London's Metropolitan Police Service (MPS) has sparked controversy after it trained police officers to "extract mobile phone data" from arrested suspects held in police custody.
First reported by the BBC, the data collection can take no more than a few minutes, and collects a users' call history, text messages, emails, and phone contacts.
But U.K. and European data protection regulators are pricking up their ears, and could investigate the Scotland Yard-based police force. Campaign group Privacy International warned it could even breach European human rights laws.
As a criminologist, I see this as perhaps the single most damaging policy enacted by a U.K. police force in nearly five years. Here's why.
The decision made by the MPS seems to contradict --- or at least come close to bordering --- on a ruling set out by the European Court of Human Rights in 2008, in which apparent evidence from those acquitted from police suspicion or criminal charges had to be destroyed.
When a suspect is arrested, their DNA is swabbed from their mouths and entered into the U.K.'s National DNA Database. Not only does it help active investigations determine who may be of interest, it also helps solve historical or 'cold' cases.
But what is important to note is that those who are arrested are merely suspected of committing a crime. Those who are charged are deemed by the U.K.'s prosecuting body, the Crown Prosecution Service (CPS), to have likely committed the crime and a criminal court case should begin.
The DNA bank was ultimately deemed illegal by the European court because those who were arrested but not charged still had their DNA in the database. The samples had to be destroyed leaving much of the U.K.'s police forces without what they considered to be vital evidence.
The "no charge, no DNA" ruling was a huge victory for British human rights.
But data protection and human rights officials in the U.K. and Europe will likely be wondering whether cellphone and smartphone data is as personal and as identifiable as DNA.
Speaking to the BBC, a spokesperson for Privacy International said:
"It is illegal to indefinitely retain the DNA profiles of individuals after they are acquitted or released without charge, and the communications, photos and location data contained in most people's smartphones is at least as valuable and as personal as DNA."
A spokesperson for the E.U. Internal Affairs Commissioner, which deals with cases of human rights, was unavailable at the time of writing.
A European Commission spokesperson was unable to answer all of my questions, because the executive body "is closed today". Apparently even bureaucrats' need days off.
A spokesperson for the E.U. Justice Commissioner said it "does not fall under the current data protection 1995 Directive as it excludes in Article 3 data processed for the purpose of crime prevention and state security".
They said I should probably follow up with the U.K.'s data protection authority, the Information Commission's Office (ICO). So I did.
An ICO spokesperson told ZDNet:
"Whilst we are not aware of this particular development, any personal information taken from an individual’s phone or other possessions and then held by the police during an investigation would have to comply with the Data Protection Act --- including its requirement to process personal data fairly and lawfully, not hold excessive or irrelevant personal data or hold it for longer than necessary.”
Plugging in a suspect's phone and downloading all its data indiscriminately could indeed breach the Data Protection Act.
There is no doubt that cellphones and smartphones are increasingly being used to commit crime. But this pushes the boat out to such a limit that the rights of British citizens, and others who visit the country, that human rights may be violated as a result.
While the MPS said that police officers can collect phone data "can happen only if there is sufficient suspicion the mobile phone was used for criminal activity," the
But charging a suspect requires evidence collected by police and detectives to be passed on to a Crown body, the CPS, to carefully decide whether formal charges should be brought against a subject. It's an independent and well-established body with processes and policies to protect not only the suspected criminal's rights but also those of the public.
From a criminological point of view, though police are accountable to a separate body of its own --- the Independent Police Complaints Commission (IPCC) --- the level of subjective suspicion now left in the hands of ordinary police officers is astounding. Frankly it gives too much power to police officers, notwithstanding their level of national security vetting and extensive training, and could be abused without proper and due process.
It is my view that only those charged, where sufficient evidence is presented to warrant judicial action, with an offence by the CPS should have any data collected. Even with this, data should be selectively collected, stored securely, and deleted once it is no longer needed.
The MPS, if it succeeds without legal challenge, would set a dangerous European-wide precedent which would put more power in the hands of the police and ultimately fewer rights away from ordinary citizens.
Disclosure: I currently work with a U.K. law enforcement unit. This is an entirely separate position which bears no connection to other work with CBS Interactive.
- CBS News: London riots: Tech's role in the thick of it
- ZDNet: Criminologically speaking: If technology is not to blame for the London riots, who is?
- UK ‘to announce’ real-time phone, email, Web traffic monitoring
- London’s Met Police uses ‘blanket tracking system’ to intercept, remotely shut down mobile phones
- European data protection law proposals revealed
- UK police investigate after anti-terror hotline ‘recorded’
- Why you can’t post London Olympics photos, videos online