How Can The Police Legally “Hack” Into Computers?

On 5th January 2009, the BBC published an article stating how the  police are to be encouraged to  “hack” into personal computers, for the purposes of investigation, following an EU report on the subject. This statement raises many questions, not least of which is:

“How can the police legally hack into my computer?”

Firstly the actual EU report,that the BBC mentions, its not quite as explosive as implied by the BBC. The report, entitled “Council Conclusions on a Concerted Work Strategy and Practical Measures Against Cybercrime” states that “If necessary, the European platform could be a tool for …….facilitating remote searches if provided for under national law” (emphasis added).

The EU does not provide for covert searches and surveillance,  but instead thinks this is an effective method of investigating computer crime, and suggests  member states use whatever laws they have available.

This still leaves the question of What laws are available to the UK Police for covert computer searches?

The UK Police don’t have much to say on the issue, with very little documentation produced by the advisory body  known as the Association of Chief of Police Offices – ACPO  – on the subject of . In 2005 ACPO did release the National Intelligence Model which only has this to say about covert operations:

Covert operational teams are regularly deployed within communities and in the investigation of  serious crimes. In addition to gathering operation-specific information, unrelated information will also be generated. This must also be recorded and evaluated following the principles for managing and sanitising confidential information

ACPO has even less to say on the subject of covert searches:

“Covert searches – surveillance authorities may be required – collection of personal data by covert means.”

In 1997 the at the reading of the Police Bill in the House of Lords the subject of covert searches was discussed:

Surveillance and covert searches are likely to be authorised if a chief constable thinks that they are necessary; they would then be approved by one of the commissioners

But the Police Bill was superseed by RIPA (2000), which allows for all sorts of methods survellliance, phone tapes, and intrusive survelleiance. It these survelliance power that allow  the police to search computers remotely (i.e hack computers),  as this law providers for covert and intrusive searches.

The Home Office document, Covert Surveillance – Code of Practice, produced as a guide for the police to use RIPA, states this:

5.6 In many cases, a surveillance investigation or operation may
involve both intrusive surveillance and entry on or interference with
property or with wireless telegraphy. In such cases, both activities
need authorisation. This can be done as a combined authorisation (see
paragraph 2.11).

It then goes on to state this about who can authorize this:

5.7 An authorisation for intrusive surveillance may be issued by the Secretary of State (for the intelligence services, the Ministry of Defence, HM Forces and any other public authority designated under section 41(l)) or by a senior authorising officer (for police, NCIS, NCS and HMCE).

5.10 The senior authorising officer should generally give authorisations in writing. However, in urgent cases, they may be given orally. Urgent oral case, a statement that the senior authorising officer expressly authorised the conduct should be recorded in writing applicant as soon as is reasonably practicable.

5.11 If the senior authorising officer is absent then as provided section 12(4) of the Police Act 1996, section 5(4) of the Police (Scotland) Act 1967, section 25 of the City of London Police or sections 8 or 54 of the 1997 Act, an authorisation can be given writing or, in urgent cases, orally by the designated deputy.

5.12 In an urgent case, where it is not reasonably practicable regard to the urgency of the case for the designated deputy to consider the application, a written authorisation may be granted  person entitled to act under section 34(4) of the 2000 Act.

There is no doubt that RIPA provides the police with much needed powers, but it has also been miused many times. Both by the police and more commonly by councils. In fact there were so many occurences of RIPA being misused at a local level, the central government had to warn the councils to stop misusing the powers in this way.

This is not the issue of if the powers are needed, or if they will be misused, we know the powers are needed, but we also know they will be misused. Whenever people are given access to data and survelliance, there will always misuse it, it is, sadly a fact of life.

The issue is do we want the goverments exectuve agencies (and councils) to have these powers, knowing they will misuse them? Is that a balanced risk?


One Response to “How Can The Police Legally “Hack” Into Computers?”

  1. Data Retention: Email, Email Monitoring and ISPs « Data - Where is it? Says:

    […] police also have the powers to access personal computers directly, and covertly. This type of access would allow the monitoring of emails, as well as internet […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: