The UK’s Security Service wrongly gathered information about innocent telephone users during criminal surveillance, a report into the interception of communications has said.
The MI5 acquired data belonging to subscribers of 134 telephone numbers following a failure in software, Sir Paul Kennedy, Interception of Communications Commissioner, said.
“These errors were caused by a formatting fault on an electronic spreadsheet which altered the last three digits of each of the telephone numbers to ‘000’,” Sir Paul said in his annual review of how law enforcement agencies use legal powers to intercept communications in 2010 (63-page / 2.3MB PDF).
“These unfortunate errors were identified by the Security Service and duly reported,” he said.
“The subscriber data acquired had no connection or relevance to any investigation or operation being undertaken by the Security Service,” the review added.
Sir Paul said that the intelligence agency destroyed the material and fixed the “technical fault” within the spreadsheet. All Security Service requests for data are now checked manually before being sent to communication service providers to help reduce the likelihood of future errors, he said in his review.
Rules set out in the Regulation of Investigatory Powers Act (RIPA) state that law enforcement agencies, including the police and the MI5, can tap into phone, internet or email use to protect the UK’s national security interests, prevent and detect terrorism and serious crime or to safeguard the UK’s economic well-being.
Under the powers of the Act the Interception of Communications Commissioner must review how law enforcers use their RIPA powers.
Sir Paul also reported that information about 927 internet connections had been obtained by the Security Service despite being approved by insufficiently senior staff. He said the information gathered was about the history of internet use from those connections and had been approved for surveillance by officers ranked lower than the law demands because of an incorrect setting on the system used by the agency.
“This data was not obtained fully in accordance with the law and these errors were duly reported to my office,” Sir Paul said in his annual review.
“The Inspectors were satisfied that these errors had no bearing on the actual justifications for acquiring the data (i.e. the requests were necessary and proportionate),” Sir Paul said.
“The Security Service has corrected the setting on their system and this should prevent recurrence of such errors,” Sir Paul said.