There have been calls for an immediate independent review after a new Privacy International investigation revealed that police are secretly extracting large volumes of highly sensitive data from UK users’ phones – even those not suspected of any crime.
The Digital Stop and Search report builds on previous research from the Bristol Cable in January last year detailing how law enforcers were investing hundreds of thousands intrusive UFEDs (Universal Forensic Extraction Devices) from the likes of notorious Israeli vendor Cellebrite.
Privacy International received FOI responses from 47 police forces and 26 of them (55%) admitted using the technology, with a further 17% trialing or planning to trial it. The data extraction has been going on in some form for over six years.
Such tools can find data even the user may not know they have on their device, including: emails, messages, GPS locations, call data, photos, contacts, calendar info, web browsing, social media accounts, online banking, health and fitness data, cloud storage and much more.
It is extracted from self-service kiosks at the police station, from frontline support service ‘hubs’ serving several forces, or via portable mobile phone extraction kits when out and about, the report revealed.
Privacy International’s concern is that data is often extracted without the user’s knowledge, stored insecurely and for an indefinite time, and taken not just from suspects but also victims and witnesses – even for investigations of low-level crimes.
There’s confusion among the police over the legal basis for this activity, stemming from a lack of national and local guidance, PI claimed.