UK officers make more data requests

 The report said the intercepts had helped police and others fight crime UK authorities increased the number of requests they made about the public's use of texts, emails and other communications data last year, an official report has revealed.

 
It said there were more than 570,000 demands made in 2012.

The report also revealed that mistakes made while using the information led to six members of the public being wrongly detained or accused of a crime.
It said all these cases had involved internet data.

A further error resulted in the police visiting the wrong address while looking for a child who had threatened to harm themselves.

"Fortunately errors with such severe consequences are rare," the report added.
The document also noted that the authorities might make several requests in the course of a single investigation, so the headline figures do not equate to the number of individuals or addresses targeted.
Granted warrants

  The Interception of Communications Commissioner's report revealed that a total of 3,372 lawful intercept warrants were issued in 2012.

These are needed if police and intelligence officers want to acquire the contents of an email, telephone call or text message.

This reflected a 16% rise on 2011. The commissioner, Sir Paul Kennedy, added that he was aware of 55 related errors or breaches.

These included officers not having been granted the necessary permissions before intercepting the data; mistakes which led to the wrong data being obtained; and errors made when the data was being copied.
Officials made a further 570,135 requests for information about who was involved in communications, when they were made and where they happened.

The name of an email account holder and the time and date of a person's telephone calls are included in this group.

The report said there were a total of 979 mistakes made involving these kinds of requests.
Sir Paul said that approximately 80% were the fault of public authorities and 20% were caused by the networks that provided the phone and internet data.

Although the police and intelligence services accounted for the bulk of these queries, local authorities could also ask for data to identify criminals who had avoided paying taxes, illegally dumped waste, sold counterfeit goods or otherwise preyed on vulnerable members of the community.

The report said 160 local authorities across the UK made a total of 2,605 requests.

Hospital thefts Sir Paul noted that the overall rise in the number of requests was "unsurprising considering the fact that the UK hosted the Olympic and Paralympic Games in 2012 and that communications data supported a number of operations undertaken to ensure the Games were safe".

Other highlighted examples of where the intercepts had been useful included one case in which location data taken from the account of a suspected Post Office robber linked him both to the incident and the theft of a car the previous day.

 The report said the Olympic Games had helped push up the number of requests In another case, police were able to identify a thief who had been stealing equipment and supplies from an NHS Scotland hospital. They did this by acquiring data associated with the internet and email addresses used when the criminal tried to sell them online.

"Many of the largest drug-trafficking, excise evasion, people-trafficking, counter-terrorism and wider national security, and serious crime investigative successes of the recent past have in some way involved the use of interception and/or communications data," Sir Paul concluded.

However, privacy rights campaigners have concerns.
"The idea that one commissioner with a handful of staff can meaningfully scrutinise 570,000 surveillance requests is laughable," said Nick Pickles, director of Big Brother Watch.

"The commissioner continues to refuse to even say how many applications he inspected, which only reaffirms how unconvincing his assurances are.

"If the public are to have confidence that these powers are being used properly our entire surveillance regime, devised before Facebook even existed, is in need of a total overhaul to bring it in line with modern technology and to ensure people's privacy is not intruded upon either without good reason or by mistake."

Bad Internet data requests led to 6 wrongly held or accused in UK

Six British citizens were wrongly detained or accused of crimes as a result of mistakes made by authorities when requesting access to Internet data, the U.K. Interception of Communications Commissioner said.
A report detailing law enforcement's errors in the UK was published as interest in surveillance of ordinary citizens' online activities runs high, in the wake of disclosures about the U.S. National Security Agency's secret surveillance programs.

In 2012, U.K. public authorities submitted 570,135 notices and authorizations for communications data, according to the report published on Thursday. The principal users of this communications data are still the intelligence agencies, police forces and other law enforcement agencies, wrote Paul Kennedy who served as the Interception of Communications Commissioner through last year.

However, because public authorities often make many requests for communications data in the course of a single investigation, the total figure does not indicate the number of individuals or addresses targeted, Kennedy said, adding that those numbers are not readily available, but would be much smaller.
While the use of intercepted communications data helped authorities when investigating drug trafficking, investigating activities at a major illegal waste site and helped catching a swindler, numerous errors were also made, the report showed.

"During the reporting year, 979 communications data errors were reported to my office by public authorities," it said.

In the vast majority of these cases the mistake was realized by the public authority that reported the error after which the wrongly acquired data was destroyed. "Regretfully in six separate cases this year, the mistake was not realized and action was taken by the police forces / law enforcement agencies," the report said.

All of these cases were requests for Internet data and regrettably five of these errors had very significant consequences for six members of the public who were wrongly detained or accused of crimes as a result of the errors, the report said. In the remaining case the error caused an intrusion into the privacy of an individual, as an address was mistakenly visited by police looking for a child who had threatened to commit self harm.

Liberty, a U.K. rights organization, is concerned about the findings in the commissioner's report. "Cardinal Richelieu promised to be able to hang most honest men with just 'six lines' written by their hand. Imagine how easy it is with thousands of text messages, emails and web-site visits to make each and every one of us look like a criminal. So much for the innocent having nothing to hide and so-called 'communications data' not being an intrusion on our privacy," Shami Chakrabarti, Director of Liberty, said in an emailed statement on Friday.

Measures have been taken to prevent such errors from happening again, the report stated. They include ensuring that all details are double checked. A reminder was issued to relevant staff outlining the procedure to be followed and reiterating the checking process and potential consequences of errors.

Moreover, some of the public authorities have also put procedures in place to ensure the applicant also provides the source documentation with their application to resolve an IP address. This will enable those responsible to double-check the IP address, date, time of access and any time-zone conversions.

"I am satisfied with the measures put in place by these public authorities," Kennedy wrote, adding that this will hopefully prevent recurrence. "Fortunately errors with such severe consequences are rare," he said.

Tech groups ask US for transparency in secret data requests

Influential technology companies and groups want the U.S. government to lift restrictions on publicizing secret requests for user data as the fallout continues over the scale of government surveillance.

Google, Facebook and Reddit are among the many signatories to a letter dated Thursday asking for more transparency in national-security related investigations. The letter's addressees include President Barack Obama, the National Security Agency and many House and Senate members.

"Basic information about how the government uses its various law enforcement--related investigative authorities has been published for years without any apparent disruption to criminal investigations," according to the letter, a copy of which was provided to IDG News Service.

"We seek permission for the same information to be made available regarding the government's national security--related authorities," it said.

Several data collection projects were revealed in late May by former NSA contractor Edward Snowden, who remains in a Moscow airport while seeking asylum arrangements. Documents provided to The Guardian and other media outlets described sweeping surveillance projects that collect email metadata, instant messaging traffic and file transfers.

Technology companies are legally compelled to comply with government requests for data. But the requests, some of which fall under the Foreign Intelligence Surveillance Act (FISA), cannot be publicized under orders from the U.S. Foreign Intelligence Surveillance Court (FISC).

The letter asks the U.S. Department of Justice to let companies publish statistics on government requests "under specific national security authorities." It also calls on Congress to pass legislation requiring the same kind of reporting from the government.

"This information about how and how often the government is using these legal authorities is important to the American people, who are entitled to have informed public debate about the appropriateness of those authorities and their use," the letter said.

The U.S. intelligence community's efforts had been described before by previous NSA whistle blowers. But the slides and information supplied by Snowden added a fresh new level of detail to recent spying efforts and the government's enlistment of some of the largest Internet players.

Yahoo has asked the intelligence court to release information dating from 2008 that shows it resisted government orders to turn over data. The FISC ordered on Monday that the government redact classified information in order to facilitate its public release.

Microsoft and Google have also recently filed motions with the court asking for permission to release information on national security orders and directives.

The letter will be made public Thursday morning U.S. time.

Golf’s Open Championship prepares website for 10,000 page requests a second

The organisers of golf’s Open Championship pre-tested and configured its website in anticipation of 10,000 webpage requests a second from five million site users during the four day golf tournament at Muirfield.

Organisers, The R&A outsources the support and development of the website, TheOpen.com, to Moldova-based IT services supplier Endava. The two organisations have been testing for weeks in preparation the event beginning on 18 July.

Every year for four days the .net-based TheOpen.com becomes one of the 1,000 most visited websites in the world and it needs 100% availability. During the event the website is being hosted in Endava’s private cloud with 99% of the pages delivered via Akamai’s Content Delivery Network.

The website features real-time scoring on a leaderboard with three views, tournament player performance stats centre, mobile feeds for site scoring apps, course live view - GPS player mapping systems to show player grouping and scores - all overlaid on a course map, interactive course guide and social media functionality.

A four-day rehearsal at Endava’s delivery centre in Cluj, Romania, has already been completed. It used the data from last year’s tournament to run the test. During the tournament, Endava will provide a fully managed hosting platform, which is monitored and staffed 24 hours a day.

An independent study commissioned by The R&A, carried out by the Sport Industry Research Centre at Sheffield Hallam University, forecast this year’s event will deliver an overall economic benefit of £70m to the East Lothian and Edinburgh economy.

Michael Tate, executive director of business affairs at The R&A, said Endava's experience with sports websites was a key factor in its decision to choose Endava. "Its innovative use of web technology, thorough testing and management regimes, make them an excellent IT provider for TheOpen.com,” said Tate.

Other IT developments at this year’s Open Championship

A wireless mesh is being introduced at this year’s Open Championship for spectators to access the digital content available. Spectators will be able to use mobile devices to access this digital content in areas away from play in the grandstands and tented villages. The R&A will be monitoring the effectiveness of the mesh with a view to implementing it at future venues.

LED scoreboards will be introduced. This will provide up-to-date information and digital content. The digital content will include scoring, player information and statistical facts, live video highlights and other Open Championship and venue information. It will enable spectators to watch televised highlights from other parts of the course or live broadcasts. It will also help spectators to find out the latest scores.

