Investigatory Powers Act 2016

An Investigatory Powers Bill was announced in the Queen's Speech in May 2015[1]. "New legislation will modernise the law on communications data"

It included elements of the previous Communications Data Bill.

Data retention and aquisition

Retention of communications data

Internet Connection records

The “filter”

Internal authorisation by police and other authorities

Bulk powers

Bulk collection

Bulk personal datasets

Bulk hacking

Equipment interference

Part 5 (Equipment Interference Warrants) and Chapter 3 of Part 6 (Bulk Equipment Interference Warrants) deal with “equipment interference.” Under the Part 5, a warrant can be issued in order to achieve Targeted Equipment Interference and Targeted Examination.(Article 99 (1)[2])


Targeted Interference

Targeted Equipment Interference Warrant is a warrant which authorises or requires the person to whom it is addressed to secure interference with any equipment, e.g. laptop or mobile(Article 99 (2)[3]) It purports to obtain communications data, equipment data, and any other information.(Article 99 (2)[4])

According to Article 99 (4)[5], obtaining communications includes;

(a) monitoring, observing or listening to a person’s communications or other activities;
(b) recording anything which is monitored, observed or listened to.


Additionally, so long as expressly noted in the warrants, any conducts ancillary to obtaining the stated data/information is authorised. (Article 99 (5)(a)[6]) Also, in pursuance of the requirements provided by warrants, any assistance for the observation of them would be authorised. (Article 99 (5)(b)[7]) On the other hand, the same warrant may not authorise or require a person to touch on the communication other than stored communication. If he/she have done so, it amounts to an offence under Part 3 unless it is done by legal authority. (Article 99 (6)[8]) Stored communication is communications stored in/by a telecommunications system, including one before and after transmitted. (Article 99 (8)[9])


Bulk Equipment Interference

Article 176[10] provides for Bulk Equipment Interference Warrants in order to obtain overseas-related communications, overseas-related information, and overseas-related equipment data (Article 176 (1)(c) of the Act). Overseas-related information means any information on individuals outside the UK (Article 176(2) of the Act). Overseas-related equipment data means any data which may assist in identifying the persons concerned in targeted communications or related to overseas-related communications or/and data (Article 137(5).[11],176(3)[12], and 177[13])


Safeguards

Exception for Safeguards: Targeted Examination Warrants

Targeted Examination Warrant is a warrant which authorises or requires the person to whom it is addressed to carry out the selection of protected material obtained under Bulk Equipment Interference warrant for examination in breach of the prohibition in Section 193 (4) [14]. (Article 99 (1)[15])

Technical Capability Notices

Definition

Article 253 (2)[16]

defines a Technical Capability Notice (TCN) as  “a notice—
(a) imposing on the relevant operator any applicable obligations specified in the notice, and
(b) requiring the person to take all the steps specified in the notice for the purpose of complying with those obligations.”

It must be given in a form of written communication. (Article 255 (5)[17])


Contents

A TCN must have a finite period of within which obligations therein are exhausted and may have different timescales along with different steps.(Article 253 (7)[18])


The actual contents of the obligations that are included in a TCN may be specified by Regulations under Article 253 (4)[19] insofar as SoS considers it is reasonable in order to secure that the operators have the capability to assist implementing relevant authorisations and ensure they can comply with a TCN. (Article 253 (4) (a), (b)[20]) Such obligations cover a wide range of issues, e.g. provision of necessary facilities. (Article 253 (5)[21], see also Investigatory Powers Act 2016/Investigatory Powers (Technical Capability) Regulations 2017)


Whatever the obligations are, it is enforceable and the addressee must comply with them if they relate a person in the UK.(Article 253 (9), (10)[22]) Furthermore, Article 255 (11)[23]

states that even regarding a person outside the UK, the obligations must be done so long as they are involved in;
(a) a targeted interception warrant or mutual assistance warrant under Chapter 1 of Part 2;
(b)a bulk interception warrant;
(c)an authorisation or notice given under Part 3.


Broad range of subject and scope

A TCN is issued by Secretary of State (SoS) toward a postal operator and/or telecommunications operator, including those who are proposing to become them.(Article 253 (1),(3)[24]) A TCN appears to be a supplement means of achieving what is sought by any warrant issued under Part 2.5. and 6 and any authorisation or notice under Part 3.(Article 253 (3)[25]) These warrants, authorisations and notices are collectively mentioned as relevant authorisations in Article 253 (3).[26]


Moreover, a TCN may be given to persons outside the UK. Ir further may require certain measures to be taken or not to be taken outside the UK. (Article 253 (8)[27]) In such a case, a TCN can be given in either of the following ways provided in Article 255 (6)[28]: When the person has his office or other places, where his business take place, in the UK, a TCN is delivered to such locations. Meanwhile, when the person does not have the above places in the UK, a document containing a TCN can be sent and received by the address specified by the person. This address including e-mail address and the recipient does not necessarily have to be the person addressed, for the recipient will accept the document on the person’s behalf.


