Metadata slurp warrant typo sends cops barging into the wrong house

IOCCO investigates snooping snafus by asinine authorities and other idiots

The Interception of Communications Commissioner's Office (IOCCO) half-yearly report revealed 17 serious errors committed by British authorities using interception powers, including one which lead to an innocent citizen's home being raided after the police mistyped a suspect's email address.

In addition to whistleblower witchhunting, the 52 page report (PDF) reveals that the rozzers not only bothered members of the public thanks to unnamed authorities' typos, but other cock-ups also lead to delayed welfare checks on children believed to be in trouble.

The most egregious mistake revealed by the commissioner's report featured an unnamed public authority which "sought to trace the user of an email address used to groom a young girl as part of a protracted investigation into the sexual exploitation of children."

When it applied for data on the email address, however, the fat-fingered authority managed to mistype it: leading to it being provided with the wrong subscriber information, which in turn revealed the wrong IP address, which was used to identify the wrong premises which the suspect's account was accessed from.

As the wrong premises were identified, the police executed a search warrant at the wrong address. Computer equipment, which was seized during the search, was examined immediately.

Surprisingly – or not – the examination provided no evidence that the equipment's owner had any connection with the social media network through which the victim was being contacted – and obviously provided no evidence that the owner had ever been in contact with the victim.

A subsequent review of the communications data application revealed the mistake.

The commissioner decided not to name the parties involved in this series of cock-ups (and others), worrying that it could cause further infringements of individuals' privacy, as well as noting that such "naming and shaming" might "have the unintended consequence of undermining the open and co-operative self reporting of errors."

But what are your snooping powers?

Securing a full public acknowledgement of the British state's surveillance capabilities has a been a recurring criticism in the series of reviews and analyses that have taken place since Edward Snowden's global surveillance revelations.

Held in particular revulsion by privacy campaigners is Section 94 of the Telecommunications Act 1984 which grants the secretary of state unlimited and unaccountable powers to order just about any course of action at all.

Disclosure of such orders is prohibited if it would be "against the interests of national security or relations with the government of a country or territory outside the United Kingdom, or the commercial interests of any person."

In his independent review of counter-terrorism legislation, David Anderson QC recommended that intrusive surveillance capabilities be "promptly avowed to the Secretary of State" and subsequently "publicly avowed by the Secretary of State". This was echoed by the ISC report which recommended that Government "avow all of the Agencies' intrusive capabilities."

Sir Anthony May, the Interception of Communications Commissioner, recommended "that provision is made in any future legislation that might encompass such directions to inform the Interception of Communications Commissioner (or any such successor oversight body) of all extant section 94 directions to enable this area to be overseen properly."

However, the IOCCO report welcomes "the Prime Minister’s decision earlier this year to ask me to formally oversee directions issued under section 94 of the Telecommunications Act 1984" as "a good first step towards greater transparency and comprehensive oversight of any directions."

Sir Anthony noted: "This oversight was limited because it was only concerned with parts of c) above. My office was, and still is, prohibited from saying any more about this oversight as the Secretary of State is of the opinion that disclosure would be against the interests set out in section 94(5) of the Telecommunications Act."

Tweeting to The Register's reporter, Julian Huppert, one-time MP for Cambridge and a long-standing critic of the opacity surrounding the use of intrusive powers – as well as a surprising supporter of DRIPA – said: "I welcome the mention of s94 of the Telecommunications Act 1984, [an] incredibly broad and unscrutinised power that allows almost anything to be done in secret on a Secretary of State's discretion."

Huppert added "It is good that at long as this is being looked at – it's something I repeatedly called for – however there is almost nothing said about it's use- it is apparently too secret even for us to be told that it has been audited and the IOCCO thinks it is reasonable."

"In fact, the IOCOO report says that 'My office is therefore not a position to be able to say confidently that we have been notified of all directions.'"

Huppert concluded: "We can have no confidence that these directions are reasonable when even the IOCCO, having been asked by the PM to have oversight, cannot be sure he knows of them all." ®


Biting the hand that feeds IT © 1998–2017