Investigatory Powers Act 2016/Request Filter

< Investigatory Powers Act 2016

The 'Request Filter' described in the Investigatory Powers Act 2016 is a system designed to act as a safeguard to limit the amount of communications data that is returned in response to a public authority's request to only that which is relevant. The government hope that this will help to safeguard privacy.

The request filter is established and maintained by the Secretary of State and sits between a service provider and the public authority which requires the communications data under Part 3 of the Act.[1] In practice, this filter is operated by "one or more third parties under contract".[2]

The request filter is "available to all public authorities to assist in obtaining the communications data that they are permitted to use, subject to individual authorisations."[3]

Process

The request is sent to the filter which in turn identifies the relevant telecommunications operators or postal operators for the request and requires them to disclose the authorised communications data only to the request filter. They will not be aware of the detail of the processing to be undertaken.[4]
The request filter performs the authorised processing of the communications data that has been disclosed to produce a results file. The only communications data that is processed is that disclosed by the telecommunications operators for the purpose of the relevant authorisation. Only the results from the filter processing are released to the SPoC.[5]

Scope

Only specified communications data defined in an authorisation will be processed by the request filter. The specified data must be necessary and proportionate for the operational requirement set out in the authorisation and can only operate on limi ted sets of authorised data using specified processing patterns. The request filter will only retain communications data temporarily whilst the data is being processed. Once processing is complete the data will be deleted.[6]

According to the Government, "the request filter may be identified as part of the approach to managing collateral intrusion in an authorisation", because it "will only disclose records that match specified criteria to the SPoC and applicant.[7] The SPoC (Single Point of Contact) is an individual trained to facilitate the lawful acquisition of communications data and effective co-operation between a public authority, the Office for Communications Data Authorisations (‘OCDA’) (where relevant) and telecommunications operators and postal operators.[8] The SPoC is responsible for monitoring the request filter progress and managing compliance with the relevant authorisation.[9]

The request filter will only disclose communications data to the person identified in the relevant authorisation, or the authorising individual concerned in accordance with section 69 of the Act.[10]

Security

The filter will be operated under government security accreditation in accordance with government security policies and relevant standards. This will cover as a minimum:
  • protection of personal data disclosed by telecommunications operators or postal operators to the request filter in accordance with an authorisation;
  • controls, monitoring and audit of access to and use of the request filter;
  • restrictions regarding disclosure of results from the request filter;
  • provisions for deletion of material when no longer necessary or proportionate to retain it; and
  • those provisions set out in chapter 13 regarding data protection.[11]

Oversight

The Investigatory Powers Act 2016 Draft Code of Practice states:

The request filter will be overseen by the IPC, who will keep the use of the request filter by public authorities under review. This will form part of the IPC’s broader audit, inspection and investigation regime for public authorities and their acquisition of communications data.[12]
The IPC will receive an annual report regarding the functioning of the request filter during that year. The report will include details of verification and quality assurance activities, data deletion, security arrangements, and the operation and use of the arrangements.[13]

References

  1. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/530564/Request_Filter_factsheet.pdf
  2. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/663675/November_2017_IPA_Consultation_-_Draft_Communications_Data_Code_of_Pract....pdf, Section 11.16
  3. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/663675/November_2017_IPA_Consultation_-_Draft_Communications_Data_Code_of_Pract....pdf, Section 11.3
  4. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/663675/November_2017_IPA_Consultation_-_Draft_Communications_Data_Code_of_Pract....pdf, Section 11.13
  5. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/663675/November_2017_IPA_Consultation_-_Draft_Communications_Data_Code_of_Pract....pdf, Section 11.15
  6. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/663675/November_2017_IPA_Consultation_-_Draft_Communications_Data_Code_of_Pract....pdf, Section 11.2
  7. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/663675/November_2017_IPA_Consultation_-_Draft_Communications_Data_Code_of_Pract....pdf, Section 11.7
  8. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/663675/November_2017_IPA_Consultation_-_Draft_Communications_Data_Code_of_Pract....pdf, Section 4.4
  9. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/663675/November_2017_IPA_Consultation_-_Draft_Communications_Data_Code_of_Pract....pdf, Section 11.12
  10. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/663675/November_2017_IPA_Consultation_-_Draft_Communications_Data_Code_of_Pract....pdf, Section 11.21
  11. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/663675/November_2017_IPA_Consultation_-_Draft_Communications_Data_Code_of_Pract....pdf, Section 11.25
  12. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/663675/November_2017_IPA_Consultation_-_Draft_Communications_Data_Code_of_Pract....pdf, Section 11.27
  13. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/663675/November_2017_IPA_Consultation_-_Draft_Communications_Data_Code_of_Pract....pdf, Section 11.29