back to article The Reg visits London Met Police's digital and electronics forensics labs

More than 90 per cent of crime has "a digital element," we were told as The Reg was welcomed into London Metropolitan Police's Central Communications Command Centre, near Lambeth Bridge on the Thames. Not only does that mean an exponential increase in the amount of data stored, with the increasing seizure of phones, it also …

  1. Korev Silver badge
    Joke

    Some of those relics include a Nokia handset from 1995, an HP PDA, with a built-in mobile phone, the original iPhone and most ancient of all a Mobira Cityman 1320 from the 1980s

    Did they let you copper feel of it?

  2. m0rt

    "Obviously victims and witnesses are more than happy for us to have access to the device. "

    And this is, I think, *the* problem. If you do not feel happy about this, and you are innocent, you are obviously not innocent in the eyes of those who make this kind of statement.

    Unless the 'rights' are enshrined as such in all sectors of governmental and consentary policing, then we are on a slide into 'Nothing to hide, nothing to fear'.

    That aside, good on both sides that you got in there.

    1. Korev Silver badge

      If I handed over my work phone (or computer) to a third party* and let them download whatever they felt like then I'd get in a lot of trouble with my employer's information security people and/or regulatory authorities**. I guess this could be seen as "unwilling to help with our investigation" to the cops.

      *assuming there's no warrant

      **it's possible that there will be clinical data in my email

      1. Anonymous Coward
        Anonymous Coward

        "If I handed over my work phone..."

        But I'm quite sure my company will happily hand over my work phone to police whenever it sees an advantage in doing so.... that's one of the reasons I have nothing private on my work phone - not even my personal contacts...

    2. Anonymous Coward
      Anonymous Coward

      How secure are they?

      This is the same organisation that still uses XP.

      1. Gordon 10

        Re: How secure are they?

        Cheap shot unless you know for sure that that particular team does.

        1. Sir Runcible Spoon

          Re: How secure are they?

          This is the same Police force that still retains DNA of people who have never been convicted of a crime.

          http://www.telegraph.co.uk/news/uknews/law-and-order/9310728/DNA-of-thousands-of-innocent-people-still-being-collected-by-police.html

        2. Anonymous Coward
          Anonymous Coward

          Re: How secure are they?

          Cheap shot? Not upgrading from XP is cheap.

          Would you trust your data to an organisation that still has XP?

          1. Adrian 4

            Re: How secure are they?

            "Would you trust your data to an organisation that still has XP?"

            Of course. Why not ? If it's capable of running every application they need it to run, it's perfectly adequate for the job.

            Ignoring the slurp features, perhaps a later OS has more "security". So what ? If someone's on your network, you already lost the game. If you're able to run unfiltered executables from outside, you're pretty much the same : there are probably more exploits in actual use now for W10 than XP.

            It might well be more sensible for a domestic user with no firewall or basic understanding of computer security to run something more modern than XP. For an organisation that's properly protected, it won't make a jot of difference.

            If you disagree, kindly explain.

        3. Anonymous Coward
          Anonymous Coward

          Re: How secure are they?

          Let me help you there as someone who worked with them in the past

          Their system is air gapped

          for those too stupid to google it, they have NO CONNECTION TO THE OUTSIDE WORLD

          This is the same organisation that still uses XP.

          This is the year of the linux desktop

          Apple are so secure you dont need AV

          etc

          etc

          1. robidy

            Re: How secure are they?

            The Iranian centrafuges were air-gapped they got hacked.

            My mate's Windows XP pc once got a virus and it wasn't on the Internet (air gapped)...it had a floppy drive a usb 1.1 port and a CD drive...guess what happened...

            1. Sir Runcible Spoon

              @robidy

              Most modern malware needs to call home, but the worst that can happen to an air-gapped system that just runs software is that it becomes unusable - at which point you rebuild it from the backup (you have a backup right?).

              Of course, if all of the machines are air-gapped from the net, but not from each other, then you've got problems of scale to deal with.

              The Iranian centrifuges were a special case, as there was a mechanism being controlled by the infected machines that could be put out of whack to cause the problem. Plus that was a state-level hack, not your average script slinger.

  3. Terry 6 Silver badge

    Extra-terrestrial help

    Your article failed to explain how Dr. Who was aiding the work of the Met. Or was s/he helping the police with their inquiries?

    1. ukgnome

      Re: Extra-terrestrial help

      That is clearly not the Doctors TARDIS - the windows are wrong.

      1. Anonymous Coward
        Anonymous Coward

        Re: Extra-terrestrial help

        Indeed the windows are wrong.

