Hi,
I'm Sarah, I wanted to ask some professionals for validation for my proposed IVA (intelligent virtual assistant) forensic guidelines which is for my university dissertation. Below are my proposed guidelines. If you could validate this it would be gratefully appreciated!Â
Thanks Sarah.
Â
Introduction
Intelligent Virtual Assistants (IVAs) such as smart speakers are becoming increasingly commonplace in the UK. They contain a great deal of data/information that could be useful in forensic investigations which may be held in devices owned by victims, witnesses, or suspects of criminal activity. The use of data from IVAs is likely to become a regular feature of the criminal justice system but access to such data raises considerable public concerns about the right to privacy of the owner of the device on which the information is held. An important lesson that has been learnt from the experience of forensic investigation into mobile phone data is that a careful balance has to be struck between the individual’s right to privacy and the need to investigate criminal activity[1]. These proposed guidelines seek to ensure that the appropriate balance is struck by forensic investigators when considering the use of data from IVAs and that the extraction of such data is lawful.
Â
Basic Principles
- There is no automatic right for investigators to obtain data from IVAs. Any analysis of the device and the data is holds must be in accordance with relevant legislation, and should be lawful, approved, necessary and proportionate to the circumstances.
- Any seizure of an IVA or extraction of data from an IVA has to have a lawful basis. It must be based on a balance between the right of the individual owner of the IVA to privacy and the need to investigate crimes and be proportionate.
- If an investigator is unsure of the correct approach to take he should, where possible, seek advice from a senior officer. The Officer in Case (OIC) is responsible for adherence to these principles.
- Investigators must keep a detailed record of all actions in relation to the seizure of an IVA device, extraction of data from such a device and the management of material extracted from such a device, as required by section 4 of the Code of Practice issued under the Criminal Procedure and Investigations Act 1996.
- Material that is considered to be relevant to the case should be retained as required by section 5 of the Code of Practice issued under the Criminal Procedure and Investigations Act 1996.
- Information which is relevant to a criminal investigation must be securely held to ensure that it is fit for use in criminal proceedings.
Â
Application of Basic Principles
Respect for a person’s privacy is an important principle of English law and is enshrined in law by the Human Rights Act 1998. Investigators must be aware that any breach of this right to privacy must be for a lawful purpose and must be proportionate and necessary to justify such an intrusion. Unless it is proportionate and necessary to gather a person’s personal information (which includes information held on their IVA) it would be unlawful for forensic investigators to invade a person’s privacy by taking their personal information. It is the responsibility of the Officer in Charge and the forensic investigator to ensure that any retention of data from an IVA complies with this legal requirement. A police officer may however seize a person’s IVA if he thinks that it is necessary in order to pursue a reasonable line of enquiry, Police and Criminal Evidence Act 1984, sections 18(2) and 19. If a device is seized it must be isolated to disable its functions and stored in such a way as to prevent contamination of the data held on it by for example placing it in a faraday bag or signal blocker. Where a decision is made not to proceed to extract data from the IVA it should be returned to the owner.
If, however the investigation proceeds and a decision is taken that information from the IVA may be helpful to the investigation of a crime the investigator needs to carefully consider whether it would be proportionate to extract information from the IVA. Firstly, the investigator much consider whether there is any other way of getting the information required without extracting information from the IVA. If there is another way of obtaining the information, it would not be necessary and proportionate to extract the information from the IVA and would therefore be unlawful.
If there is no less intrusive way of obtaining the information and the investigator wishes to extract information from the IVA, he must then apply the data protection principles found in the Data Protection Act 2018. This means that on every occasion that the investigator wants to extract information from an IVA he must consider whether the owner of the information’s right to privacy is overridden by the need to solve crimes. Each decision has to be made in the light of the individual facts of the particular case. It is not acceptable for investigators to proceed on the basis that in all cases the need to solve crime will override the right to privacy of the owner of the IVA. An important consideration here is whether the IVA is owned by a victim or witness to a crime as opposed to being owned by a suspect. Another important consideration is the likelihood of the information held on the IVA being significant in the solving of a crime. Investigators may find it useful to consider the ‘Threat, Harm, Risk’ (‘THR’) metric to determine the seriousness of the matter investigated when deciding whether it is proportionate to extract information from an IVA. At all times investigators must have in their mind the importance of fairness in criminal justice cases which includes the need to look for information which may support a suspect’s alibi or otherwise prove his innocence. Deciding whether it is proportionate and lawful to extract information from a person’s IVA can be difficult and investigating officers should seek advice from senior officers wherever possible if they are in doubt. Each police force must encourage investigators to seek advice from senior officers where appropriate and should have a procedure in place to enable them to do so.
All the steps referred to above must be carefully recorded on a dedicated log so that if the matter comes to court the prosecution can show that the investigation has been properly and lawfully conducted. The record should be made at the time the data is obtained or as soon as practicable afterwards (para 4.4, Criminal Procedure and Investigations Act 1996 Code of Practice).
Investigators should ensure that they continually review any decision to extract data from an IVA. If it becomes clear that the IVA does not contain information which pertains to the criminal investigation it would not be proportionate or lawful to continue to extract information and the process should be stopped. Similarly, if the investigator extracts information which is irrelevant to the investigation, he should not retain such information and record his decision not to do so on the log.
If information is extracted which is relevant to the criminal investigation it must be captured in a secure way by an appropriately qualified person. If an appropriately qualified person is not immediately available, the device should be secured in such a way that neither it nor the information held on it can be contaminated until an investigator with appropriate qualifications is available. When extracted the information must be stored in such a way that it cannot be altered or contaminated in any way so that it is the best quality evidence possible and fit for use in a criminal trial. It is good practice to take an exact copy of the evidence (also in a form that cannot be altered) in case the original is mislaid. It is essential that all this is clearly recorded on the relevant log which should also contain the times and methods of extraction.
Â
[1] The College of Policing Guidance on ‘Extraction of material from digital devices’; May 2021, provides guidance on the use of data from mobile phones. The author acknowledges that guidance and in this proposed guidance seeks to apply the relevant principles to the forensic investigation of IVAs. https://www.college.police.uk/app/extraction-material-digital-devices/extraction-material-digital-devices
Â
Â