Technology which allows police to bypass security measures on digital devices – including smartphones and tablets – is set to be rolled out in Scotland next Monday, January 20.

Forty-one ‘cyber kiosks’ will come into use as part of a ‘phased’ implementation – starting in Forth Valley and Fife – that will see full nationwide availability by May 1.

Police gave the green light to the technology after a recent report revealed cybercrime rose by over 200% in a six-month period last year compared to 2018.

The kiosks, which are desktop computers that are able to scan digital devices for evidence, were purchased two years ago but have been delayed following a series of legal wrangles.

Police Scotland said it is now confident it has the legal basis to allow the ‘Digital Triage Devices’ – for which 410 frontline officers have been specially trained – to be used in its bid to crack down on cyber and online crime.

However, privacy and legal campaigners – including the Scottish Human Rights Commission and Privacy International – continue to raise concerns that the legal powers under which Police Scotland will operate the technology are ‘not sufficiently clear, foreseeable or accessible and [that] new legislation is required.’

Information published by Police Scotland indicated that officers will not be able to search information on the internet, and that the devices will be ‘isolated’ so that only information on the device itself, including removable media such as SIM or Memory Cards can be searched.

An FAQ revealed that the kiosks will not be used in a number of instances, including where passwords cannot be overcome, which means there may be some models or devices which will remain impervious to the technology. It also indicates that the information that can be viewed during a search will ‘depend on the make and model of the device (Apple, Samsung, Sony etc.)’

Information that can be viewed via the kiosks – which will be located in police stations across local policing divisions – include calendar entries, call logs, contact lists, emails, internet history, pictures, SMS text messages, social networking, chat messages, user account information and videos.

The technology allows specially trained officers to triage mobile devices to determine if they contain information which may be of value to a police investigation or incident. This will allow lines of enquiry to be progressed at a much earlier stage and devices that are not relevant to an investigation to be returned quicker.

Deputy Chief Constable Malcolm Graham said: “We are committed to providing the best possible service to victims and witnesses of crime. This means we must keep pace with society. People of all ages now lead a significant part of their lives online and this is reflected in how we investigate crime and the evidence we present to courts. Many online offences disproportionately affect the most vulnerable people in our society, such as children at risk of sexual abuse, and our priority is to protect those people.

“Increases in the involvement of digital devices in investigations and the ever-expanding capabilities of these devices mean that demand on digital forensic examinations is higher than ever. 

“Current limitations, however, mean the devices of victims, witnesses and suspects can be taken for months at a time, even if it later transpires that there is no worthwhile evidence on them.

“By quickly identifying devices which do and do not contain evidence, we can minimise the intrusion on people’s lives and provide a better service to the public.”

Police Scotland said it recognises that the use of personal data as a key resource for law enforcement comes with the tension between intrusiveness and the need to maintain public consent. It said these ‘valid concerns’ have been the subject of extensive consultation and scrutiny by internal and external reference groups which have supported the development of publically available information explaining policies and processes, along with impact assessments to mitigate any concerns raised. 

Data ethics is an area of growing importance across UK Policing and Police Scotland is developing a Data Ethics Governance Framework to balance requirements to comply with data protection and privacy regulations, ensure fair and reasonable data usage, maximise the use of data for public good and ensure legitimacy of the police service. 
 
The Crown Office and Procurator Fiscal Service and independent senior counsel have affirmed the existence of a legal basis for the use of cyber kiosks. 

Police Scotland confirmed it will only examine a digital device where there is a legal basis and where it is necessary, justified and proportionate to the incident or crime under investigation.  

Cyber kiosks used by Police Scotland will not be enabled to store data from digital devices. Once an examination is complete, all device data is securely deleted from the cyber kiosk.

41 cyber kiosks have been procured and will be located in police stations across all policing divisions. It is anticipated all will be operational before 1 May 2020. 

Significant consultation has been undertaken with external advisory and stakeholder groups and Police Scotland held a series of public engagement events on digital forensics in 2019.

An updated report on the roll-out of the kiosks will be presented to the Scottish Police Authority for discussion on Friday, 17 January 2019 at the John McIntyre Centre in Edinburgh. Police Scotland has written to all stakeholders, including the Scottish Parliament’s Justice Sub-Committee on Policing, to keep them informed.

Recent figures published by the Scottish Police Authority have shown how cybercrime has grown by 215.2% during April to September 2019 compared to the same period the previous year – up from 1,426 to 4,495. The report also revealed that in Scotland, the internet was used as a means to commit 20% of all recorded sexual crime in 2016/17. In the same period last year, 51% of other sexual crimes, indecent communications and images, were cyber-enabled, the figures showed.