By
The PSNI used Cellebrite to crack the phone of journalist Barry McCaffery in 2018. File photo by Boaventuravinicius, Creative Commons Attribution 4.0 International license
The PSNI has said it could ‘neither confirm nor deny’ holding any information on technology it used to hack a journalist’s phone, even though the information was already in the news and on their website.
The force was told to withhold the information by the Central Referral Unit (CRU), a little-known national policing unit based in London.
The existence of the CRU, part of the National Police Chief's Council, was made public in an investigation by the BBC earlier this year.
The PSNI received advice from the CRU on how to respond to freedom of information (FOI) requests more than 600 times between 2022 and 2024, according to figures obtained by The Detail.
Amnesty International has criticised the CRU for operating a “wall of secrecy.”
The CRU told the PSNI in April to not to confirm even if they had a contract with Israeli tech company Cellebrite, invoking national security concerns.
This was despite the fact that it had been reported in March that the PSNI had used Cellebrite software to crack the phone of former The Detail journalist Barry McCaffery in 2018.
Mr McCaffrey and Trevor Birney were arrested that year, in relation to their documentary on the murder of six civilians in Loughinisland in June 1994.
The High Court in Belfast later ruled that the raids and arrests were unlawful and awarded substantial damages.
In addition to the news article, a document on the PSNI’s own website stated they used Cellebrite technology, however this was removed after The Detail pointed it out.
Cellebrite forensics technology is widely used by police forces, but is controversial due to its use by authoritarian regimes against journalists and human rights activists, most recently in Serbia.
A Cellebrite spokeswoman said they had halted the use of the products by some customers in Serbia, and that the company’s “robust compliance and ethics program is designed so that democratised nations around the globe use our technology ethically and lawfully.”
Trevor Birney and Barry McCaffrey outside the High Court in Belfast. File photo by Stephen Hamilton, Press Eye
Secrecy
Despite the information already in the public domain, the CRU told the PSNI to ‘neither confirm nor deny’ that they held any information on Cellebrite, according to internal documents obtained by the Detail.
The PSNI followed the CRU advice, refusing to say if they even had a contract with Cellebrite, “for the purpose of safeguarding national security.”
Internal documents obtained by The Detail also show that the CRU told all UK police forces to withhold information on technology from controversial US firm Palantir.
Several UK police forces use the technology to build up suspect profiles or synthesise vast amounts of data that have been lawfully gathered by a police force, according to Palantir’s UK chief executive Louis Mosley.
Palantir, co-founded by billionaire Trump donor Peter Thiel, has been criticised for its work with the US Immigration and Customs Enforcement (ICE) agency.
As with Cellebrite, the CRU said that if police forces admitted they did or did not use Palantir tech, it could aid criminals or terrorists by allowing them “to focus on evaluating the particular capabilities of a particular tool.”
Patrick Corrigan, Amnesty International’s Northern Ireland director, said what The Detail had uncovered was of “serious concern”.
He said that said that during Amnesty's three years of research into UK police use of AI predictive systems, they “found the use of this technology to be mired in a wall of secrecy.”
Mr Corrigan said Amnesty's researchers were "met with either no answer, misleading, confusing or otherwise incomplete answers to our requests for information, often hiding behind excessively broad exemptions in the Freedom of Information system related to cost and sensitivity of the information.”
“It’s of serious concern to learn that this might have been a coordinated obfuscation directive sent by centralised policing bodies to local forces, including the PSNI, to keep this information from public scrutiny.”
Amnesty NI director Patrick Corrigan. Photo by Jonathan Porter, Press Eye
Oversight
The Policing Board said that they were not aware that the PSNI had used Cellebrite technology on a journalist's phone before it was revealed in the news.
“The Board would not be informed of any operational use as this is a matter for the Chief Constable,” a spokeswoman said.
Board member Les Allamby asked the PSNI in May how often Cellebrite has been used against journalists, lawyers, NGOs, or its own police officers.
The police did not release the figures, citing the ongoing McCullough review into PSNI surveillance of journalists.
The Policing Board also said they were not aware of the PSNI making referrals of freedom of information requests to the NPCC, which operates the CRU .
“The Board has not been informed of referrals to NPCC in respect of PSNI FOI requests,” the spokeswoman said.
“In processing FOI requests and preparing responses, the PSNI is statutorily required to comply with the FOI Act and guidance published by the Information Commissioner’s Office.”
Daniel Holder, director of the Committee for the Administration of Justice (CAJ) said there remain questions for the PSNI.
“Given the concerns others have raised about this particular unit it does raise questions that the PSNI appears to have an approach of referring some FOIs to it,” he said.
“We have previously cautioned against the general adoption of NPCC policies by the PSNI, as they are not obliged to do so.
“If the PSNI are adopting an NPCC policy it should go through the usual policy development channels, including engagement with the Policing Board given their oversight role.”
A spokesman for the PSNI said they have “no formal policy” about when they refer freedom of information requests to the CRU.
“The Central Referral Unit (CRU) provides advice and guidance in relation to information requests,” he said.
“The final decision with regard to the disclosure or engagement of a lawful exemption rests with the Police Service of Northern Ireland when dealing with requests that it has received.
“All decisions are made on a case-by-case basis and consider all available information, guidance and legislative requirements relevant to the request,” he added.
Chief Constable Rob Carden, NPCC Digital, Data and Technology Lead said in a statement:
“Policing is firmly committed to being open and transparent. Compliance with the Freedom of Information Act 2000 is one important way we remain accountable to the public.
“We always strive to share as much as we can in our responses with a presumption to disclose. However, there are circumstances where information cannot be disclosed and needs to be redacted, and on occasions withheld, to ensure police can continue to use tactics to protect the public or to prevent sensitive information being exploited by criminals to cause harm. These instances are strictly sanctioned with clear parameters, as set out in legislation.”