The tech website Motherboard has asked London's Metropolitan Police Service and an independent government organisation to institute a probe into why an MPS officer bought malware that can intercept messages on Facebook, steal passwords and operate a smartphone camera remotely.
The website said thus far the MPS had refused to investigate the matter, leaving open the question of the exact reason for purchase of the malware.
The legal firm Bindmans filed the formal complaint with the Independent Office for Police Conduct, on behalf of the site.
Journalist Joseph Cox wrote that the site had reported about the purchase of the malware, known as FlexiSpy, in April 2017, after it had been provided the information by a hacker, adding that depending on the version, the malware could be installed on a desktop device, Android devices or rooted iOS devices.
{loadposition sam08}FlexiSpy claims to be "the world's most powerful monitoring software for computers, mobile phones and tablets".
Cox said that within the FlexiSpy customer records there was the official email address for an MPS officer. It was not immediately evident to whom the email address belonged as several shared similar names. But a clue was offered when, soon after the report, one MPS officer, from the group's High Tech Crime Unit, changed the privacy settings on his LinkedIn Account.
He quoted Eric King, a visiting surveillance law lecturer at London's Queen Mary University, as saying in the April 2017 report: "The use of the tool in most circumstances would breach the Computer Misuse Act 1990, and even the sale of the tool could be a criminal offence if it’s known its subsequent use would be unlawful.”
Cox said a letter from the MPS' Directorate of Professional Standards had stated in December that it had come to the conclusion that the complaint did not need to be professionally recorded. This meant there would be no probe.
Motherboard was not deemed to be a member of the public who had witnessed any misconduct, the letter said, regarding its reasons for there being no probe. Cox said an appeal had been filed, seeking an urgent investigation.
"We don’t know why a Metropolitan Police officer, likely from the force’s hi-tech crime unit, purchased FlexiSpy. Did the officer deploy it in an investigation? Was its use proportionate and appropriate for the type of crime being investigated?" he wrote.
"Or, more worryingly, was the malware for personal, illegal use to monitor their spouse, as FlexiSpy’s marketing at the time made heavy reference to? It’s also possible the officer purchased FlexiSpy simply to better understand how the software worked."
As part of the Snoopers Charter, the new surveillance law that was passed, the British police received formal permission to use software like the malware in question and other hacking devices.