Report of the Interception of Communications Commissioner - 2016
Description:
A police force was conducting an investigation into the use of
blackmail to incite sexual acts by children over social media.
The force made a series of accurate applications to identify the
person using the offending account. In their final application, a
request was made to find the broadband account used to first
register the username. When sending this information to the CSP,
a transposition error changed the day and month. The name
and address received in response to this incorrect information
became the base upon which an intelligence package was built.
This intelligence was sent to another force who executed a
search warrant at the incorrect address. Officers seized a large
number of devices for forensic examination. All four occupants,
including two children, were subsequently interviewed voluntarily.
Because of the possible threat to the children at the address,
social services were called in to assist, and briefly separated the
children from their parents. The family’s solicitor received the IP
resolution results through the legal disclosure process. This was
queried by the account holder, and the error was revealed.
Consequence:
The police searched an address unconnected with their
investigation, carried out forensic examination of a large
number of devices owned by innocent people and conducted
voluntary interviews of four people. This included two children
who were then subject to formal safeguarding processes,
including being separated from their parents for a weekend.
Error Investigation 14
Error by:
Public Authority
Human or
Technical:
Human
Cause:
Misinterpretation of communications data.
Data Acquired:
Subscriber information relating to an IP address.
Description:
A police force was conducting a fraud investigation. They
made a series of accurate applications to identify the person
behind fraud conducted through a website. The results linked
an individual to the fraudster’s online account and subsequent
contact with the victim. Arrangements were made for this
individual to attend a police station for a voluntary interview.
During the interview, it became apparent that a misinterpretation
of the data had occurred. Rather than identifying them as the
user of the fraudulent account, they were, in fact, the person
who had set up WiFi at a local event.
74
@iocco_oversight