Feeds

UK snoop system had 1,000 COCKUPS - including 2 duff cuffs

Whoops, sorry. Spied on you and locked you up by accident

Security for virtualized datacentres

Police, security services and other public bodies bungled nearly 1,000 requests for citizens' communications data in a year, a new report has revealed.

Communication service providers (CSPs, which include ISPs and telcos) were also blamed for some of the cock-ups: the study for 2011 found that two people were wrongly arrested as a result of typos on information interceptions.

"Unfortunately in two separate cases where a CSP disclosed the incorrect data, the mistakes were not realised and action was taken by the police forces on the data received," said Interception Communications Commissioner Sir Paul Kennedy, the report's author.

He continued: "Regrettably, these errors had very significant consequences for two members of the public who were wrongly detained / accused of crimes as a result of the errors."

Kennedy noted that in those instances, which both have investigations underway, it was the same unnamed CSP at fault and not the public authority that had requested the data.

The snooping-on-the-snoopers commissioner added that after being initially unhappy with the CSP's explanations about what went wrong, the company had since introduced "sensible measures" that - it is hoped - should prevent similar errors in the future.

However, while it was decided that a CSP was responsible for the two worst cases of communications data request errors last year, the commissioner's report actually showed that public authorities were largely to blame for admin cock-ups resulting in the wrong British citizens being spied on.

Sir Paul's report was published as parliamentarians scrutinised Home Secretary Theresa May's drafted internet surveillance law, aka the Communications Data Bill.

Requests in numbers

In 2011, a total of 494,078 requests were made by public authorities including local councils, the UK Border Agency, the police and spooks, during which time 895 errors were reported to Sir Paul's office.

He said that approximately 80 per cent of those failures to submit the correct information had been down to public authorities, while CSPs were to blame for the remaining 20 per cent of communications data request errors.

The same report also highlighted the incompetence of two local councils for acquiring communications data by relying on "approval" from an individual who lacked the necessary authority to grant such access.

"In total 52 requests were made by these two local authorities and regrettably this data was therefore not acquired in accordance with the law," Sir Paul said.

"It was also shocking to find that the same person had acted as the applicant, SPoC [single point of contact] and DP [designated person] in one of those local authorities," he said. "Not only does this represent non-compliance with the Code of Practice, it also means that the requests had a complete lack of scrutiny in the individual local authority as they were effectively self-authorised."

He added that there had been two instances in which local councils had requested traffic data from CSPs, even though they are restricted from doing so under the The Regulation of Investigatory Powers Act (RIPA).

The commissioner's inspectors also uncovered one incident where a local authority had acquired communications data that did not meet the "necessity criteria" under RIPA.

Sir Paul explained that the "application related to an allegation that a parent living outside the catchment area of a school provided an address within the catchment area in order to secure a school place."

However, communications data was requested without the council in question specifying any criminal offences to justify the probe.

The commissioner said that "communications data must only be acquired for the purpose of preventing or detecting crime and where there is an intention to gather evidence for use in legal proceedings".

Just last week, Paul Bettison of the Local Government Association - who appeared before MPs and peers scrutinising the Home Office's draft communications law - dismissed accusations that local authority officials had abused their RIPA powers and said he wanted to "dispel the myths that we've been frivolous in the past".

During that same confab, it was revealed that public bodies including councils could yet - via secondary legislation - be granted access to communications data under May's proposed new law.

The Home Secretary had offered a tiny concession to Lib Dem opponents of her bill earlier this year, by proclaiming that councils and other public bodies would be excluded from such access requests, even though the vast majority of applications to spy on British citizens comes from spooks and the police.

On Friday, Prime Minister David Cameron said in a ministerial statement responding to the commissioner's report:

There have, regrettably, been breaches and errors in the use of these powers. While these have been few in number relative to the overall number of applications, the government is not complacent; the causes of these breaches and errors will need to be addressed.

Sir Paul's report can be viewed here [PDF]. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Special pleading against mass surveillance won't help anyone
Protecting journalists alone won't protect their sources
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Apple's iPhone 6 first-day sales are MEANINGLESS, mutters analyst
Big weekend queues only represent fruity firm's supply
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Bill Gates, drugs and the internet: Top 10 Larry Ellison quotes
'I certainly never expected to become rich ... this is surreal'
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
EMC, HP blockbuster 'merger' shocker comes a cropper
Stand down, FTC... you can put your feet up for a bit
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.