Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Scotland police don't seem to have any problem getting data off locked iPhones

Starting on January 20, 2020, Scotland police will begin using "cyber kiosks" to extract and examine the contents of smartphones — including iPhones — that have data relevant to investigations or accidents.

The kiosks are desktop computers located in police stations that allow security officers to look through the contents of a mobile device rapidly. The data that can be extracted includes, but is not limited to, contacts, text messages, pictures, videos, plus text and application files.

These kiosks are highly scrutinized by several individuals and agencies for accountability of data and hardware. The devices of victims, suspects, and witnesses could all be extracted through these kiosks, regardless if the device has been volunteered or seized in the course of an investigation.

Scotland law already allows for law enforcement to take the smartphones of those involved in crimes and hold them indefinitely. Deputy Chief Constable Malcolm Graham has said that the kiosks will ideally speed up the process.

"By quickly identifying devices which do and do not contain evidence, we can minimise the intrusion on people's lives and provide a better service to the public," reads a statement on the Police Scotland website.

The kiosks draw a parallel to similar situations in the U.S., where law enforcement has increasingly tried to access digital data from smartphones, despite public wariness.

Attorney General William Barr with President Donald Trump Attorney General William Barr with President Donald Trump

On January 13, the FBI and Attorney General William Barr demanded that Apple help unlock two iPhones believed to be owned by Mohammed Saeed Alshamrami. Alshamrani is suspected to be the shooter at an attack on the Naval Air Station in Pensacola, Florida.

The FBI has been granted permission to search the devices but has sought Apple's assistance in unlocking the smartphones, including one that was reportedly shot by its owner, in a bid to find more evidence. Apple declined to provide more help beyond what it has already given the investigation, as it would effectively undermine the security of its hardware and software.

Barr has claimed that Apple had provided no "substantive assistance" to the investigation. Apple had provided access to data from Alshamrami's iCloud account within 24 hours of the request, but nothing from the device's local storage, as it was not privy to that information.

The FBI and other security agencies have previously sought the assistance of third-party firms in earlier investigations involving iPhones. Most famously, this includes when the FBI hired Cellebrite to unlock the iPhone of the gunman involved in the San Bernardino case. The agency was reported to have spent $900,000 on the extraction, and said nothing about what it obtained.

However, separate law enforcement sources later said that the iPhone had yielded no pertinent information.

Since the San Bernardino case, Apple has created a page on its website specifically for law enforcement officials to request what data the company has.



24 Comments

randominternetperson 8 Years · 3101 comments

Worth watching the 3 minute video.  It appears that Scotland is trying to do the right thing in being transparent and minimizing violation of privacy.  No hint at how they are able to crack encrypted devices, but that's not the point of the video.  I find it amusing that the end of the video says "for more information visit the Scotland Police website" without providing a domain name, let alone a URL.  I suppose that's what search engines are for. https://www.scotland.police.uk/about-us/police-scotland/specialistcrime-division/cybercrime-investigations-digital-forensics/cyber-kiosks

Based on that link, they do acknowledge that they won't be able to access all phones:

Q11. Will ‘Cyber Kiosks’ be used for all mobile telephone and tablet examinations in Scotland?
There are a number of specific circumstances where the use of Cyber Kiosks would not be appropriate, such as:
• The device does not work and is thought to be critical to the enquiry.
• The password for the device cannot be overcome (after consultation with cybercrime).
• The case involves child abuse images.
• The investigation relates to a potential internal or disciplinary enquiry.
• The data is known to be on the device (e.g. a witness has told the police the evidence in on the device)
• The data extraction is extremely large and cannot be managed on a Cyber Kiosk.

melodyof1974 15 Years · 114 comments

"If it's not Scottish is crap". My question is what if the phone doesn't turn on can the information still be extracted?

lkrupp 19 Years · 10521 comments

"If it's not Scottish is crap". My question is what if the phone doesn't turn on can the information still be extracted?

The answer is yes, probably. Let's face it, while Apple is ahead of the game when it comes to privacy and security it's not perfect. No digital consumer device is perfect when it comes to security and privacy. Governments and the bad guys have tons of tools at their disposal to get what they want, when they want it. All this talk about backdoors is about making it easier, not better for the authorities. All of your data is accessible if you live online at all, no matter what tricks you use to protect it. The only path to real privacy is to be off the grid and be completely cash based. Even then, you cannot escape the eyes of the government. They will find you if they need to. It may take years but they will find you. If that sounds depressing, well, unfortunately it is.

anantksundaram 18 Years · 20391 comments

Worth watching the 3 minute video.  It appears that Scotland is trying to do the right thing in being transparent and minimizing violation of privacy.  No hint at how they are able to crack encrypted devices, but that's not the point of the video.  I find it amusing that the end of the video says "for more information visit the Scotland Police website" without providing a domain name, let alone a URL.  I suppose that's what search engines are for. https://www.scotland.police.uk/about-us/police-scotland/specialistcrime-division/cybercrime-investigations-digital-forensics/cyber-kiosks

Based on that link, they do acknowledge that they won't be able to access all phones:

Q11. Will ‘Cyber Kiosks’ be used for all mobile telephone and tablet examinations in Scotland?
There are a number of specific circumstances where the use of Cyber Kiosks would not be appropriate, such as:
• The device does not work and is thought to be critical to the enquiry.
• The password for the device cannot be overcome (after consultation with cybercrime).
• The case involves child abuse images.
• The investigation relates to a potential internal or disciplinary enquiry.
• The data is known to be on the device (e.g. a witness has told the police the evidence in on the device)
• The data extraction is extremely large and cannot be managed on a Cyber Kiosk.

Um... any security experts here that can elaborate on the bolded part: if the device is password protected, can it be overcome except similarly to the FBI using Cellebrite and such?

OutdoorAppDeveloper 15 Years · 1292 comments

If Apple has in its possession a hack that allows an older iPhone to be decrypted, can they honestly say it is not possible for them to unlock or extract data from that iPhone?