Police cyber kiosks – assurance is a must

He also revealed he sought reassurances from Police Scotland over privacy concerns and was told data downloaded from devices will be deleted unless it is to be used as evidence.

The Sunday Herald revealed last week that Police Scotland spent £370,000 on 41 cyber kiosks which can access private data such as text messages, encrypted conversations, photos, web browsing history, contacts and call records in a matter of seconds.

Devices handed over to police are plugged in to the kiosks to allow officers to search for evidence held on the phone, and in cloud storage systems.

A trial of the technology saw 18 specially trained officers access hundreds of phones. Kiosks will now be distributed to officers throughout Scotland.

The revelations in the Sunday Herald prompted calls from politicians and privacy campaigners for warrants to be obtained before phones are accessed, as well as independent oversight of the process.

SPF Vice Chair David Hamilton said he raised concerns about the rollout of cyber kiosks with Police Scotland and was given reassurances that downloaded data would not be retained by the force.

He said: “When I asked what would happen to the data when it was taken from a phone I was reassured that once it was checked and triaged, it will be deleted. They are not retaining data.”

Hamilton said the current system means devices must be sent to a “digital lab”, sometimes for several months. Kiosks will allow officers to search mobile phones and hand them back in a matter of hours.

“This is about cutting down on the number of devices we’re holding, it’s about giving people devices back as quickly as possible,” Hamilton said. “If a victim of crime or a witness tells police they have something on their phone which they think might be helpful, the kiosk allows you to look at it and decide straight away if it’s helpful or not.”

When asked what police will do if they stumble across evidence of an unrelated crime while looking at what’s held on a mobile phone, Hamilton said: “Let’s say you were checking photographs and you see a dismembered body, you’re going to deal with that. But it’s about proportionality. We do not have the time or capacity to go into people’s lives and start sniffing around. It’s utterly impossible. We can hardly do the job at the moment, let alone anything else.”

He added: “The officers who use the kiosks are specially trained and would only look at what they’re asked to look at. They can’t go on a fishing expedition. Material taken off a device which is nothing to do with the original enquiry would be open to challenge in court and might be inadmissible. It’s all about the admissibility of evidence. Fishing trips are not allowed and there would be no point in doing it.”

Former police officer John Finnie, who is now an MSP and the justice spokesman for the Scottish Greens, said reassurances from the SPF are “not enough”.

“There has to be a wider discussion on the ability of Police Scotland to access this data and how it retains and deletes this data,” said Finnie. “We have seen in the past that assurances given on matters such as armed policing have not been reflected in public confidence. It is vital that Police Scotland continue to police with our communities’ support.”

Solicitor Millie Wood of campaign group Privacy International, which released a report last month about technology used by UK police forces to download data from mobile phones, described Hamilton’s comments as “combative”.

She said: “This response appears to be a short term, knee jerk reaction to exposure of very serious concerns over the use of mobile phone extraction.

“If individuals whose data has been extracted by the police have to wait for an expose by Privacy International and the Sunday Herald for reassurance that individuals’ highly sensitive data will be deleted, things are the wrong way around. It appears there is a failure to understand that the current opaque regime which has an unsound legal basis is unacceptable.

“We need transparency, individuals need to know their rights, we need a public consultation and we need to know what the lawful basis upon which you can use these draconian powers is.”

One of Scotland’s most senior police officers has defended the use of cyber kiosks. Assistant Chief Constable Steve Johnson, who is in charge of specialist crime and intelligence, also said he is “keen to consult” before the rollout, which he said is “some months” away.

ACC Johnson said: “Police Scotland recognises the level of public interest in cyber kiosks and the need to ensure the privacy and security which people would expect.

“We intend to use cyber kiosks as a triage point in the examination process. This triage point will be highly beneficial to Police Scotland and the public as it targets data held on a device instead of analysing a full device.

“It reduces a build up of devices pending examination as the specially trained officers will only be looking to attain specific information relative to offences under investigation.

“If no criminality is detected, the device can be returned with relative speed. In any case, no data will be retained by the kiosk. It is similar to the seizing of any other device except this initial view of data is made simple by the use of the technology and takes less time, which vastly frees up resource.”

ACC Johnson said: “We are still within the procurement phase and it will be some months before kiosks will be used by frontline officers. While we are confident the ability to triage devices legally seized by police under warrant or legal powers will deliver a much better service to the public, we understand the importance of providing assurance around the legal basis for using kiosks, privacy protection and good data security.

“We are keen to consult and work with a range of stakeholders to develop this assurance. We are currently developing the policy and guidance for frontline officers and working closely with our information management teams to ensure this addresses any public concern and meets the standards expected of Police Scotland.”