Regulation of Investigatory Powers Act 2000/Part I
Current Position of RIPA
Since coming into force on 26 July 2000, RIPA has given public authorities a wide ranging set of powers that allow them to monitor both individuals and businesses. These powers include the ability to :
- intercept communications under a warrant according to Part 1, chapter 1 of RIPA, where it is necessary for one of the reasons prescribed in section 5(3) of RIPA
- acquire communications data under chapter II of part I of RIPA, for the purposes prescribed in section 22(2) of RIPA
- carry out surveillance and use covert human intelligence sources under part II of RIPA
The current legal position regarding the retention of data is contained within the Data Retention Regulations 2009. The Regulations state that internet service providers which have received notice from the secretary of state are required to retain certain data generated or processed in connection with the provision of their communications services for a period of 12 months. By utilising Chapter 2 of Part 1 of RIPA, public authorities may acquire this data by serving a notice on an ISP which requires it to disclose identified communications data.
What does Part 1 relate to?
Part 1 of the Act relates to 'communications' and is sub-divided into two chapters.
- Chapter 1 relates to the interception of communications
- Chapter 2 relates to the acquisition and disclosure of communications data
Chapter 1: Interception of Communications
Section 1 of RIPA 2000 states that it is an offence to intercept any communications (i.e emails, letters etc) in the course of its transmission.In this instance, interception is interpreted as a process which allows all or part of the communication to a party other than the sender or intended recipient.
RIPA provides exceptions this rule, where it will not be a criminal offence to intercept communications such as emails. This is achieved by the use of an 'Interception Warrant' which can only be issued by the Home Secretary. Section 5 of the Regulation of Investigatory Powers Act 2000 requires that the Home Secretary should not issue a warrant unless he/she believes that the warrant is proportionate and necessary:
- in the interests of national security
- for the purpose of preventing or detecting serious crime
- for the purpose of safeguarding the economic well-being of the United Kingdom
In addition to this, section 10 of RIPA also allows the Home Secretary to modify the provisions of any previously signed interception warrant.
Problems with Interception Warrants
Inadmissibility of Interception Information as Evidence
Some commentators believe that the exceptions provided in RIPA may be used to perform mass surveillance of internet traffic and phone calls. The vague grounds on which the exceptions are based may allow the Home Secretary to issue warrants in just about any circumstances.
Warrant-less Interception in Certain Circumstances
A warrant is not required to intercept communications if one party to the communication consents to the interception. The party who is unaware of the interception has its privacy impacted upon in the same way as any other person whose communications have been intercepted albeit with lower authorisation levels and less safe guards. This is a blatant loophole that has the potential to be abused but could be remedied by an amendment that requires all interception warrants to have judicial authorisation.
Lack of Judicial Authorisation
In the 2008 annual report, the interception of communications commissioner reported that the Home Secretary issued 1508 warrants and 5344 modifications were made. From this data it can be inferred that a warrant is modified on average 3-4 times after originally being issued. Liberty opines that it is wrong to give the power to issue interception warrants to an elected politician. The interception of an individuals private communication is a serious infringement of privacy hence this process should be heavily scrutinised. Liberty states that the sheer volume of warrants issued on a daily basis, suggests that this process is not being scrutinised well enough since it is only carried out by a single person whose job functions extend well beyond the scope of issuing interception warrants. With all these other duties, how is it humanly possible to rigorously scrutinise each application. Their view is that the application for warrants would be better scrutinised and less prone to abuse if they were authorised by a senior judge.
Global Comparisons of Authorisation of Interception Warrants
As noted above, interception warrants in the UK are authorised by the Executive rather than the Judiciary and for the reasons noted above, it is a major problem. There is no argument for Executive authorisation since many other countries with similar legal systems have systems of judicial authorisation before interception warrants are authorised which is undeniably more in line with democratic thinking and less prone to abuse.
The USA has two federal statutes that apply to lawful interception of communications. The 1968 Omnibus Crime Control and Safe Streets Act, Title III (Wiretap Act) relates to lawful interception in criminal investigations and the Foreign Intelligence Surveillance Act, or FISA, as amended by the US Patriot Act, governs wiretapping for intelligence purposes where the subject of the investigation must be a foreign (non-US) national or a person working as an agent on behalf of a foreign country. The Wiretap Act requires Federal, state and, other government officials to obtain judicial authorization for intercepting "wire, oral, and electronic" communications such as telephone conversations and e-mails. It also regulates the use and disclosure of information obtained through authorized wiretapping. This order is often called a super warrant because it is even more difficult to obtain than a regular search warrant. Under the Foreign Intelligence Surveillance Act 1978, if the interception involves the acquisition of communications of any US person within the US, it must be conducted after first obtaining a court order.
In Canada it is unlawful to intercept private communications unless the interception is in accordance with the authorisation issued by a judge. Under Part VI Criminal Code s.185 an application for an authorization to be given under section 185 shall be made ex parte and in writing to a judge of a superior court of criminal jurisdiction or a judge as defined in section 552 and shall be signed by the Attorney General of the province in which the application is made or the Solicitor General of Canada... The judge must be satisfied that granting the authorization would be in the best interests of the administration of justice, and that other investigative procedures have been tried and have failed, or other investigative procedures are unlikely to succeed or the matter is so urgent that it would be impractical to carry out the investigation using only other investigative procedures.
