format and the disclosure of key material. Part III of RIPA – the investigation of
electronic data protected by encryption etc – came into force on 1 October 2007
and the associated Code of Practice specifies that a public authority cannot serve
any notice under section 49 of RIPA or, when the authority considers it necessary,
seek to obtain permission without prior written approval of NTAC. I found the
briefing very informative providing useful insights as to how I will undertake my
statutory oversight role.
Successes
2.15 It is impressive to see how interception has contributed to a number of striking
law enforcement and national security successes during 2008. It has played a key
role in numerous operations including, for example, the prevention of murders,
tackling large-scale drug importations, evasion of Excise duty, people smuggling,
gathering intelligence both within the United Kingdom and overseas on terrorist
and various extremist organisations, confiscation of firearms, serious violent
crime and terrorism. I have provided fully detailed examples in the Confidential
Annex to this Report. I think it is very important that the public is re-assured as to
the benefits of this highly intrusive investigative tool particularly in light of the ongoing debate about whether or not intercept product should be used as evidence in
a court of law.
Errors
2.16 Fifty errors and breaches have been reported to me during the course of
2008. This is a marked increase when compared with the total of 24 errors and
breaches reported in my last Annual Report. I consider the number of errors to be
too high. By way of example, details of some of these errors are recorded below.
It is very important from the point of view of the public that I stress that, apart
from one instance (which was duly reported to the relevant prosecuting authority
and which is referred to in paragraph 2.31 below), none of the breaches or errors
was deliberate, that all were caused by human error or procedural error or by
technical problems and that in every case either no interception took place or, if
there was interception, the product was destroyed immediately on discovery of
the error. Where breaches or errors occur, procedures are subsequently revised or
strengthened in order to minimise the chances of a similar mistake being made
again. The most common cause of error tends to be the simple transposition of
numbers by mistake e.g., 1965 instead of 1956. The examples that I give are
typical of the totality and are anonymous so far as the targets are concerned. Full
details of all the errors and breaches are set out in the Confidential Annex.
2.17 The Northern Ireland Office/Police Service Northern Ireland reported
one error where the telephone number cited on the warrant was not that of the
target. The product received was deleted.
2.18 Thirteen errors were reported to me by GCHQ of which four are highlighted
below. The first case involved the requirement to stop monitoring an overseas
telephone number when that telephone was brought into the UK. GCHQ had put
in place specific measures intended to identify such a change of circumstance,
so that they could react accordingly and cease monitoring. Unfortunately, a lack
of coordination between the analysts concerned meant that no immediate action
was taken and the telephone continued to be monitored. On realising the error,
interception was ceased and the incident was reported to local management;
everything obtained as a result of the error was deleted. Updated working practices
have been put in place to prevent a recurrence of such errors.
2.19 The second error occurred in respect of a warrant signed by the Secretary of
State restricting the scope of the warrant to target one individual rather than the
three requested. GCHQ knew that a warrant had been granted but only became
aware of the restriction after the interception had commenced, whereupon the
interception of the two unauthorised targets ceased. No transcripts or intelligence
6