Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

UK Police Secretly Hoover Up Users’ Smartphone Data

There have been calls for an immediate independent review after a new Privacy International investigation revealed that police are secretly extracting large volumes of highly sensitive data from UK users’ phones – even those not suspected of any crime.

The Digital Stop and Search report builds on previous research from the Bristol Cable in January last year detailing how law enforcers were investing hundreds of thousands intrusive UFEDs (Universal Forensic Extraction Devices) from the likes of notorious Israeli vendor Cellebrite.

Privacy International received FOI responses from 47 police forces and 26 of them (55%) admitted using the technology, with a further 17% trialing or planning to trial it. The data extraction has been going on in some form for over six years.

Such tools can find data even the user may not know they have on their device, including: emails, messages, GPS locations, call data, photos, contacts, calendar info, web browsing, social media accounts, online banking, health and fitness data, cloud storage and much more.

It is extracted from self-service kiosks at the police station, from frontline support service ‘hubs’ serving several forces, or via portable mobile phone extraction kits when out and about, the report revealed.

Privacy International’s concern is that data is often extracted without the user’s knowledge, stored insecurely and for an indefinite time, and taken not just from suspects but also victims and witnesses – even for investigations of low-level crimes.

There’s confusion among the police over the legal basis for this activity, stemming from a lack of national and local guidance, PI claimed.

This can lead to serious procedural failings. A 2015 report from the Police and Crime Commissioner (PCC) for North Yorkshire Police claimed that poor training led to practices which undermined prosecution of murder and sexual assault cases. It also found serious breaches of data security practices, including failure to encrypt citizens’ data and the loss of files.

Tottenham MP, David Lammy, claimed the lack of transparency around police use of these tools is a serious cause for concern.

“My review of our criminal justice system found that individuals from ethnic minority backgrounds still face bias in parts of our justice system, and it is only because we have transparency and data collection for everything from stop and search incidents to crown court sentencing decisions that these disparities are revealed and we are able to hold those in power to account,” he argued.

“Given the sensitive nature and wealth of information stored on our mobile phones there is significant risk of abuse and for conscious or unconscious bias to become a factor without independent scrutiny and in the absence of effective legal safeguards.”

PI solicitor, Millie Graham Wood, added that it’s highly disturbing the police have the power take such sensitive information in secret from a user without even needing a warrant.

“The police are continually failing to be transparent with the thousands of people whose phones they are secretly downloading data from,” she argued.

“An immediate independent review into this practice should be initiated by the Home Office and College of Policing, with widespread consultation with the public, to find the right balance of powers for the police and protections for the public. Let’s be clear: at the moment, the police have all the power and the public have no protections.”

What’s Hot on Infosecurity Magazine?