Draft Communications Data Bill - Draft Communications Data Bill Joint Committee Contents

Appendix 4: Note of visit to Metropolitan Police

  • Note of visit to Metropolitan Police, 18 October 2012
  • 1.  On 18 October 2012 we visited the Metropolitan Police Communications Intelligence Unit (CIU) and met Assistant Commissioner Cressida Dick, Superintendent Paul Jervis, Superintendent Neil Hibberd, Chief Inspector Kenny McDonald, Detective Inspector Steve Carter, Inspector Anthony O'Sullivan, and Roger Smart, barrister. The purpose was to see the Single Point of Contact (SPoC) unit processing applications for authorising access to communications data.

  • Case Studies
  • 2.  We were shown a number of case studies. The first was of a robbery where a man was targeting women in a linked series of robberies in a small area. The suspect would normally steal mobile phones. A breakthrough came when he took a photograph with one of the stolen mobile phones and, because of the setting the owner had on her phone, the photo was automatically uploaded to her internet account. Through this the police were able to make a communications data request which enabled them to narrow down his location. Further evidence was obtained using cell site technology on a phone number obtained by a witness to one of the robberies. This evidence was vital to identify and track the man's activity and link him to six other robberies which he had originally denied being involved in. This case involved multiple separate applications for different types of communications data and that each application had to be justified on the basis of proportionality and necessity and had to be authorised by a senior officer not involved in the case.

    3.  It was explained that communications data is used sparingly, because it is costly and resource intensive, and because of the need specifically to justify each application and consider the impact of collateral intrusion on innocent people. However in some types of crime, such as suicide, missing children and missing persons it was likely to be the first port of call.

    4.  The second case study was of a television producer whose website was being bombarded with anti-Semitic abuse. The police suspected that the abuse all stemmed from the same person, who would change their online identifier each time they were blocked. This case could not be pursued because the overseas provider which held the necessary communications data refused to supply it to UK law enforcement. There was an increasing problem of harassment through social media which could not be investigated because overseas CSPs could not or would not provide the necessary communications data. All communications data resulting in a charge would end up in court; the police were increasingly finding that courts were expecting to be presented with this data.

    5.  Where data rules someone out of an inquiry, it is kept as it is disclosable information in a court case at a later date. Its retention is usually reviewed every 7 years. Under the national data retention scheme implemented following the Soham murders communications data could be retained for 6 years.

    6.  A further case study was of a recent violent attack on an individual where an iphone was dropped at the scene. This enabled police officers to track 15 suspects from 5am-5pm during a fast moving investigation as they travelled from London to the Midlands. The gang realised what was happening, and started to switch sim cards but could still be tracked because their handsets had been identified. Without this ability they would not have been in a position to make an arrest. Another example was of a gang member gunned down in their car. The police were able to use CCTV, witness evidence, forensic evidence, telephone data and house to house enquiries linked together. They were looking at a rival gang, but using other evidence they were able to identify individual suspects rather than requesting communications data on the entire gang.

    7.  It was emphasised that no one in the investigating team authorises an application for communications data. An application is sent to someone outside the team to be checked, then submitted for authorisation. In this case, there were two people suspected of being involved. Data was obtained and used to rule them out as it showed they were elsewhere. Subsequently data was obtained on five of the rival gang members. This showed them making contact, coming together and going away again. It linked up with CCTV evidence that showed the car to prove they were there. The data formed part of the wider investigation. There were approximately 500 applications made for different types of data on five people. Suspects often swapped sims but not handsets. Sim swapping led to a large number of applications so that the call data could be attributed to the suspect. To find one sim card it was necessary to apply to each network. If the card was then ditched in two hours, fresh applications to each network would need to be made. Location data only showed that the sim was in that area, so attribution was vital. The data was provided through disclosure in any subsequent court case and could be used to confirm or refute a defence, especially if it relied on the suspect's location at the time.

    8.  Data was useful both for the investigation and as evidence in a trial. In a kidnapping case the data would be a central line of inquiry in recovering the missing person, and would then be analysed to identify what could be converted into evidence.

