Sunday 20 July 2014

The other side of communications data

[Updated 24 May 2021 with errors for 2019 based on IPCO report for that year.]
[Updated 6 March 2020 with errors for 2018 based on IPCO report for that year; and on 4 May 2020 with corrections to the 2017 and 2018 error figures.]
[Updated 31 Jan 2019 with errors for 2017 based on IPCO report for that year.]
[Updated 16 July 2015, 10 September 2016 and 20 December 2017 with errors for the years 2014, 2015 and 2016 based on the IOCCO reports for those periods.]

Now that the dust has settled for the moment on DRIPA (the Data Retention and Investigatory Powers Act 2014) we should perhaps not forget that, even though many will regard it as worth paying, a tangible price attaches to the authorities’ use of communications data for the investigation and prosecution of crime.

This is a human, not a money price.  Mistakes are made with communications data and can have (in the words of the Interception Commissioner’s Report for 2008) catastrophic consequences for members of the public.

Calculated as a percentage of requests for communications data, the proportion of errors is arithmetically small – in the region of .2%, or 1 in 500.  But when the police arrive at an innocent front door to execute a warrant, that is not an arithmetical event. Since 2008 that, or something equally serious such as the arrest of an innocent person or a wrong accusation, has happened eleven times. [Now 73 times including 2014, 2015, 2016, 2017 and 2018 figures.]

The errors are set out in the Interception Commissioner’s Annual Reports.  These are the statistics since formal oversight of communications data requests began in 2005, covering requests by all public authorities.

Total communications data requests
Arrests, accusations, warrants executed [or other coercive power]1
2005-6 (15 months)
2006 (9 months)
- (from Oct 2007 only privacy-intrusive errors are included in statistics)
(The Report separates 640 overall errors and a further 1061 arising from two technical faults in an intelligence agency's systems, treated in the Report as one error.)
761,702 (items of data, not comparable with previous years' count of number of requests) 
754,559 (items of data) 
757,977 (items of data) 
926 934
808,214 (items of data) 
903 949
768,080 (items of data) 
[Note 1: Figures for 2017, 2018 and 2019 include instances where no search warrant was executed or arrest made, but equipment was seized. 2019 includes an instance of forced entry where IPCO determined that no serious harm resulted.]

[Note 2. The figure of 903 for 2018 is subject to clarification as to whether it includes 46 intelligence agency CD errors.]

[Note 3. Following correspondence with the IPCO press office, corrections have been made to both the 2017 and 2018 error figures. It appears that the 2017 total did not include intelligence agency figures.]

Or graphically:

[These numbers count the numbers of persons arrested, rather than the number of incidents. Thus if two persons were arrested on the same occasion as a result of the same error I have counted that as two arrests.]

The first reported catastrophic incident was in 2008.  That was the result of confusion over interpretation of international time zone information relating to an IP address. The then Interception Commissioner Sir Paul Kennedy reported it thus:

“In this particular example the police took swift action when information from a reliable source suggested that a number of very young children were at immediate risk of falling into the hands of a paedophile ring. Subscriber information relating to an Internet Protocol (IP) Address was obtained in order to locate an address for the children but unfortunately it would appear this was not correct. The police entered the address and arrested a person who was completely innocent and further enquiries are continuing. This was a very unfortunate error and the whole process of obtaining data relating to IP addresses has been re-examined.”
No incidents of this nature were reported for 2009 and 2010, but in 2011 two occurred.  Sir Paul Kennedy again:

“Unfortunately in two separate cases where a CSP disclosed the incorrect data, the mistakes were not realised and action was taken by the police forces on the data received. Regrettably, these errors had very significant consequences for two members of the public who were wrongly detained / accused of crimes as a result of the errors. I cannot say more about these two instances at this time as investigations are ongoing. … I am pleased to say that this CSP has since put in place some very sensible measures which will hopefully prevent recurrence of similar errors in future. Fortunately errors with such severe consequences are rare.”
The next year, 2012, saw a rise in the number of errors that had severe consequences.

