Original article ISPreview UK:Read More
A recently published judgement by the UK’s Investigatory Powers Tribunal (IPT) has revealed the disturbing case of how a simple mistake by one of BT’s (Openreach) broadband engineers led to three people, who shared the same house, having their lives turned upside down after they were wrongly accused of child sex offences.
The Open Judgement (PDF) details the case in all its excruciating detail (credits to The Register for an excellent summary). In short, the Dyfed Powys Police ultimately traced an Internet Protocol (IP) address, with BT’s help, that had been identified as being involved with the downloading and sharing of indecent images of children to the address of the three individuals.
Two search warrants were then executed at the home address of the first Claimant, on 4th August 2016 and 24th January 2017. The second and third Claimants were both present at the premises when the first warrant was executed; the premises were unoccupied when the second search took place. Electronic devices belonging to each of the Claimants were then seized.
During the course of all this, the three individuals faced a serious impact upon their lives, with family members, social services and places of work all being informed about the child protection investigation. As you can imagine, this caused all sorts of problems with employment, family splits and the stress of it alone must have been horrific.
The case itself actually ended up being closed on 15th September 2016 after officers found no solid evidence of any wrongdoing, and all three were told they were no longer persons of interest. But curiously, the police continued to be notified of child abuse content being shared by IP addresses that resolved to the same address. BT was then asked to investigate the problem.
Extract from the Judgement
Enquiries made of BT on 27 January 2017 were responded to on the following day. Following a network test involving the temporary break and restoration of service at both addresses, BT identified that a pair of crossed connections in the local network had caused a high likelihood that the IP addresses had been misattributed as between ‘Address X’ and the home address of the first Claimant.
BT explained that approximately eight years previously, two wires within a street cabinet servicing both addresses had been inadvertently crossed. In consequence, the authentication result for the IP address relating to ‘Address X’ had been incorrectly attributed to the first Claimant’s address.
Once traced, the correct individual was finally identified as living within a very close proximity to the home of the first Claimant. A search warrant was then executed at ‘Address X’ and the occupant was arrested on suspicion of possession of child abuse content, which was later found on their devices. The arrested individual made partial admissions and was subsequently convicted of related offences.
The trio who had been wrongfully accused later raised a case over the matter by arguing that their Article 8 rights (i.e. the right to a private family life) under the Regulation of Investigatory Powers Act were infringed. The claim largely seems to have hinged on the idea that the police’s RIPA requests for communications data from BT were unlawful because they could have made other lines of inquiry before issuing them.
Sadly, despite nobody denying that the trio had been through a horrific ordeal and suffered “far-reaching consequences“, the tribunal ultimately dismissed their arguments and ruled in favour of the police. The judgement found that the RIPA requests were lawful and that the main fault rested with BT, which was initially criticised for failing to offer a “meaningful response” during an internal review of the case that occurred on 19th January 2017 (although as above, BT eventually did respond in a more effective way).
The case certainly raises plenty of questions about how the police and telecoms operators conduct themselves in such cases, as well as the potential for the data they use to be unreliable.