back to article Probe Brit police phone-peeking plans, privacy peeps plead

The UK's snooping watchdog has been urged to investigate whether the country's coppers have a legal basis to suck up mobile phone data – or if it would constitute state hacking. Privacy International said it had made a formal complaint about the lack of legal clarity around the police's ability to slurp data off people's …

  1. macjules
    Facepalm

    So why not ..

    Just employ Facebook or Google to do it for you instead?

  2. Pat 11

    How do these work?

    So they plug their equipment in, can it extract data without the user saying ok? Most phones are encrypted nowadays, so the OS needs to be running. Surely they aren't so insecure as to allow an unauthorised device to read all the data?

    1. Roland6 Silver badge

      Re: How do these work?

      Also, it would seem for these tools to be used, the phone needs to physically be in possession of the police. Which would mean they have reason to suspect the owner having been up to no good. So we really need to know more about the circumstances under which the police are examining phones and "protecting evidence".

      1. Wellyboot Silver badge

        Re: How do these work?

        A good feature of UK law, it's not illegal until it's made illegal by parliament.

        The problem (as often is) is distrust of Police for being human and (occasionally criminally) fallible.

        1. iansn

          Re: How do these work?

          The good thing about Napoleonic/Roman/EU law is you cant do anything unless specifically permitted ie if you are transporting goods and dont have a note to cover the trip you are in trouble to start with. I prefer common law. Plods are dicks they think they can use EU law in UK. Thats going to change pronto soon

          1. H in The Hague

            Re: How do these work?

            "The good thing about Napoleonic/Roman/EU law is you cant do anything unless specifically permitted ..."

            Source for that statement, please?

            I'm a techie, not a lawyer, but I've read enough legal textbooks to be familiar with the basics of both English/common law and NL/civil law. As far as I'm aware in both legal traditions you can do anything, unless it is specifically prohibited.

            I'm getting really fed up with this bit of nonsense cropping up regularly. And whenever I challenge folk about it, they can never provide a source to back up their statement.

            1. Trigonoceps occipitalis

              Re: How do these work?

              "I'm getting really fed up with this bit of nonsense cropping up regularly."

              It is not nonsense, I saw it on the Internet but can't find it now. Give me half an hour then check Wikipedia.

              1. Anonymous Coward
                Anonymous Coward

                Re: How do these work?

                yeah you'll find most euro legal systems are inquisitorial too. English common law is adversarial and generally stems from precedent. Nothing is illegal until it is declared illegal.

            2. iainr

              Re: How do these work?

              what's the bit of Napolionic law that allows breathing?

            3. sova

              Re: How do these work?

              To clarify here - Under the "Roman Law" private legal and natural entities (companies and people) are allowed to do anything they want unless it's prohibited (Civil Code). However, it is totally opposite for the governmental bodies. They are only allowed to do what is permitted for them in the law (Administrative Code). So, the police, for example, can only set up surveillance only if the law permits them to do it. This is how it works in Europe.

              BTW, I'm a techie who has received formal 5 years long legal training - yes, really!

        2. Aitor 1

          Re: How do these work?

          If their objectives are to convict people and their jobs are at risk, well, the results are quite predictable.

          I would love their jobs to be more secure, and them being off limits to spying. Also, reasonable convictions for crimes.. violent crime against people and property should land people on jail, not "community orders".

    2. Wellyboot Silver badge

      Re: How do these work?

      >>Surely they aren't so insecure as to allow an unauthorised device to read all the data<<

      What a lovely idea. I hope one day it'll be true.

    3. Flywheel

      Re: How do these work?

      As I understand it (and I need to clarify this), some police forces services are equipped with a portable unit that essentially clones your phone's contents (others need to take your phone down to the Station to be extracted).

      What I'm not clear about is if the phone is encrypted, do they end up with an encrypted blob, as opposed to a mirror of a phone's data structure and contents? If so I envisage a trip to the nick to decrypt the phone.

      PI's info page is very useful

      https://privacyinternational.org/explainer-graphic/2211/mobile-phone-extraction-how-police-can-secretly-download-everything-your

      as is the obligatory XKCD "meanwhile back at the nick" scenario

  3. Chris G

    Damp cloth

    For anyone concerned a out bad actors accessing their phone, there are quite a lot of not bad phone wiping apps. Some can be used remotely and can be configured to save some items a d remove others. One I have seen will wipe a phone with one tap....'oops sorry ocifer I don't know what I pressed but it's gone all funny'.

    1. Paul 164

      Re: Damp cloth

      Don't some police place seized mobiles into faraday evidence bags? If so the remote wipe won't work until removed and out of Airplane Mode.

      1. Chris G

        Re: Damp cloth

        No idea, I have never had my phone siezed by the fuzz.

