'Data blunders' led paedophile probe police to quiz innocent people
Innocent people have been wrongly implicated in paedophile investigations because of botched attempts to access communications data by law enforcement agencies and technology firms, a watchdog has revealed.
Errors in tracing information about internet activity led to one individual being arrested despite being completely unconnected to a child sex probe, t he Interception of Communications Commissioner (IOCCO) disclosed.
Blunders sparked five police searches at properties linked to people who had nothing to do with child abuse investigations, while three cases against suspected paedophiles had to be dropped.
IOCCO Sir Anthony May said such mistakes can have a "devastating" impact on those affected.
It was also revealed that a revised code introduced in March requiring judges to sign off requests to access journalists' data had already been breached by two police forces.
Sir Anthony's half-yearly report - his last in the role - provides the first details of 17 serious errors by public authorities or communications service providers (CSPs) in 2014.
The mistakes were made during activities to obtain communications data - the who, when and where but not the content - under the Regulation of Investigatory Powers Act (Ripa).
Ten were related to requests for internet data, including eight which related to investigations into sexual exploitation of children or instances where serious concerns were raised about a child's welfare.
Overall, nine were caused by human error, with the remainder attributed to technical faults.
State agencies were responsible for five of the errors and CSPs 11, with one blamed on an organisation referred to as "other party".
In one case, a public authority sought to trace the user of an email account used to groom a young girl as part of an investigation into child sexual exploitation but missed out an underscore on the address.
It led to a police warrant being executed at the premises of an individual unconnected with the investigation.
A technical error by a CSP saw three warrants executed at premises relating to individuals who were unconnected with police investigations into child sexual exploitation, with one of them also being arrested.
A systems glitch also saw a warrant wrongly executed at a property relating to people who were not linked in any way to an investigation into the uploading of indecent images of children.
Another erroneous application also involved a public authority requesting the data for the wrong time zone. This led to the wrongful disclosure of data relating to 10 individuals who were unconnected with the investigation.
The report added: "In addition, three cases where individuals had downloaded indecent images of children could not be pursued as by the time the error was identified the CSP was no longer in possession of the data."
Other examples of the impact of errors cited by the commissioner included:
:: Police investigating fraud and witness intimidation visited the premises of innocent people.
:: Five cases related to a drugs probe could not be pursued.
:: Welfare checks on children feared to be "in crisis" were delayed.
The mistakes were mainly linked to requests by public authorities to "resolve" Internet Protocol addresses - numerical labels assigned to devices on the internet.
Sir Anthony stressed the most serious examples should be seen in the context of a total of 998 errors from more than half a million notices and authorisations.
But he added: "Regrettably, when errors occur in relation to the resolution of IP addresses the consequences are particularly acute.
"Any police action taken erroneously in such cases, such as the search of an individual's house who is unconnected with the investigation or a delayed welfare check on an individual whose life is believed to be at risk, can have a devastating impact on the individuals concerned".
The report said that in all instances where there were "very serious consequences" the people affected are aware of the error. In the majority of cases, Sir Anthony said, they were "incredibly understanding", while others have taken legal action. Some cases have already been settled, it is understood.
Sir Anthony declined to name the organisations responsible for the errors.
His report also identified two cases where police acquired communications data to identify interactions between journalists and their sources without judicial approval since new rules requiring a judge's consent were introduced.
In one, a police force acquired data for a journalist and a "known associate who was also their source". In the other data was obtained relating to a "suspected journalistic source" working within police force.