Metropolitan Police gain power to extract data from personal mobiles
Consumerisation worries public sector IT managers
Technology has been implemented by the Metropolitan Police to allow them to extract mobile phone data from suspects held in custody.
According to BBC News, data extracted will include call history, texts and contacts, and the Met will be able to retain the data regardless of whether any charges are brought.
Until now, officers had to send mobiles away for forensic examination in order to gather and store data, a process that could take several weeks. But under the new system, content will be extracted using purpose-built terminals in police stations.
Stephen Kavanagh, deputy assistant commissioner of the Metropolitan Police Service, said a solution located within an initial 16 boroughs that enables trained officers to get immediate access to the data in handsets "is welcomed".
Speaking to SC Magazine this week, Leeor Ben-Peretz, V-P of business development at Cellebrite, said that with a device in hand, the content itself can be recovered, not just meta data.
Privacy International's Emma Draper told the BBC that it is illegal to indefinitely retain the DNA profiles of individuals after they are acquitted or released without charge, and that the communications, photos and location data contained in most people's smartphones is at least as valuable and as personal as DNA.
Vinod Bange, data protection specialist and partner at international law firm Taylor Wessing, said: “Unless there are strong arguments as to why that information should be retained for evidential reasons, which is already questionable when a suspect is released, then it's very difficult to see that there is a lawful basis for that mobile device data being retained by the police.
“It's clear that the Met need to address fundamental questions and provide reassurances around how the police will have a robust control environment that will ensure that data collection through mobile phones is not abused, either intentionally or unwittingly.”
Bange also claimed that with the Leveson Inquiry looking at inappropriate and unlawful access to personal information, it is not surprising that controls on the use of such technology are being questioned.
He also claimed that the move could call into question the possibility of a privacy breach, as there is a fundamental principle under data protection law where personal data should only be used for a lawful purpose; furthermore, when that purpose has otherwise run its course then the continuous use of that data becomes questionable and could be unlawful.