THOUSANDS of Scots have had their phone hacked by Police Scotland officers looking for evidence, according to new figures uncovered by The Herald.
But nearly three-quarters of the searches have been “negative”.
The data, obtained under Freedom of Information, shows that since the so-called cyber kiosks were first properly rolled out at the start of 2020, there have been 4,779 searches.
Of those, only 1,311 have been classed as positive, just 27 per cent.
The low return has sparked questions from opposition MSPs and human rights groups.
The Lib Dems said it was clear the technology was being used “routinely and extensively” and that the force needed to “review how the technology is used”.
Cyber kiosks or digital triage devices are sold as Universal Forensics Extraction Devices (UFED) by the Israeli technology company, Cellebrite.
They were first trialled by Police Scotland in 2016 in Edinburgh and Stirling. They allow law-enforcement agencies to unlock both iPhones and Android smartphones, and extract most of the data on them.
The devices can work even if the phones are locked and even if the data is encrypted. This allows police access to stored passwords and tokens, chats, location data, email attachments, as well as deleted content.
However, the device is less effective on newer phone models. A passcode can also cause the device difficulties.
It is not clear how many of the failed searches carried out by Police Scotland were because there was nothing to be found and how many were because officers were unable to get into the phone.
In April 2018, Police Scotland spent more than £444,000 on 41 cyber kiosk units from the company.
The aim was to deploy them across the country within six months. However, that was paused after concerns were raised by MSPs and lawyers.
It was only in 2020, that the Crown Office and an independent senior counsel commissioned by the force were confident that there was a legal basis for use of the technology.
A recent paper produced for the Scottish Police Authority explained that the kiosks helped with cases by allowing “lines of enquiry to be progressed at a much earlier stage”.
The Herald’s figures show that they were used 849 times in that first year, with 249 positive results. In 2021, there were 2,311 searches with 611 coming back positive.
The figures for this year, up until August, show that there have been 1,619 searches, with 451 proving positive.
The busiest month of the last three years was in September 2021, when 294 searches were carried out.
Any officer seeking to use a device must fill in an Examination Request Form (ERF) which is then assessed by specialist staff in the force’s Cybercrime Gateway.
This assessment “concerns the necessity, legality, proportionality and justification of any examination as well as the category and extent of information requested”.
One ERF can cover multiple devices, which could mean that the real figures are far greater than those provided.
In response to our Freedom of Information request, Police Scotland also confirmed that there had been no evaluation of the devices.
Scottish Liberal Democrat spokesperson for justice Liam McArthur said: “Scottish Liberal Democrats were not alone in raising serious concerns about the legality and way in which this technology was put into use by Police Scotland with few, if any, safeguards.
“While steps were subsequently taken to apply greater safeguards, this FOI suggests that cyber kiosks are being used routinely and extensively. Yet it is also clear that such searches do not turn up evidence relevant to investigations all that often.
“In order to maintain public confidence, it will be important for Police Scotland to continue to keep under review how the technology is used and where further improvements might be made.”
Last year, the CEO of the messaging app Signal said he hacked a cyber kiosk and discovered a series of vulnerabilities which would allow someone to plant code on a phone that would take over Cellebrite’s hardware.
They claimed this would allow them to silently affect all future investigations, and also rewrite the data the tools had saved from previous analyses.
In September, a court ruling in Maryland forced Baltimore Police Department to stop using the cyber-kiosks over concerns that it breached the Fourth Amendment which protects US citizens from unreasonable searches and seizures by the government.
Nevertheless, Cellebrite’s UFEDs remain popular with governments and law enforcement agencies across the world.
When Kayleigh Haywood, a 15-year-girl from Measham, Leicestershire, disappeared in 2015, police were able to use a device to access her tablet and her phone.
They discovered a number of messages between her groomer, Luke Harlow which led them to her murderer, Stephen Beardman.
Detective Superintendent Alex Dowall from Police Scotland said: “In the vast majority of cases, examinations conducted using Cyber Kiosks are done with the consent of the device owner.
"We only examine a device where there is consent or a legal basis to help an investigation or respond to an incident.
“Cyber Kiosks help us solve crimes and return devices to victims and witnesses more quickly.”
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereLast Updated:
Report this comment Cancel