Feeds

Five bods wrongly cuffed thanks to bungled comms snooping in UK

Report: Web, phone data slurping cocked up nearly 1,000 times in a year

Choosing a cloud hosting partner with confidence

UK cops and spook agencies wrongly fingered five people as criminals after seizing data about their communications, according to a new report.

The Interception of Communications Commissioner's latest dossier [PDF] gave examples of intelligence data used to seize drugs and firearms, stop illegal waste dumping and in one instance catch a con artist - but it also revealed that cock-ups had been made.

In most cases, the officers or agents involved realised their mistake and took no action on the data. However, five people were either wrongly detained or accused of crimes following requests for data about their internet activity (curiously referred to as "Internet Protocol or node name resolutions" in the report). In another error, police were sent to an address where they wrongly believed a child had threatened to harm him or herself.

According to the report, last year cops and spooks sent 570,135 demands for information about folks' texts, emails and other communications to telcos and ISPs. That collected data revealed who got the messages and calls, and where and when - the so-called metadata - rather than the content of said messages. But that information alone can be useful enough for savvy investigators trying to work out what was being discussed.

That number of requests also includes multiple demands made during the same investigation, so the number of people targeted "would be much smaller", the report pointed out.

A total of 3,372 lawful intercept warrants were issued, up 16 per cent on 2011, to actually listen in on the calls or read the messages.

The power to snoop on citizens' private communications is granted by the Regulation of Investigatory Powers Act (RIPA).

Former commissioner Sir Paul Kennedy, who served until the end of 2012, said that 55 breaches of the RIPA law were reported to his office, including seven errors where law enforcement agencies didn't have the authority to seize texts, voicemails and emails. However, he added that none of the mistakes were "malicious or deliberate".

"Each error involved some kind of human error or system related technical problem. In a large number of the 55 error cases, no intercept product was actually obtained and therefore there was no unjustified or unnecessary intrusion," he said.

"In the smaller number of cases where intercept product was wrongly obtained, I have been assured that any such product has been destroyed."

Nearly a thousand errors were made in communications metadata requests, with around 80 per cent being mistakes made by the authorities and another 20 per cent made by the communications service providers.

However, the snooping-on-the-snoopers commissioner said that comms data slurping was still a great way to catch would-be criminals and terrorists.

"Interception and communications data remain powerful techniques in the investigation of many kinds of crime and threats to national security," Sir Paul, who was succeeded at the start of this year by Sir Anthony May, wrote in his report.

"Many of the largest drug-trafficking, excise evasion, people-trafficking, counter-terrorism and wider national security, and serious crime investigative successes of the recent past have in some way involved the use of interception and/or communications data."

Most of the data requests were made by law agencies and spook centres, but 160 local councils across the UK made more than 2,500 of the requests for data to ID criminals for crimes such as dodging their taxes or selling fake goods.

The commission said that a number of measures had been put in place to stop mistakes happening again, including the sage advice to double check all details.

"I am satisfied with the measures put in place by these public authorities and communication service providers and hopefully this will prevent recurrence," the knight of the realm declared. ®

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
Carders punch holes through Staples
Investigation launched into East Coast stores
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.