Initiative aims to explore use of technology to limit data extracted during investigations

Credit: Max Pixel

Ministers are to explore the development of technology that they hope could ensure the extraction of data from the digital devices of rape victims is “not intrusive”.

The controversial Police, Crime, Sentencing and Courts (PCSC) Bill – which is currently working its way through the House of Lords – contains provisions for authorities to extract data from citizens’ electronic devices in support of criminal or missing persons investigations, or for the protection of children or vulnerable adults.

Such data collection already takes place, but has long been subject to fierce criticism. In 2019, a standardised consent form was introduced across all police forces, providing them with a consistent means through which to request access to devices. 

The forms warned victims that “if you refuse permission for the police to investigate, or for the prosecution to disclose material which would enable the defendant to have a fair trial, then it may not be possible for the investigation or prosecution to continue”.

The documents were eventually scrapped last year, following campaigns undertaken by survivors of sexual abuse, alongside human rights and privacy groups.

Related content

• Government and police chiefs consider options for managing digital evidence
• Scottish police get green light to use encryption-busting ‘cyber kiosks’
• NPCC leader: ‘Virtually every crime today has a digital footprint’

Answering a recent written parliamentary question from Lyn Brown, Labour MP for West Ham, crime and policing minister Kit Malthouse said that, once the PCSC Bill becomes law, the relevant sections “will ensure that only information that is necessary and proportionate for an investigation is asked for from a victim”.

He added: “The Code of Practice that will accompany the PCSC Bill provides detailed guidance on when and how these powers should be used. The code makes clear that device users have the right to refuse, and it also contains specific guidance on the use of the powers with victims who may be vulnerable due to the trauma they may have experienced and who may need more support.”

But the minister said that “legislation is only part of the solution” needed to ensure the process of extracting victims’ data is proportionate and non-intrusive. 

Malthouse and his colleagues are shortly to launch a “ministerial-led technology summit” initiative through which they hope to identify or create new technologies that can place restrictions on data that is extracted. The summit will bring together representatives of the tech industry and the criminal justice system in a bid to collaboratively “develop rapid, innovative, technological solutions”.

“Whilst there are some promising new technologies, existing data extraction technology does not always provide the ability to limit appropriately what is being taken from a digital device,” the policing minister said. “With digital evidence increasing in volume and prevalence, it is vital that we harness technology to find solutions to challenges in capacity and in our capability to effectively extract, analyse and review only relevant data from digital devices in a way which fast and not intrusive for the victim.”

Once the summit has identified possible technological solutions, government will “will work with the policing sector to trial technologies through via Operation Soteria, to identify where innovations can be scaled up at pace to make a difference for victims”, according to Malthouse.

Regardless of how and which technology might ultimately be implemented, the provisions of the PCSC bill seem likely to remain subject to strong opposition.

A briefing paper published in May by Big Brother Watch and jointly supported by nine other charities and campaign groups – including Amnesty International, Liberty, and Rape Crisis England and Wales, – described the measures contained in the prospective legislation as “some of the most profound and varied threats to human rights in the UK of any bill introduced for decades”.

“Police are seeking masses of personal data by default that is not relevant to an investigation at all, and may not be lawful,” the paper said. “Our groups have found that this practice is used almost exclusively in relation to complainants of rape, sexual offences and domestic violence, who are overwhelmingly women.”

It added: “An average individual’s mobile phone can contain the equivalent of 35,000 A4 pages of data. Much of this information is incredibly personal, including private conversations with friends, family members and partners; personal and potentially sensitive photographs and videos; personal notes; financial information; and even legally sensitive work-related information such as in emails. Most people’s phones and communications contain sensitive information classed as ‘special category data’ under data protection law: information about an individual’s race, ethnic origin, politics, religious or philosophical beliefs, health, sex life or sexual orientation, and as such data extraction from phones requires robust safeguards.

“These would be intrusive searches even for most suspects of crime. But now, police are carrying out these intrusive digital searches against victims of crime.”

A report released last year by the Information Commissioner’s Office pointed to various existing “poor practices” in the police’s collection of data from citizens’ smartphones. An investigation, which the regulator said was prompted by inconsistent approaches across law enforcement, found that there is a tendency for forces to inappropriately rely on citizen consent as the basis for data processing, and, in many instances, an “overly wide approach” to the amount and type of data collected by officers.