MSPs probe data privacy concerns over Police Scotland’s cyber kiosks
Law enforcement earlier this year bought 41 of the devices for use across the country
Credit: Andrew Milligan/PA Archive/PA Images
Concerns have been raised by members of the Scottish Parliament (MSPs) about the data privacy implications of the police ‘cyber kiosks’ deployed across the country.
MSPs on the Justice Sub-Committee on Policing expressed their worries about the personal data that can be accessed via the kiosks, as well as the legal basis for accessing it, the right to privacy, and arrangements for data security.
Earlier this year, Police Scotland bought 41 cyber kiosks for use across Scotland, following trials in Edinburgh and Stirling. The digital forensic devices can rapidly search electronic devices such as mobile phones or laptops to look for evidence, helping police at the early stage of investigations.
The Holyrood committee has held sessions on the devices, where significant concerns about the legal basis for the use of kiosks were outlined by both the Information Commissioner’s Office and the Scottish Human Rights Commission.
At a meeting of the sub-committee on 13 September, detective chief superintendent Gerry McLean told MSPs the legal basis for accessing data on electronic devices could vary, either being through a warrant, under a statutory framework such as the Misuse of Drugs Act 1971 or “more frequently” under a ‘common-law power’ such as a witness offering police a device saying there was something relevant on it.
- Police Scotland lays out £300m plan for IT transformation
- Met Police tenders for range of managed services to enable focus on ICT transformation
- Plans unveiled for £20m national police cybersecurity centre
Diego Quiroz of the Scottish Human Rights Commission asserted that searching a search of electronic devices should be on a par with a physical search of a property.
He said: “We know that cyber kiosks can access private data – everything from texts to photos and web browsing – and even more sensitive data, such as biometric data. My phone has my fingerprints and my voice, for example. In a criminal law context, there can even be information about journalistic material or legally privileged information. That is incredibly sensitive data, so the framework and its legality are important.”
He added: “It is possible to find more private information in a mobile phone than in a bedroom or a house. Let us keep with that metaphor. The police need a warrant to search a house. That being the case, a more or equally intrusive digital measure will certainly require a similar safeguard. However, this is the first time that I have heard the police mentioning the idea of using warrants. I think that the commission would not be satisfied if there was no similar legal safeguard to that which there is when a house is searched in Scotland.”
McLean told the sub-committee that if there was no legal basis for Police Scotland to continue with the technology, the rollout would not proceed.
However, Police Scotland has confirmed that it is continuing with the introduction of cyber kiosks across Scotland, scheduled for December 2018 and early 2019.
Justice Sub-Committee on Policing convener John Finnie MSP said: “MSPs and the public will be rightly concerned to hear that the police service is very close to rolling out cyber-kiosks while major questions remain unanswered over the legality of using these machines. The sub-committee has been at the forefront of raising questions about cyber-kiosks, and we will continue to hold police leadership to account for their decisions in the coming weeks.”
The sub-committee has invited these witnesses to give evidence on the topic again on Thursday 15 November.
With the Online Safety Bill now published, former police superintendent Iain Donnelly writes for PublicTechnology on the challenges that need to be overcome in order to ensure the law’s...
Organisation advertises three senior roles for ‘One Login for Government’ project
Concerns expressed after leak of messages between Boris Johnson and vacuum magnate Dyson
Report identifies delays in accessing information to alert those that needed to shield as chief auditor points to ‘challenges posed by legacy data and IT systems’
Higher Education institutions are some of the most consistently targeted organisations for cyberattacks. CrowdStrike explores the importance of the right cybersecurity measures.
It’s been one of the most challenging years for healthcare providers, but Salesforce sees lasting change from accelerated digital transformation
Cloud-based applications can provide ways for agencies and departments to innovate and operate in new ways, as the past year has highlighted they must, writes Oracle