        Some of the apos available though can be booby trapped so that they are triggered by multiple access attempts or when a particular file/app is accessed, you can also control what it wipes, though in that case you have to be sure what and where things are stored, e.g. google assistant appears to continue recording anything you do with the internet even when it is disabled, on some phones at least.

  4. Anonymous Coward
    Anonymous Coward

    It would be terrible if, unknown to you, your phone had infected files on it.

    1. Anonymous Coward
      Anonymous Coward

      Or identifying medical data, preferably of Americans, or classified data above a level that the officer had clearance for.

      That would be hilarious - Pc Plod decides he doesn't like the look of you, stops you and downloads your phone, then another bigger heavily armed plod behind him puts the bag over his head and he wakes up in Guantanamo

  5. Peter Sommer

    Samrtphone forensics products

    You can get an idea of what is possible from these URLs:

    https://www.cellebrite.com/en/products/ufed-ultimate/

    https://www.msab.com/products/xry/

    https://www.oxygen-forensic.com/en/

  6. Anonymous Coward
    Anonymous Coward

    There ain't enough room

    for two Stasi's.

  7. Anonymous Coward
    Anonymous Coward

    Plod (thinks he) is the law.

    As Queen Theresa would say, "What would Henry VIII have done?"

    The answer is "whatever I like".

  8. John Smith 19 Gold badge
    Gimp

    Police work should only *ever* be easy in a police state

    So is this really needed to help PC Plod do their "work"* ?

    *I mean the actual catching of real criminals engaged in serious crimes, not harassing anyone they don't like the look of, which is more of a hobby for most of them.

  9. Wolfclaw

    "policing isn't meant to be a free-for-all, where they can make up their own rules as they go along", what, I thought it was, from my experience with contact of Northumbria Police or Stasi as the locals call them up North.

  10. Anonymous Coward
    Anonymous Coward

    mAlFFFFFFFFFuNCtiOn

    nEEd InPUt

    Or in this case, good luck extracting data from a chip that has been fried by a really badly timed power surge (eg lightning or an elephant hitting a local power pole) not sure how you'd prove that one.

    If the chip is inside a stack of chips (eg the 512GB in the latest Note 9) and fails then it may not be recoverable.

    These are I believe 3D V-NAND and actually do have anti-surge built in but still not indestructible.

    I've had conventional stacked-chip chips fail and it isn't pretty (read- data go byebye)

  11. Anonymous Coward
    Anonymous Coward

    Quote: "...investigate whether the country's coppers have a legal basis to suck up mobile phone data.."

    *

    Not clear from the article whether the "phone data" referred to is:

    a) the actual voice transcript of the phone conversation

    b) the details of the two phone numbers, the date, time and duration of the call

    c) GPS or cell phone tower information about the location of mobile phones making calls

    d) other "phone data"

    The plods can get items b) and c) from mobile phone companies at any time after the call is made. GCHQ probably already have all this data.

    Item a) is more interesting...if plod is getting this (even if not in real time), then Privacy International need to make some real noise....

    .....and the article doesn't mention the potential complicity of the communications companies if plod is getting ANY OF THIS "phone data".

    1. Neil Brown

      It’s your option d - the PI report is focussed on the use of extraction tools, like Cellbrite, which the police connect to the target device.

      (Your option (a) sounds like the product of an interception warrant.)

    2. Anonymous Coward
      Anonymous Coward

      Medical data?

  12. StuntMisanthrope

    To me to you.

    Having a disagreement with an illegal outfit regarding Right to Forget and GDPR. It all comes down to legitimate use of PII.

    They haven’t a clue it appears and use paralegals to hide behind their communication, nor are compliant with legislation. If it’s illegal to begin with. How can the extraction of data to fish for evidence of a crime unwarranted be legal. It’s boolean, true or false. It can’t be legal for you, but illegal for me, but if l’m not up to no good. Then it’s now illegal for you and still illegal for me.

    Schrodinger would have a field day with the use of quantum encryption either way. History has taught us repeatedly, usually at the same time that law enforcement and lawyers cannot be trusted in part.

    So what’s changed? Can you be guilty and not guilty at the same time... #socratesinventedparties #chucklevision

    1. StuntMisanthrope

      Re: To me to you.

      What also happens when it’s an offline autonomous intelligence or robot, taught the law and acts with self-preservation or cloaked ownership incentive. #workhardforthatupgrade #nightvisionsucksincheeks

  13. Anonymous Coward
    Anonymous Coward

    Wider privacy issues

    Email comms with your lawyer. Medical data.

    These data dumps sound like they are wholesale trawls. Got a video of a vandal smashing the bus shelter over the road? Let us get it evidentially by dumping your entire phone. Problem is the tech is sporting ahead of the law and always seems to need clarifying/ignoring. ANPR is everywhere despite being challenged as generalised population surveillance. The Royston ring of steel was switched off because literally no one could move without being monitored. People might say they are doing nothing wrong so they don’t care but they all hide behind curtains at night.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like