112
IPCO Annual Report 2018
document from which the number or identifier has been sourced and the number
contained in the actual application.
17.29
Throughout 2018, we have focused during inspections on examining applications for
internet related requests and the process by which they are acquired. We have continued
to highlight the vulnerability of resolving Internet Protocol Address Resolutions (IPAR).
Internet protocol (IP) addresses are dynamic and will appear in different date formats and
time zones, all of which present challenges for officers and staff within public authorities to
correctly interpret the returned data, and therefore pose a higher risk of an error occurring
than with other formats of CD.
17.30
With the National Police Chiefs Council (NPCC), we supported the work of the Data
Communications Group to produce a national ‘Error Reduction Strategy’. Published in
November 2018, the strategy is based on good practice and our inspection findings. The
Strategy will be used as a baseline in our 2019 inspection programme when assessing the
procedures in place to acquire internet data.
17.31
We note that incorrect time conversion is a persistent issue. This should be resolved
with the roll-out of a tool designed by the Home Office National Communications Data
Service (NCDS). Time conversion of IP activity from international timezones to GMT or BST
has long been an issue. Many internet service providers are hosted outside the UK and
data returned can, therefore, be in a variety of international time zone formats. With no
bespoke tool available, SPoCs used various online tools to assist with this conversion and
encountered a range of flaws. We have recommended that this tool, which was released
in February 2019, should be used and, as a result, we expect to see a reduction of these
errors in 2019.
Serious error investigations
17.32
We undertook 24 serious-error investigations in 2018 and determined that the 22 cases set
out in Annex C were serious errors. In eight of those cases, the IPC wrote to the affected
person informing them of the rights to apply to the IPT. Save for one historic error in the
recording of a telephone number, all other notifications were in some way connected to the
online sexual exploitation of children. We noted that in the case of investigation three, the
affected person had already addressed concerns to the IPT; that meant our role in this case
was to investigate and provide the IPT with our report.
17.33
Circumstances which we judge to be potentially serious are likely to include:
• Technical errors relating to the CSP secure-disclosure systems which result in a significant
number of erroneous disclosures;
• Errors when a public authority has initiated a course of action that has an adverse impact
on someone (for example, sharing information with another public authority stating
a person is suspected of a crime; when an individual is visited, or a search warrant is
executed; or there is an arrest); and
• Errors which result in the wrongful disclosure of a large volume of CD or a particularly
sensitive data set.
17.34
We note that IPARs pose the most risk of error, although our recent investigations have
identified a shift in that, in many cases, incorrect data was provided by the CSP or the
results received were misinterpreted. The need for explicit attention to detail when