back to article UK cops: Give us ONE journo's phone records. Vodafone: Take the WHOLE damn database!

Blundering Vodafone leaked the phone records of 1,760 Brit journalists and their colleagues to London's Met Police, a UK watchdog confirmed on Tuesday. The cops had used surveillance laws to demand information on one particular journo's calls. But after realizing Vodafone had handed over records on hundreds of journalists, …

  1. Anonymous Coward
    Anonymous Coward

    We need the tainted evidence laws of civilized countries

    What UK needs to stop this madness is the "tainted evidence" rules as already existing in US and on the continent. At the moment evidence which is obtained via a criminal act is still admissible in a UK court.

    1. Captain Scarlet Silver badge
      Coffee/keyboard

      Re: We need the tainted evidence laws of civilized countries

      Erm a criminal act which was Vodaphone giving it to them and then claiming "Oh wait it was Corrupt"?

      Vodaphone should give more details on what the rozzers requested

    2. Brian Morrison

      Re: We need the tainted evidence laws of civilized countries

      Exactly this!

      While the data may not have been obtained through a criminal act (it may just have been negligent) it seems extraordinary that anything obtained by accident can still be processed and used.

      If anyone wonders how it is that GCHQ and friends are using bulk intercept data within a strict legal framework, this tells you that while the framework may be strictly adhered to the underlying law is really rather wide and very lax in its approach to privacy.

    3. Jason Bloomberg Silver badge
      Stop

      Re: We need the tainted evidence laws of civilized countries

      At the moment evidence which is obtained via a criminal act is still admissible in a UK court.

      And long may that continue. Letting criminals off because of police wrongdoing is not the best way to do things nor best for us - only the criminal benefits from that. Would we really prefer to see criminals allowed to get away with what they have done because of the way evidence was obtained?

      Juries don't need to know how evidence was obtained, just that it is evidence. They are judging the defendant on crimes alleged, not judging on how the police do their job.

      That is not to say obtaining evidence illegally should not be punished but they are two separate issues.

      1. Fungus Bob Silver badge

        Re: We need the tainted evidence laws of civilized countries

        "Letting criminals off because of police wrongdoing is not the best way to do things nor best for us - only the criminal benefits from that."

        No, society benefits from keeping the police on a short leash, else they will become criminals themselves.

      2. Anonymous Coward
        Anonymous Coward

        Re: We need the tainted evidence laws of civilized countries

        @Jason Bloomberg

        "And long may that continue."

        Brought to you from the "two wrongs make a right" school of thought.

        ie the ends justify the means. What could possibly go wrong. After all, it works in Russia, China, Iran, N Korea, USA .....

        Ethics, we've heard of them.

  2. T. F. M. Reader Silver badge

    I cannot figure out from either the Met spokesman quote or the rest of the article whether the wrongly disclosed data were kept by the plod, or "returned to Vodafone" (huh??? they have it already...). It does not look like they were deleted though, and though I have trouble parsing the information snippets I suspect the plod retained the data, which seems to me the most troubling aspect of the story.

    Anyone can make a mistake (and this was a real blunder on Voda's part), but retaining what should not be in their possession looks quite intentional on the part of the plod.

    And do I understand it right that the metadata the Met sought was a part of this "corrupted" set? So they got nothing, since the source of the data (Voda) said that "any assumption that meaningful conclusions could be drawn from any aspect of the corrupted dataset was highly questionable,”

    I am inclined to infer that the rationale for keeping the data must be "let's see if we can start more investigations" rather than "let's see if we can use the info we asked for in court".

    1. frank ly Silver badge

      I think that the Met gave a copy of what they had (been given) to Vodafone so that Vodafone themselves could figure out what they had done. The impression is that Vodafone just dug out a big lump of data without paying much attention to it.

      However, the data was all about many journalists and staff at a particular news company. If the Met had asked for mobile phone data on one particular person who happened to work at a bank, would you expect the mobile phone company to give data about all employees of that bank? It may be that Vodafone had a contract to supply mobile services to the newspaper and made a mistake. It may be that the Met specifically asked about the newspaper and identified the original 'lone' journalist as a journalist working for that newspaper .... etc. I suspect we will never know, unless the Met tell the truth.

      1. Captain Scarlet Silver badge

        I doubt anyone will tell the truth now, both are likely to be in a damage limitation mode as I suspect some Corp will see this as an easy bag to get a bag of cash off someone.

