This post is also available in: heעברית (Hebrew)

Police forces have become increasingly reliant on extraction software in recent years as smartphones have harvested more data about people’s behaviour. But it’s feared in the UK that the law has struggled to keep pace with the technology and there is a lack of oversight of the way in which it is deployed.

Police forces in the UK are preparing to spend up to £20 million on hacking technology that can bypass smartphone encryption software. The move could represent a significant expansion of the technology’s deployment in the UK.

“[This] is a priority area for the Information Commissioner, and the ICO (The Information Commissioner’s Office) has an ongoing investigation into use of data extraction technology on the mobile phones of suspects, victims and witnesses,” a spokesperson said. “Law enforcement agencies using technologies such as data extraction need to comply with the requirements of the Data Protection Act 2018.”

Scarlet Kim, a lawyer at Privacy International, warned that police forces had struggled to identify which law they were relying on to carry out data extractions. Concerns have also been raised about the fact that officers do not need a warrant to access data on the phones of suspects, victims and witnesses, and that a disproportionate amount of data is being downloaded. In some cases, campaigners have reported that officers have downloaded the entire contents of a users’ phone.

Some critics have claimed that such use of the technology may discourage witnesses from coming forward, fearing their entire phone’s data could be accessed.

Nick Baker, deputy chief constable of Staffordshire Police and NPCC lead for digital forensics, played down such allegations, saying that “full downloads” were very rare. “Most investigations are about proportionate lines of inquiry,” he told tech.newstatesman.com.