Provision of information held by Northumbria Police made under the Freedom of Information Act 2000 (the 'Act')
As you may be aware the purpose of the Act is to allow a general right of access to information held at the time of a request, by a Public Authority (including the Police), subject to certain limitations and exemptions.
You asked:
1. The number of digital forensic examinations carried out by in-house, police forensic services in the past 12 months or similar reporting period
2. The number of digital forensic examinations carried by outside laboratories and/or outside forensic science services in the same period
3. The names of any digital forensic laboratories and/or outside forensic science services used
4. The current backlog of digital forensic examinations
5. The number of Forensic Science Activities, in accordance with the Forensic Science Regulator Act 2021, that you are / are not currently accredited to deliver
6. The number of Forensic Science Activities completed in laboratories which are not accredited to ISO 17025.
In Response:
Following receipt of your request, searches were conducted with the Forensics Department of Northumbria Police. I can confirm that the information you have requested is held in part by Northumbria Police.
I am able to disclose the located information to you as follows.
1. Northumbria Police’s Digital Forensic Unit completed one thousand and thirty two (1,032) examinations relating to the examination of electronic devices between the 12 month period 1st June 2022 to 31st May 2023 inclusive.
2. During the period 1st June 2022 to 31st May 2023 inclusive, Northumbria Police outsourced seventeen (17) enquiries to external providers in relation to digital forensic activities.
3. The Information requested at this point will not be provided and we will rely on the following exemption:
Section 31(1)(a)(b) Law Enforcement
Section 31 is a prejudice based qualified exemption, as such both evidence of harm and public interest considerations need to be articulated and as such I have set these out below:
Harm
Northumbria Police must consider any possible harm that might arise as a result of placing the requested information into the public domain. This process considers the potential harm to:
- Individuals
- The community as a whole
- Ourselves (Northumbria Police) and the wider policing service, and
- Other bodies
Policing is an information-led activity, and information assurance (which includes information security) is fundamental to how the Police Service manages the challenges faced. In order to comply with statutory requirements, the College of Policing Authorised Professional Practice for Information Assurance has been put in place to ensure the delivery of core operational policing by providing appropriate and consistent protection for the information assets of member organisations, see below link:
https://www.app.college.police.uk/app-content/information-management/
Commercial Forensic Service Providers are vitally important in the Criminal Justice system, not only do they play a crucial role by supporting UK Policing with backlogs in the Digital Forensics arena, but they provide Defence teams with access to independent forensic experts to support their clients.
Whilst not in any way questioning the motives of the applicant, it must be taken into account when considering potential harm that a disclosure under the Freedom of Information Act 2000 is made to the world at large. Specific details of any forensic service providers used by Northumbria Police would be extremely useful to those involved in criminality as it would enable them to create a map of those most used by Police Forces. Forensic Service Providers can be targeted by malicious actors, for example in 2019 Eurofins (one of the UKs largest Forensic Service Providers) suffered a highly sophisticated ransomware attack which severely disrupted UK Policing and the Criminal Justice system.
https://www.helpnetsecurity.com/2019/06/24/eurofins-ransomware-attack/
By providing a list of Forensic Service Providers, Force by Force, a malign individual could identify those most critical to the Law-and-Order sector and specifically target those proving the most assistance. This would have a huge impact on the effective delivery of operational law enforcement as it would leave companies open to further cyberattacks which could have devastating consequences for law enforcement.
Public Interest Test
Factors Favouring Disclosure –
Confirming the names of Forensic Service Providers would be of interest to the public, namely giving insight into the forensic processes used to solve crimes.
Factors Favouring Non-Disclosure –
Measures are put in place to protect the community we serve and as evidenced within the harm, to provide a detailed list of Forensic Service Providers would allow individuals intent on disrupting law enforcement to target specific companies using the information obtained to maximise the impact.
Taking into account the current security climate within the United Kingdom, and the recent Eurofins cyber-attack, no information which may aid criminality should be disclosed. It is clear that it would have an impact on a Force’s ability to carry out the core duty of enforcing the law and serving the community.
The public entrust the Police Service to make appropriate decisions with regard to their safety and protection and the only way of reducing risk is to be cautious with what is placed into the public domain.
Balance Test
The Police Service is charged with enforcing the law, preventing and detecting crime and protecting the communities we serve. In order to effectively and robustly carry out those duties, external services are utilised which are vital to investigating criminal activity. Weakening the mechanisms used to investigate any type of criminal activity would have a detrimental impact on law enforcement as a whole. To provide the names of the Forensic Service Providers despite the known risks of cyber-attacks would undermine any trust or confidence the public have in the Police Service. Therefore, at this moment in time, it is our opinion that the balance test favours against the disclosure of the Forensic Service Providers used for digital forensics.
4. As of the 27th of June 2023, there are three hundred and seventy four (374) submissions which have been delivered to the Digital Forensic Unit and await analysis by an investigator.
5. As the information you have requested is accessible by other means I have not provided you with a copy of the information and will rely on Section 21 of the Freedom of Information Act 2000. You should therefore consider this a refusal for question 5 of your request.
I have provided an explanation to this exemption below.
Section 21 (1) - Information accessible by other means
Information which is reasonably accessible to the applicant is exempt information.
This information is readily available on UKAS website and you can find the relevant information from here - Search UKAS accredited organisations. I can advise that is the most up to date information currently available. Section 21 is therefore applicable.
6. This information is not held.