        1. YetAnotherPasswordToRemeber

          Unless I've misunderstood the article, and as other have mentioned, Voda cocked up in supplying 1700+ phone records when they were only asked for 1 by the Met. The other issues are that the Met didn't notify Voda of the cock up, I'm not sure if they were obliged to, and then the Met took it upon themselves to process the data on ALL the supplied phone numbers, even though they were only investigating 1 number.

          1. Destroy All Monsters Silver badge

            Dress appropriately!

            I am sure the order for a large batch of leather rainjackets and boots has already been issued to the finest London tailors.

  3. king of foo

    woopsy

    Yes, I believe you... by accident you say. Uhu.

    A very convenient way to give the police what they want with the minimum fuss and effort.

    As an analyst, I often do something a bit like this when responding to a query because the specific question is never complex enough. In order to get to the real truth you often need to ignore a specific brief and try to fathom and understand the true requirement, then answer that instead.

    Often the recipient is too stupid to see what you've done and claims you are giving them "too much" or "that isn't what I asked for". Recognising this, then ignoring future requests is often a good way to make then go away.

    But I don't do this with sensitive data on "people" (e.g. salary benchmarking). That's just wrong. And if I was tempted, I'd merely present my findings at an anonymised, aggregated level, never the source data.

    This smells to me of an intentional act being explained away as a mistake. There was definitely motive. I'd want an independent investigation, and perhaps to consider the prosecution of both parties involved. Prosecution of senior directors. An ombudsman needs to have oversight of this. I can see a junior clerk being sweet talked; "just give us it all if it's a pain to filter it down to the right person" - I've successfully used this tactic myself to obtain pricing data for competitors using the same supplier as me. This is a little bit naughty, admittedly. The police hold a position of extreme trust so if they are grifting like this... Hmmmm...

    If the police are abusing their powers we need to strip those powers from them, not give them more. Theresa, are you listening, bitch?

  4. Marketing Hack Silver badge
    Happy

    Oh the irony!!

    Murdoch's newspapers involved in phone hacking scandal--as the victims!!

    1. Richard Taylor 2 Silver badge

      Re: Oh the irony!!

      And just think of the children (and more recently the terrorists)

      1. Marketing Hack Silver badge
        Childcatcher

        Re: Oh the irony!!

        Hey, don't forget the terrorist children!!

  5. Adam Jarvis

    Rebecca Brooks

    Yet Rebecca Brooks manages to escape prosecution. She must have been on o2.

    1. gazthejourno (Written by Reg staff)

      Re: Rebecca Brooks

      I am duty bound to point out here that Rebekah Brooks was charged, tried and found not guilty by a jury of her peers. The CPS has declined to appeal that not guilty verdict.

      1. Brian Morrison

        Re: Rebecca Brooks

        Yes, although it seems that some evidence involving her that could have been used didn't surface in time.

        But the double jeopardy rule has gone, so maybe there is scope for future action.

        1. Anonymous Coward
          Anonymous Coward

          Re: Rebecca Brooks

          You should probably also point out that it is highly unlikely that any of the millions of emails that she ordered to be deleted in 2010 "to eliminate in a consistent manner across NI (subject to compliance with legal and regulatory requirements as to retention) emails that could be unhelpful in the context of future litigation in which an NI company is a defendant" contained anything that might have changed that verdict either.

          Reference: http://www.theguardian.com/uk-news/2013/nov/27/rebekah-brooks-news-international-emails

  6. Ken 16 Silver badge

    Tough on The Sun

    Tough on the causes of The Sun.

    1. Richard Taylor 2 Silver badge

      Re: Tough on The Sun

      Small bang, lots of H and He?

  7. nematoad Silver badge
    WTF?

    Well?

    "The Met agreed that it would only use the material for a policing purpose..."

    Oh, and what other purpose should the Met use this data for?

  8. Lamont Cranston

    Vodaphone are incompetent, the police are corrupt.

    Business as usual, then?

  9. nsld

    Its an interesting one

    The plod are bound under CPIA 1996 to retain any and all information they recieve in relation to an investigation for the purposes of both prosecution and defence disclosure, regardless of the source. That doesnt mean they wont do there best to try and hide it, deny its existence, or as in this case spend three months trawling through it before advising anyone of the error. Those rules on timely disclosure of a data breach that apply to the average man in the street are clearly being ignored by the Plod.

    So Vodafone's cock up is an issue for Vodafone, once the plod have the excess information they have to process it and also they would be bound to disclose it on request to the defence. The danger of the extra data is that it may work against the prosecution.

    What it also throws into the works is that the "witness" (Vodafone) have said the data is crap which is again useful to the defence and a problem for the prosecution, especially if the case against the journalist is heavily supported by this data. I do wonder if Vodafone's admission on the data quality is as a result of conversations with its customer as it clearly doesn't help the Plod.

