Ministers Call For Scottish Police To Delay Rollout Of Phone-Hacking Tech

Scottish ministers have called upon Police Scotland to suspend a rollout of technology that allows authorities to bypass security protections on mobile phones, over concerns the procedure may be illegal.

The row is the latest to focus attention on what powers law enforcement should have over personal data drawn from mobile devices.

The debate notably erupted into the limelight in 2016 when the FBI tried to force Apple to help it gain access to the iPhone owned by a dead man who had carried out a massacre in California.

In that case, the FBI finally used phone unlocking technology to access the device.

Cellebrite’s data-extraction kiosk. Image credit: Cellebrite

Risks

The Scottish debate focuses on similar devices, termed cyber-kiosks, which are about the size of a laptop and use undisclosed security vulnerabilities in devices to bypass their security protections.

Police Scotland paid about £500,000 for 41 cyber-kiosks from Israeli firm Cellebrite, which it planned to roll out to police stations across the region from the autumn of last year.

But in a report published on Monday by the Scottish Parliament’s justice sub-committee on policing, MSPs said the project had gone forward without proper oversight.

The committee found that during pilot studies in Edinburgh and Stirling from 2016 to 2018, police searched the mobile phones of suspects, witnesses and victims without the required governance, scrutiny and impact assessments.

Members of the public whose phones were seized and searched were not made aware that the devices were to be searched using the cyber-kiosks as part of a pilot study, and were not offered the option of giving consent.

The sub-committee requested the Scottish government to provide clarity on the legal position of the devices’ use.

Legal basis

Committee convener John Finnie, a former police officer, said an assessment of the possible benefits and risks of the tech should have been carried out, but that in fact only the benefits were presented by Police Scotland to the Scottish Police Authority (SPA), without clarifying known risks.

The SPA, for its part, apparently accepted the information with “very little critical assessment”, Finnie said.

“Even the most fundamental questions, such as the legal basis for using this technology, appear to have been totally overlooked,” he said.

The “sub-standard process” had resulted in half a million pounds’ worth of equipment “sitting gathering dust”, he said, adding that the committee now wants to work with police on a solution that would provide the “necessary safeguards” for the technology’s use.

Assistant chief constable Steve Johnson said Police Scotland and the justice sub-committee on policing had both received written confirmation from the Crown Office and Procurator Fiscal Service about “the clear legal basis, and robust statutory regime” for the cyber-kiosks.

Guidance

“As the chief constable has already made clear, there is a policing imperative for deploying the equipment to protect vulnerable victims and bring offenders to justice,” Johnson said.

But he acknowledged that privacy and human rights considerations must also be “transparently and satisfactorily addressed”.

Susan Deacon, chairwoman of the SPA, said it would respond in due course and planned to continue strengthening its arrangements for the oversight of policing.

Privacy International warned last year there are as yet “no clear policies or guidance” on the use of phone data extraction tools, meaning individuals are unaware of their rights.

The group estimated that 26 police forces in England and Wales are already using the tools.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

24 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago