In his latest report Sir Paul Kennedy, the Interception of Communications Commissioner details how two members of the public were arrested by police and wrongly accused of crimes because officials wrote down the wrong numbers.
Two police forces were given the wrong information by a communications service provider (CSP) which led to two people being wrongly detained and accused of crimes last year. The case is currently under investigation, but highlights acutely the risks of error in accessing communications data. Equally, it is surprising that communications data was used to detain two people without any other corroborating evidence.
The report also found one official at a council was self-authorising requests for information by acting as applicant, authorising the application and then collecting the data while 52 requests in two local authorities were not approved by someone of sufficient seniority.
There are clearly serious problems with the authorisation process that allows hundreds of errors to go undetected in almost 900 cases. Furthermore,at a time when the Government is planning to massively increase the amount of data communications service providers must keep on their customers it highlights the stark gaps in safeguards and the weakness of authorisation processes that almost never require court approval.
The report fails to offer any evidence on the effectiveness of the 494,078 requests although it is fair to say that the 11% fall in data requests has not lead to a significant increase in the crime rate, or a fall in the clean-up rate.
As the Communications Data Bill is scrutinised, the very least the public deserve is a credible justification of why we should all be treated as suspects. This report does nothing to reassure anyone about the effectiveness of safeguards or the need for further surveillance, but does highlight the real threat to privacy increased data retention poses.