Yesterday, Big Brother Watch (BBW) published the ‘Police Access to Digital Evidence’ report which revealed 93% of UK police forces now extract data from seized devices.
The report said: “Laws in this field remain murky, and rather than updating the existing laws to adequately address the complexities of new technology and data, the government has merely amended them, creating a patchy and far from technically detailed framework. But it is not just the laws which are complex and unclear. The details about how the police acquire, interrogate and retain data is also opaque.” Richard Stiennon, Chief Strategy Officer at Blancco Technology Group commented below.
Richard Stiennon, Chief Strategy Officer at Blancco Technology Group:
“Data on mobile devices can be a treasure trove for law enforcement. Contacts, call records and even location data from apps can be easily pulled from a confiscated device. For example, the suspect may even have planned and executed a crime via SMS or other messaging app. Of course, otherwise secure means of communications like Signal and WhatsApp are useless if the phone falls into the hands of law enforcement, especially if the phone is not encrypted. iPhones are encrypted and very hard to extract data from if a PIN is enabled. Android is also going the encryption route, but only about 12% of all Android devices are encrypted.
The prevalence of law enforcement forensic activity with mobile devices is best supported by the head of the NY Police Department stating several years ago that “All crime in New York has an element of cyber.”
While we want our law enforcement agencies to do the best job they can, we also do not want to see fishing expeditions that could impede on users’ data privacy. Someone may be detained for rowdy behavior, for instance, and their mobile device could provide evidence of some other offenses committed.
This whole issue can be taken as a warning to all of us that there is a wealth of information contained on our mobile devices and we should never let them fall into the wrong hands. Whenever you upgrade a mobile device or send it in to be repaired, you have to be aware that all of your data could potentially be accessed and exposed if the data has not been properly erased. Data sanitization must be done first, either by the phone owner or the processor of the phone – be it an insurance company, the carrier, or the retail outlet that accepts the phone.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.