“Regretfully in six separate cases this year, the mistake was not realised and action was taken by the police forces / law enforcement agencies on the data received. In four of the cases the mistake was made by the public authority (either the applicant or SPoC acquiring data on either the incorrect communications address or time period) and in the remaining two the mistake was made by the CSP (disclosing data on the incorrect communications address). All of these cases were requests for internet data (Internet Protocol or node name resolutions). Regrettably, five of these errors had very significant consequences for six members of the public who were wrongly detained/accused of crimes as a result of the errors. The remaining one error also caused an intrusion into the privacy of an individual, as an address was mistakenly visited by police looking for a child who had threatened to commit self harm.”
2013 saw two such incidents, described in the first Report of the current Interception Commissioner Sir Anthony May:

“I have to report that 7 errors with very serious consequences have occurred this year. Regrettably these errors resulted in police action relating to wrongly identified individuals. In 5 of these cases the mistakes caused a delay in the police checking on young persons who were intimating suicide or on an address where it was believed that someone had been the victim of a serious crime. Fortunately the police were able to identify quickly in these instances that the persons visited were not connected with their investigation. In the remaining instances warrants were executed at the homes of innocent account holders and this is extremely regrettable. [The report does not state how many such homes or people were involved. We have assumed two.]
4.52 All but one of these errors occurred in relation to requests for Internet Protocol (IP) data to identify the account that was accessing the internet at a particular date and time. There were 3 specific causes for the errors: data applied for over the wrong date or time, the incorrect time zone conversion or a transposition error in the IP address.”
[For 2014 the Interception Commissioner's Report said:
"These 21 errors (12 technical and 9 human) resulted in action being taken against the wrong individual (for example, an innocent individual’s address being visited by officers, or a warrant being executed at the wrong address) in 12 instances; and on 4 occasions caused a delay in the police conducting welfare checks on a person in crisis. Some of these errors occurred in relation to the resolution of Internet Protocol addresses and the consequences of these are particularly acute. An IP address is often the only line of enquiry in a child protection case, and it may be difficult for the police to corroborate the information before taking some form of action against the individual identified. Any police action taken erroneously in such cases, such as the search of an innocent individuals house, can have a devastating impact on the individual concerned. These errors are extremely regrettable and it is fortunate that errors with such severe consequences are rare."]
[The Interception Commissioner's Half-Yearly Report of July 2015 goes into considerable detail about the serious errors investigated during 2014.  The six mistaken search warrants or arrests listed for 2014 in the table above were caused as follows:

- Omission of an underscore when transcribing an e-mail address led to the wrong subscriber information being provided and a search warrant being executed at the premises of an individual unconnected with the investigation.

- A CSP's data warehouse system change affected how GMT and British Summer Time were treated. This was not communicated to staff using the data retention disclosure system. This led to a one hour error in subscriber information disclosed in relation to IP address usage. Of 98 potential disclosure errors identified, 94 were in fact incorrect and four returned the same results when re-run. Of the 94 incorrect disclosures, in three cases a search warrant was executed at premises relating to individuals unconnected with the investigation (and one individual was arrested).

- Due to a technical fault causing a time zone conversion to be out by seven hours, a CSP voluntarily disclosed an incorrect IP address to a public authority.  That led to a search warrant being executed at premises relating to individuals unconnected with the investigation.]

The Annual Report for 2015 also gives more detail in Section on the causes  of the errors (both human and technical).]

[The 2016 Annual Report contains a chapter on IP Address Resolution Errors, included in order to raise the profile of the issue with public authorities and among victims and their legal representation. The Commissioner is concerned by the increasing number of errors that occur when public authorities try to resolve IP addresses. He says that there needs to be a change of mindset away from the assumption that technical intelligence, such as an IP address resolution, is always correct.

Annex D to the Report contains details of 29 serious error investigations.]   

[Annex B to the 2017 Annual Report contains details of 24 serious error cases resulting from 33 serious error investigations.]

[Annex C to the 2018 Annual Report contains details of 22 serious error cases resulting from 24 serious error investigations.]

In all, since 2008 accountholders have mistakenly been the subject of arrests, accusations [seized equipment] or search warrants on 11 occasions [now 74 occasions]. This does not include the five 2013 cases [, four 2014, six 2015, nine 2016, ten 2017 and three 2018 cases] in which people were visited [, contacted or spoken to] by the police, since the Reports does not state that anyone was wrongly accused.

A point of subsidiary interest is where the responsibility for errors may lie as between the CSPs producing communications data information and the requesting public authorities. The Commissioner’s statistics split overall errors into those attributable to the CSP and those to the requesting authority. 

This graph is based on the figures in the Annual Reports [to 2018]. 

The split for 2010 is as reported by the Interception Commissioner, based on an overall figure of 640 errors and excluding a further 1061 errors treated as one error. If those had been treated as individual errors the split for 2010 would have been 7% CSPs and 93% public authorities.

The 2013 Interception Commissioner's Report states that the overall figures for communications data requests in 2011, 2012 and 2013 exclude urgent oral applications, which in 2013 totalled 42,293. It does not comment on whether the same is true for previous years.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.