In Australia under s.39 Telecommunications (Interception and Access) Act 1979, law enforcement interception warrants must be issued by an eligible Judge or a nominated Administrative Appeals Tribunal judge
In New Zealand under Part 11A of the Crimes Act, and under the Misuse of Drugs Amendment Act 1978, police can only intercept a private communication in a narrow range of circumstances, including requiring a warrant or emergency permit that can only be issued by a High Court Judge
Oversight by the Interception Commissioner
The Government has consistently countered the argument against the lack of judicial authorisation by pointing t0 the supervisory role played by the Interception of Communications Commissioner. Section 57 of RIPA requires that the Interception Commissioner to be a person who hold or who has held high judicial office. The idea that the Interception Commissioner provides a sufficient safeguard against the disproportionate use of interception warrants has proved to be much more theoretical than practical. In their report Justice criticise the role of Interception Commissioner for the following reasons:
- his remit is too narrow
- he appears to review only a small proportion of warrants made
- he has no power to quash a defective warrant
- he has never once publicly questioned an interception decision made by the Secretary of State on human rights grounds
- his work in general lacks sufficient transparency
Chapter 2: Communications Data
Part 1, Chapter 2 Of RIPA provides a legal framework which encompasses the acquisition and disclosure of 'communications data'. It also explains the responsibilities and duties placed upon each party involved in these processes. A system of safeguards have been put in place which brings the Act in line with the requirements of Article 8 of the ECHR.Part 1 Chapter 2 sets up a formal system for the serving of notices on telcos and ISPs to obtain 'communications data'
The provisions of Chapter 2 are distinctly different from Chapter 1 and its interception of communications in the course of their transmission.. Interceptions are concerned with 'what' was said -put simply it refers to the content of the communication-, while communications data is concerned with the 'who','when' and 'where'.
Definition of Communications Data
'Communications data'is defined in section 21(4) of the Regulation of Investigatory Powers Act 2000. As discussed above, the term 'communications data' encompasses the 'who', 'when'and 'where'of a communication. It specifically excludes the content of what was said or written during the communication. This chapter relates to data held in respect of any postal service or telecommunication system.
Grounds to Obtain Communications Data
Section 22(2)outlines the grounds under which 'communications data' can be obtained.It is necessary on grounds falling within this subsection to obtain communications data if it is necessary—
- in the interests of national security;
- for the purpose of preventing or detecting crime or of preventing disorder;
- in the interests of the economic well-being of the United Kingdom;
- in the interests of public safety;
- for the purpose of protecting public health;
- for the purpose of assessing or collecting any tax, duty, levy or other imposition, contribution or charge payable to a government department;
- for the purpose, in an emergency, of preventing death or injury or any damage to a person’s physical or mental health, or of mitigating any injury or damage to a person’s physical or mental health
- for any purpose (not falling within paragraphs (a) to (g)) which is specified for the purposes of this subsection by an order made by the Secretary of State.
Types of Communication Data That Can Be Accessed
Communications data is divided into 3 broad categories namely:
- Account information
- Service use information
- Traffic information
More commonly known as subscriber information, it relates to information that may be held by the service provider about the person who holds a specific account with them. Examples of the information that can be obtained include:
- Who is the subscriber of telephone number 01234 567890?
- Who pays the accounts for telephone number 01234 567890?
- What are the top-up details of telephone number 01234 567890?
- Who is the account holder of e-mail account firstname.lastname@example.org
N.B: This information obtained can be used in evidence.
Service Use Information
Examples of information that can be obtained is as follows:
- Itemised records of connections to internet services, i.e. IP Log in history from an e-mail address. This can tell us what computers the person using the e-mail has logged on to during a specified period
- Itemised records of outgoing calls made by mobile or landline telephones. This includes times of calls and durations
- IMEI traces – this can establish what SIM cards have been placed in the IMEI(Handset) during a specified period
- Mail re-direction – Royal mail can inform the relevant Law Authority if there
are existing re-direction instructions on a specified address during a specified period
N.B: This information can be used as evidence
The user/owner of a computer or telephone typically has no control over this data.
Examples of what can be obtained is as follows:
- Live Cellsite – This is the live monitoring of a mobile phone when it is switched on and provides mast details of the location
- Historic Cellsite – This is an historic picture of the above, i.e. where the mobile phone was at a specified date and time
- Incoming billing – This is a list of calls made to the mobile phone
- Mail Monitoring – Royal mail can list the letters/packages delivered to a specified address during a specified time. This information cannot be obtained historically as advance measures are set up prior to the information being obtained
Problems with the Acquisition and Disclosure of Communication Data
Intrusive Nature of Communications Data
- http://www.liberty-human-rights.org.uk/pdfs/policy09/liberty-s-response-to-the-ripa-consultation.pdf @page 9, footnote 20
- http://www.liberty-human-rights.org.uk/pdfs/policy09/liberty-s-response-to-the-ripa-consultation.pdf @page 9
- http://www.liberty-human-rights.org.uk/pdfs/policy09/liberty-s-response-to-the-ripa-consultation.pdf @ page 9
- http://www.dyfed-powys.police.uk/sites/default/files/documents/PoliciesProcedures/AccessingCommsDataPolicy.pdf @ page 8
- http://www.dyfed-powys.police.uk/sites/default/files/documents/PoliciesProcedures/AccessingCommsDataPolicy.pdf @ page 8
- Justice response to Home Office consultation: "Protecting the Public in a Changing Communications Environment"
- Justice response to Home Office Consultation: "Regulation of Investigatory Powers 2000: Consolidating Orders and Codes of Practice"