UK Metro Police Sued Over Phone Malware Purchase

from the [devastatingly-accurate-rhyming-slang-TK] dept

Last spring, a hacker who had illicitly obtained data from malware/spyware company FlexiSpy shared some of it with Motherboard. In the trove of customer data, it was discovered that one purchase was linked to an officer in the UK Metro Police.

FlexiSpy is powerful malware, capable of gathering communications from multiple messaging services, as well as providing GPS location, emails, and phone call records. The purchase of this malware is questionable, considering it’s regulated under the UK’s Computer Misuse Act. The most obvious limitation of the malware is the fact that it requires physical access to targeted devices. But phones, tablets, and computers are seized all the time by law enforcement officers, and they’re sometimes returned to their owners after being searched. Malware like this would allow officers to hitch a virtual ride on someone’s phone or laptop, seeing everything they see.

Motherboard asked the Metro Police for more details on this spyware purchase. Unsurprisingly, the Police didn’t want to talk about it.

A Met spokesperson told Motherboard in an email “the MPS neither confirm nor deny engagement with FlexiSpy.”

The rest of statement was the usual “everything we do is lawful and subject to oversight” boilerplate that accompanies every leaked document or accusation of unlawful surveillance. The Met refused to discuss it further, even as Motherboard provided evidence that an officer had indeed purchased the spyware using a Metro Police email address.

Nearly a year has gone by and the Metro Police still refuse to provide any more details about this purchase. So, Motherboard — with the assistance of UK solicitors — is suing the Met for its refusal to discuss the FlexiSpy purchase.

Working on behalf of Motherboard, solicitors from Bindmans LLP filed a complaint with the Independent Police Complaints Commission (now called the Independent Office for Police Conduct, or IOPC).

In a December letter, the Directorate of Professional Standards at the MPS said a chief inspector concluded that Motherboard’s complaint did not need to be professionally recorded, meaning it would not be investigated. The reason given was that Motherboard was not a member of the public who claims have witnessed a piece of misconduct. Motherboard’s legal team for this complaint strongly disagrees with that finding, and has filed an appeal to the IOPC, urging it to call in an independent investigation.

Motherboard is seeking more info on the purchase, as well as how it may have been deployed. In most cases, the use of FlexiSpy would violate UK law, even if used by police officers. There’s also the possibility that an officer used his official status to obtain a copy for personal use. Or it could be the copy was purchased simply to observe the software in action and never deployed against any UK citizen. There’s no way of telling unless the Metro Police look into it. But so far, the Metro PD doesn’t seem very interested in policing its own.

Filed Under: , , , , ,
Companies: flexispy, vice

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “UK Metro Police Sued Over Phone Malware Purchase”

Subscribe: RSS Leave a comment
Madd the Sane (profile) says:

"neither confirm nor deny"

Ah, the “We can neither confirm nor deny the thing you’re asking about.” Double-speak meaning “Yeah, we’re doing it. But since we worded it like this, you can’t use this statement against us because it’s vaguely-worded.” It doesn’t really work if you’re not in the espionage business.

K`Tetch (profile) says:

EECK! not "Metro"

no Tim, no, a thousand times no! It’s not the “metro” police. It’s either ‘the Met’, or ‘metropolitan police’

‘Metro Police’ sounds so damned uncouth, so.. soo… AMERICAN. Like you’d expect George Gaynes and G. W. Bailey to be working there (ok, there’s Cressida Dick who’s kinda like Gaynes, but still) and demand that anyone who can wave a gun around should storm into any situation and shoot people on sight until there are no more suspects (or at least no more foreign/scary-looking people. It implies leather jackets, and ‘packing heat’ and V8 cruisers, not anoraks, a little can of pepper spray and a diesel vauxhall Astra panda. And while US police cops are macho and sexy like Riggs/Murtaugh, or John McClain, the best the Met has managed is Pc Angel exiled to the country by the lead singer of Strange Fruit, Alan Partridge, and Arthur dent for being too good at stopping shoplifters.

Dammit man, we’re british, excitement isn’t what we do old boy! No dynamic punchy names like ‘metro’, it’s either chavvy (but still respectable) ‘the met’, or the more adult and staid “metropolitan police service”.

Col. Sir Arthur Wilmerington-smythe-smythe-ffion-jJones (ret.) (MRS)

Sgt Dixon says:

Re: Re: Re: EECK! not

Evening all

When you write “Met line” are you referring to the Metropolitan line on the Underground or Tube? If so you should have made clear that the Metropolitan line is of course policed by the British Transport Police and not the Metropolitan Police, otherwise people will get confused.

Mind how you go.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...