Feeds

Five bods wrongly cuffed thanks to bungled comms snooping in UK

Report: Web, phone data slurping cocked up nearly 1,000 times in a year

Top 5 reasons to deploy VMware with Tegile

UK cops and spook agencies wrongly fingered five people as criminals after seizing data about their communications, according to a new report.

The Interception of Communications Commissioner's latest dossier [PDF] gave examples of intelligence data used to seize drugs and firearms, stop illegal waste dumping and in one instance catch a con artist - but it also revealed that cock-ups had been made.

In most cases, the officers or agents involved realised their mistake and took no action on the data. However, five people were either wrongly detained or accused of crimes following requests for data about their internet activity (curiously referred to as "Internet Protocol or node name resolutions" in the report). In another error, police were sent to an address where they wrongly believed a child had threatened to harm him or herself.

According to the report, last year cops and spooks sent 570,135 demands for information about folks' texts, emails and other communications to telcos and ISPs. That collected data revealed who got the messages and calls, and where and when - the so-called metadata - rather than the content of said messages. But that information alone can be useful enough for savvy investigators trying to work out what was being discussed.

That number of requests also includes multiple demands made during the same investigation, so the number of people targeted "would be much smaller", the report pointed out.

A total of 3,372 lawful intercept warrants were issued, up 16 per cent on 2011, to actually listen in on the calls or read the messages.

The power to snoop on citizens' private communications is granted by the Regulation of Investigatory Powers Act (RIPA).

Former commissioner Sir Paul Kennedy, who served until the end of 2012, said that 55 breaches of the RIPA law were reported to his office, including seven errors where law enforcement agencies didn't have the authority to seize texts, voicemails and emails. However, he added that none of the mistakes were "malicious or deliberate".

"Each error involved some kind of human error or system related technical problem. In a large number of the 55 error cases, no intercept product was actually obtained and therefore there was no unjustified or unnecessary intrusion," he said.

"In the smaller number of cases where intercept product was wrongly obtained, I have been assured that any such product has been destroyed."

Nearly a thousand errors were made in communications metadata requests, with around 80 per cent being mistakes made by the authorities and another 20 per cent made by the communications service providers.

However, the snooping-on-the-snoopers commissioner said that comms data slurping was still a great way to catch would-be criminals and terrorists.

"Interception and communications data remain powerful techniques in the investigation of many kinds of crime and threats to national security," Sir Paul, who was succeeded at the start of this year by Sir Anthony May, wrote in his report.

"Many of the largest drug-trafficking, excise evasion, people-trafficking, counter-terrorism and wider national security, and serious crime investigative successes of the recent past have in some way involved the use of interception and/or communications data."

Most of the data requests were made by law agencies and spook centres, but 160 local councils across the UK made more than 2,500 of the requests for data to ID criminals for crimes such as dodging their taxes or selling fake goods.

The commission said that a number of measures had been put in place to stop mistakes happening again, including the sage advice to double check all details.

"I am satisfied with the measures put in place by these public authorities and communication service providers and hopefully this will prevent recurrence," the knight of the realm declared. ®

Beginner's guide to SSL certificates

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.