Controversial technology which allows police officers to override passwords to quickly harvest data from mobile phones should not be introduced until its legality is resolved, according to a committee of MSPs.
Police Scotland had planned to begin a national rollout of the “cyber kiosks” next month despite privacy concerns.
Writing to justice secretary Humza Yousaf and Chief Constable Iain Livingstone on behalf of Holyrood’s justice sub-committee on policing, John Finnie MSP said the introduction of the technology should be postponed.
He said: “During our evidence taking on this issue, a number of concerns were raised by representatives from the Scottish Human Rights Commission, the Information Commissioner’s Office, the Faculty of Advocates and others regarding the legal basis for the introduction of the technology as well as human rights, privacy and data protection implications.
“At our most recent evidence session, it was clear that serious concerns remain about the legal basis for Police Scotland seizing and searching mobile phones of suspects, witnesses and victims of a crime.
“The sub-committee has serious reservations about the proposed rollout of this technology in December, given the questions that remain from a number of key stakeholders about its legality.”
Police Scotland spent £445,000 testing the technology in Edinburgh – just under the £500,000 investment threshold that would have meant the project had to be referred to the oversight body.
Earlier this year, the Scottish Police Authority’s interim chief officer, Kenneth Hogg, told Holyrood’s policing committee that he had no concerns about the project.
Mobile kiosks can access text messages, contacts, photos and web browsing history in seconds.
However, senior officers have stressed that the technology does not save a copy of the data, but only allows it to be viewed.
Detective Chief Superintendent Gerry McLean said: “We examine smartphones and other digital devices every day already and rely on the current legal position to do so.
“The kiosks would allow us to do this at an earlier stage, reducing the number of devices which are required to be forensically examined, and reducing the inconvenience of retaining a device which, on later examination, has no evidential value.
“While we are confident that the law would allow us to use kiosks, we understand the importance of providing assurance around the legal basis for using the technology, privacy protection and good data security.”
He added: “Therefore, we have engaged with a range of stakeholders and previously outlined a timeline to the justice sub-committee, which included a training programme later this month. However, the operational use of kiosks would be dependent on the legal position being clarified.”
In a written submission to MSPs earlier this month, privacy campaigners Open Rights Group said: “Open Rights Group cannot fully endorse an immediate rollout programme until a clear legal basis is provided and reflected in improved policy documents, including the data protection impact assessment and equality and human rights impact assessments and a demonstration that the use is subject to appropriate safeguards and oversight.”