Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
British cops are abusing the right to snoop on communications data by holding information on innocent people for far too long, a report from the Commissioner for Interception has found.
Sir Anthony May, the commissioner, wanted to counteract the "general relatively uninformed fear" that shadowy government agencies were snooping into the private lives of individuals.
However, in his annual report (PDF), he confessed that cops, spooks and bureaucrats were gathering information on an industrial scale under powers granted by Section 57(1) of the Regulation of Investigatory Powers Act 2000 (RIPA).
Last year the number of interception warrants issued was down from 3372 to 2760 from the previous year, although communications data which is not relevant to an investigation is often stored for too long. This data is meant to be deleted more or less immediately.
"Related communications data are in some instances retained for a variety of longer periods," wrote Sir Anthony. "I have yet to satisfy myself fully that some of these periods are justified and in those cases I have required the agencies to shorten their retention periods or, if not, provide me with more persuasive reasons for keeping the material for the current periods."
During 2013, there were 2,760 interception warrants granted, which allow investigators to access the full contents of a target's communications. These warrants are issued in the interests of national security, during probes into serious crime or to protect British economic interests and allow target's communications to be monitored for up to six months.
There were 57 "interception errors" reported last year, with almost one in five (19 per cent) due to the incorrect address being targeted. 11 per cent of interception mistakes were due to investigators failing to get proper legal permission for surveillance, while five per cent were blamed on investigators snooping on the wrong phone number.
The most common reason for errors was put down to "inadequate discharge of sections 15/16 duties". This could happen when a foreign target entered the UK and investigators continued to spy on them or if malfunctioning systems continued to snoop on targets after an investigation had ceased.
During 2013 there were also 514,608 authorisations and notices for the collection of communications data, which Sir Anthony said "has the feel of being too many". The number excludes urgent oral requests which are made in times of emergency. During 2013 alone, 42,293 notices were given orally.
This data includes the "who, when and where" of communications, but not the content. It is made up of three parts: traffic data, which identifies the sender and recipient of any communications as well as the time; service use information, which is the sort of information contained on a phone bill, and subscriber information, which is the information a person hands over whenever they sign up with a communications service provider.
Three quarters (76.9 per cent) of the requests were filed with the intention of preventing crime, with 11.4 per cent made to protect national security.
Some 87.7 per cent of these notices were filed by law enforcement agencies, with just one per cent filed by local authorities and what the report termed "other" public bodies. Intelligence agencies made 11.5 per cent of the rest of the requests.
The report went on to admit that the numbers could be way off the mark because public authorities store statistics in different ways. For instance, one police force might file three applications for the interception of a specific phone number on the same form, while another force filed each request separately.
"In my view the unreliability and inadequacy of the statistical requirements is a significant problem which requires attention," Sir Anthony continued.
The commissioner reassured the innocent folk of Britain that spooks were not interested in tracking their every text message, email or phone calls.
"I am quite clear that any member of the public who does not associate with potential terrorists or serious criminals or individuals who are potentially involved in actions which could raise national security issues for the UK can be assured that none of the interception agencies which I inspect has the slightest interest in examining their emails, their phone or postal communications or their use of the internet, and they do not do so to any extent which could reasonably be regarded as significant," he wrote.
"The interception agencies do not engage in indiscriminate random mass intrusion by misusing their powers under RIPA 2000 Part I. It would be comprehensively unlawful if they did. I should be required to report it to the Prime Minister. I am personally confident from the work I have undertaken throughout 2013 and to date that no such report is required.
The commissioner insisted that RIPA was still relevant to the modern age, even though it was conceived before the September 11th 2001 attacks on the World Trade Centre and the widespread adoption of the internet as a primary method of communication.
Commenting on the report, Prime Minister David Cameron said: “The report makes clear the Commissioner’s view that RIPA is fit for purpose, despite advances in technology. He also finds that interception agencies undertake their roles conscientiously and effectively, and that public authorities do not engage in indiscriminate random mass intrusion.”
Sponsored: Global DDoS threat landscape report