Flexispy is the creepy stalkerware advertised to abusive spouses and exes that Motherboard's Joseph Cox has been relentlessly tracking; when he acquired a leaked trove of the company's files, he started to mine it to see who was buying the potentially illegal app.
One of those purchasers was an officer with the Metropolitan Police Service's High Tech Crime Unit, whose very possession of the app could constitute a breach of the Computer Misuse Act 1990. Motherboard reported on the finding in April 2017, seeking comment from the police service, who declined to respond, though the officer who bought the stalkerware did revise his Linkedin privacy settings to prevent reporters from seeing changes to his work status.
Motherboard retained counsel to seek an explanation from the Met's watchdog, the Independent Office for Police Conduct, who relayed a report from the MPS's Directorate of Professional Standards concluding that the Met didn't owe Motherboard an explanation for this dodgy purchase because "Motherboard was not a member of the public who claims have witnessed a piece of misconduct."
Motherboard has now filed a formal complaint to force the Met to hold an independent inquiry into the purchase.
We don’t know why a Metropolitan Police officer, likely from the force’s hi-tech crime unit, purchased FlexiSpy. Did the officer deploy it in an investigation? Was its use proportionate and appropriate for the type of crime being investigated? Or, more worryingly, was the malware for personal, illegal use to monitor their spouse, as FlexiSpy’s marketing at the time made heavy reference to? It’s also possible the officer purchased FlexiSpy simply to better understand how the software worked.
Filling that gap in the public’s knowledge is essential at a time when law enforcement use of malware, which can obtain a wealth of personal information from a target device, is only on the rise. Last year, UK police forces formally received the explicit power of hacking technology—known as ‘equipment interference’—after another agency’s use had been governed for years under an antiquated law from the ‘90s.
“The Met need to account for why one of their officers had a FlexiSpy account,” King previously said.
Motherboard Files Legal Complaint Against Metropolitan Police for Malware Purchase [Joseph Cox/Motherboard]
(Image: Peter Trimming [CC-BY-SA])