        Everyone knows the TARDIS runs on Linux.......

        1. wallaby

          Re: Extra-terrestrial help

          "Everyone knows the TARDIS runs on Linux......."

          rot, the episodes are only 50 mins or so, they'd spend all the time having to type out where he wanted to go in extremely long long hand.

          Add in the fact that if he had problems he would get replies like "well there's your problem, what the hell do you want to go to that planet for FFS?????" to any requests for help....

  4. wolfetone Silver badge

    I was listening to the "Unexplained with Howard Hughes" podcast yesterday, and he was speaking to a chap called Mike Godfrey from a company called Insinia about hacking and cyber threats. And he mentioned, briefly, how everyone thinks the Met work closely with GCHQ on certain threats when in actual fact GCHQ can't trust the Met with any information in fear of them losing it. Aparently there's a track record with the Met and such things.

    This chimed with something an uncle of mine (since departed) said to my Dad some years ago. My uncle worked building devices that could detect whether or not a room was bugged and where abouts in the room it was located. He had offers from America for the device, but nothing from the UK. And he said that the British police are always several steps behind everyone else (especially the Americans) in terms of technology to help solve crimes etc. He said that about 15 years ago, and nothing since has proven him wrong.

    1. BebopWeBop
      Joke

      hey CSI (in its many incarnations) tells us that

      1. Anonymous Coward
        Anonymous Coward

        >hey CSI (in its many incarnations) tells us that

        CSI: Ambleside was quite good :)

    2. vir

      "Several Steps Behind"

      Might not be a bad thing, keep the old-fashioned investigative skills fresh. Seems like police here seem to think that a shiny new camera is a substitute for actual police work.

  5. Anonymous Coward
    Anonymous Coward

    At leas the article demonsrates a point I have been making for a while

    biometrics should not be your only authentication factor.

    Its a triumph (or travesty) of convenience over function in most cases.

    1. big_D

      Re: At leas the article demonsrates a point I have been making for a while

      As I am at great pains to remind people on a regular basis: biometrics are usernames, not passwords!

      1. usbac Silver badge

        Re: At leas the article demonsrates a point I have been making for a while

        Especially using fingerprints. What good is a "password" that you leave lying around at least 1000 places every day!

        1. Anonymous Coward
          Anonymous Coward

          Re: At leas the article demonsrates a point I have been making for a while

          That would be a cool piece of research...collecting and using them.

          Hacking Ancestry.co.uk for all that DNA rrady for when it's used in the future :)

  6. Anonymous Coward
    Anonymous Coward

    "[...] certainly DNA and fingerprints are only retained if there has been a criminal conviction."

    The police are apparently still retaining such data when there was not a criminal conviction - or even a charge.

    1. frank ly

      furthermore ....

      http://www.independent.co.uk/news/uk/politics/police-mugshots-storing-not-charged-unlawful-home-office-minister-government-norman-lamb-a8168256.html

    2. Robert Forsyth

      They probably assume everybody is guilty of something, so just keep it until you are convicted.

  7. Anonymous Coward
    Anonymous Coward

    Digital Forensics

    Not the Met (another force) but took a friend months to get their computers back, and several power bricks still "lost in the system" after approx 6 months

    AC obv

    1. nijam Silver badge

      Re: Digital Forensics

      > AC obv

      Well, the input of the power brick is, but usually the output is DC.

  8. Dan 55 Silver badge
    Alert

    Currently the Met cannot access remotely stored data – for example, on the Dropbox service. In order to do so, it would have to go through a Regulation of Investigatory Powers Act (RIPA) – the controversial Act that regulates the powers of public bodies to carry out surveillance and investigation, and the interception of communications. This process can be lengthy, he says.

    So they can access it, they just don't want to go through the paperwork.

    RIPA is pretty generous act anyway. What are the police asking for, a back door to Dropbox?

  9. Anonymous Coward
    Facepalm

    Evening all

    Is the Met's command and control system still based on a taxi-booking app?

    1. Anonymous Coward
      Anonymous Coward

      Re: Evening all

      Pandas are taxis for crims. So why not?

  10. Fihart

    Drug dealer numbers.

    Puzzles me that while the mobile phone numbers that punters use to order drugs from dealers can change hands for £thous, the cops seem unable to get the telcos to just cancel those numbers. Every phone contract contains a condition that the service isn't used for illegal purposes.

  11. Craig McGill 1

    Good read - well done cops and El Reg

    More of this sort of thing please - and well done on the cops for not hiding behind bog-standard answers and being quite open. Nice one all round.

