Feeds

UK snoop system had 1,000 COCKUPS - including 2 duff cuffs

Whoops, sorry. Spied on you and locked you up by accident

High performance access to file storage

Police, security services and other public bodies bungled nearly 1,000 requests for citizens' communications data in a year, a new report has revealed.

Communication service providers (CSPs, which include ISPs and telcos) were also blamed for some of the cock-ups: the study for 2011 found that two people were wrongly arrested as a result of typos on information interceptions.

"Unfortunately in two separate cases where a CSP disclosed the incorrect data, the mistakes were not realised and action was taken by the police forces on the data received," said Interception Communications Commissioner Sir Paul Kennedy, the report's author.

He continued: "Regrettably, these errors had very significant consequences for two members of the public who were wrongly detained / accused of crimes as a result of the errors."

Kennedy noted that in those instances, which both have investigations underway, it was the same unnamed CSP at fault and not the public authority that had requested the data.

The snooping-on-the-snoopers commissioner added that after being initially unhappy with the CSP's explanations about what went wrong, the company had since introduced "sensible measures" that - it is hoped - should prevent similar errors in the future.

However, while it was decided that a CSP was responsible for the two worst cases of communications data request errors last year, the commissioner's report actually showed that public authorities were largely to blame for admin cock-ups resulting in the wrong British citizens being spied on.

Sir Paul's report was published as parliamentarians scrutinised Home Secretary Theresa May's drafted internet surveillance law, aka the Communications Data Bill.

Requests in numbers

In 2011, a total of 494,078 requests were made by public authorities including local councils, the UK Border Agency, the police and spooks, during which time 895 errors were reported to Sir Paul's office.

He said that approximately 80 per cent of those failures to submit the correct information had been down to public authorities, while CSPs were to blame for the remaining 20 per cent of communications data request errors.

The same report also highlighted the incompetence of two local councils for acquiring communications data by relying on "approval" from an individual who lacked the necessary authority to grant such access.

"In total 52 requests were made by these two local authorities and regrettably this data was therefore not acquired in accordance with the law," Sir Paul said.

"It was also shocking to find that the same person had acted as the applicant, SPoC [single point of contact] and DP [designated person] in one of those local authorities," he said. "Not only does this represent non-compliance with the Code of Practice, it also means that the requests had a complete lack of scrutiny in the individual local authority as they were effectively self-authorised."

He added that there had been two instances in which local councils had requested traffic data from CSPs, even though they are restricted from doing so under the The Regulation of Investigatory Powers Act (RIPA).

The commissioner's inspectors also uncovered one incident where a local authority had acquired communications data that did not meet the "necessity criteria" under RIPA.

Sir Paul explained that the "application related to an allegation that a parent living outside the catchment area of a school provided an address within the catchment area in order to secure a school place."

However, communications data was requested without the council in question specifying any criminal offences to justify the probe.

The commissioner said that "communications data must only be acquired for the purpose of preventing or detecting crime and where there is an intention to gather evidence for use in legal proceedings".

Just last week, Paul Bettison of the Local Government Association - who appeared before MPs and peers scrutinising the Home Office's draft communications law - dismissed accusations that local authority officials had abused their RIPA powers and said he wanted to "dispel the myths that we've been frivolous in the past".

During that same confab, it was revealed that public bodies including councils could yet - via secondary legislation - be granted access to communications data under May's proposed new law.

The Home Secretary had offered a tiny concession to Lib Dem opponents of her bill earlier this year, by proclaiming that councils and other public bodies would be excluded from such access requests, even though the vast majority of applications to spy on British citizens comes from spooks and the police.

On Friday, Prime Minister David Cameron said in a ministerial statement responding to the commissioner's report:

There have, regrettably, been breaches and errors in the use of these powers. While these have been few in number relative to the overall number of applications, the government is not complacent; the causes of these breaches and errors will need to be addressed.

Sir Paul's report can be viewed here [PDF]. ®

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.