Feeds

Five bods wrongly cuffed thanks to bungled comms snooping in UK

Report: Web, phone data slurping cocked up nearly 1,000 times in a year

SANS - Survey on application security programs

UK cops and spook agencies wrongly fingered five people as criminals after seizing data about their communications, according to a new report.

The Interception of Communications Commissioner's latest dossier [PDF] gave examples of intelligence data used to seize drugs and firearms, stop illegal waste dumping and in one instance catch a con artist - but it also revealed that cock-ups had been made.

In most cases, the officers or agents involved realised their mistake and took no action on the data. However, five people were either wrongly detained or accused of crimes following requests for data about their internet activity (curiously referred to as "Internet Protocol or node name resolutions" in the report). In another error, police were sent to an address where they wrongly believed a child had threatened to harm him or herself.

According to the report, last year cops and spooks sent 570,135 demands for information about folks' texts, emails and other communications to telcos and ISPs. That collected data revealed who got the messages and calls, and where and when - the so-called metadata - rather than the content of said messages. But that information alone can be useful enough for savvy investigators trying to work out what was being discussed.

That number of requests also includes multiple demands made during the same investigation, so the number of people targeted "would be much smaller", the report pointed out.

A total of 3,372 lawful intercept warrants were issued, up 16 per cent on 2011, to actually listen in on the calls or read the messages.

The power to snoop on citizens' private communications is granted by the Regulation of Investigatory Powers Act (RIPA).

Former commissioner Sir Paul Kennedy, who served until the end of 2012, said that 55 breaches of the RIPA law were reported to his office, including seven errors where law enforcement agencies didn't have the authority to seize texts, voicemails and emails. However, he added that none of the mistakes were "malicious or deliberate".

"Each error involved some kind of human error or system related technical problem. In a large number of the 55 error cases, no intercept product was actually obtained and therefore there was no unjustified or unnecessary intrusion," he said.

"In the smaller number of cases where intercept product was wrongly obtained, I have been assured that any such product has been destroyed."

Nearly a thousand errors were made in communications metadata requests, with around 80 per cent being mistakes made by the authorities and another 20 per cent made by the communications service providers.

However, the snooping-on-the-snoopers commissioner said that comms data slurping was still a great way to catch would-be criminals and terrorists.

"Interception and communications data remain powerful techniques in the investigation of many kinds of crime and threats to national security," Sir Paul, who was succeeded at the start of this year by Sir Anthony May, wrote in his report.

"Many of the largest drug-trafficking, excise evasion, people-trafficking, counter-terrorism and wider national security, and serious crime investigative successes of the recent past have in some way involved the use of interception and/or communications data."

Most of the data requests were made by law agencies and spook centres, but 160 local councils across the UK made more than 2,500 of the requests for data to ID criminals for crimes such as dodging their taxes or selling fake goods.

The commission said that a number of measures had been put in place to stop mistakes happening again, including the sage advice to double check all details.

"I am satisfied with the measures put in place by these public authorities and communication service providers and hopefully this will prevent recurrence," the knight of the realm declared. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.