    1. Cynic_999

      Re: Good read - well done cops and El Reg

      Being quite open? The police officer lied when he said that the DNA and mugshots of suspects who are not convicted are not retained, so how much can we believe of anything else he said?

      Police routinely lie and mislead.

    2. Anonymous Coward
      Anonymous Coward

      Re: Good read - well done cops and El Reg

      My first thought is why the charm offensive to ElReg...they want or are up to something...

      1. Sir Runcible Spoon

        Re: Good read - well done cops and El Reg

        I also got the impression that the Reg went easy on them. Where were the responses to the questions about the DNA retention? Were the questions even asked?

  12. hi_robb

    A question for all my fellow (and fellowess) El-Reg readers.

    I've been on these forums an awful long time. And in that time the general conscientious has been that most people on here are opposed to something like a central bio-metric database.

    Can I ask why you feel that way?

    Is it simply because you do not trust UK Police / Government to make it secure, or are there other reasons?

    Surely apart from the obvious security concerns - which believe me I understand and feel the same way, if they were never going to be a problem then, if you've nothing to hide...

    Genuinely curious on this.

    D

    1. Anonymous Coward
      Anonymous Coward

      Re: A question for all my fellow (and fellowess) El-Reg readers.

      retrospective criminality? thought-police ?

      I'm typing this reply today, and although I fully support the Police and wish that they would get extra funding, less manpower cuts and the same share of PRISM that , say, the German police get from the BND/BfV's take (~50%) . . . there's always the sneaking worry that I might be contravening some future law that allows retrospective database policing, low-resolution biometrics being deliberately used, perhaps fitting people up with a crime - as if that could ever happen!

      like how the Chinese gov did a routine meta-data pollution study of transport & traffic-jams in Beijing by tracking GSM pings, they needed a few thousand random target handsets - allegedly just chose the top activists IMEI's to permanently monitor, as one might

    2. Jellied Eel Silver badge

      Re: A question for all my fellow (and fellowess) El-Reg readers.

      For me, two reasons. FRR and FMR. Or False Rejection and False Match Rates. One is where a facial recognition system doesn't recognise the person, the other is where it recognises the wrong person. In Hollywood, this doesn't happen. So TPTB do the 'zoom and enhance' thing, and up pops the name, criminal record, phone number and inside leg measurement.

      In the real world.. that doesn't happen. Especially if the image is a fuzzy CCTV one showing a partial face under a hat or hoodie. Criminals are aware of CCTV, so try to obscure their faces. If there's a false match, then an innocent person may get seriously inconvenienced trying to prove their innocence.

      But in the UK, a facial database already exists, thanks in part to the EU and their push for biometrics. So there are databases for driving licences and passports, and that genie's already partially out of the bottle.

      1. Yet Another Anonymous coward Silver badge

        Re: A question for all my fellow (and fellowess) El-Reg readers.

        Criminals are aware of CCTV, so try to obscure their faces.

        Hence anybody who hides their face is a criminal - QED

        1. Jellied Eel Silver badge

          Re: A question for all my fellow (and fellowess) El-Reg readers.

          Hence anybody who hides their face is a criminal - QED

          Nope, just should mean biometric salespeople should get charged with wasting police time. If you enter a b&w, fuzzy image taken at night and the system returns 177,000 matches.. It's not helpful. It's a GIGO problem, ie if the CCTV cameras are junk, the images are junk. Especially if they're located in the wrong place, namely looking down, not across.

    3. silverfern

      Re: A question for all my fellow (and fellowess) El-Reg readers.

      Innocent of guilty, we all have something to hide - our privacy.

      Geddit?

    4. Graham Cobb Silver badge

      Re: A question for all my fellow (and fellowess) El-Reg readers.

      Three main reasons:

      1. The inaccuracy problem and the fact that a hard-working and over-stretched officer is likely to attach too much weight to either a match or a rejection. Particularly as it may have the effect of meaning someone has to "prove they are innocent" instead of the other way around.

      2. The massive increase in trackability. It becomes much too easy for a lazy (or over-worked) officer to assume that someone who has come to their notice (even if not convicted of any offence) is likely to offend and so should be tracked and watched. So, for example, someone stopped, questioned and free to go at a demonstration may find they are noted by an automatic system every time they appear on any camera and even prevented from accessing future demonstrations (in the interest of keeping out so-called troublemakers). This has already been a real and documented problem with vehicles (see the "John Catt extremism" case and also the Witney Cat Farm). Treating someone as a suspect before they have committed any crime is not how policing is done in a free society.

