate, it might be seen as slightly embarrassing for the police that they had yet to determine what it is they are investigating, so they have now leapt into action. Jeff appears to be the only prominent climate blogger contacted directly. As the person who first received the link to the leaked information, he is an obvious first port of call for the police to get some evidence to point them to the answer to the leak/hack question.
The involvement of the Domestic Extremism Police is probably actually predictable. As watchers of the deteriorating civil liberties situation in the UK all know, powers granted to the police in the wake of 9/11 in order to fight terrorism are routinely used in the UK for minor crimes. By bringing in these specialists, Norfolk Police will be able to monitor emails, demand passwords and cryptographic keys and so on. That these powers are out of all proportion to the alleged crime is of course of no concern to law enforcement officers.
Meanwhile, the involvement of the Information Commissioner is interesting too. The ICO's inquiry probably has two distinct focuses. Firstly they will be investigating if UEA staff were involved in withholding information subject to requests under the Freedom of Information Act and the Data Protection Act. For the benefit of overseas readers, the latter relates to the maintenance of personal information.
But while there are obvious concerns over the conduct of UEA staff, it is likely that the ICO will also be looking at whether the hack/leak itself also breached the DPA. While the vast majority of the emails are not personal in nature, there are odd snippets of personal information among all the talk of hiding declines and nobbling journals. It is likely that these would concern the ICO.
I wonder how long it will be before we get a determination on the hack/leak question? Perhaps some of my IT-savvy readers can suggest how difficult it is to determine if one's server has been hacked?