Feeds

UK snoop system had 1,000 COCKUPS - including 2 duff cuffs

Whoops, sorry. Spied on you and locked you up by accident

Security for virtualized datacentres

Police, security services and other public bodies bungled nearly 1,000 requests for citizens' communications data in a year, a new report has revealed.

Communication service providers (CSPs, which include ISPs and telcos) were also blamed for some of the cock-ups: the study for 2011 found that two people were wrongly arrested as a result of typos on information interceptions.

"Unfortunately in two separate cases where a CSP disclosed the incorrect data, the mistakes were not realised and action was taken by the police forces on the data received," said Interception Communications Commissioner Sir Paul Kennedy, the report's author.

He continued: "Regrettably, these errors had very significant consequences for two members of the public who were wrongly detained / accused of crimes as a result of the errors."

Kennedy noted that in those instances, which both have investigations underway, it was the same unnamed CSP at fault and not the public authority that had requested the data.

The snooping-on-the-snoopers commissioner added that after being initially unhappy with the CSP's explanations about what went wrong, the company had since introduced "sensible measures" that - it is hoped - should prevent similar errors in the future.

However, while it was decided that a CSP was responsible for the two worst cases of communications data request errors last year, the commissioner's report actually showed that public authorities were largely to blame for admin cock-ups resulting in the wrong British citizens being spied on.

Sir Paul's report was published as parliamentarians scrutinised Home Secretary Theresa May's drafted internet surveillance law, aka the Communications Data Bill.

Requests in numbers

In 2011, a total of 494,078 requests were made by public authorities including local councils, the UK Border Agency, the police and spooks, during which time 895 errors were reported to Sir Paul's office.

He said that approximately 80 per cent of those failures to submit the correct information had been down to public authorities, while CSPs were to blame for the remaining 20 per cent of communications data request errors.

The same report also highlighted the incompetence of two local councils for acquiring communications data by relying on "approval" from an individual who lacked the necessary authority to grant such access.

"In total 52 requests were made by these two local authorities and regrettably this data was therefore not acquired in accordance with the law," Sir Paul said.

"It was also shocking to find that the same person had acted as the applicant, SPoC [single point of contact] and DP [designated person] in one of those local authorities," he said. "Not only does this represent non-compliance with the Code of Practice, it also means that the requests had a complete lack of scrutiny in the individual local authority as they were effectively self-authorised."

He added that there had been two instances in which local councils had requested traffic data from CSPs, even though they are restricted from doing so under the The Regulation of Investigatory Powers Act (RIPA).

The commissioner's inspectors also uncovered one incident where a local authority had acquired communications data that did not meet the "necessity criteria" under RIPA.

Sir Paul explained that the "application related to an allegation that a parent living outside the catchment area of a school provided an address within the catchment area in order to secure a school place."

However, communications data was requested without the council in question specifying any criminal offences to justify the probe.

The commissioner said that "communications data must only be acquired for the purpose of preventing or detecting crime and where there is an intention to gather evidence for use in legal proceedings".

Just last week, Paul Bettison of the Local Government Association - who appeared before MPs and peers scrutinising the Home Office's draft communications law - dismissed accusations that local authority officials had abused their RIPA powers and said he wanted to "dispel the myths that we've been frivolous in the past".

During that same confab, it was revealed that public bodies including councils could yet - via secondary legislation - be granted access to communications data under May's proposed new law.

The Home Secretary had offered a tiny concession to Lib Dem opponents of her bill earlier this year, by proclaiming that councils and other public bodies would be excluded from such access requests, even though the vast majority of applications to spy on British citizens comes from spooks and the police.

On Friday, Prime Minister David Cameron said in a ministerial statement responding to the commissioner's report:

There have, regrettably, been breaches and errors in the use of these powers. While these have been few in number relative to the overall number of applications, the government is not complacent; the causes of these breaches and errors will need to be addressed.

Sir Paul's report can be viewed here [PDF]. ®

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Why Oracle CEO Larry Ellison had to go ... Except he hasn't
Silicon Valley's veteran seadog in piratical Putin impression
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.