      3. The general principle: one determining feature of UK society is that you are free to go about your business without explaining or identifying yourself, carrying any identification or even staying limited to one identity, as long as you are not committing a crime. In the 1960's there was a real danger of nuclear war and, as a small child, I was frightened by this. My parents didn't try to tell me not to worry, or that they would keep me safe, they explained why we would fight against communism, whatever the cost. The example they used was that communist police stopped people on the streets and demanded to see their papers: which would never happen in a free society.

    5. Lysenko

      Re: A question for all my fellow (and fellowess) El-Reg readers.

      And in that time the general conscientious has been that most people on here are opposed to something like a central bio-metric database.

      Can I ask why you feel that way?

      Principle. Recognising another individual by sight, smell or sound is baked into the human (possibly tetrapod) condition, but if I choose to conceal those cues you have no business knowing who I am unless I choose to tell you. That's why I won't go to the wrong side of the pond anymore. My own government don't have my fingerprints so there is no way in hell I'm handing that data to a foreign government.

      DNA is even worse. At the risk of Godwinning myself, imagine what certain near historical political regimes would have been able to do with a comprehensive database of this nature. Scan the entire population for genetic susceptibility to Tay-Sachs disease perhaps? Purely for altruistic reasons of pre-emptive health care of course.

    6. Cynic_999

      Re: A question for all my fellow (and fellowess) El-Reg readers.

      "

      ... opposed to something like a central bio-metric database. Can I ask why you feel that way?

      "

      Because you cannot trust any government - least of all a government that is yet to be elected. Learn the lessons of history - how many governments have misused their power to the detriment of some or all of their citizens? From minor annoyances such as suddenly finding your insurance has skyrocketed because the police sold the DNA database to insurance agencies who analyse the data for people who have a genetic propensity to certain medical conditions, to genocide when a future extremist government decides to lock up everyone with DNA suggesting a Middle Eastern origin (it's been done before by a democratically elected government). Then there's the possibility of the government making draconian laws that you may well want to break.

    7. lucki bstard

      Re: A question for all my fellow (and fellowess) El-Reg readers.

      'Is it simply because you do not trust UK Police / Government to make it secure' - Yep look at the UK Govm track record with IT and losing information. I can change a password, it takes a lot more effort and money to change a face.

      1. Anonymous Coward
        Anonymous Coward

        Re: A question for all my fellow (and fellowess) El-Reg readers.

        > it takes a lot more effort and money to change a face.

        Weekend in Glasgow, you get it done for free.

      2. iwrconsultancy

        Re: A question for all my fellow (and fellowess) El-Reg readers.

        "it takes a lot more effort and money to change a face."

        That, and unless you're going to dress like Tony Stark, it's kinda like a post-it note perched on top of your body.

    8. Pen-y-gors

      Re: A question for all my fellow (and fellowess) El-Reg readers.

      @hi_robb

      Good question, and probably many different reasons.

      For me it's a principal. For many years the approach in the UK is that a citizen/subject is a free person, and so long as they go about their lawful business then the state has no justification in interfering in their lives. Tied in with this is that as a citizen of the UK I have no need to prove anything - in law the complete onus is (or used to be) on the prosecution to prove its case - no need for the innocent to provide biometrics.

      A further problem is complete and total mistrust of the powers-that-be, not always the police themselves (although they have a fair number of very dodgy characters in their ranks) but their response to instructions from their political masters. Having a central database of biometrics is opening the door to massive abuse. No database - no risk.

      Sadly the police have, in many cases, forgotten that their role is to "protect and defend" the citizens, not control them. They are the servants of the public, not their masters.

    9. veti Silver badge

      Re: A question for all my fellow (and fellowess) El-Reg readers.

      Apart from anything else: it is far from certain that a central biometric database would actually help solve crimes.

      Take fingerprints, for instance. Historically, fingerprints have been taken from people who've been arrested. When a print is taken from a crime scene, it's then compared against prints previously taken from people who've been arrested in the same general area. A few thousand, tops. That's - actually a pretty good way of compiling a shortlist, right there.

      But - you may be interested to learn - in the very few systematic trials of fingerprint identification, there has been a shockingly high rate of wrongful matching. Where human experts have pronounced definitively that a fingerprint belonged to someone it did not, in fact, belong to. So if you scan a blurry, incomplete fingerprint against a database of 60 million suspects, you will get false positives. Probably lots of them.

