Quickly exit this site by pressing the Escape key Leave this site
We use some essential cookies to make our website work. We’d like to set additional cookies so we can remember your preferences and understand how you use our site.
You can manage your preferences and cookie settings at any time by clicking on “Customise Cookies” below. For more information on how we use cookies, please see our Cookies notice.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Sorry, there was a technical problem. Please try again.
This site is a beta, which means it's a work in progress and we'll be adding more to it over the next few weeks. Your feedback helps us make things better, so please let us know what you think.
Freedom of information request reference no: 01.FOI.23.031162
I note you seek access to the following information:
1. The number of digital forensic examinations carried out by in-house, police forensic services in the past 12 months or similar reporting period.
2. The number of digital forensic examinations carried by outside laboratories and/or outside forensic science services in the same period.
3. The names of any digital forensic laboratories and/or outside forensic science services used.
4. The current backlog of digital forensic examinations.
5. The number of Forensic Science Activities, in accordance with the Forensic Science Regulator Act 2021, that you are / are not currently accredited to deliver.
6. The number of Forensic Science Activities completed in laboratories which are not accredited to ISO 17025.
I have today decided to disclose some of the requested information. Some data has been withheld as it is exempt from disclosure and therefore this response serves as a Refusal Notice under Section 17 of the Freedom of Information Act 2000 (the Act) by virtue of the following exemptions:
Section 31(1)(a)(b) - Law Enforcement
Reason for decision
When a request is made under the Freedom of Information Act 2000 (the Act), a public authority must inform you, when permitted, whether the information requested is held. It must then communicate that information to you. If a public authority decides that it is cannot comply with all or part of a request, it must cite the appropriate section or exemption of the Act and provide you with a suitable explanation. It is important to note that the Act is designed to place information into the public domain, that is, once access to information is granted to one person under the Act, it is then considered public information and must be communicated to any individual should a request be received.
I have considered question 3 information below:
Q3 - The names of any digital forensic laboratories and/or outside forensic science services used.
Section 31(1)(a)(b) - Law Enforcement - Policing is an information-led activity, and information assurance (which includes information security) is fundamental to how the Police Service manages the challenges faced. In order to comply with statutory requirements, the College of Policing Authorised Professional Practice for Information Assurance has been put in place to ensure the delivery of core operational policing by providing appropriate and consistent protection for the information assets of member organisations.
Commercial Forensic Service Providers are vitally important in the Criminal Justice system - not only do they play a crucial role by supporting UK Policing with backlogs in the Digital Forensics arena, but they provide Defence teams with access to independent forensic experts to support their clients.
Whilst not in any way questioning the motives of the applicant, it must be taken into account when considering potential harm that a disclosure under the Freedom of Information Act 2000 is made to the world at large, rather than a private correspondence. Specific details of any forensic service providers used by the MPS would be extremely useful to those involved in criminality as it would enable them to create a map of those most used by police Forces.
Forensic Service Providers can be targeted by malicious actors, for example in 2019 Eurofins (one of the UKs largest FSPs) suffered a highly sophisticated ransomware attack which severely disrupted UK Policing and the Criminal Justice system.
By providing a list of forensic service providers, Force by Force, a malign individual could identify those most critical to the Law-and-Order sector and specifically target those proving the most assistance. This would have a huge impact on the effective delivery of operational law enforcement as it would leave companies open to further cyberattacks which could have devastating consequences for law enforcement.
Measures are put in place to protect the community we serve and as evidenced within the harm, to provide a detailed list of Forensic Service Providers would allow individuals intent on disrupting law enforcement to target specific companies using the information obtained to maximise the impact.
Taking into account the current security climate within the United Kingdom, and the recent Eurofins cyber-attack, no information which may aid criminality should be disclosed. It is clear that it would have an impact on a Force’s ability to carry out the core duty of enforcing the law and serving the community.
The public entrust the Police Service to make appropriate decisions with regard to their safety and protection and the only way of reducing risk is to be cautious with what is placed into the public domain.
The Police Service is charged with enforcing the law, preventing and detecting crime and protecting the communities we serve. In order to effectively and robustly carry out those duties, external services are utilised which are vital to investigating criminal activity. Weakening the mechanisms used to investigate any type of criminal activity would have a detrimental impact on law enforcement as a whole. To provide the names of the FSPs despite the known risks of cyber-attacks would undermine any trust or confidence the public have in the Police Service. Therefore, at this moment in time, it is our opinion that the balance test favours against the disclosure of the FSP used for digital forensics.
Disclosure
Q1 - The number of digital forensic examinations carried out by in-house, police forensic services in the past 12 months or similar reporting period.
Total examinations in-house = 38,006
Q2 - The number of digital forensic examinations carried by outside laboratories and/or outside forensic science services in the same period.
Total examinations outsourced 2931
Q4 - The current backlog of digital forensic examinations.
729 Backlog.
Q5 - The number of Forensic Science Activities, in accordance with the Forensic Science Regulator Act 2021, that you are / are not currently accredited to deliver.
Q6 - The number of Forensic Science Activities completed in laboratories which are not accredited to ISO 17025.
The MPS are currently transitioning from V.7 of the Forensic Science Regulator’s Codes to the new Statutory Code. Transition work underway so unable to confirm.
The new Code does not come into effect until 2 October 2023. The current Codes do not contain FSA’s. All Forensic Providers have recently submitted evidence to UKAS, who are reviewing the evidence submitted, until that is completed, the MPS cannot state which we are or are not accredited to.