130
Investigatory Powers Commissioner’s Annual Report 2019
18.11
There was a significant increase in the number of interception errors reported by five law
enforcement agencies (LEAs) in 2019 compared to 2018. LEAs reported 24 relevant56 errors
in 2019, compared to 13 in 2018. While the threshold for reporting errors is broadly similar,
2019 is the first full year of capturing relevant errors so again there is no direct comparison
to previous years. While this increase is potentially concerning, our investigations to date
have suggested that this increase may have resulted from the introduction of formal error
definitions under the IPA. Each agency is required to record regular reviews in relation to
interception errors.57 We will examine these records at our 2020 inspections and probe
whether appropriate measures have been introduced to prevent the repetition of similar
errors throughout 2020.
18.12
There were no serious errors reported in 2019 in relation to interception.
18.13
Once a public authority establishes that they have committed a relevant error they must
report it to the Investigatory Powers Commissioner (IPC) within ten working days. An
Inspector will then investigate the circumstances that led to the error. In all the relevant
errors that were reported in 2019 we are satisfied that the agencies concerned have taken
reasonable steps to mitigate the risk of reoccurrence of the same type of error: most of the
relevant errors reported in 2019 related to administrative process issues.
18.14
The most common error on interception related to the collection of material beyond the
point of authorisation. In several cases, there was a delay between the authority notifying
the telecommunications operator (TO) and the data flow from the intercepted device being
stopped after the warrant had been cancelled. Typically, this latency resulted in up to 48
hours of unauthorised collection, although technical safeguards at each relevant authority
meant that that data was not ingested into monitoring systems for analysis.
Data handling errors relating to interception material
18.15
In mid-2019 the National Crime Agency (NCA) notified us of two data handling errors which
they had identified during an internal review. The NCA briefed us on an ambitious internal
review programme which they had conducted following discussions about the adequacy
of safeguards on corporate systems with MI5 (see chapter 8). The first error related to the
unintentional retention of interception metadata in a pilot system which had been used to
test a potential capability. While this data was retained, it was not accessed by NCA staff
and has now been deleted.
18.16
The second error involved the retention of warrant related casework for interception for
longer than the required five-year period. The NCA reviewed all warrant casework records
and identified those that had been retained longer than the necessary period before
deleting them. We were pleased to note that the NCA also conducted a comprehensive
systems review and did not identify any similar errors in relation to data handling. Like MI5,
the NCA has taken the opportunity to review and strengthen safeguards to better enable
them to monitor and demonstrate compliance with RIPA and IPA safeguards.
Interception errors reported by non-intercepting authorities
18.17
During the year, we received four error reports in relation to police forces without
interception powers. Two of these errors occurred when the TO had provided material that
56 A relevant error is defined in section 231(9) of the IPA and in 10.12 to 10.16 of the Codes of Practice.
57 Paragraph 10.10 of the Code of Practice states: “A person holding a senior position within each intercepting
authority must undertake a regular review of errors and a written record must be made of each review.”