Details have emerged of a troubling case in which a basic engineering mistake wrecked a digital evidence investigation and led to wrongful accusations.
An open judgment [PDF] published by the UK’s Investigatory Powers Tribunal, which is responsible for investigating claims of British authorities illegally abusing their powers during the course of an investigation, detailed the impact on three people wrongly accused of child sex offences.
Referred to only as AFG, SPR, and FYC, the anonymous individuals cleared of any wrongdoing were first investigated by Dyfed-Powys Police in May 2016. Their ordeal lasted until the end of January 2017.
The three were accused of sharing indecent images of children (IIOC). Why? As it traspired it was due to a crossed wire in their street’s telecoms cabinet.
An important detail is that UK police forces have access to a tool that allows them to monitor IP addresses in their jurisdiction that are known to be sharing IIOC.
This tool alerted the force to IIOC sharing on a given IP address between May 10 and 15, 2016, and after looking into it further, the force discovered the relevant ISP was BT.
Dyfed-Powys Police then issued a request to BT, under the Regulation of Investigatory Powers Act 2000 (RIPA), seeking details about the user behind that IP address and communications data associated with it at the times IIOC were shared.
BT complied, providing the police with the details of the resident who lived at the property to which the IP address resolved. That resident was AFG. SPR also resided at the same address, and FYC was his girlfriend who visited occasionally.
The police then secured a warrant to search the premises on June 9, 2016, which was not executed until August 4 of the same year.
Meanwhile, police were making additional inquiries regarding other IP addresses sharing IIOC, which all resolved to AFG’s property.
On August 4, police burst through AFG’s door, only to find SPR and FYC in attendance. AFG was not present – he was at work – and was only informed about the raid later.
Police seized devices from the property and took them away for analysis, which yielded no findings of IIOC.
All three submitted to voluntary interviews and were fully compliant with officers, as you would be if you were entirely innocent of such serious offences.
The case was closed on September 15, 2016, and all three were told they were no longer persons of interest, yet the police’s tool kept on alerting the force to IIOC being shared by IP addresses resolving to AFG’s address, regardless. This happened on several further occasions between then and January 2017.
The police must have been thoroughly confused at this point. They started reviewing the case they had closed and began making additional inquiries.
They contacted AFG’s employer regarding a period during which they knew IIOC sharing was taking place, ostensibly from his home address, but they confirmed he was at work during one of these times.
Dyfed-Powys Police contacted AFG, who previously told officers during questioning that many people visited his house and could feasibly have access to his router, advising him to change the device’s password.
The force then secured a warrant to access AFG’s router, thinking the data on it would reveal the devices being used to share IIOC.
Officers raided the property for the second time on January 24, 2017, finding an Xbox, two Android devices, and one Samsung device belonging to AFG – none of which were used to share IIOC.
They also realized that the router’s IP address did not match any of those they knew to be sharing IIOC. Curious indeed.
Faced with a bevy of conflicting evidence, officers temporarily confiscated the router for further analysis, which revealed an additional IP address allocated to it.
Another RIPA request later, they found that it corresponded to a different street address in close proximity to AFG’s, registered to someone referred to in legal documents as “Individual X.”
On January 27, Dyfed-Powys Police contacted BT to ask what on earth was going on here. The telco ran some network tests and discovered a potential issue.
BT determined there was a high likelihood that an engineer carrying out maintenance on a street cabinet serving both properties eight years earlier crossed two wires, which meant that Individual X’s traffic was misidentified as coming from AFG’s home.
Individual X was then arrested and their devices seized. They were found to have IIOC on them and Individual X was later convicted.
Impact on the wrongly accused
The tribunal noted in its judgment that the initial property searches were “distressing for each of the claimants and led to serious consequences which impacted upon their family and work lives.”
For example, AFG’s employer was informed about the child protection investigation into him and his property. As a result, he was placed on restricted duties. The mother of his son, neither of whom lived with AFG at the time, was also informed of the same.
The mother of SPR’s children was similarly informed, and a job offer he received during this time was rescinded as a result of the investigation.
Social services investigated FYC, a mother whose children were removed from her care pending clearance from the investigation.
The trio brought the case as they argued their Article 8 rights (right to a private family life) under the RIPA were infringed.
These claims largely hinged on the idea that the police’s RIPA requests for communications data from BT were unlawful because they could have made other lines of inquiry before issuing them.
The tribunal ultimately dismissed all of the trio’s arguments, ruling in favor of the police on all matters, despite acknowledging the “highly distressing and far-reaching consequences” of the investigation.
It concluded that the RIPA requests were lawful and were necessary and proportionate to the severity of the alleged crime. There was no other way of confirming the identity of the user, the tribunal said.
The tribunal concurred with the police in that the error was not theirs, but that of BT and its response to the RIPA requests. The ruling states efforts to “seek further information from BT… yielded no meaningful response.”
The police could not have reasonably anticipated that the “rare occurrence” of crossed wires at a cabinet could have derailed their investigation so substantially, the judgement adds.
The Register asked BT and Dyfed-Powys Police to comment. ®