UK spy overseer: Snooper's Charter cockups are still getting innocents arrested

Crossed wires – literally

Not every snooping cockup that IPCO investigated during 2017-18 was caused by human error.

One family had their home raided three times in six months by police who had convinced themselves a paedophile was sharing child abuse images from their IP address. After the third fruitless raid and seizure of computers and phones, PC Plod eventually thought to check the family router – where they “found an anomaly with the IP address assigned to it”.

They eventually figured out that the local ISP had crossed some wires in the local street cabinet.

This did not stop the State from seizing the family’s children – referred to in the dry language of the IPCO report as enacting the “safeguarding protocol”. Their case is due to be heard by the Investigatory Powers Tribunal, which is the secret court that investigates and occasionally rules in public on misuses of Britain’s surveillance laws by State agencies.

Time is not on your side

An unnamed ISP changed its record-keeping timestamps from the 24-hour clock to the 12-hour clock without telling police – and without including the crucial AM or PM suffix. After 173 further data requests from that ISP after the switch, police realised what had happened. In three of those police cases “reportable errors” had been made, with searches taking place based on IP address data that was 12 hours out of sync.

An innocent person’s home was raided in a planned police operation and a wanted suspect, identified only as an “EU national”, got away.

Does your ISP have your current address?

During two separate investigations into online child abuse image-sharing and grooming, police tried to resolve IP addresses to physical addresses. In one case “the named account holder couldn’t be linked to the postal address”, while in the other case the account holder was last recorded living at that address “over 10 years ago”.

Not to be deterred, the unnamed police force asked a court to rubber-stamp search warrants based on this incomplete and out-of-date information, raiding their targets’ homes and seizing computers and phones. “Forensic examinations” of those seized devices, predictably, turned up nothing.

Eight weeks later police saw more dodgy activity from one of the wrongly identified addresses – but this time, someone thought to check the police information with the phone company, which admitted that installation and billings addresses had “fallen out of sync”. Mercifully, police decided not to go ahead with a second set of raids.

There was nothing in the IPCO report to suggest that any State worker or agency was held to legal account for getting things wrong or not complying with the law. ®