A permanent fibre optic system has been installed at Muirfield which will deliver a number of benefits to tournament and will, the organisers hope, prove a legacy investment for the venue. The fibre optic cabling runs around the course and will improve the telecommunications coverage at The Open by making it possible to have more phone lines. The R&A says this will assist the media in covering the event, as they can access the system to upload photographs from out on the course.

Microsoft asks to disclose FISA requests to set the record straight

Microsoft is seeking permission to disclose "aggregate statistics" about the number of requests for data it receives under the U.S. Foreign Intelligence Surveillance Act, following a similar move by Google earlier this month.

 

FISA has been thrust into the national spotlight after leaks about the U.S. government's Prism surveillance program, which reportedly provides the National Security Agency with direct access to customer data stored by Microsoft, Facebook, Google and other big technology companies.

 

Currently, online firms can reveal how many FISA requests they receive only if they lump them together with all other requests from U.S. law enforcement agencies. That obscures the number of FISA requests those companies receive, so Microsoft, like Google before it, has asked for permission to break the numbers out. The FISA Amendments Act (FAA) is the law under which Prism's data collection is carried out.

 

"To promote additional transparency concerning the government's lawful access to Microsoft's customer data, Microsoft seeks to report aggregate information about FISA orders and FAA directives separately from all other local, state and federal law enforcement demands," Microsoft's lawyers wrote in a motion filed with the Foreign Intelligence Surveillance Court.

 

Its goal is partly to correct the impression that it provides the government direct access to customer data in its servers, something that has led to criticism of Microsoft and other online firms.

 

"Microsoft has sought -- and continues to seek -- to correct the misimpression, furthered by such inaccurate media reporting, that it provides the U.S. government with direct access to its servers and network infrastructure and, thereby, indiscriminately discloses Microsoft users' information to the government," Microsoft's attorneys wrote.

 

Microsoft has not received permission from the FBI or the Department of Justice to disclose additional figures related to FISA requests in the aggregate, but "there is no statutory basis under FISA or the FAA for precluding Microsoft from disclosing the aggregate data," the company said.

 

Prohibiting such a disclosure, Microsoft argues, violates its First Amendment right to free speech.

 

Companies like Facebook, Google and Twitter have also called for greater transparency in disclosure of user data tied to government requests in the wake of Prism's revelations.

 

Yahoo, for instance, has disclosed the total number of law enforcement requests it receives for customer data, but it too is unable to provide greater transparency around FISA requests specifically.

 

Facebook has made some requests public in recent weeks, but was still criticized by others for not distinguishing between criminal and security information requests.

 

Microsoft disclosed its figures for the total number of requests it receives for customer information on June 14. For the last six months of 2012, the company received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities, Microsoft reported in a recent blog post.

 

Follow me on Twitter @sajilpl

Microsoft asks to disclose FISA requests to set the record straight

Microsoft is seeking permission to disclose "aggregate statistics" about the number of requests for data it receives under the U.S. Foreign Intelligence Surveillance Act, following a similar move by Google earlier this month.

 

FISA has been thrust into the national spotlight after leaks about the U.S. government's Prism surveillance program, which reportedly provides the National Security Agency with direct access to customer data stored by Microsoft, Facebook, Google and other big technology companies.

 

Currently, online firms can reveal how many FISA requests they receive only if they lump them together with all other requests from U.S. law enforcement agencies. That obscures the number of FISA requests those companies receive, so Microsoft, like Google before it, has asked for permission to break the numbers out. The FISA Amendments Act (FAA) is the law under which Prism's data collection is carried out.

 

"To promote additional transparency concerning the government's lawful access to Microsoft's customer data, Microsoft seeks to report aggregate information about FISA orders and FAA directives separately from all other local, state and federal law enforcement demands," Microsoft's lawyers wrote in a motion filed with the Foreign Intelligence Surveillance Court.

 

Its goal is partly to correct the impression that it provides the government direct access to customer data in its servers, something that has led to criticism of Microsoft and other online firms.

 

"Microsoft has sought -- and continues to seek -- to correct the misimpression, furthered by such inaccurate media reporting, that it provides the U.S. government with direct access to its servers and network infrastructure and, thereby, indiscriminately discloses Microsoft users' information to the government," Microsoft's attorneys wrote.

 

Microsoft has not received permission from the FBI or the Department of Justice to disclose additional figures related to FISA requests in the aggregate, but "there is no statutory basis under FISA or the FAA for precluding Microsoft from disclosing the aggregate data," the company said.

 

Prohibiting such a disclosure, Microsoft argues, violates its First Amendment right to free speech.

 

Companies like Facebook, Google and Twitter have also called for greater transparency in disclosure of user data tied to government requests in the wake of Prism's revelations.

 

Yahoo, for instance, has disclosed the total number of law enforcement requests it receives for customer data, but it too is unable to provide greater transparency around FISA requests specifically.

 

Facebook has made some requests public in recent weeks, but was still criticized by others for not distinguishing between criminal and security information requests.

 

Microsoft disclosed its figures for the total number of requests it receives for customer information on June 14. For the last six months of 2012, the company received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities, Microsoft reported in a recent blog post.