The Regulation of Investigatory Powers Act 2000 (RIP Act, or RIPA) was put on the statute book to ensure that the activities of Law Enforcement (the Intelligence Agencies, Police, Customs & Excise and other bodies) were properly regulated before the Human Rights Act 1998 came into force in October 2000.
The Act comes in several loosely connected parts:
- Part I Chapter I
- updates the law on "telephone tapping" to clearly cover Internet communications and to ensure that tapping "private" networks was lawful (following the Halford case). Establishes a Technical Advisory Board.
- Part I Chapter II
- sets up a formal system for the serving of notices on telcos and ISPs to obtain "communications data". The old ad hoc system based on s29(3) of the Data Protection Act 1998 is no longer used.
- Part II
- sets up a formal system for authorising "surveillance". Without such permission, Law Enforcement would be infringing your right to a "private life" under Article 8 of the European Convention on Human Rights.
- Part III
- gives Law Enforcement the power to serve notices (Section 49 Notices) requiring that encrypted material be "put into an intelligible form" (or as everyone else would say, decrypted). Under some circumstances the notices can require that encryption keys are handed over.
- Part IV
- establishes the Intelligence Services Commissioner, Surveillance and Interception Commissioners, Investigatory Powers Commissioner for Northern Ireland, and an Investigatory Powers Tribunal to hear complaints about unwarranted interception and related issues.
It was introduced as a bill in February 2000.
Since coming into force on 26 July 2000, RIPA has given public authorities a wide ranging set of powers that allow them to monitor both individuals and businesses. These powers include the ability to :
- intercept communications under a warrant according to Part 1, chapter 1 of RIPA, where it is necessary for one of the reasons prescribed in section 5(3) of RIPA
- acquire communications data under chapter II of part I of RIPA, for the purposes prescribed in section 22(2) of RIPA
- carry out surveillance and use covert human intelligence sources under part II of RIPA
The current legal position regarding the retention of data is contained within the Data Retention Regulations 2009. The Regulations state that internet service providers which have received notice from the secretary of state are required to retain certain data generated or processed in connection with the provision of their communications services for a period of 12 months. By utilising Chapter 2 of Part 1 of the RIPA, public authorities may acquire this data by serving a notice on an ISP which requires it to disclose identified communications data.
Further amendments are expected to arrive in the Data Retention and Investigatory Powers Bill, which if law, will replace the 2009 regulations.
In July 2014 the government proposed "emergency" amendments to RIPA via the Data Retention and Investigatory Powers Bill.
Calls for reform
- The conclusion of a Home Affairs Committee report on Counter-terrorism published in April 2014 recommended "that a Joint Committee of both Houses of Parliament should be appointed in order to hold an inquiry with the ability to take evidence on the Act with a view to updating it."
Definition of 'Communications Data'
For the purposes of this Act, the definition of 'communications data' is contained in Chapter 2 of Part 1 of the RIPA. In layman terms 'communications data' does not include the content of the communication (i.e what was said or written)but instead it encompasses the 'who', 'when' and 'where' of a communication.
Simon Watkin (Home Office) "Public consultation on draft codes of practice for both Part I Chapter II and Part III of RIPA will open in the week commencing 5 June 2006."
The return of the Crypto Wars.
We have detailed information on Regulation of Investigatory Powers Act 2000/Part III.
We also have a Regulation of Investigatory Powers Act 2000/Part I Chapter II page for the on going consultation. As Spy Blog has said "This Draft Code of Practice has massive implications when combined with the European Union's plans for mandatory Data Retention of Communications Traffic Data."
- Richard Clayton, Computer Laboratory, University of Cambridge (on ORG Advisory Council)
- Professor Ross Anderson, chairman of the Federation for Information Policy if it involves encryption and you have not talked to Ross you have not done your homework. wikipedia: Ross Anderson
- Justice response to Home Office consultation: "Protecting the Public in a Changing Communications Environment"
- Justice response to Home Office Consultation: "Regulation of Investigatory Powers 2000: Consolidating Orders and Codes of Practice"
- Big Brother Watch: "The Grim RIPA: Cataloguing the ways in which local authorities have abused their covert surveillance powers"
- Surveillance bill under fire, BBC News, 2000-02-10
- Counter-terrorism - Conclusions and recommendations, Home Affairs Committee, 2014-04-30]