Crossed BT Wires Led to Three Innocent UK People Being Accused of Child Abuse
A recently published judgement by the UK’s Investigatory Powers Tribunal (IPT) has revealed the disturbing case of how a simple mistake by one of BT’s (Openreach) broadband engineers led to three people, who shared the same house, having their lives turned upside down after they were wrongly accused of child sex offences.
The Open Judgement (PDF) details the case in all its excruciating detail (credits to The Register for an excellent summary). In short, the Dyfed Powys Police ultimately traced an Internet Protocol (IP) address, with BT’s help, that had been identified as being involved with the downloading and sharing of indecent images of children to the address of the three individuals.
Two search warrants were then executed at the home address of the first Claimant, on 4th August 2016 and 24th January 2017. The second and third Claimants were both present at the premises when the first warrant was executed; the premises were unoccupied when the second search took place. Electronic devices belonging to each of the Claimants were then seized.
Advertisement
During the course of all this, the three individuals faced a serious impact upon their lives, with family members, social services and places of work all being informed about the child protection investigation. As you can imagine, this caused all sorts of problems with employment, family splits and the stress of it alone must have been horrific.
The case itself actually ended up being closed on 15th September 2016 after officers found no solid evidence of any wrongdoing, and all three were told they were no longer persons of interest. But curiously, the police continued to be notified of child abuse content being shared by IP addresses that resolved to the same address. BT was then asked to investigate the problem.
Extract from the Judgement
Enquiries made of BT on 27 January 2017 were responded to on the following day. Following a network test involving the temporary break and restoration of service at both addresses, BT identified that a pair of crossed connections in the local network had caused a high likelihood that the IP addresses had been misattributed as between ‘Address X’ and the home address of the first Claimant.
BT explained that approximately eight years previously, two wires within a street cabinet servicing both addresses had been inadvertently crossed. In consequence, the authentication result for the IP address relating to ‘Address X’ had been incorrectly attributed to the first Claimant’s address.
Once traced, the correct individual was finally identified as living within a very close proximity to the home of the first Claimant. A search warrant was then executed at ‘Address X’ and the occupant was arrested on suspicion of possession of child abuse content, which was later found on their devices. The arrested individual made partial admissions and was subsequently convicted of related offences.
The trio who had been wrongfully accused later raised a case over the matter by arguing that their Article 8 rights (i.e. the right to a private family life) under the Regulation of Investigatory Powers Act were infringed. The claim largely seems to have hinged on the idea that the police’s RIPA requests for communications data from BT were unlawful because they could have made other lines of inquiry before issuing them.
Advertisement
Sadly, despite nobody denying that the trio had been through a horrific ordeal and suffered “far-reaching consequences“, the tribunal ultimately dismissed their arguments and ruled in favour of the police. The judgement found that the RIPA requests were lawful and that the main fault rested with BT, which was initially criticised for failing to offer a “meaningful response” during an internal review of the case that occurred on 19th January 2017 (although as above, BT eventually did respond in a more effective way).
The case certainly raises plenty of questions about how the police and telecoms operators conduct themselves in such cases, as well as the potential for the data they use to be unreliable.
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook, BlueSky, Threads.net and Linkedin.
« Altnet Broadband ISP Gigabit IQ to Crowdfund for Fresh UK Investment
Advertisement
Leave a Reply
Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message and display names can be almost anything you like (provided they do not contain offensive language or impersonate a real persons legal name). By clicking to submit a post you agree to storing your entries for comment content, display name, IP and email in our database, for as long as the post remains live.
Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.
Take them to the European court then.
This raises many uncomfortable questions.
I would have expected my connection is being authenticated and tracked using my PPPoE credentials and not by the DSLAM port (if I read the article correctly)
Offtopic here, but why police is sharing the fact of the accusation with third parties? To me this seems to go against the “innocent until proven guilty” principle.
Before they even found evidences and this is not a problem for court.
BT (retail) hasn’t used account specific PPPoE credentials for years. It’s all line based authentication now, where the DSLAM or OLT injects a unique ID into the PPPoE authentication sequence and that is used to figure out who you are. Any BT broadband router will work on any BT line so that’s why no one would have noticed.
If they’d had BT TV or digital voice then they would quickly notice something isn’t right as those are tied to the line, not the equipment.
Much of the competition works in the same way, and the rest don’t even use PPPoE at all of course.
I dont think innocent until proven guilty” principle. Exists in the uk
So whatever information they can get out of the isp they’ll likely use against whom ever
In 2016, the lines would presumably have been FTTC or ADSL. Would the patching problem have been detected if an analogue phone had been used on the line, with either or both types of line?
Today, using BT or EE Digital Voice over either SOGEA or FTTP, once there is a working broadband connection, is the actual physical route relevant or is it just an IP connection between the router and the telephone system?
Anecdotal, but I know a guy who was arrested by the police last year.
They literally said to him that he’s “guilty until proven innocent.”
@Phil2 , depends exactly where in the network the error occurred. Could end up with someone else’s dial tone, broadband or both.
The European Court.. the daily mail will not like this.
This is truly terrifying. Especially for anyone in a job that requires security clearance, or CRB checks.
One mistake by an ISP that you have no way to defend against, and you lose your job, possibly your relationship, and your life is ruined, and you have no recourse.
Sounds to me like police and BT between them need to pony up a whole lot of cheddar to give these poor people a life because they between them have ruined the one they had.
The legal system in this country is absolutely abysmal, and the whole innocent until proven guilty has gone out the window.
The fact that the police shared personal details of the people they were investigating with third parties without having any evidence of their guilt is absolutely shocking and seems to be a clear case of defamation or slander.
All at a time when they’re telling people that proven theft is a “civil matter”, are only investigating car crimes that involve fine revenue and have multiple cases of officers SAing women. The whole organisation needs replacing.
If any of the people work with children or the vulnerable they can’t be allowed to continue working until the issue is resolved. Imagine the uproar if a youth club leader or school teacher continued working with children for a year while a case was investigated.
In some circumstances being under suspicion is sufficient justification for appropriate people to be informed.
Seems like a good reason to take the isp’s VoIP offering (if available) and to call it now and again.
This case is highly troubling. Openreach causing crossed connections through DLSAM jumpering mistakes has always been really common unfortunately. It sounds like the BT Police/Security liaison team blindly mapped an IP address from the police to a customer address – yet they could easily have also confirmed the router MAC-address/serial number using that IP address at that timestamp was indeed the router sent to this address. This secondary check would have shown the line was crossed, i.e. the unlawful activity was against a different router send to a different address/customer.
Hope the wrongfully accused gets a significant pay-out from BT, and that BT (and other operators) learn from this mistake.