Please be aware we’re making some improvements and building a new website. You can still report incidents, tell us about general intelligence or talk to us on live chat on this site. Thanks for your patience.

Digital Forensics - 283/23

Date Responded 27 February 2023

Provision of information held by Northumbria Police made under the Freedom of Information Act 2000 (the 'Act')

As you may be aware the purpose of the Act is to allow a general right of access to information held at the time of a request, by a Public Authority (including the Police), subject to certain limitations and exemptions.

You asked:


1. How many digital forensic officers are able to gather data from smart home devices within the digital forensic unit?

2. What are the issues the digital forensic unit faces when analysing data from smart home devices?

3. What are the procedures, principles and legislation that must be adhered to when handling, obtaining and analysing digital smart home devices within the digital forensic unit?

4. What software/ hardware is used to analyse and extract data from smart home devices?

5. Is the digital forensic laboratory software/ hardware used accredited under the accreditation ISO17025?

6. Are write blockers used to analyse data obtained from smart home devices?

In Response:

We have now had the opportunity to fully consider your request and I provide a response for your attention.

To note this submission has been aggregated with your previous submission on this subject matter, FOI 061/23, due to cost/time constraints.

Following receipt of your request, searches were conducted with the Forensic Services Department of Northumbria Police.  I can confirm that the information you have requested is held in part by Northumbria Police.

I am able to disclose the located information to you as follows which we have provided as a matter of goodwill as your previous request was refused due to Section 12 being applicable and which would also mean that we could legitimately apply that stance to this request.  Rather than do so we have supplied some information as follows.

1. Northumbria Police Digital Forensic Unit currently employs 21 Digital Forensic Investigators and 3 Senior Digital Forensic Investigators, all of whom are able to carry out a wide range of digital forensic activities.

2. This point is not a valid question.  Section 84 of FOIA relates to recorded information held by a public authority and that it does not extend to providing explanations unless the answers are already held in a recorded form:

"Information is defined in section 84 of the Act as 'information recorded in any form'. The Act therefore only extends to requests for recorded information. It does not require public authorities to answer questions generally; only if they already hold the answers in recorded form. The Act does not extend to requests for information about policies or their implementation, or the merits or demerits of any proposal or action - unless, of course, the answer to any such request is already held in recorded form."

3 & 5.  As the information you have requested at these points is accessible by other means I have not provided you with a copy of the information and will rely on Section 21 of the Freedom of Information Act 2000.  You should therefore consider this a refusal for these parts of your request.

I have provided an explanation to this exemption below.

Section 21 (1) - Information accessible by other means

Information which is reasonably accessible to the applicant is exempt information.

This information is not specific to Northumbria Police and can be ascertained using open source materials.  For example, the following was obtained via a brief web search:

IoT Forensics: An Overview of the Current Issues and Challenges

Smart Home Forensics – Data Analysis of IoT Devices

The Internet of Things: Challenges and considerations for cybercrime investigations and digital forensics

The Schedule of Accreditation issued to Northumbria Police’s Digital Forensic Unit can be ascertained using open source materials: Schedule of Accreditation – Northumbria Police & NERSOU

4. We shall not be providing a response to this point and by doing so rely on the following exemption:

Section 31 (1a) - Law Enforcement

Section 31 of the Act (Law Enforcement) states that information is exempt information if its disclosure under this Act would, or would be likely to prejudice:

(a) The prevention or detection of crime

This exemption is a qualified and prejudice based exemption and therefore the legislators accept that there may be harm if released into the public domain.  The authority has to consider and describe the harm that would occur if the information were released and carry out a public interest test.  In accordance with best practice, I detail the harm first.

Harm

To disclose information detailing what software/hardware is used to analyse and extract data from smart home devices would undermine the police services ability to protect sensitive data and would disclose force capabilities and identify any perceived weaknesses in force capabilities.  

Those with the intent to do so may use that information to cause disruption or focus their criminal activities on those areas where they believe may be weaknesses.  This would obviously impact on the Police service’s ability to protect the public it serves and could prejudice its ability to perform core functions such as the prevention and detection of crime.

Public Interest Test

Factors favouring disclosure:

The release of the information would demonstrate the openness of the organisation to make such matters public.  Disclosure would contribute to the accuracy and quality of public debate and allow the public to know what police resources are available.

Factors favouring non-disclosure:

Releasing such data would give those individuals with the intent to do so, the intelligence required to disrupt police activity.  This knowledge would mean that offenders would be able to target their offending more effectively which would inevitably lead to an increased likelihood of terrorist or criminal activity and an increased danger to the public.  On a national level, terrorists and criminals would be able to identify and use this knowledge to their own advantage in furthering terrorist/criminal activity around the country.

Any disclosure of information which is likely to undermine the Police service’s ability to serve the public in preventing and detecting crime can only be considered as being harmful to the public.

It would not be in either the publics or the polices interests to provide information which could aid those who are intent on causing criminal acts, disruption or harm to our communities or police services.

Balance Test

Having considered both sides of the public interest, it is considered that the balance favours non-disclosure of the information requested.  Whilst this information may be of interest to the public, it is not in the public interest to provide those with intent to do so the means to target any perceived weaknesses or circumvent any investigative methods thereby increasing the risk of terrorist/criminal activity.  Such disclosures would always be resisted.

You should consider this to be a refusal notice under section 17 of the Act for this part of your request.

6. No.

Disclaimer

Due to the different methods of recording information across 43 forces, a specific response from one constabulary should not be seen as an indication of what information could be supplied (within cost) by another. Systems used for recording these figures are not generic, nor are the procedures used locally in capturing the data. For this reason responses between forces may differ, and should not be used for comparative purposes.

The information we have supplied to you is likely to contain intellectual property rights of Northumbria Police. Your use of the information must be strictly in accordance with the Copyright Designs and Patents Act 1988 (as amended) or such other applicable legislation. In particular, you must not re-use this information for any commercial purpose.

back to top