UK Police Ordered to Halt Implementation of Potentially Illegal Hacking Devices

The Information Commissioner's Office (ICO), the UK data watchdog, has demanded mobile phone hacking devices not be issued to police officers until their legality has been conclusively established.

The provisions, often referred to as ‘cyberkiosks', are the size of an iPad, and can harvest vast amounts of sensitive data from mobile phones in their vicinity, overriding passwords and encryption without the owner's knowledge. They are produced by Israeli firm Cellebrite — in all, forces spent US$492,000 (£371,000) on 41 devices.

During the several month-long trials, police accessed a total of 375 mobile devices and 262 SIM cards without obtaining warrants, while investigating "low-level crime" — phones seized during official stop and searches, or arrests, were probed using the cyberkiosks, with all constituent data indiscriminately downloaded. It's unknown how many convictions resulted from their usage, or whether the data was retained by authorities.

​Civil liberties campaigners in the UK have long-railed against ever-increasing storage of data by police, not least because every year officers across the country are disciplined for misuse of the Police National Computer (PNC). The issue is widespread but rarely-acknowledged in the mainstream media — typically only the most egregious individual cases receive coverage, such as in May 2018 when a Welsh police officer with a previous conviction for sharing extreme pornography via WhatsApp was found to have repeatedly used the system for non-police purposes. 

In part, this is due to police failing to publicly release data on the overall number and nature of PNC abuses. However, it was reported in 2013 the number of Metropolitan Police officers investigated for PNC misuse had more than doubled in five years, with 76 officers in London facing censure for inappropriately accessing data 2009 — 2013. There were even suggestions some had altered information held on the database.