Police Mobile Phone Spying Powers_ 50 countries ranked on powers to access mobile phones

For many of us, our mobile phones are a window into our lives. From our banking details to our private communications, they hold an extensive amount of personal data.

Last week, France passed a bill that will allow police to remotely activate the cameras, microphones, and GPS on suspects’ cell phones. While lawmakers claim it will only impact “dozens of cases” each year (and it still needs to make its way through a few more steps before becoming law), we revisited this study to find out how this would change France’s mobile phone surveillance score and whether any other countries have introduced such draconian measures.

This latest research of 50 countries finds that every police force has some level of access to your mobile phone and its data. Worse still, the majority of governments and law enforcement agencies have some form of remote phone hacking technology in place and have added or are looking to add even more surveillance power to security services.

So what access do the police in your country have to your mobile? Where are police mobile phone spying powers at their worst? And where are police able to put their hacking technology to work modifying the data on your phone?

Our study of the top 50 countries by GDP finds that all countries grant their law enforcement/security agencies some kind of access to citizens’ mobile phones. Plus, the majority employ invasive practices with the use of phone hacking technology. And while the usual suspects are included within our worst-performing countries, the likes of Germany, Australia, Denmark, New Zealand, the UK, and the US likewise have incredibly invasive practices in place that pose a serious threat to citizens’ privacy.

We assessed each country based on the following:

  • Can police access a suspect’s phone?
  • Can police hack into a suspect’s phone?
  • Can police demand fingerprint/facial recognition/passwords to gain access?
  • Can police modify data on the phone?

Our study focuses on the physical access police may have to mobile phones and the data stored on them. It does not cover the interception of communications via mobile carriers or any of the providers of the services/apps on the phone.

Countries with the most police power for mobile phone surveillance

1. China, Saudi Arabia, Singapore, and the UAE = 0/14

These four countries were unable to score any points thanks to their widespread and invasive mobile phone spying powers with little, if any, judicial oversight.

In China, you don’t even need to be suspected of having committed a crime in order for police to search your phone or install spyware on it. There is also ongoing, automated surveillance of Uyghurs’ phones. While in Saudi Arabia, Singapore, and the UAE, the police have sweeping powers to use the technology at their disposal. Cellebrite is known to have been in use in Saudi Arabia and the UAE, while the government of Singapore has access to various technologies, including FinSpy. Mass surveillance was also noted as being at an “unprecedented” level in the UAE at the start of 2023.

2. Iraq = 1/14

Iraq manages to scrape back one point due to there being some provisions in its law surrounding mobile phone searches–even though they’re inadequate. Searches should be carried out by an official but there are no requirements for warrants. With mass surveillance, no data protection law, and a complete lack of oversight, there is little protection for Iraqis’ mobile phone privacy.

3. Egypt = 2/14

In Egypt, there are some privacy protections that should be adhered to when searching mobile phones but these are frequently violated and disregarded. There is evidence of authorities using apps to track citizens with spyware through apps downloaded on their phones. Recently, officials were warned not to download the government’s app for the COP27 climate summit amid fears it could hack private emails, texts, and phone calls.

And during demonstrations, citizens were forced to unlock their social media accounts so they could be checked for anti-government sentiment. A judge deemed that these searches were illegal, but they continued afterward. In another worrying case, a blogger/reporter was beaten until she handed over her passcode.

4. Bangladesh, Iran, and Russia = 3/14

In Bangladesh, the Digital Security Act continues to cause serious debate due to its allowance of widespread and unwarranted surveillance of suspects’ devices. There are claims it will be reviewed in September of this year.

There are technically more legal protections in Iran but these are being increasingly violated amid protests across the country. Recent cases suggest security forces are accessing phones without the right protocols and people are being forced to hand over their passcodes. Usage of SIAM and Disk Drill has also been reported.

Russia follows a similar pattern with frequent examples of law enforcement carrying out searches without the right authority. Growing surveillance and hacking technology have been reported since February 2022. Many devices also come preloaded with Russian software that some believe can be compromised.

5. Germany, Thailand, and Turkey = 4/14

All of these countries have some protections in place but frequently put the privacy of citizens at risk through invasive and widespread surveillance tactics. And perhaps the biggest surprise here is Germany.

In Germany, standard stop and search procedures prevent police from accessing a mobile phone without a warrant. But other laws allow access without suspicion of a crime (e.g. in cases of intelligence agencies). The BKA has the technology to decrypt messages and police are also allowed to install spyware on suspects’ phones–all without the suspicion of a crime. Police aren’t supposed to demand that a citizen unlocks their phone without a warrant, either, but there are cases where suspects aren’t informed of their legal rights.

Thailand and Turkey also have legal procedures for access to mobile devices but these are frequently disregarded with surveillance technology known to be in use.

Other mentions

Just outside the top five are the likes of Australia, the UK, and the US.

In the US, warrants are generally required to access phones but customs police have broad powers that allow them access without judicial oversight, and they may insist people hand over their passcodes, too. In many states, mobile phone searches can be warrantless. Recent data also suggests that state and local police forces are using surveillance tech from the FBI, while protecting the secrets of the technology.

