THE police chief responsible for the rollout of new technology which will give frontline officers the power to hack into smart phones and download everything to a disc has defended the strategy, adding that he doesn’t have enough specialist officers to meet demand.

Detective Chief Superintendent Gerry McLean, head of Police Scotland’s organised crime and counter terrorism unit, said he expects 15,000 electronic devices to be seized by officers this year but that he doesn’t have enough digital forensics technicians to trawl through the messages and photographs.

The Sunday Herald revealed last month that Police Scotland spent £445,000 on 41 cyber kiosks which were to be distributed to police stations across the country so that frontline officers could override passwords and download evidence relevant to a case from phones handed over by suspects and witnesses.

But the planned rollout was halted when it emerged trials were held in Edinburgh and Stirling before human rights, data protection and privacy assessments were carried out. A senior officer was then hauled before MSPs at the Scottish Parliament and told to carry out a consultation amid privacy concerns.

Currently, frontline officers must send seized smart phones to one of five cyber hubs – state-of-the-art facilities in Inverness, Aberdeen, Dundee, Edinburgh and Glasgow – where specialist officers can access them. The process can take weeks because there is a backlog.

DCS Gerry McLean intends to train 410 frontline officers to do a similar job with cyber kiosks – which are currently sitting in boxes at the cyber hubs – so that smart phones can be handed back to the owners more quickly if they are of no use to the investigation.

McLean said: “We have finite resource – I don’t want to say the numbers publicly because that will help the criminals – but it’s the tens of, rather than the hundreds of, digital forensic technicians who will examine electronic devices – computers, smart phones, etc. And that demand grows day by day. So we have to look at more modern way of working, We can’t put more officers, more staff, into that. We have limited budget, limited resource.”

McLean said he anticipates 15,000 devices will go through the five cyber hubs this year but 90 per cent of them will not hold evidence the officers want.

He said: “Every year that number will increase, unless crime drops dramatically. That’s 15,000 examinations that need to take place. That creates a huge demand on that very finite resources across those five areas. And at this current time officers at the front end have no capability to make a determination as to whether or not a device has any bearing on the matter they’re looking into.”

McLean’s position was back by David Hamilton, Vice Chair of the Scottish Police Federation, which represents officers.

“I can see the sense in it,” said Hamilton. “It can save time. If you can get things resolved faster, it’s a benefit. We’ll monitor the impact on the workload of frontline officer [if the cyber kiosks are rolled out]. But the cops in cyber hubs are getting absolutely hammered so it will benefit them too.”

Police Scotland is now carrying out an Equality and Human Rights Impact Assessment (EHRIA), a Privacy Impact Assessment (PIA), and a Data Protection Impact Assessment (DPIA), with the aim of ensuring use of the devices complies with new General Data Protection Regulations (GDPR) which came into force last week. They are also working on a code of practice to be written up by the Autumn. There are no plans for a public consultation.

When asked why EHRIA, PIA and DPIA assessments were not done before the trials of cyber kiosks at police stations in Edinburgh and Stirling – which saw 375 phones and 262 sim cards accessed – McLean said the software used by standalone cyber kiosks is already used by officers at cyber hubs.

“What digital triage devices do, is take some of that capability and make it available to the frontline officer, with probably an easier interface,” McLean said. “While you need a level of training, and we will train officers to work it, you don’t need the level of expertise of the digital forensic technicians.”

Among the capabilities offered by cyber kiosks is an option to download everything held on a smart phones to an encrypted disc.

McLean said: “If you have a device with oodles and oodles of information on it you might think to be relevant to your investigation and it’s 10 minutes before the end of your shift and you don’t have time to look at it, the device has the capability to export the results on to a disc. Now, if we choose to go down that route we would make sure it was encrypted and that disc was kept with appropriate supervision and audit in and out if the officer wanted to come back and look at it the following day.

“We understand in terms of public interest that people naturally have some concerns about police exporting data from their devices and how that data is used in the future. We haven’t made a decision about whether or not we would use that capability – so whether we would turn it on in the device or whether we would turn it off. The devices have not been rolled out and we’re still, through our consultation and engagement, trying to make that determination whether to switch that on or switch it off.”

McLean also conceded that people whose phones were seized by officers in police stations in Edinburgh and Stirling during the trial should have been told that the officers had access to technology which could view everything on the device.

“One of the things we want to do through the wider reference group is start to ask ourselves that question about whether or not we have to have an agreed form of words … my view is people do need to be more informed, in terms of people understanding what that examination actually entails,” he added.

“I think we may well get to a position where if we’re taking electronic devices in the future we’ll give more information. It will be in our code of practice. It will be on our public facing website. We’ll make that information available, so people will understand the context of why something is being taken, what an examination actually means and what the parameters of that matter are.”

A Scottish Government spokesman said: “The allocation of staff resources is a matter for the Chief Constable and the SPA. Work is already underway to enhance the service’s response to cyber-crime and increased cyber capability is a priority within Police Scotland’s Policing 2026 Strategy.

“Police Scotland is committed to recruiting more suitably cyber-skilled specialists and the Scottish Government are supporting the transformation of policing in Scotland, including through real terms protection of the police resource budget in every year of this Parliament – a boost of £100 million by 2020/21 – and we are providing a further £31 million of dedicated reform funding this year.”

HOW CYBER KIOSKS WILL WORK

The Sunday Herald was given a demonstration of how a cyber kiosk will work if they are rolled out. A digital forensics technician connected his smart phone to the system and was able to view images, messages and call logs on a screen.

A phone that is being examined by officers must be switched off so that it can’t connect to the internet, meaning officers are unable to access voicemails, emails or online cloud storage.

McLean said: “The minute you switch that on you change the content of that phone. What we’re trying to do is give an evidential forensic examination of the device as it was seized at that time. It’s certainly not a gateway to the internet.”

The cyber kiosks can be set specific parameters to search a device, such as time period. The kiosk will also sort data in date and time order, which McLean said assists investigations. “It’s limited but you still get back an awful lot,” he said.

But McLean admitted that the cyber kiosks can’t always access smart phones which are password protected. And if a suspect or witness refuses to provide a password, officers must use the Regulation of Investigatory Powers Act (RIPA) 2000 to compel them.

“For the lower end electronic devices the kiosk can override some low level security but when we’re talking about the latest devices with biometrics, or devices that are high in complexity, like Apple, that is more problematic,” said McLean.

“There is a piece of legislation which requires an individual to provide passwords for devices. They’re not always compliant and that poses a problem for digital forensics, but there is an obligation.”

The digital forensics officer, who asked not to be named, added: “It depends on the phone. Sometimes we can get around passcodes and sometimes it’s not technically possible. Also, bear in mind we’re talking about the capabilities of the kiosk at the moment. We’re not talking about all of the capabilities of cyber crime. So, I mean in that particular case…”

McLean cuts him off. “We are talking about kiosks,” he said.

“Yes,” said the digital forensics officer.

McLean declined the opportunity to connect a phone provided by the Sunday Herald because it was not seized as part of an investigation.

He explained: “We don’t know the origins of that phone and I think it’s unfair to ask us to use a police system to interrogate a phone we haven’t a legal basis to interrogate.”

Police have a range of powers to seize and access smart phones and other electronic devices and suspects must hand them over, according to McLean.

“You can refuse as a witness but if you were suspected of a crime and the police had a legal basis to seize that device, then no you can’t,” he added. “The police have a common law power, or a statutory power, or a warranted power to seize the device.”