Spooks made 1,061 bugging errors in 2010

MI5 accidentally spied on 134 people they didn't mean to

MI5 wrongly collected subscriber data on 134 telephone numbers as a result of a software error, according to interception of communications commissioner Sir Paul Kennedy's annual report.

A spreadsheet formatting error caused the service to apply for data on the identity of telephone numbers ending in 000, rather than the actual last three digits. "The subscriber data acquired had no connection or relevance to any investigation or operation being undertaken by the Security Service," writes Kennedy.

He adds that the resulting material was destroyed, the formatting fault fixed and numbers are now checked manually before MI5 requests subscriber data from communications providers.

MI5 also acquired data on the histories of 927 internet protocol addresses without authorisation from a sufficiently senior officer, of GD3 rank or above. This was due to an "incorrect setting on the system used by the Security Service," according to Kennedy, although the requests themselves were necessary and proportionate. MI5 has corrected the setting on its systems.

Overall, Kennedy reported that public authorities submitted 552,550 requests for communications data during 2010, and the number is increasing by about 5 per cent a year. He could not give a precise reason for the growth, but said "it is indicative of the growth in communications technology", with "certain police forces" increasing their use.

Nearly two-thirds of requests for communications data – about communications rather than contents – were for subscriber data. This was usually part of an attempt to find the owner of a mobile phone. About a quarter of requests were for traffic data.

Sir Peter Gibson, the intelligence services commissioner, also published his annual report. Having been granted powers under the Identity Cards Act to monitor use of the National Identity Register by intelligence services, he reported that he is "not aware of any acquisition, storage and use made" by such organisations before the register was destroyed earlier this year.

He collected statistics on the number of warrants and authorisations issued to the security and intelligence agencies or armed forces, but these have only been included in a confidential annex. He defended the secrecy by saying publication would "assist those unfriendly to the UK were they able to know the extent of the work" of those agencies.

This article was originally published at Guardian Government Computing.

Guardian Government Computing is a business division of Guardian Professional, and covers the latest news and analysis of public sector technology. For updates on public sector IT, join the Government Computing Network here.

Sponsored: Network DDoS protection