    9.  We saw a demonstration of an app on an iPad that allowed direct communication with another person, while the only information shown would be that the internet was accessed via GPRS. The application listed countries where there were available servers and allowed a choice to be made, for example, of a server in the Czech Republic to have a conversation with someone in the UK.

    10.  In response to a question on public concerns about access and safeguards, we were told that the independent authorising officers saw their role as akin to that of a magistrate. They would not want to be the authorising officer who got it wrong and caused a case to collapse. The authorising officer often did not know the person making the application. They were liable to internal examination and external audit. They were also likely to be called to court to justify the access authorisation. The training programme dealt with both defence and prosecution use of communications data and with the inspection of the authorisation system.

  • Communications Intelligence Unit offices
  • 11.  We split into small groups to watch individual SPoC officers at work. Different groups saw different applications. These included:

    • an example where an overseas CSP operating an international dating website was closed over a weekend and as result a rape investigation was hampered;
    • an example where a SPoC turned down a communications data request for call logs in the case of a domestic abuse. The SPoC was concerned that a subscriber check had not been run to confirm that the call logs related to the right suspects, the collateral intrusion of accessing call logs had not been properly assessed and the necessity of the request had not been proved. This SPoC thought he probably referred requests back about 5% of the time.
    • an urgent oral request where a written form was not available but where the request had been authorised by a superintendent working on the ground. A verbal case had been made as to necessity and proportionality and a subscriber check had been authorised.
    • an example of a request for communications data around delivery of a firearm. The authorisation form was demonstrated, with details of the information required and the process the SPoC would go through to check if the request was justified.
    • an example of a computer misuse investigation where a check was being run of the IP address used. The officer explained that often providers used dynamic IPs, some of which were not resolvable. Some could be resolved if ISPs were willing. She explained that she would always advise investigating officers to use such data with caution, as, for example, someone could be using an unsecured wifi access and the owner of the internet connection could be unaware of this.
  • Evidential value of Communications Data
  • 12.  We received a presentation on making use of communications data in evidence from a barrister who had acted both for the prosecution and for the defence in murder, kidnap, paedophile and corruption cases where communications data evidence had been important.

    13.  In the case of kidnaps, hostages were usually disoriented and did not know where they were or how much time had elapsed. Use of mobiles and cell site analysis gave a narrative of the part played by the different participants. Usually this supplemented other evidence, but there were cases where no prosecution could have been brought without communications data evidence. An example was a case where a kidnapper used both a 'clean' and a 'dirty' phone; however the 'clean' phone revealed where he was, and this connected him to the 'dirty' phone, thus showing that he had been at the kidnap.

    14.  Communications data was very important for the prosecution of serious fraud. We had been told that criminals would move towards further encryption of their data, but this was not happening in practice. There were examples of supposedly sophisticated individuals who had already been prosecuted using communications data evidence, but still continued to use mobiles. In one case the FSA had used Blackberry data to prove the purchase of shares; in another a message from the head of a kidnap team to a supposed friend had been used in evidence (though this was not communications data evidence).

    15.  In cases of attempting to pervert the course of justice, communications data had been used to prove the presence of the person threatening witnesses. Where the pressure on witnesses was successful and the witness declined to testify, an application could be made under s.116 of the Criminal Justice Act 2003 for a statement to be admitted in evidence.

    16.  The prosecution was under a duty to share all evidence with the defence, including communications data evidence. It could be used as much in support of a defendant's case as in support of the prosecution. Where there were concerns about the credibility of a witness, communications data might be used to support or undermine the witness's testimony. In the course of a trial the judge might ask for additional information from communications data sources, usually to help the defence case.

    17.  Mutual Legal Assistance Treaties (MLAT) could be used as an alternative route to seek evidence from abroad, but this depended on relations with the particular country. Some were helpful in theory but not in practice. There were also issues of delay and cost.

    18.  It was very difficult to measure the volume of data which enforcement agencies were unable to access, but there was no doubt that it increased as one moved from telephony to the internet, and further still when one moved to foreign internet. Officers knew very well what data they could access and what they could not access. When mobiles were first used it was feared that they would frustrate reliance on communications data from landlines. On the contrary, they had proved highly beneficial.

    previous page contents next page

    © Parliamentary copyright 2012
    Prepared 11 December 2012