2013 Annual Report of the Interception of Communications Commissioner
4.49 87.5% of the 970 errors were attributable to public authorities and 12.5% to CSPs.
Figure 11 (on the previous page) shows the breakdown of errors by responsible party
and cause.
4.50 Nearly half of the errors were caused by data being requested on the incorrect
communications address. Public authorities and CSPs must take action to reduce these
errors. Although I of course appreciate that everyone is human and mistakes will happen
from time to time, I do not accept that more cannot be done to reduce such errors
occurring. For example, our investigations have shown that in a large number of instances
where the applicant put the incorrect telephone number on their application form, the
telephone number was available to the applicant in electronic form and could have been
copied and pasted into the application. Had this simple step been taken, the error would
not have occurred.
4.51 A total of 970 reportable errors has to be taken in the context of all the data derived
from a total 514,608 notices and authorisations. Any reportable error is regrettable. The
majority of the 970 reportable errors had no serious consequence. I have to report that
7 errors with very serious consequences have occurred this year. Regrettably these errors
resulted in police action relating to wrongly identified individuals. In 5 of these cases the
mistakes caused a delay in the police checking on young persons who were intimating
suicide or on an address where it was believed that someone had been the victim of
a serious crime. Fortunately the police were able to identify quickly in these instances
that the persons visited were not connected with their investigation. In the remaining
instances warrants were executed at the homes of innocent account holders and this is
extremely regrettable.
4.52 All but one of these errors occurred in relation to requests for Internet Protocol
(IP) data to identify the account that was accessing the internet at a particular date and
time. There were 3 specific causes for the errors: data applied for over the wrong date or
time, the incorrect time zone conversion or a transposition error in the IP address.
4.53 One of my inspectors has conducted a full investigation into these errors. He
has held meetings with the relevant public authorities and CSPs to determine the
exact cause and ensure that steps are put in place and systems are changed to prevent
recurrence. It is clear that some of the errors could have been avoided if the details had
been transferred electronically between systems. Furthermore in some cases the error
was actually apparent on the result that was disclosed. It was unsatisfactory in these
instances that both the SPoC and the applicant failed to review the result properly and
identify the error. Had they done so the resultant police action and serious intrusion into
the privacy of innocent individuals would have been prevented. One of the roles of the
SPoC as prescribed by the Code of Practice is to assess whether the communications
data disclosed or obtained fulfils the requirement of the notice or authorisation. SPoCs
must ensure that robust measures are put in place to check results for errors before
dissemination. It is fortunate that errors with such severe consequences are very rare, but
I believe, as was the case in a number of these instances, that more should be done by
the public authorities to ensure they have sufficiently robust systems in place to prevent
occurrence.
36