Six British citizens were wrongly detained or accused of crimes as a result of mistakes made by authorities when requesting access to Internet data, the U.K. Interception of Communications Commissioner said.
A report detailing law enforcement's errors in the UK was published as interest in surveillance of ordinary citizens' online activities runs high, in the wake of disclosures about the U.S. National Security Agency's secret surveillance programs.
In 2012, U.K. public authorities submitted 570,135 notices and authorizations for communications data, according to the report published on Thursday. The principal users of this communications data are still the intelligence agencies, police forces and other law enforcement agencies, wrote Paul Kennedy who served as the Interception of Communications Commissioner through last year.
However, because public authorities often make many requests for communications data in the course of a single investigation, the total figure does not indicate the number of individuals or addresses targeted, Kennedy said, adding that those numbers are not readily available, but would be much smaller.
While the use of intercepted communications data helped authorities when investigating drug trafficking, investigating activities at a major illegal waste site and helped catching a swindler, numerous errors were also made, the report showed.
"During the reporting year, 979 communications data errors were reported to my office by public authorities," it said.
In the vast majority of these cases the mistake was realized by the public authority that reported the error after which the wrongly acquired data was destroyed. "Regretfully in six separate cases this year, the mistake was not realized and action was taken by the police forces / law enforcement agencies," the report said.
All of these cases were requests for Internet data and regrettably five of these errors had very significant consequences for six members of the public who were wrongly detained or accused of crimes as a result of the errors, the report said. In the remaining case the error caused an intrusion into the privacy of an individual, as an address was mistakenly visited by police looking for a child who had threatened to commit self harm.
Liberty, a U.K. rights organization, is concerned about the findings in the commissioner's report. "Cardinal Richelieu promised to be able to hang most honest men with just 'six lines' written by their hand. Imagine how easy it is with thousands of text messages, emails and web-site visits to make each and every one of us look like a criminal. So much for the innocent having nothing to hide and so-called 'communications data' not being an intrusion on our privacy," Shami Chakrabarti, Director of Liberty, said in an emailed statement on Friday.
Measures have been taken to prevent such errors from happening again, the report stated. They include ensuring that all details are double checked. A reminder was issued to relevant staff outlining the procedure to be followed and reiterating the checking process and potential consequences of errors.
Moreover, some of the public authorities have also put procedures in place to ensure the applicant also provides the source documentation with their application to resolve an IP address. This will enable those responsible to double-check the IP address, date, time of access and any time-zone conversions.
"I am satisfied with the measures put in place by these public authorities," Kennedy wrote, adding that this will hopefully prevent recurrence. "Fortunately errors with such severe consequences are rare," he said.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to firstname.lastname@example.org
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.