2012 Annual Report of the Interception of Communications Commissioner
reported that the fault may have resulted in the incorrect data (either false positives or false
negatives) being disclosed to public authorities in response to IP resolution requests. The CSP
initiated an investigation into the matter immediately and provided regular updates in relation
to the progress made in identifying whether any errors had occurred. Thousands of disclosure
requests were manually checked by the CSP and fortunately the error ratio was very low, with
only 39 errors discovered in total.The errors related to requests submitted by 14 different public
authorities and the CSP ensured that the public authorities were informed as soon as the errors
were identified and that the correct results were subsequently disclosed.
My office conducted an investigation into the impact of the errors. Fortunately the majority of
the results had not yet been acted on or had already been disregarded by the public authorities
as they did not relate to individuals known to their investigations. However in one case where
a false negative (i.e. no data) was originally provided, the subsequent positive disclosure led to
a suspect being identified and arrested for the possession of indecent images of children. In a
second case where a false negative was originally provided, the subsequent positive disclosure
led to two persons receiving warnings under the Harassment Act. This highlights how critical
communications data is to some criminal investigations and that without it, they cannot be
progressed.
I attended two meetings with the CSP in relation to the errors during which I was provided
with a technical briefing in relation to the errors, the progress and subsequent result of the
investigation and the measures put in place to prevent recurrence. I am very grateful for the open
and transparent approach that the CSP adopted in this matter.Adequate resources were deployed
and the staff worked diligently to identify the disclosures that had been affected, report the error
instances to my office and to the public authorities, and put in place the necessary corrective
action to prevent recurrence. I am satisfied that the CSP complied with their obligation under
Section 58 of RIPA and Paragraph 6.19 of the Code of Practice.
I can report that 33 of the 979 errors were first identified by my inspectors during their
inspections. This confirms that the inspections are worthwhile and provides evidence that the
public authorities’ records are properly scrutinised by my inspectors. In the main these errors
had not been reported by the public authorities in question as they had genuinely not realised
they had occurred. In a very small number of cases the lack of reporting was an oversight. All of
these error were subsequently reported.
It is important to make the point that although there is a drive to design automated systems to
reduce the amount of double keying and resultant human error that occurs, it is crucial for such
systems to be sufficiently tested and to be subject to ongoing data quality checks to ensure they
are functioning effectively. Otherwise there is a distinct possibility that the human errors will
simply be replaced by technical system errors.
Under the Code of Practice I have the power to direct a public authority to provide information
to an individual who has been adversely affected by any wilful or reckless exercise of or failure
to exercise its powers under the Act. So far it has not been necessary for me to use this power
but there is no room for complacency, and each public authority understands that it must strive
to achieve the highest possible standards.
31