The Policing Bill: Immigration Officers to get phone data extraction powers

The controversial Police, Crime, Sentencing & Courts Bill (‘Policing Bill’) includes provisions for ‘extraction of information from electronic devices’ by immigration officers. The provisions to seize and extract rely solely on ‘voluntary provision’ of devices and ‘agreement’ to extract data.

We are concerned immigration officers not only lack requisite skills, the power imbalance between state and migrant calls into question whether provision of a device can ever be truly voluntary.

This proposal comes at a time when there is a total lack of transparency around Home Office use of mobile phone extraction.

Key points
  • Immigration Officers are included in the list of authorised persons representing a worrying development in who can exercise extraction powers
  • There is no evidence that Immigration Officers have the requisite digital forensics skills which creates significant risks for the reliability of extracted data.
  • The Bill fails to strengthen the law that governs digital information extraction
  • It relies upon voluntary provision of an electronic device which does not appreciate either the inherent power imbalance between the immigration officer and individuals; or the breadth of data which can be obtained - of which an individual will have little understanding.
  • The proposals ignore the recommendations of the Information Commissioner and Law Commission and do not clarify powers of seizure and extraction.
  • The powers go beyond mobile phones and refer to extracting undefined ‘electronic devices’
News & Analysis
MPE Image

Around the world, we see migration authorities use technology to analyse the devices of asylum seekers. The UK via the Policing Bill includes immigration officers amongst those who can exercise powers to extract information from electronic devices. There are two overarching reasons why this is problematic:

  1. The sole provision in the Policing Bill to extract information rests on voluntary provision and agreement, which fails to account for the power imbalance between individual and state. This is particularly acute for migrants in vulnerable circumstances and facing language barriers.
  2. Immigration Officers are not digital forensic experts. This impacts reliability of evidence whether used for intelligence gathering, decision making or criminal investigations.

We look at voluntary provision and agreement, then consider why immigration officers using these powers could result in unreliable evidence. We conclude with a look at the litigation in Germany where a Berlin court ruled searching the phone of an asylum seeker unlawful.

Voluntary provision and agreement

It is difficult to imagine a more intrusive invasion of privacy than the search of a personal or home computer … when connected to the internet, computers serve as portals to an almost infinite amount of information that is shared between different users and is stored almost anywhere in the world. R v Vu 2013 SCC 60, [2013] 3 SCR 657 at [40] and [41].

The controversial Policing Bill provides that an authorised person, which includes immigration officers, can extract data from an electronic device if the user of a device has:

a) voluntarily provided it, and;

b) has agreed to the extraction of data from that device.

Before discussing why voluntary provision is problematic it is worth noting that whilst there has been a great deal of public debate about use of mobile phone extraction by the police, little is known about the Home Office use of mobile phone extraction in relation to migrants.

The use of mobile phone extraction enables a degree of surveillance and intrusion into the private sphere that before the internet would have been unthinkable. PI have submitted Freedom of Information Requests to the Home Office, noting their contract with Cellebrite in August 2018 for “2x UFED Touch 2 ruggesided units and 1xUFED 4PC TK CF54 Ultimate system”, to no avail.

However, in November 2020 the Home Office made it clear in response to Parliamentary questions that their intention is to seize and search the mobile phones of all migrants, at least those who arrive at Tug Haven at Dover.

Sarah Champion MP highlighted to the Policing Bill committee that:

“A few months ago, I went to a large asylum hospital in my constituency, where there were 50 to 100 men—I do not know how many—and what concerned them most was that, literally as they entered the country, their mobile devices and indeed clothes were taken off them. There was no debate or explanation; it is just part of the process.”

The Financial Times has reported that teenage refugees from Hong Kong have had their phones seized by Border Force officers on arrival in the United Kingdom.

It is in this context of secrecy and lack of safeguards that ‘voluntary provision’ and ‘agreement’ are being introduced.

Whether asylum seekers, who may also face language barriers, feel they have any other choice but to hand over devices for scrutiny, raises issues around what is meant by ‘voluntary’ in the context of Border Force powers. Arguably it confirms at the very least the need for safegaurds, which are currently absent in the legislation.

The Information Commissioner has pointed out in her follow up report on mobile phone extraction that:

data a mobile phone holds cannot simply be ‘given away’ to a controller by the device owner.

She explicitly states that:

a person’s willingness to offer their device for examination is not, in itself, a suffiicent lawful basis for processing information from it.

Provisions for voluntary agreement fail in other respects. As pointed out in Committee Debates:

  • There is no definition of ‘agreement’ in the legislation to specify that it must be informed and freely given, to avoid abuse of this power.
  • There is no requirement for authorities to be specific about what data they are seeking. Yet only with specificity can the data owner give informed agreement to extraction.
  • The Bill does not define what constitutes a reasonable line of inquiry. Without a clear definition, immigration officers will be able to rely on merely reasonable belief and relevance. Creating a risk of embedding a culture of wholescale downloads and intrusion into privacy.

When discussing the experiences of other individuals in vulnerable circumstances, Sarah Jones MP highlighted that victims of rape reported finding the experience of having their devices extracted as “invasive” and “traumatic”, with many feeling that the process was not properly explained.