      Other biometrics are the same. When an expert pronounces in court that there's only a 1 in 100,000 chance that the suspect matches this biometric by chance, what they're really saying - in a country of 60 million people - is, "there are 600 people in the country who would register positive to this test. So if this is the strongest evidence the prosecution has, there's roughly a 1 in 600 chance it's the right person." Of course that's not what the prosecution says, or what the court hears - what they hear is "there is a vanishingly small chance of error". But what they mean is "there is a near certainty of error".

      As a way of confirming that someone is who they say they are - biometrics are fine, up to a point. As a way of finding one person in a large population, they're hopeless.

    10. Anonymous Coward
      Anonymous Coward

      Re: A question for all my fellow (and fellowess) El-Reg readers.

      1984

      V for Vendetta

      1. Sir Runcible Spoon

        Re: A question for all my fellow (and fellowess) El-Reg readers.

        Can I just point out that at no point in my life have I given the Police, or the government, permission to scan and store my personal bio-metric details.

        By what right do they claim these privileges?

        What if I simply told you that I don't agree with the idea of storing bio-metric data and leave it at that? Someone might ask me why, but is that really any of your business? I have stated my position, I have no need to justify it because that implies you have a right to know why and that I'm arguing my case.

        There should be no case. I have the right to go about my life unimpeded unless I transgress the laws of the land.

        Obviously real life isn't so black and white, we do need our Police to be effective in order to keep the peace and nail the baddies - but what price are you willing to pay? What if others don't want to pay that price, will you make them?

        If the answer to that last question is yes, then you are firmly on the path to a Police state, it's just a question of how far along you are at the moment.

  13. MacroRodent

    Mobira

    In case the young uns don't know, Mobira was the predecessor of Nokia Mobile Phones division. It was a separate company, jointly owned by Nokia and Salora (an old Finnish electronics company), but the name changed after Nokia bought Salora.

    1. Down not across

      Re: Mobira

      Cityman was excellent phone. Cityman 900 was the first phone that was worthy of replacing my old NMT450 kit. I had it with the full car kit too (handsfree speaker and handset (fairly slim) that dujplicated the display and keypad). Truly excellent. And it survived any accidental abuse it experienced. Oh and it would crush any other phone, literally...

      P.S. Been a while since I saw Wall Street, but didn't Gecko have a crappy Motorola DynaTAC?

  14. zebm

    Are these the stitch up people?

    Are they the same part of the Met as stitched up Damian Green by taking 'backups' home?

    1. Dan 55 Silver badge

      Re: Are these the stitch up people?

      No, that was Scotland Yard.

      Also, what stops the 'backup' being altered after it was taken? The sha256sum (or whatever) doesn't appear to be signed and logged centrally, if everything's done at police station level.

  15. m-k

    biometric data? people who have been convicted of crime?!

    "If they are not, then the data is not retained."

    ?!

    I was under the impression the current state of affairs is that such data for people NOT convicted of crime SHOULD NOT be retained, but IS RETAINED and it is EXTREMELY HARD to get it removed, and the good old plod DON'T HAVE to remove it, even when there's no conviction?

  16. martinusher Silver badge

    User account differentiation

    If I were expecting to have people demand a password from me then I'd set my system up so that user accounts were differentiated by password rather than user name. If the password was wrung from me under duress I'd enter that password whereupon the system would not only show fluffy bunny type information to Mr. Plod but hide or delete the real information.

    This isn't a novel concept. Many burglar alarms have alternate keycodes to use in a panic situation -- it might turn the alarm siren off but it also sends an alert to the monitoring center.

    (Biometrics aren't an issue, either -- I might want to unlock my device with my face or my face with, say, one eye closed. Its all really a matter of how far one wants to go playing cat and mouse. Personally, I don't carry confidential information on a mobile device. Mr. Plod or the USCIS can have at it all they want, there's nothing to see but it might take them some time to find out.)

    1. Sir Runcible Spoon

      Re: User account differentiation

      On a system where there are multiple users, how would you deal with duplicate passwords?

      1. jelabarre59

        Re: User account differentiation

        On a system where there are multiple users, how would you deal with duplicate passwords?

        I'd expect the "account" would be determined by a username/password combination. You would have usernames with multiple passwords, each determining which subset of data could be accessed. Just set up a realistic honeypot of convincing data for the CopperPassword. All your videos are suddenly Rick Astley music videos. Your documents all have listings of Pokemon cards. Your pictures are all Photoshopped pictures of Janet Reno in lingerie (or Margaret Thatcher for you Brits).

        1. Sir Runcible Spoon

          Re: User account differentiation

          Not a bad idea. You could only really use it with clued up users though.

          Sounds very much like TruCrypt hidden container type methodology though - and there are ways to detect hidden data - but on a shared system that should be harder.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like