Police raided the home of an innocent family after recording the wrong time zone during a child abuse probe, according to a watchdog.
The “serious error” occurred when officers confused Greenwich Mean Time with British Summer Time, as they tried to track who was uploading and sharing indecent images on public WiFi, a report from the Investigatory Powers Commissioner (IPC) said.
The mix-up put the information in the investigation out by one hour and led to the warrant mistakenly being carried out at the address.
The body, set up in 2017 to scrutinise spying powers used by police, intelligence agencies and other public authorities, mentioned the incident among its findings in its annual report for 2018.
The report said: “Police officers investigating the upload and sharing of indecent images of children over a public WiFi service applied to obtain communication data that would assist to identify the offender.
“As the ability to acquire public WiFi data was a relatively new service, confusion arose when trying to determine the relevant time zone.
“The application was submitted in Greenwich Mean Time, when it should have been in British Summer Time, meaning the subsequent result was out by one hour.
“This led to police executing a warrant at the home of an innocent family.”
IPC decided this amounted to a “serious error” so “notified the affected person of the fact and of that person’s right to apply to the Investigatory Powers Tribunal”.
The report from Lord Justice Fulford, the UK’s first Investigatory Powers Commissioner, who has since stepped down, listed a string of serious errors made mainly by police and telephone companies, some of which resulted in innocent people being arrested.
According to the findings:
– Police also applied for access to data on two other occasions using the wrong time zone, for investigations into online child abuse and grooming. It led to the arrest of an innocent man in one case and another person’s electronic devices being seized.
– The “misinterpretation of data” by police led to the arrest of an innocent person and, in another incident, a second innocent family’s home being raided with all their internet devices seized.
– A phone company provided data about the wrong internet username to police investigating sexual offences involving online grooming, which led to the arrest of an innocent person.
The IPC said it does not disclose which police forces made the errors, to protect the innocent people involved and in case tribunal proceedings are ongoing.
The report also criticised MI5 for storing people’s data that should have been destroyed, and failing to tell the watchdog about the breach for at least a year.
It was a “matter of serious concern”, the report said, but added: “In general, we concluded that MI5’s use of investigatory powers were compliant with the statutory provisions.”
Under investigatory powers laws, security and intelligence services GHCQ, MI5 and MI6 can carry out “bulk” collections of large volumes of communications data and intercept emails and phone calls.
But there are strict rules in place requiring the organisation to handle the data securely and destroy it when it is no longer needed.
In 2018, applications were submitted to access 808,214 items of communications data.
Most were sought by police forces, while MI5 applied for 82,060 and GCHQ asked for 24,047, as well as other public bodies like the Financial Conduct Authority and the Prison Service.