The scandal of how the police ruined a private forensics firm that helped catch the failed London bombers of 2005
A judge ruled West Yorkshire Police had infringed on FTS’s database rights and acted in breach of confidence. The company has now collapsed
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.When police caught the failed July 21 London Tube bombers in 2005, and investigated collaborators of the 7/7 bombings a fortnight earlier, it was in large part the culprits’ mobile phones that gave them away.
The suspects’ movements were traced from phone-call and data signals that allowed police and intelligence services to piece together who was in the terror cell, what communications they’d had with each other, and where they were.
For years, such work was carried out from secret locations by a trailblazing research company called Forensic Telecommunications Services.
Staffed by telecoms engineers and former senior police officers, the company developed world-beating software allowing data to be extracted from the chips on mobile phones long after it had been deleted.
As mobiles have grown ubiquitous among civilians, thugs and terrorists alike, they have become one of the most useful weapons in investigators’ arsenals.
But FTS has recently collapsed into liquidation with debts of more than £1m. Its founder now claims that one of the very police forces it was helping brought about its ruin by copying its closely guarded phone-cracking codes, then publishing them online.
Founder and boss Jonathan Clark says: “I’m furious, livid, sick to my stomach. They were caught stealing our information, and now it has destroyed our business.”
Not only is he angry at how his company has suffered but he worries that the police’s move to carry out digital forensic work in-house will cost the taxpayer dear and jeopardise the quality of evidence produced in courts.
It all goes back to Operation Praline, an investigation in 2006 by West Yorkshire Police and security services into Islamists with suspected al Qaeda links. As part of the probe, at least two dozen phones were seized. MI5 was using FTS’s licensed software to delve through them for information.
The program it was using, known as FTS Hex, had taken the company years of research and development. At its heart were the secret locations in phone microchips where users’ information was stored. Once forensics teams have those so-called PM Abs addresses, they can begin extracting the user’s data. Every model of phone has a unique Abs address, and they can even vary in the same model.
Hex was so powerful that FTS agreed only to sell it to security services such as MI5 and its foreign counterparts.
But during Operation Praline, as a judge was later to rule, a security services agent handed a series of FTS’s secret Abs addresses to a West Yorkshire police officer working on the case.
The policeman never said why but one assumes that the security services wanted to speed up the investigation. However, as well as using them to crack the phones, the officer did something else — something very wrong. Despite knowing that FTS Hex was only licensed to the security service and not to the police, he published the Abs addresses on a website for his and other police forces to use, too.
FTS’s secret recipe was out.
Clark says copycat programs proliferated rapidly, both in the police forces and from rival companies: “We had built up the Rolls-Royce of the industry. Nobody else in the world was doing what we could do. But they just took that apart. We tried our hardest not to take them to court: who wants to sue the police? But the way they behaved gave us no option.”
The judge ruled in late 2011 that West Yorkshire Police had, indeed, infringed on and misused FTS’s database rights, and acted in breach of confidence. He was scathing about the police officer’s “unconvincing” evidence.
But that was not the end of the story. In the subsequent years, the police built up their in-house capabilities, arguably helped by the huge leg-up of Abs address “theft” from the Operation Praline affair. One by one, police forces hired members of FTS’s 100-strong force of engineers until it had little business left. “We were a zombie company,” says one ex-staffer.
Clark says: “We invested huge amounts developing this technology, and trained our staff to be the best in the business. Even after that, we were clearing £500,000 a year profit. Now the police have just taken it all from us.”
The treatment of FTS is scandal enough in itself but for Clark, the process leaves us all worse off.
First, police are spending more taxpayers’ money than they need to by taking digital forensic work in-house rather than using more efficient, better-resourced private companies. “When I hear the police complain about ‘cuts’, that just makes me laugh,” he says. Worse still, he adds, forces doing the work in-house are likely to cut corners.
He has good reason to worry. In 2010, FTS won ISO accreditation for the quality of its forensic research on BlackBerrys, iPhones and other brands. It came at no small investment. The trouble was, Clark claims, the police wouldn’t pay the extra the higher standard required.
Forgivable then, perhaps. But now the Forensic Science Regulator has decreed all police digital forensic work should achieve that level from next month. The watchdog says many won’t make the grade because forces continue seeking short cuts on price.
The Scottish Police Authority admits that bringing its in-house forensic laboratories up to accredited standard was hugely costly. In parliamentary testimony, it urged other forces to think twice before taking the work in-house. Does it matter if forensic services aren’t up to scratch? Of course, says Clark. With unreliable forensics, court cases collapse, juries are misled.
At the very least, prosecutors will be embarrassed: one of the debacles of the News International phone hacking trial was the way police mobile phone cell-site forensics were torn to shreds by the defence.
Clark’s view is obviously affected by his treatment by the West Yorkshire Police. It should be said that some former employees claim that FTS died because was just not big enough to make the R&D investment to keep up.
Other senior FTS staff say the dispute cost so much that the company had no choice but to rein in its R&D, allowing it to be left behind in the data race.
For its part, West Yorkshire Police says of the case: “Compensation and costs were assessed and paid at the time.”
Forensic researcher Alan Turnbull concludes: “Given that FTS was run by senior ex-police officers, the irony of its fate is palpable.”
Ironic, or tragic? One thing is certain — companies may want to think twice before sharing their secrets with our police and security services.
This article first appeared in The Evening Standard
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments