So many terrorists in the UK!!
Police forces across Blighty made more than 700,000 communications data access requests in the space of three years, responses to an FOI request from Big Brother Watch have revealed. Privacy worrywarts will be alarmed by the level of email and phone snooping demands that have been submitted by cop shops across the country, …
"... between 2012 and 2014" - is that "between" ie neither 2012 or 2014 but 2013 only?
Or is it for 'two years' (paragraph one of text)?
Or 'three years' (paragraph one of quoted report)?
Methinks confusion reigns.
Whatever, it's 700k individual phone numbers - that's grandiose super-slurpage which rates (on an A-Z scale) about 'why?'
What would be really interesting would be the type of case they request comms data for, and how many requests for each case. Are the requests focused on a chief suspect whom they have good reason to think is communicating with co-conspirators, or are they just doing one big data slurp of all possible suspects on the off-chance of picking up something useful?
I think they're both illustrative.
First, being stopped by the police at a checkpoint, driving late at night. First, they breathalyse me. Nothing. So then they ask to look in the boot. Now, officially, they're only supposed to stop you on suspicion of a specific crime. So what the fuck did they suspect me of? Smuggling while drunk? But what can I do to enforce their rules? I'm alone at night with a handful of cops. I can open the boot and be on my way in a minute or I can explain to them that they have the right to breathalyse me or look in the boot but not both and probably spend the night in a cell waiting for it all to be sorted out. Sadly, my convenience trumps my rights.
At work a few years ago, a seventeen-year-old girl doing work experience spent the day on my team. Her father was a detective, and she said laughingly at one point how it was a bit of a pain having him do criminal background checks on her boyfriends -- "but it's alright, he's allowed to, he's a detective." Didn't get in an argument with her at the time, but no, he's not bloody allowed to. But he clearly thinks he is, and his family think he is. And, you know, if I were breaking the law at work, I wouldn't tell my teenage daughter; or, if I did, I'd swear her to secrecy. That he'd done neither showed that he was in an environment in which no-one thought he was doing anything wrong. Everyone's at it -- or turning a blind eye, which, if your job is to enforce the law, amounts to the same thing.
I think protests about the Snooper's Charter miss the point. The data checking that is done according to the law -- existing law or a new proposed law -- isn't a major problem, because it's done by police officers (and others) who obey the law and presumably have some respect for it. The problem is the rest, who, no matter what the law says, will ignore it because they don't think it really applies to them.
What needs to be changed is the attitude of the police. The only way to do that is to lock a few of them up. There are plenty of them breaking the law, and there will still be plenty of them breaking it after it changes, so the CPS aren't short of examples to make.
... so we are told, when they stubbed their toe it would be a week before the signal reached their brain and they experienced pain.
20 December 2002, you will remember, as if it were only yesterday, is when the BBC reported Phone firms 'flooded' by crime checks:
Almost half a million inquiries are made to the firms every year by police and customs officers, the BBC has learned.
That's about one inquiry per minute. 14½ years later, the "worrywarts" have got the number wrong and they've forgotten about HMRC.
Not all the dinosaurs were wiped out when that comet landed in the Gulf of Mexico.
Erm, that's 700k requests in 3 years, not 2 (Jan 2012 to Dec 2014).
And that's across 50 police forces plus cross force bodies.
And do you know how this actually works? Police analysis leads to a reasonable suspicion of a group drug dealing or other criminal activity (a lot more often than terrorism), so they make a request for itemised phone records for each of the people involved (time of call, duration, target number called), backing up this request by the information they've gathered so far as justification (cf getting a warrant to search a property).
Drug dealers and organised criminals usually have quite a few mobile phones, plus landlines, plus mobiles for their partners etc. You grab records for all of these to see what other numbers they call, and then you can see who else might in their gang, where they might get their supplies from, where the money goes, what other mobile sthey might have that you don;t know about yet etc. And for numbers they call a lot, you then request the call record for those numbers - a bit of call pattern analysis and with luck you're starting to get a wider picture of the people you're investigating, and the timing (who calls who when, etc).
So a single relatively investigation may easily involve requests for 10 or 20 phones, with a similar number following on. Add in more calls for when a month later you want to grab fresh data for the people involved to see if it still matches before you actually pounce and arrest people, and maybe a few records that turn out to be false leads, and it's not unreasonable to see what is notionally a single investigation pulling in 100+ records (it was different when they analysed paper bills by hand, but now it's easy to import these into network analysis tools).
Suddenly 700k requests in 3 years starts to sound not so many...this is not casting a net far and wide, but does 3,000 active investigations per year sound that unreasonable in a country of 60 million people?
"You grab records for all of these to see what other numbers they call, and then you can see who else might in their gang, "
With six degrees of separation at most then all these house searches and trawls are almost certainly going to turn up something that breaks a law somewhere. Then the Police can claim retrospective justification for targeting a whole raft of innocent people. It can appear to be an act of desperation when a costly investigation is stalled and the police are "certain" somebody is guilty of something - in spite of a lack of evidence.
Reminds me of a politician's friendly quote about the then Home Secretary David Blunkett.
"David thinks anyone who is not David Blunkett should be in jail".
If only it were that simple - I think you might be confusing the computers from movies with those from real life. I find a drug dealer regularly phones 118500, his mother, a local pizza shop, 2 suspected colleagues and a third number.
Reverse lookup the 3rd number (oh, there's another request) and it turns out to be someone who's of no interest but was just a contact for some reason. The police really haven't got the time, the info, the inclination or the interest to go digging on random people that come up in these things. But if it turns out that person works in a bank, or a courier firm, or a bookie, or a school, or a hospital, then yeah, you might dig a little deeper in case they're laundering cash, transporting drugs, obtaining drugs, or a potential danger to children who fall under a duty of care (this last one to point out it's not a blanket "but what about the children" but that the duty of investigation is very real), because that's the basis of an investigation. The police wouldn't be doing their job otherwise.
Look at the numbers of actual investigations this works out to ..... how many "rafts of innocent people" do you think the police have the time & resources to "trawl" ?
Genuine snoopers charter concerns, sure, be very worried.
But 700k requests in 3 years by ALL the UK police forces doesn't sound that bad once you look at what all those police officers we pay for are supposed to be actually doing. This report is a red herring - "trawling" will involved much much much bigger numbers than this.
You make a good case, Sir. But if that's why and how it's done it seems to me that a judge would have no problems writing out a warrant for cops to access the data - as has happened for decades.
What is more of an issue is that police and government now want massive and warrantless access to everyone's data, and the only reason they can offer is that it will keep us safe from the dreaded paedoterrorist alliance.
That does sound unreasonable.
[The a/c here]
Sure .. I agree with you that the government wanting massive access without individual authorisation ("Snoopers Charter") is massively unreasonable.
But this report is not that, and in my opinion misleads from the larger and, as you point out, more important issue (cf a hypothetical scare about "all police stations contain secret stores of bladed weapons that the officers can request access to" which would turn out to be scissors kept in stationery cupboards).
At least there's some transparency on "requests" and it appears that a judge is involved. Which is a step above the "let's slurp everyone" from those happy folks at NSA.
Disclaimer: Yep.. Partriot Act is dead, for now. Freedom Act is in the wings. And it'll take 16-18 months to wind down the Patriot Act slurp... To paraphrase an old song: "The Slurp Goes On....."
This article was about the UK, not the US.
However, it is not entirely clear that there is much difference between the bulk metadata collection that the US FISC authorized under the Patriot Act, giving the NSA a database that they searched a few of thousand times a year and what will be allowed under the Freedom Act, assuming it will be passed without substantial change. The data will not be materially more secure, including from misuse by the Agencies, and the number of inquiries almost certainly will increase because analysts will not be able to define queries that do database joins.
One point of similarity between the US and the UK, however, is that in both the overwhelming majority of the inquiries are generated by normal, mostly local, police activity. Extrapolating based on population suggests a number in the US approaching four million over a three year period.
I did know that the article was about the UK. I just found it refreshing to hear that they had to have a judge sign off on the requests. I was just making note about the fact that there's actual numbers released unlike here in the US where getting a breakdown by agency is impossible. The UK seems to have more transparency, at least on the surface of things.
@Mark 85: the report impressed me as well. Compared to the so-called transparency report over here, this is interesting. It would be interesting to see a bit of detail on clearing the innocent v. irrelevant v. guilty but hell, the police force probably have an overwhelming amount of box-ticking already. Very nice.
"Suddenly 700k requests in 3 years starts to sound not so many...this is not casting a net far and wide, but does 3,000 active investigations per year sound that unreasonable in a country of 60 million people?"
It's not clear whether the 700k are requests, including repeats, for single phones as you assume. Looking at the PDF the table for rejections has a footnote against Cheshire Constabulary that the units reported are batches which may contain up to 40 phones. If this is the basis of some of the other reports but not documented as such then the effective number of requests could be much higher.
Requests are submitted in batches, so yes, you make a valid point about how the counting is done.
But still if a single investigation covers a number of mobile phone telcos, and I only discover further numbers as I go, and I have to request phone calls and emails etc separately then you're still going to get lots of requests.
I think the point I'm trying to make is that 700k request in 3 years actually comes down to quite targeted operations, but the headlines seems to wanting to make it sound like this is proof of near-blanker surveillance and fishing trips etc.
I gather from your explanation that you have experience at the sharp end and you may well be correct that this is not excessive.
However my view, and I'm sure many here share it, is that as things stand there is no due process in place that corresponds to a search warrant. In fact, it's worse; with a search warrant, unless the premises are unoccupied, the suspect parties will be aware of the action and could even challenge the warrant, is only in retrospect. Although some queries will be made in respect of a seized phone in many (?most) the subject will be unaware.
