Mistakes made around Internet Protocol (IP) addresses continue to pose the greatest risk of a “serious error” by law enforcement agencies, according to the latest report on the use of covert powers in the UK.
The annual report by the Investigatory Powers Commissioner, Sir Brian Leveson, says these errors can result in “significant harm” with people being wrongly accused of crimes.
There were 29 serious error investigations by the Investigatory Powers Commissioner’s Office (IPCO) in 2020, four of which involved significant harm. Three of these cases involved the upload of indecent images and the fourth was a crime in action. Common to all was the need to resolve details of the customer allocated to an IP address at a specified time and date, says the IPCO.
An IP address can move between customers and could be supplied with a time stamp from anywhere in the world. Of the 1,005 reportable errors, 109 fell into the ‘serious’ high-risk category.
Sir Brian’s report says the “biggest single cause of an error” rests with the applicant seeking communications data upon an incorrect identifier (telephone number, username, email address or IP address).
Although low in number, he says basic errors still occur and can lead to people being accused of crimes and highlight that “everybody involved must remain vigilant”.
The IPCO says the Error Reduction Strategy (produced by the National Police Chiefs’ Council Data Communications Group in conjunction with IPCO) is proving effective and has contributed to a fall in the number of errors made around IP address resolutions, from 506 in 2019 to 109 in 2020.
The IPCO makes specific recommendations when it comes across such issues at inspections throughout the year.
“Requests for warrants have at times lacked detail, data has been stored beyond given timeframes and human error has led to visits by police at incorrect addresses,” says the report, which was published on Thursday (January 6).
“We recognise that human error is inevitable in the course of complex and often time-critical investigations. However, it remains the case that many errors could be avoided if greater attention was paid to the legislation and the specific parameters of approvals to ensure the appropriate authorisations are in place in advance of an operation.”
The report adds: “We believe that this underlines the necessity for continuing high-quality training, particularly when key officers (such as Covert Authorities Bureau managers and authorising officers) with specific covert surveillance responsibilities retire or move on to different areas of work. Changes in personnel may increase the likelihood of errors occurring or reduce the overall standards of compliance. It is vital that inexperienced officers are given the necessary support and supervision to mitigate these risks.”
For the UK intelligence community, there were substantially fewer errors reported in 2020 than in 2019. While this may, in part, be as a result of agreed, amended short-term arrangements with the intelligence community during the early months of the Covid-19 pandemic, the IPCO said those arrangements specifically ensured that there was no delay in the reporting of serious errors.
The report covers activity carried out by the IPCO throughout 2020. It details the first full year for Sir Brian as Investigatory Powers Commissioner, who took up the role in October 2019. The IPCO independently oversees the use of investigatory powers, ensuring they are used in accordance with the law and in the public interest.
Sir Brian said: “I am pleased to say that, once again, this report demonstrates high levels of compliance with the relevant legislation across the range of organisations we oversee.
“There are improvements to be made but overall considerable measures have been taken to maintain the appropriate use of investigatory powers.
“Covid-19 has had a significant impact on both IPCO and the Office for Communications Data Authorisations (OCDA). With the particular help of our temporary Judicial Commissioners (a serving or retired senior judge who is responsible for reviewing applications for the use of intrusive investigatory powers), and with commitment and flexibility from everyone across both organisations, we have been able to adapt our ways of working to ensure robust authorisation and oversight regimes continued throughout 2020.”
As with IPCO’s findings in 2018 and 2019, drug-related offences continue to be the most common crime for which communications data was requested by law enforcement agencies in 2020, according to the report.
And for the first time since 2017, the use of covert human intelligence sources (CHIS) by law enforcement agencies increased, from 1,866 authorisations in 2019 to 2,086 in 2020.
Of the 2,137 CHIS authorisations granted across all public authorities, only three related to juveniles. None of these were under the age of 16 at the time authorisation was granted.
Certain public authorities acted on specific IPCO recommendations and positively changed their ways of working. For example, Greater Manchester Police purchased software to support its use of investigatory powers and employed experienced staff in key roles, and Her Majesty’s Prison and Probation Service introduced a new policy framework and set up regional units to advise on covert activity.
This year, the report provides a full overview of the use of The Principles in its first year of implementation. The Principles, which came into force on January 1, 2020, relate to the detention and interviewing of detainees overseas and the passing and receipt of intelligence relating to detainees, and replaced the Consolidated Guidance. The most important changes included the inclusion of SO15 (the counter-terrorism command of the Metropolitan Police Service) and the National Crime Agency alongside the UK intelligence community (UKIC) and the Armed Forces. The Principles are intended to ensure that the treatment of detainees overseas, and the use of intelligence on detainees, is consistent with the UK’s human rights and international law obligations.
The report outlines IPCO’s oversight of the use of covert powers by more than 600 public bodies, including UK intelligence agencies, police forces and local councils.
It also includes details of activities conducted by the OCDA, which was formed in 2018 as a result of the Investigatory Powers Act 2016 and is an independent ‘arm’s length’ body of the Home Office. The OCDA is responsible for considering nearly all applications for communications data made by relevant authorities in the UK, including law enforcement bodies and wider public authorities.
The OCDA became fully operational on January 13, 2020 and applications to OCDA for communications data authorisations more than trebled from 2019 to 2020. A total of 226,383 applications were received in 2020, compared with 71,610 in 2019.
During the initial lockdown period in April, OCDA encountered a four per cent decrease in the number of applications received. However, with lockdown restrictions in place and traditional surveillance options being limited, the OCDA recognised that communications data became an even more important tactic that authorities utilised as part of ongoing investigations.
The report shows that, in general, recommendations from the IPCO’s inspections have been implemented by public authorities.
“There is a growing level of understanding about the compliance challenges documented in previous annual reports and significant investment has been made into processes, structures and governance,” says the report.