100
IPCO Annual Report 2017
• Enhance the ability of SPoCs to transfer electronically (e.g. copy and paste) the
communications address and relevant dates / times / time-zones from the application into
the CSP secure disclosure systems, a section 22(3) authorisation or a section 22(4) notice.
• Enhance the ability for CSPs to transfer electronically (e.g. copy and paste) the
communications address and relevant dates / times / time-zones between their systems
whenever possible.
• A requirement for the public authority receiving the information from the CSP (and any
additional public authority to whom that intelligence is disseminated) to check and double
check the material disclosed against the relevant requirements prior to taking action.
• Public authorities, whenever possible, should conduct research and carry out intelligence
checks to seek corroboration prior to executing warrants.
• Provide instruction to applicants and investigating officers to revert straightaway to their
SPoC, or to the agency who provided the information, in cases where they have cause to
doubt the disclosure
• Ensure that the CSP secure disclosure systems are tested sufficiently prior to
implementation and after any significant updates or upgrades.
• Ensure there is standardisation and consistency, to the extent achievable, in relation
to the data-entry requirements on the different CSP secure disclosure systems.
• A requirement for the SPoC to inform the CSP immediately if an error is identified which
might be the result of a technical system fault (even where the error has been classified
as a recordable error).
• Ensure that there are regular quality-assurance audits of the CSP secure disclosure
systems in order to identify faults.
• Ensure i) that the CSPs and system vendors are aware of the potential significant
consequences of system errors; ii) that the public authorities are informed of any systems
errors immediately; and iii) the causes of the errors in this category are corrected at the
earliest opportunity.
Inaccurate data inputs
14.54
The CSP, as the owner, provides the relevant communications data once an application is
approved. This data will often include subscriber and account information, service-use data
and traffic data (the ‘who, when and where’ material). The data is then stored for direct
retrieval by an accredited Single Point of Contact Officer (SPOC).
14.55
In one case an investigator sent out an urgent request and acted on the results, ignoring
the ‘flag’ that indicated a fault required that the results should be manually checked (See
Annex B – serious error investigation 16).
14.56
In another case, a public authority was provided with data for a property with no connection
to the suspected illegal activity. A search of the premises took place (Annex B, serious error
investigation 17). A subsequent investigation identified that wires in a street cabinet had
been inadvertently crossed. This is now subject of an application before the Investigatory
Powers Tribunal.
14.57
By way of a final example, the wrong house number was entered on the documentation
for the suspect’s home address.