A survey by the Victim’s Commissioner found that:

Just 33% agreed that the police clearly explained why any request to acess mobile phone and other personal data were necessary and 22% that they explained how they would ensure that data would only be accessed if relevant and necessary. Requests for these data were often considered invasive and intrusive, and survivors had serious concerns about this."

The Victim’s Commissioner advises that the test should be that the authorised person is satisfied that the exercise of the power is strictly necessary and proportionate to achieve that purose.

Our view is that immigration officers should not be permitted to seize and extract mobile phones. If this is required, they can involve the police.

Unreliable evidence: Digital forensics skills

The delivery of justice is dependent on the integrity and accuracy of evidence and trust that society has in it.

Here we look at current debates surrounding digital forensics and reliability of extracted data. The focus has largely been on the police which underscores the lack of scrutiny in relation to use of mobile phone extraction by immigration offices.

A key issue as Sarah Champion MP raised at Committee stage are the skills of those conducting device extractions:

“Extracting data is a complex process that requires specialist experience, and it ought to be managed under the law. I am concerned that we are asking immigration officers to be incredibly mindful, and to be trained and resourced, and to have all the skills, to request that device.”

Ignorance of the way device extraction tools work is dangerous for the proper functioning of the criminal justice system. As Dr Jan Collie, Managing Director and Senior Forensic Investigator at Discovery Forensics, highlighted to the House of Lords Science and Technology Select Committee in 2019:

“What I am seeing in the field is that regular police officers are trying to be digital forensic analysts because they are being given these rather whizzy magic tools that do everything, and a regular police officer, as good as he may be, is not a digital forensic analyst. They are pushing some buttons, getting some output and, quite frequently, it is being looked over by the officer in charge of the case, who has no more training in this, and probably less, than him. They will jump to conclusions about what that means because they are being pressured to do so, and they do not have the resources or the training to be able to make the right inferences from those results. That is going smack in front of the court.”

Dr Gillian Tully, former UK Forensic Science Regulator commented to the committee that:

“There is a lot of digital evidence being analysed by the police at varying levels of quality. I have reports coming in in a fairly ad hoc manner about front-line officers not feeling properly trained or equipped to use the kiosk technology that they are having supplied to them.”

The Serious Fraud Office told the committee that that ‘provenance and integrity of material obtained from digital devices is a key area’.

In relation to a study on bias in digital forensics, former Forensics Science Regulator Dr Gillian Tully commented in May 2021 that:

“I cannot overemphasise the importance of forensic scientists understanding the potential for unintentional bias, and of ensuring they take measures to minimise risks.”

Ian Walden, a professor of information and communications law at Queen Mary, University of London, commenting on the same study said that:

“Not only should we not always trust the machine, we can’t always trust the person that interprets the machine.”

The study found that experts tended to find more or less evidence on a suspect’s computer hard drive to implicate or exonerate them depending on the contextual infromation about the investigation that they were given. Even those presented with the same information often reached different conclusions about the evidence.

If we are in a position where forensic scientists are being advised about the potential for unintentional bias, then the concern about bias in relation to those who are not trained forensic scientists is surely much greater.

A further word of warning comes from the Police Foundation report:

There is a consensus among digital forensics stakeholders that the digital knowledge of frontline police officers involved with forensics needs to be improved. This is not only includes specific software but also digital forensic procedures. We were told that officers can at times ask for too much information and consider it to be urgent or they cannot explain why they need what they are requesting. We were told that sometimes inexperienced investigators do not understand what a reasonable line of enquiry is nor how to preserve digital evidence.

There is a need for much clearer national guidance for police officers regarding the examination of digital evidence. We suggest that there should be minimal intrusion relative to the needs of the investigation.

Despite the above concerns, the House of Lords Science and Technology Select Committee concluded in their investigation into digital forensics that there was little strategy to address very real problems:

“the rapid growth of digital forensic evidence presents challenges to the criminal justice system. We were not presented with evidence of any discernible strategy to deal with them.” (House of Lords, 2019)

Finally, the Information Commissioner’s recent report on mobile phone extraction highlights low rate of compliance with Forensic Science Regulator’s codes of practice and conduct, for forensic science providers and practitioners in the criminal justice system.

Berlin court case

Since 2017, German authorities have been able to analyze cell phone metadata of refugees if they have no valid passport or ID card to verify their identity. This has been challenged by those arguing it is ineffective, excessive and intrusive.

It is reported that refugees have sued Germany for searching their cell phones during asylum applications. An administrative court ruled that Germany’s Federal Office for Migration and Refugees had no right to deman access to cell phone data at the early stages of an asylum application.

Conclusion

The Information Commissioner has warned that the introduction of new statutory powers to permit data extraction from devices risks further embedding existing poor practices.

The evidence emerging regarding the use of mobile phone extraction by immigration officers is a culture of unnecessary processing of personal data from mobile phones where it is not fully justified. As noted by the Information Commissioner, it is not okay for authorities to ask peole to hand over their mobile phones without good cause. They must only take people’s data when it is strictly necessary for a specific, reasonable line of enquiry.

Insufficient consideration has been given to the inclusion of immigration officers who are not digital forensics experts. This creates significant risks for some of the most marginalised individuals in society.