Therefore, if the operators do not own any contact point physically in the UK, they can still, directly or indirectly, receive a TCN and bears the obligations therein.


Insufficient review mechanism

A TCN may be given to the operators when SoS considers it is necessary and proportionate. (Article 253(1)(a), (b)[29]) and such considerations should be affirmed by a Judicial Commissioner.(Article 253(1)(c)[30]) The Commissioner must consider the necessity and proportionality of the TCN at stake. (Article 254 (3) (b)[31]) In doing so, a Judicial Commissioner must apply the same principle as invoked as the judicial court, and take into account the view of SoS on the necessity and proportionality. (Article 254 (2), (3) (a))


However, it seems that a Judicial Commissioner can refuse to make a decision by providing a written explanation of the reason. (Article 254 (4)[32]) In such a case, in place of a Judicial Commissioner, SoS may an Investigatory Powers Commissioner to decide on the approval. (Article 154 (5)[33]) There exist no provisions in the Act that oblige an Investigatory Powers Commissioner to abide by the existing principles available in a judicial court. Similarly, there are no limitations or conditions set out in the Act about when and under what circumstances a Judicial Commissioner may refuse to assess the application. This implies that a TCN might be approved without being thoroughly considered in the light of necessity and proportionality.


Other rules

Article 255 (7)[34] provides that SoS may create further provisions about the issuance of relevant notices, in a form of regulations.

International data sharing and other arrangements

Sharing data with overseas authorities

Sections 129[35] and 130[36] are positioned as clauses setting out safeguards for issuing Targeted Equipment Interference and/or Targeted Examination Warrant. (Article 102[37], 104[38], 106[39]) Although each is applicable to different situations, the substance of the safeguards enshrined in them are identical, for Section 130 follows Section 129.(Article 130 (2)[40]) Section 130 obliges the authorities issuing relevant warrants (the issuing authorities) to ensure that they never give any materials or copies thereof to the authorities outside the UK; unless securing that the requirements are satisfied which subsection (2) mentions i.e. provided in Section 129 (2) to (5).[41]


Safeguards in place?

Section 129 concerns retention and disclosure, while Section 130 concerns disclosure of materials overseas. It has a bundle of safeguard clauses. Subsection (2)[42] limits data sharing among the authorities to the minimum extent which is necessary, in terms of; the extent of disclosure and availability, in particular, the number of persons to who have access to materials and the number and the extent of copies to be made. (Article 129 (3)[43])


The necessity test appears self-repetitious and thus does not contribute to clarification. Subsection (3)[44] basically states that necessity arises if something is;

(1) or likely to become necessary on any grounds for that justifies the original authorisation.
(2) necessary for facilitating any functions of the issuing authorities or of the Judicial Commissioners or of the Investigatory Powers Tribunal under or in relation to this Act,
(3) necessary for the purpose of legal proceedings, or
(4) necessary for the performance of the functions of any person under any enactment.


The second one is about the storing. Subsection (4)[45] states that every copy of the materials must be kept secure. Thirdly it is required that once the materials lose the grounds for the retention every copy is to be destroyed as soon as possible. (Article 129 (5)[46])


These are the safeguards in necessity (minimisation), retention, and destroy. For materials held in the UK government to be shared with authorities outside the UK, it suffices that these requirements appear to be met to the issuing authority in the UK.(Article 130 (2)Article 130 (2)[47]) There are no duty on them to confirm their overseas counterparts actually have the capacity and intention to do so nor are they imposed to see if copies are kept or destroyed in accordance with requirements in Section 129.

See also

External links

References

  1. Queen's Speech 2015, 2015-05-27, GOV.UK
  2. Article 99 (1)
  3. Article 99 (2)
  4. Article 99 (2)
  5. Article 99 (4)
  6. Article 99 (5)(a)
  7. Article 99 (5)(b)
  8. Article 99 (6)
  9. Article 99 (8
  10. Article 176 of the Act
  11. Article 137(5) of the Act
  12. Article 176(3 of the Act)
  13. Article 177 of the Act
  14. Article 193 (4)
  15. Article 99 (1)
  16. Article 253 (2)
  17. Article 255 (5)
  18. Article 253 (7)
  19. Article 253 (4)
  20. Article 253 (4) (a), (b)
  21. Article 253 (5)
  22. Article 253 (9), (10)
  23. Article 253 (11)
  24. Article 253 (1), (3)
  25. Article 253 (3)
  26. Article 253 (3)
  27. Article 253 (8)
  28. Article 255 (6)
  29. Article 253
  30. Article 253
  31. Article 254 (3)
  32. Article 254 (4)
  33. Article 154 (5)
  34. Article 255 (7)
  35. Article 129
  36. Article 130
  37. Article 102
  38. Article 104
  39. Article 106
  40. Article 130 (2)
  41. Article 129 (2), (3), (4), (5)
  42. Article 129 (2)
  43. Article 129 (3)
  44. Article 130 (3)
  45. Article 129 (4)
  46. Article 129 (5)
  47. Article 130 (2)