1. The number of digital forensic examinations carried out by in-house, police forensic services in the past 12 months or similar reporting period
In the last 12 month 16,401 . Please be advised that this figure also includes training devices which we are unable to extract from the figures. Additionally this figure also contains exhibits worked on by the Regional Organised Crime Unit Digital Forensic Unit.
2. The number of digital forensic examinations carried by outside laboratories and/or outside forensic science services in the same period
In the last 12 months 10 digital forensic examinations have been carried out by outside laboratories.
3. The names of any digital forensic laboratories and/or outside forensic science services used
West Yorkshire Police are unable to provide you with the information relating to third-party organisations as this is exempt by virtue of Section 31 (1) (a) (b) Law Enforcement. Please see Appendix A, for the full legislative explanation as to why West Yorkshire Police are unable to provide the information.
4. The current backlog of digital forensic examinations
There are currently 199 cases which are awaiting processing by our Assessment Team.
5. The number of Forensic Science Activities, in accordance with the Forensic Science Regulator Act 2021, that you are / are not currently accredited to deliver
Please see the following link: 7737Testing Single (ukas.com)
6. The number of Forensic Science Activities completed in laboratories which are not accredited to ISO 17025
No Forensic Science Activities have been completed in laboratories which are not accredited to ISO 17025.
Appendix A
The Freedom of Information Act 2000 creates a statutory right of access to information held by public authorities. A public authority in receipt of a request must, if permitted, state under Section 1(a) of the Act, whether it holds the requested information and, if held, then communicate that information to the applicant under Section 1(b) of the Act.
The right of access to information is not without exception and is subject to a number of exemptions which are designed to enable public authorities, to withhold information that is unsuitable for release. Importantly the Act is designed to place information into the public domain. Information is granted to one person under the Act, it is then considered public information and must be communicated to any individual, should a request be received.
DECISION
Your request for information has been considered and I regret to inform you that West Yorkshire Police cannot comply. This letter serves as a Refusal Notice under Section 17 of the Freedom of Information Act 2000.
Section 17 of the Act provides:
(1) A public authority which, in relation to any request for information, is to any extent relying on a claim that information is exempt information must, within the time for complying with Section 1(1), give the applicant a notice which:-
(a) States the fact,
(b) Specifies the exemption in question, and
(c) States (if that would not otherwise be apparent) why the exemption applies.
REASONS FOR DECISION
The reason that we are unable to provide you with this information is covered by the following
Exemption:
S31(1)(a) – Law Enforcement
Section 31 is a qualified, prejudice-based exemption and there is a requirement to conduct a harm and
public interest test.
Harm
Policing is an information-led activity, and information assurance (which includes information security) is fundamental to how the Police Service manages the challenges faced. In order to comply with statutory requirements, the College of Policing Authorised Professional Practice for Information Assurance has been put in place to ensure the delivery of core operational policing by providing appropriate and consistent protection for the information assets of member organisations, see below link:
https://www.app.college.police.uk/app-content/information-management/
Commercial Forensic Service Providers are vitally important in the Criminal Justice system - not only do they play a crucial role by supporting UK Policing with backlogs in the Digital Forensics arena, but they provide defence teams with access to independent forensic experts to support their clients.
Whilst not in any way questioning the motives of the applicant, it must be taken into account when considering potential harm that a disclosure under the Freedom of Information Act 2000 is made to the world at large, rather than a private correspondence. Specific details of any forensic service providers used by West Yorkshire Police would be extremely useful to those involved in criminality as it would enable them to create a map of those most used by police Forces. Forensic Service Providers can be targeted by malicious actors, for example in 2019 Eurofins (one of the UKs largest FSPs) suffered a highly sophisticated ransomware attack which severely disrupted UK Policing and the Criminal Justice system.
https://www.helpnetsecurity.com/2019/06/24/eurofins-ransomware-attack/
https://www.theguardian.com/science/2019/jul/05/eurofins-ransomware-attack-hacked-forensic-provider-pays-ransom
By providing a list of forensic service providers, Force by Force, a malign individual could identify those most critical to the Law-and-Order sector and specifically target those proving the most assistance. This would have a huge impact on the effective delivery of operational law enforcement as it would leave companies open to further cyberattacks which could have devastating consequences for law enforcement.
Factors favouring disclosure:
Confirming the names of Forensic Service Providers would be of interest to the public, namely give insight into the forensic processes used to solve crimes.
Factors favouring non-disclosure:
Measures are put in place to protect the community we serve and as evidenced within the harm, to provide a detailed list of Forensic Service Providers would allow individuals intent on disrupting law enforcement to target specific companies using the information obtained to maximise the impact.
Taking into account the current security climate within the United Kingdom, and the recent Eurofins cyber-attack, no information which may aid criminality should be disclosed. It is clear that it would have an impact on a Force’s ability to carry out the core duty of enforcing the law and serving the community.
The public entrust the Police Service to make appropriate decisions with regard to their safety and protection and the only way of reducing risk is to be cautious with what is placed into the public domain.
Balancing Test:
The Police Service is charged with enforcing the law, preventing and detecting crime and protecting the communities we serve. In order to effectively and robustly carry out those duties, external services are utilised which are vital to investigating criminal activity. Weakening the mechanisms used to investigate any type of criminal activity would have a detrimental impact on law enforcement as a whole. To provide the names of the FSPs despite the known risks of cyber-attacks would undermine any trust or confidence the public have in the Police Service. Therefore, at this moment in time, it is our opinion that the balance test favours against the disclosure of the FSP used for digital forensics.