Report of the Interception of Communications Commissioner - July 2016
Error Statistics
7.83 In terms of how errors are counted, one erroneous human act will typically
correspond to one erroneous disclosure (e.g. an applicant submits a request for
subscriber information on the wrong telephone number and erroneous subscriber details
are acquired). When however the erroneous act relates to a technical system, for example
a CSP’s secure disclosure system (more on such systems later), one error is likely to have
multiple consequences and to result in a larger number of erroneous disclosures.
7.84 The total number of errors reported to us in 2015 was 1199. This is an increase
of 20% on the 998 errors reported in 2014. As the majority of errors are self-reported
it is difficult to comment whether this represents greater vigilance in the spotting of
errors; less care being taken; or is proportionate to the type of data being acquired. A
comparison with the 2014 figures reveals that the main cause for the overall rise is a
larger number of incorrect communications identifiers being submitted by applicants
and SPoCs or data being acquired over the incorrect date or time period.
7.85 It is of note that a large proportion of these errors (including the majority of
errors where applicants specified the incorrect date or time) relate to internet protocol
addresses. This is significant considering internet protocol addresses account for less
than 14% of the items of data acquired by public authorities and given the potential for
serious consequences to result from mistakes that are made when resolving internet
protocol addresses. For example, an internet protocol address is often the only line of
inquiry in a child protection case (so called single strand intelligence), and it may be
difficult for the police to corroborate the information further before taking action. Any
police action taken erroneously in such cases, such as the search of an individual’s house
that is unconnected to the investigation or a delayed welfare check on an individual
whose life is believed to be at risk can have a devastating impact on the individuals
concerned.
7.86 We highlighted the vulnerability of resolving internet protocol addresses in
our July 2015 report58 and, to summarise, the fact that internet protocol addresses are
generally dynamic in nature and public authorities receive information about internet
protocol addresses linked to crimes (and other statutory purposes) in numerous time
zones and date formats, and are correspondingly required to acquire data from CSPs in
numerous time zone and date formats to resolve which individual they relate to, presents
opportunities for errors to occur.
7.87 It is expected that the need for public authorities to resolve internet protocol
addresses will only increase over time and it is therefore crucial that public authorities
work closely with CSPs and other system providers to implement both technical solutions
and pre and post acquisition checks to prevent such errors. or ensure they are promptly
identified. We have seen examples within a number of public authorities where the
implementation of such measures, including those which we recommended in our July
2015 report, have prevented erroneous data from been acquired in the first place, or
58 http://www.iocco-uk.info/docs/2015%20Half-yearly%20report%20(web%20version).pdf
www.iocco-uk.info
67