2012 Annual Report of the Interception of Communications Commissioner
data received. In four of the cases the mistake was made by the public authority (either the
applicant or SPoC acquiring data on either the incorrect communications address or time period)
and in the remaining two the mistake was made by the CSP (disclosing data on the incorrect
communications address). All of these cases were requests for internet data (Internet Protocol
or node name resolutions). Regrettably, five of these errors had very significant consequences
for six members of the public who were wrongly detained / accused of crimes as a result of the
errors. The remaining one error also caused an intrusion into the privacy of an individual, as an
address was mistakenly visited by police looking for a child who had threatened to commit self
harm.
When such errors occur it is my responsibility to investigate the circumstances and work with
the CSP or public authority concerned to review their systems and processes to prevent any
recurrence. The public authorities and CSPs reported the errors promptly and provided my
office with further information as requested. A number of measures have been put in place to
prevent recurrence including; ensuring that all details are double checked, ensuring that SPoCs
understand the functionalities that are unique to each CSP, issuing an aide memoire to relevant
staff outlining the procedure to be followed and reiterating the checking process and potential
consequences of errors. The College of Policing have also issued tradecraft advice to SPoCs in
relation to IP resolutions, which include ensuring that more than one request is resolved where
there are different IP addresses or dates / times of access.This will enable the results to be cross
checked. Some of the public authorities have also put procedures in place to ensure the applicant
also provides the source documentation with their application to resolve an IP address. This
will enable the SPoC to double check the IP address, date / time of access and any time zone
conversions. I am satisfied with the measures put in place by these public authorities and CSPs
and hopefully this will prevent recurrence. Fortunately errors with such severe consequences
are rare.
Figure 10 shows that 30% of the errors were caused by either the applicant, SPoC or CSP
acquiring data on the correct communications address but for the incorrect date / time period
(an increase of 6 percentage points on 2011). An additional 7% of the errors were caused by the
SPoC acquiring the incorrect type of data (i.e. outgoing call data instead of subscriber data) on
the correct communications address.
The number of SPoC errors has increased this year from 36% to 47% and this is concerning. The
Senior Responsible Officers (SROs) are responsible for overseeing the reporting of errors to my
office and the implementation of processes to minimise repetition. My inspectors are satisfied
that they do this.
The vast majority of the errors I have described in the preceding paragraphs could be eradicated
by removing the double keying in the systems and processes. However in 26% of cases the
process started with the applicant actually requesting the incorrect details and this demonstrates
the need to emphasise the importance of double checking to applicants.
Furthermore, some errors can occur due to technical faults on the various systems used to
acquire communications data. Unfortunately such system faults will generally persist until they
are discovered and fixed. This year I was notified of one such system fault by a CSP. The CSP
30