I think two things are needed to ensure that this is done right.
The first is that authorisation be taken out of the hands of a senior officer or minister - I cannot be persuaded that this is due process. It should be done by a disinterested party such as a magistrate or judge on the basis of reasonable suspicion.
Secondly there should be an oversight authority to review the results. Each investigation should, after a suitable interval, report the proportion of the requests which resulted in significant information. Investigations yielding an unexpectedly high proportion of negative results should be required to explanation by the investigation team. The authority should be responsible for publishing an annual report summarising this and providing more detailed feedback to the individuals who authorised the original requests - in part this would be to discourage regulatory capture.
A proper review process would require much more detailed information from the Police. For instance in the report referenced in the article only one force, Humberside IIRC, provided a breakdown of the types of crime suspected. One category was traffic offences. I'm guessing these would be suspected texting whilst driving or the like. If requests are made on the basis of reasonable suspicion, say a report that someone was seen doing this, one would expect a high proportion of the requests would produce evidence to support the suspicion - but not 100%. Sometimes the suspicion would be reasonable but mistaken and the result of the request would be to clear the suspect. Clearing an innocent person is as important a result as providing evidence of guilt in a criminal investigation. If, however, a force were to produce a lot of negatives in such a category the oversight authority would have to look at the possibility that the traffic officers were conducting fishing trips whilst the same level of negatives in a serious crime investigation might not be out of the way and investigation of seized, suspected stolen, mobiles would have yet a different expected level of negatives.
Upvoted you as I think you have a valid point, but TBH I only really know in depth about the logistics around data processing and then the actual analysis tools and techniques (to those saying "there are better ways" this is typically part of what as a manual process was called Anacapa analysis and is applied to a lot more then phone logs mechanically recovered from the telcos and in fact to a lot more than phones and emails, it's very useful for any sort of transactional and relational analysis).
I know that as these requests went from a manual request+authorise+process+analyse pipeline that could take several weeks to produce results, to a more automated process, the authorisation is still an important step (depending on the body making requests and the jurisdictions involved - this is a global process of course and for bodies acting in a military context things tends to be quite different) but judging the diligence for such authorisations for UK police is not (was not) something I saw enough of to form an opinion.
Anything like this that is done repeatedly becomes open to abuse and mis-use, and an oversight authority to audit after the event is a good idea - what I'm saying is that whether this is already done sufficiently well at an organisational level etc is not something I can comment on - I'm not disagreeing with your points and your arguments.
"[...] with a search warrant, unless the premises are unoccupied, the suspect parties will be aware of the action and could even challenge the warrant,"
It is my understanding that the police do not need a search warrant if they arrest someone. A search is automatically enabled by the arrest.
All that is needed to justify an arrest in the situation of a suspected group activity is a woolly "suspicion of conspiracy to commit...". In other words guilt by association - no matter how tenuous the link. The target is usually people's computers that are then impounded for several months.
A recent arrest of a suspect in a murder case was something like the 12th serial arrest of apparently unconnected people. This suggests that arrest is becoming the opportunistic option instead of building a case of substantial evidence first.
"Drug dealers and organised criminals usually have quite a few mobile phones,"
And the brains behind the outfits probably use Redphone or other encrypted call setup systems.
There are better ways to deal with the drugs problem (health issues) than by playing whack-a-mole with the foot soldiers and demonising victims.
Please point out the crims using electronic communications. Oh wait, you can't unless you monitor their electronic communication. What a pity that so many are so ignorant as to think computer monitoring of data is unreasonable in the age we live in. Next time you go to fly on a commercial airliner, stop and point out the terrorists and crims scheduled to board the planes. Authorities will appreciate the help as they have little means of knowing without searching for explosives, knives, loaded handguns, etc. Being ignorant or in denial doesn't make you right, it just makes you ignorant and clueless.
Happy to help. Two words: "due process". It's the difference between living in a liberal democracy and living in a police state. We're just about to celebrate the 800th anniversary of its being part of English law. It seems that the way chosen to celebrate that is to remove it.
Re ignorant & clueless. I spent many years dealing with terrorism in N Ireland in the 70s & 80s. What are your qualifications in this?
Something really doesn't add up in all this. This is a lot of data being requested, they even collect and log all of our car journeys but still there are plenty of drug dealers and organised criminals around. So either it shows this kind of police investigating doesn't work or they are collecting this data for some other purpose? Are they collecting and profiling but not acting on it? Or are criminals clever and making sure they avoid tech?
Either way I say no to the snoopers charter!
I think the previous A/C post has dealt with the numbers to a large extent.
As to your point about there being plenty of criminals about; until someone comes to police notice they can operate undetected for a long time. Perhaps that should be some reassurance to us that surveillance isn't all-seeing, or at least all-understanding. But that doesn't justify lack of due process.
Biting the hand that feeds IT © 1998–2019