reports were produced and everything obtained without authority was deleted from
GCHQ’s systems. The process for advising GCHQ of the detail of authorisations
granted by the Secretary of State has been made more robust to prevent future
recurrences.
2.20 GCHQ reported similar errors in two separate cases. The two incidents
related to the targeting of “short” telephone numbers which resulted in the
unintentional collection of calls not associated with the intended targets. The
numbers targeted were 2-digits too short to be valid numbers in the jurisdiction
concerned. No intelligence reports were produced, and all the collected calls
were subsequently deleted. The analysts concerned have been reminded of the
importance of performing number validity checks, especially for any number that
appears to have fewer digits than expected. Improvements to GCHQ collection
systems will also significantly reduce the risk of unintentional collection of calls
to “short” numbers.
2.21 The Security Service reported twelve errors that were directly attributable
to them. Brief details of three of these are highlighted below. In the first case the
Security Service processed a modification to add a new mobile telephone number
to an existing warrant. Unfortunately the submission with the new telephone
number included an incorrect telephone number. This resulted in the wrong
telephone number being intercepted. The number was subsequently deleted from
the warrant; no product was obtained and there was no interference with privacy.
Security Service officers have been reminded of the importance of carrying out
thorough checks of telephone numbers added to interception warrants.
2.22 The second error involved a warrant where two digits had mistakenly been
transposed when the warrant was applied for resulting in an incorrect telephone
number being intercepted. None of the product from the interception had been
transcribed or retained.
2.23 The third error involved the continuing interception of a target who had left
the UK. A request was made for the warrant to be cancelled; however, due to an
administrative error, the warrant was allowed to lapse without cancellation resulting
in further interception. No communications were intercepted after the warrant
lapsed. The relevant Security Service officers were reminded of the importance
of suspending interception of communications with the relevant CSP as quickly
as possible. A subsequent review of procedure in this area has resulted in further
safeguards being put in place, aimed at avoiding this type of error in the future.
2.24. HM Revenue and Customs (HMRC) reported one error in respect of a
revalidation document for an urgent modification. Verbal authority was given for
an urgent modification to the schedules part of an existing warrant but in submitting
the revalidation document to the Home Office it transpired that the 5 working day
expiry date had been incorrectly calculated and the wrong expiry date had been
entered on the revalidation document. The telephone number intercepted under
the urgent arrangements had, therefore, been intercepted for 24 hours without the
appropriate authority in place. The interception was immediately stopped and all
the product destroyed. To guard against any errors of this kind recurring HMRC
has enhanced its internal processes by ensuring that expiry dates are checked
twice by senior officers.
2.25 The Serious Organised Crime Agency (SOCA) reported three errors,
one of which I have highlighted. Three days after the granting of a warrant of
interception, it was noted that no product was being received. A check revealed
that the incorrect number had been included in the application and had been
subsequently intercepted. The number intercepted was one digit out i.e., the
telephone number included a “3” in the place of a “5”. No product was received
and the incorrect number was deleted from the warrant that same day. All the
relevant staff have been reminded of the importance of double checking numbers
before submitting applications for interception.
7