  10. Jess--

    I suspect the police asked for records pertaining to one phone numbers outgoing calls,

    Vodoafone dumped the outgoing calls from the account associated with that number not allowing for the fact it was a business account containing multiple phones.

    depending on the wording of the original request made by the police vodafone may have given them exactly what they asked for

    1. Destroy All Monsters Silver badge

      depending on the wording of the original request made by the police vodafone may have given them exactly what they asked for

      And if not, a little retconning of one actually wanted to do will take care of ... discrepancies.

  11. Anonymous Coward
    Anonymous Coward

    [I]Mike Darcey, chief executive of News UK, added in the pages of The Times: “A senior Vodafone executive has personally apologised to me for what he insists was ‘human error’. Vodafone accepts that the data was ‘wrongly disclosed’ and that our [B]trust and confidence[/B] in them have been badly damaged.[/I]

    Erm, pot kettle black?!

  12. Bloggs as DataProtector

    Oops

    Perhaps what happened was that a request arrived for said individual's phone records, and what was sent in response was copies of the monthly bills of the relevant NI corporate account - containing not only the target's number but all the other numbers, too.

    So no metadata, perhaps just records of chargeable calls and texts.

    Given the fact that the information was so old, were the phone bills simply available in pdf format? If so, I wouldn't have wanted to have been the person responsible for redacting the unnecessary numbers and preparing another pdf for the police.

    I wonder how long Voda keep copies of corporate phone bills for.

    One week, Parliamentarians are pilloried for destroying expense claims forms after too short a time, the next week its the turn of someone else to be criticised for hanging on to records for (perhaps) too long a period.

    Records retention policies. Who needs them!

  13. ForthIsNotDead Silver badge

    Interesting...

    Plod asked Vodafone for phone records pertaining one individual, a journalist. What they received was a big list of a load of journalists phone records.

    How does/did Vodafone know the occupations of their customers to the extent that they can say "Dear plod, here's a list of ALL of our journalists phone calls"? Upon what criteria did they collate the list? There's a lot more to this than meets the eye. It would suggest that their database is a more granular than one would otherwise assume. Just how much information are they storing?

    1. Jonathan Richards 1
      FAIL

      Re: Interesting...

      > How does/did Vodafone know the occupations of their customers

      Because, as the article seems to indicate, these were phones on a corporate account, not individual personal customers. You can probably query the call records database with the criterion "Corp_Customer_ID=...", or similar.

      What's more interesting is that Vodafone appears to operate a defective process for responding to MPS requests. It should be received by a responsible person, probably with the role of Senior Information Officer, who then delegates the data extraction, in terms which make sense in the company's context, and the extracted data should be reviewed by that SIO before they are despatched. That Vodafone's process didn't prevent this breach from occurring indicates that it's not fit for purpose, and some individual at or close to Board level should be held responsible.

  14. This post has been deleted by its author

  15. Dodgy Geezer Silver badge

    An Accident?

    ...Vodafone had indeed wrongfully disclosed more data than the police had asked for, but concluded the telco had not done so on purpose...

    Last time I looked, UK law didn't allow for 'an accident' to be an adequate defence against a breach of the law.

    Vodaphone cocked up. Therefore Vodaphone data protection procedures were inadequate, or were not properly enforced. Therefore they are in breach of the Data Protection Act, and a fine is in order.

    That's what happens to everyone else. The fine needn't be large, if it was a true accident and they co-operated. But a fine it should be. Otherwise, what a precedent!

  16. phuzz Silver badge
    Joke

    Wait...

    So why did we (as in the UK tax payer, in the form of GCHQ) pay them so much money to tap other companies cables?

    We could have just asked them to do one and saved all that money.

  17. Creamy-G00dness

    Which one was it then Voda??

    Corrupted Dataset or Human error?

    Make up your mind Voda, it can't be both surely..........oh wait.

    1. earl grey Silver badge
      Trollface

      Re: Which one was it then Voda??

      And don't call me Shirley.

  18. Christian Berger Silver badge

    Wait? They gave out data about journalists?

    Shouldn't journalists be among the group of people where it's near impossible to make a case against privacy? I mean journalists have sources to protect.

  19. Cynicalmark
    Happy

    Yeah right.....

    Vodafone will give your info to anyone for a price....well how else to telemarketers know who they're calling on your mobile...must be the most poorly secured telco in Europe...i have always had this issue with them but not with any of their competitors....very odd

  20. teebie

    "The police say they've given copies of the leaked information back to Vodafone."

    This doesn't seem like a terribly useful thing to do

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019