• Winner of the Modern Law Awards

  • Over 10,545 cases won to date

  • 5 star google reviews

  • Defence experts since 1984

Criminal Defence Articles

Can the police hack your phone in the UK?

These days, for most people, their mobile phone is the most private and significant personal possession that they own. From family photos and banking details, to confidential personal message and work information, mobile phones hold an almost overwhelming amount of sensitive data about us. And that is only the information that is visible to us. Our phones also carry information about our location at any given point in time. Deleted data paints an elaborate picture of our past movements and communications. It is not surprising therefore that the contents of our phones is gold dust to law enforcement. A single text message could tip the balance of evidence in favour of proving that a crime took place. But what happens when the police seize your phone? What information are they able to obtain, and what rights do you have in relation to it? This article aims to answer these questions and more.

What technology do the police use to retrieve information from mobile phones?

The majority of police forces can retrieve the contents of your phone. This is thanks to technology that allows them to perform phone extraction. Phone extraction enables the police to download all the data from your phone, including text messages, phone contacts, and photos. The data that can be obtained through phone extraction includes deleted data and information from encrypted apps. How much deleted data the police can recover will depend on whether your phone has an SSD hard drive. SSD hard drives strip themselves of deleted data to make space for new data, therefore phones containing this technology make it harder to extract deleted data.

Data extraction does not usually require you to give the police your pin code, but this depends upon which type of device you have. Older iPhones and Androids are easier to hack whilst newer versions of iPhones are notoriously much more difficult. Police often engage the services of an outsourced forensic extraction provider to obtain the data on their behalf. An example of the technology used by police is the Universal Forensic Extraction Device, made by Israeli company, Cellebrite. Within minutes, this device can remove data including text messages, emails, contacts, photos, and videos. However, somewhat concerningly, security vulnerabilities have been identified within Cellebrite hardware itself, leading to concerns that it could be hacked. This poses questions about the security of the data extracted and stored by the police.

In addition to phone extraction, the police also have remote hacking capabilities allowed by other technologies, which enable them to access the content of a phone that is not in their possession. However, the police are usually hush hush about their access to such technologies, which are probably reserved for the investigation of more serious crimes. Privacy International has highlighted concerns that by exploiting loopholes (also known as ‘backdoors’) in the technology that drives smartphones and other personal electronic items, the police are leaving our devices, networks, and services insecure and making them an easy target for criminals.

In addition to hacking devices of suspects, the National Crime Agency has been working with internet service providers to build surveillance technology which could track the browsing history of every individual in the UK. This controversial trial has been shrouded in secrecy. It is permitted under the powers set out in the Investigatory Powers Act, which mandates internet service provides to provide 12 months of a suspect’s browsing history on production of an order by senior judge requesting this information. Browsing data provides information on what websites are visited on what date. It can provide a detailed picture of a person’s interests and activities.

Can the police hack my phone without me knowing?

The Police and Criminal Evidence Act 1984 gives police the power to seize phones as evidence where they have reasonable grounds for believing that it is evidence in relation to an offence that is under investigation. They may also retain the information that is held within them for the purposes of investigating crime. Say, for example, the police suspect that you have indecent images on your phone. The police can seize your phone as part of their investigation. They can remove as much information as they want to see if your phone contains indecent images or, for example, you have visited websites containing indecent images. The police can keep your phone for as long as they feel is necessary in order to conduct their investigation.

For the purposes of law enforcement, the police are allowed to hack devices through the powers granted to them by the Investigatory Powers Act 2016 and the Police Act 1997. These powers have been subject to legal challenges by human rights organisations such as Privacy International and Liberty on the basis that they represent an unjustified intrusion to personal privacy. In other circumstances, i.e. when the data is not being extracted for law enforcement, the police need to obtain your consent under data protection legislation in order to process your data.

According to the Information Commissioner’s Office, the amount of data that is routinely extracted by police varies widely from police force to police force. It has highlighted uncertainty amongst police regarding when a suspect’s consent is required versus when they can rely on their powers under the Investigatory Powers Act to obtain the information. It has also raised concerns regarding the impact of the police’s inconsistent approach upon the civil liberties of suspects. It seems that currently police are extracting far more data from suspects’ devices than they actually need. This impacts not only on the suspects themselves but also upon their family members and friends, whose messages and friends are also on the suspect’s device. The Information Commissioner’s Office suggests that current police practices ‘increase the risk of arbitrary intrusion [of privacy]’, and recommend that the police should impose better rules, including a statutory framework that defines in detail how the police should use phone extraction.

Do I have to give police my mobile phone PIN code?

Because you have the right to remain silent, you do not have to provide police with your pin codes or passwords. Sometimes it can be a better strategic option to withhold this information to prevent the police going on a fishing expedition through your phone’s data. This is likely to be the case where the police’s evidence is weak and you intend to plead not guilty if you are charged. This is something that your criminal defence solicitor can advise you on.

However, there are circumstances where failing to disclose your pin code could be a criminal offence. This arises where you are served with a notice under Section 49 of the Regulation of Investigatory Powers Act 2000. Ordinary police forces do not have the power to issue these notices; it would have to come from the National Crime Agency, Her Majesty’s Revenue and Customs or the Security Service (MI5), the Secret Intelligence Service (MI6) or GCHQ. Therefore you are only likely to be served with a Section 49 Notice if you have been accused of a serious offence such as terrorism or sexual offences against children. If you have been served with a Section 49 Notice, failure to provide your pin code could result in a custodial sentence of up to two years. There are reported cases of individuals having been convicted of this offence.

Can the police recover deleted text messages?

Hacking software may be able to recover deleted messages, depending on how long ago the messages were deleted, and the type of phone that you have. It is difficult to say with precision how far back the police can obtain these messages, since this varies according to the device type.

In addition, the police can request your call and text message records from your mobile phone service provider. Police will need to obtain a warrant from the court in order to do this. Whilst your service provider can see the contents of unencrypted text messages, they do not usually store this information for very long, if at all. Usually, therefore, the records provided to the police will contain a list of details of at what time and date SMS messages were sent to what number, however they will not usually contain the contents of the actual messages.

Where to get further help

If you have been arrested and have queries about your rights in relation to your mobile phone, instruct a criminal defence solicitor in whom you trust. At Stuart Miller Solicitors, we will be able to advise you regarding your options for cooperating with the police’s enquiry by providing your pin or choosing to exercise your right to remain silent. At this stressful time in your life, the right legal advice really could make all the difference. Do not delay getting help; contact us to organise a meeting with one of our highly skilled criminal defence solicitors.

 

Further Reading

Emergency?

Call 24 hours a day, 7 days a week.