Jack the RIPA: Blighty cops ignore law, retain innocents' comms data

Prime minister: Nothing to see here, go about your business

Secure remote control for conventional and virtual desktops

British cops are abusing the right to snoop on communications data by holding information on innocent people for far too long, a report from the Commissioner for Interception has found.

Sir Anthony May, the commissioner, wanted to counteract the "general relatively uninformed fear" that shadowy government agencies were snooping into the private lives of individuals.

However, in his annual report (PDF), he confessed that cops, spooks and bureaucrats were gathering information on an industrial scale under powers granted by Section 57(1) of the Regulation of Investigatory Powers Act 2000 (RIPA).

Last year the number of interception warrants issued was down from 3372 to 2760 from the previous year, although communications data which is not relevant to an investigation is often stored for too long. This data is meant to be deleted more or less immediately.

"Related communications data are in some instances retained for a variety of longer periods," wrote Sir Anthony. "I have yet to satisfy myself fully that some of these periods are justified and in those cases I have required the agencies to shorten their retention periods or, if not, provide me with more persuasive reasons for keeping the material for the current periods."

During 2013, there were 2,760 interception warrants granted, which allow investigators to access the full contents of a target's communications. These warrants are issued in the interests of national security, during probes into serious crime or to protect British economic interests and allow target's communications to be monitored for up to six months.

There were 57 "interception errors" reported last year, with almost one in five (19 per cent) due to the incorrect address being targeted. 11 per cent of interception mistakes were due to investigators failing to get proper legal permission for surveillance, while five per cent were blamed on investigators snooping on the wrong phone number.

The most common reason for errors was put down to "inadequate discharge of sections 15/16 duties". This could happen when a foreign target entered the UK and investigators continued to spy on them or if malfunctioning systems continued to snoop on targets after an investigation had ceased.

During 2013 there were also 514,608 authorisations and notices for the collection of communications data, which Sir Anthony said "has the feel of being too many". The number excludes urgent oral requests which are made in times of emergency. During 2013 alone, 42,293 notices were given orally.

This data includes the "who, when and where" of communications, but not the content. It is made up of three parts: traffic data, which identifies the sender and recipient of any communications as well as the time; service use information, which is the sort of information contained on a phone bill, and subscriber information, which is the information a person hands over whenever they sign up with a communications service provider.

Three quarters (76.9 per cent) of the requests were filed with the intention of preventing crime, with 11.4 per cent made to protect national security.

Some 87.7 per cent of these notices were filed by law enforcement agencies, with just one per cent filed by local authorities and what the report termed "other" public bodies. Intelligence agencies made 11.5 per cent of the rest of the requests.

The report went on to admit that the numbers could be way off the mark because public authorities store statistics in different ways. For instance, one police force might file three applications for the interception of a specific phone number on the same form, while another force filed each request separately.

"In my view the unreliability and inadequacy of the statistical requirements is a significant problem which requires attention," Sir Anthony continued.

The commissioner reassured the innocent folk of Britain that spooks were not interested in tracking their every text message, email or phone calls.

"I am quite clear that any member of the public who does not associate with potential terrorists or serious criminals or individuals who are potentially involved in actions which could raise national security issues for the UK can be assured that none of the interception agencies which I inspect has the slightest interest in examining their emails, their phone or postal communications or their use of the internet, and they do not do so to any extent which could reasonably be regarded as significant," he wrote.

"The interception agencies do not engage in indiscriminate random mass intrusion by misusing their powers under RIPA 2000 Part I. It would be comprehensively unlawful if they did. I should be required to report it to the Prime Minister. I am personally confident from the work I have undertaken throughout 2013 and to date that no such report is required.

The commissioner insisted that RIPA was still relevant to the modern age, even though it was conceived before the September 11th 2001 attacks on the World Trade Centre and the widespread adoption of the internet as a primary method of communication.

Commenting on the report, Prime Minister David Cameron said: “The report makes clear the Commissioner’s view that RIPA is fit for purpose, despite advances in technology. He also finds that interception agencies undertake their roles conscientiously and effectively, and that public authorities do not engage in indiscriminate random mass intrusion.”

Yes, Prime Minister. ®

Intelligent flash storage arrays

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
Hey Brit taxpayers. You just spent £4m on Central London ‘innovation playground’
Catapult me a Mojito, I feel an Digital Innovation coming on
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
EU probes Google’s Android omerta again: Talk now, or else
Spill those Android secrets, or we’ll fine you
prev story


Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.