The UK also gives the same power to border control agencies and all without them having “reasonable suspicion” that a crime has been committed beforehand. It’s also reported that numerous councils and police forces have purchased phone hacking software, including the Met Police, FCA, and British Transport Police. The Home Office recently admitted to unlawfully demanding passcodes from migrants and accessing those without passcodes as part of a secret policy.

Australia’s recent amendments to its surveillance law also gave great cause for concern. It gives police the power to hack into mobile phones without a superior court judge’s authority and enables them to modify the data on the phone if necessary for the case. In some ways, this is worse than lack of clarity within the law as it gives police the power to carry out these invasive practices without any fear of repercussion.

Finally, France’s new bill adds to the growing concern that governments are continuing to up their surveillance while disregarding citizens’ privacy. Although France has strict laws on the legal requirements for accessing suspects’ phones with a warrant (and this would apply to remotely accessing the devices, too), it raises the question as to where these levels of surveillance will end. Should the bill enter law, France’s score would decline from 8 to 7.

Countries with the least police power for mobile phone surveillance

No country offers its citizens complete protection when it comes to their mobile phone privacy in police searches. However, a handful do go one step further to protect users’ privacy than others.

Austria, Belgium, Finland, and Ireland all have clear and precise laws that state police can only access mobile phones if the person in question is a suspect and a warrant is in place. There isn’t any evidence of widespread hacking technology, either.

Another positive is that major mobile phone manufacturers also protect customer data through encryption. For example, Apple’s law enforcement guidelines state that: “For all devices running iOS 8.0 and later versions, Apple is unable to perform an iOS device data extraction as the data typically sought by law enforcement is encrypted, and Apple does not possess the encryption key.” For devices with older versions, law enforcement would need to gain a warrant for access and meet the requirements of California’s Electronic Communications Privacy Act (CalECPA)–which reinforces the warrant requirements for access to electronic data.

Nevertheless, recent cases have seen police hacking encrypted chat services like EncroChat, SkyECC, and Exclu. Whether or not this was legal is a debate that’s ongoing. For example, the hack on EncroChat led to 100 million messages being accessed by police forces and numerous criminal convictions arising as a result. However, toward the end of 2022, a German case was sent to the Court of Justice of the European Union over whether or not the hacking breached the secrecy of communications. While the outcome is yet to be seen, if the conviction is overturned, it could blow open a number of other cases across the EU.

This highlights that even though phone manufacturers and app developers can help reinforce privacy rights through encryption and their own policies, it remains down to legislation and clear, transparent practices to ensure citizens’ privacy is protected.

What does the future hold for mobile phone users and surveillance?

The above demonstrates that an increasing number of countries are heading toward widespread and invasive surveillance powers. While many of the worst-scoring countries are so due to lack of clarity and clear abuses, a large number are increasing surveillance on citizens through legal powers. By giving police the authority to search, hack, and even modify mobile phone data without judicial oversight, countries are creating surveillance societies where no users’ data is safe–guilty or not.

Methodology and scoring

We searched through the top 50 countries by GDP to see what evidence there was of mobile phone surveillance and what legislation was in place to govern the use of surveillance tactics and/or tools. We then used this data to score each country based on the below:

Can police access a suspect’s phone?

0 = Yes. Few safeguards, if any, which enable police to access suspects’ phones at will and with little oversight.
1 = Yes. Some safeguards in place but these are either abused or there are instances where access is granted without a warrant/oversight.
2 = Yes. Nothing specific mentioned in the law but general search powers would suggest they can access with a warrant. Or, cases where access has been gained but courts have ruled that warrants are required.
3 = Yes. But only in certain cases and with a warrant.
4 = No access.

Can police hack into a suspect’s phone?

0 = Hacking technology in place with little, if any, oversight.
1 = Hacking technology in place with some oversight but signs of abuse or lack of clarity which creates loopholes/invasive practices. Or, hacking enabled without warrants/oversight in some cases, e.g. at borders. Cellebrite (or equivalent) known to be in use.
2 = Hacking/access can only be used in certain cases and with correct judicial oversight.
3 = No/nothing known.

Can police demand fingerprint/facial recognition/passwords to gain access?

0 = Yes and without reasonable concern or authority. Or lack of clarity in law which leaves it open to abuse.
1 = Yes. Some oversight but known abuse/widespread practice of forcing people to hand over passcodes/unlock their phones.
2 = Yes but only in specific cases and with judicial oversight.
3 = No/nothing known.

Can police modify data on the phone?

0 = Yes and without reasonable concern or authority. Or lack of clarity in law which leaves it open to abuse.
1 = Yes. Some oversight but cases where warrants aren’t required/powers are abused.
2 = The tools they have access to may enable this but nothing specific in the law to provide adequate safeguards. However, general requirements for stop and search, etc. would likely offer some protection.
3 = Yes but only in specific cases and with judicial oversight.
4 = No/nothing known.

Data researcher: Rebecca Moody

Sources

https://worldpopulationreview.com/countries/countries-by-gdp

For a full list of sources, please request access here.