The Regulation of Investigatory Powers Act 2000 (RIP Act, or RIPA) was put on the statute book to ensure that the activities of Law Enforcement (the Intelligence Agencies, Police, Customs & Excise and other bodies) were properly regulated before the Human Rights Act 1998 came into force in October 2000.
The Act comes in several loosely connected parts:
- Part I Chapter I
- updates the law on "telephone tapping" to clearly cover Internet communications and to ensure that tapping "private" networks was lawful (following the Halford case). Establishes a Technical Advisory Board.
- Part I Chapter II
- sets up a formal system for the serving of notices on telcos and ISPs to obtain "communications data". The old ad hoc system based on s29(3) of the Data Protection Act 1998 is no longer used.
- Part II
- sets up a formal system for authorising "surveillance". Without such permission, Law Enforcement would be infringing your right to a "private life" under Article 8 of the European Convention on Human Rights.
- Part III
- gives Law Enforcement the power to serve notices (Section 49 Notices) requiring that encrypted material be "put into an intelligible form" (or as everyone else would say, decrypted). Under some circumstances the notices can require that encryption keys are handed over.
- Part IV
- establishes the Intelligence Services Commissioner, Surveillance and Interception Commissioners, Investigatory Powers Commissioner for Northern Ireland, and an Investigatory Powers Tribunal to hear complaints about unwarranted interception and related issues.
It was introduced as a bill in February 2000.
Since coming into force on 26 July 2000, RIPA has given public authorities a wide ranging set of powers that allow them to monitor both individuals and businesses. These powers include the ability to :
- intercept communications under a warrant according to Part 1, chapter 1 of RIPA, where it is necessary for one of the reasons prescribed in section 5(3) of RIPA
- acquire communications data under chapter II of part I of RIPA, for the purposes prescribed in section 22(2) of RIPA
- carry out surveillance and use covert human intelligence sources under part II of RIPA
The current legal position regarding the retention of data is contained within the Data Retention Regulations 2009. The Regulations state that internet service providers which have received notice from the secretary of state are required to retain certain data generated or processed in connection with the provision of their communications services for a period of 12 months. By utilising Chapter 2 of Part 1 of the RIPA, public authorities may acquire this data by serving a notice on an ISP which requires it to disclose identified communications data.
Further amendments are expected to arrive in the Data Retention and Investigatory Powers Bill, which if law, will replace the 2009 regulations.
In July 2014 the government passed "emergency" amendments to RIPA via the Data Retention and Investigatory Powers Act 2014 which extended RIPA to cover overseas communication providers.
Concurrently with the debate related to the Data Retention and Investigatory Powers Act 2014 it was announced that the number of public authorities that would have access to communications data would be reduced.
A draft Regulation of Investigatory Powers (Communications Data) (Amendment) Order 2015 was presented in December 2014 which would amend The Regulation of Investigatory Powers (Communications Data) Order 2010 to add two financial regulation authorities, and remove 13 other public authorities.
Reviews and calls for reform
- The conclusion of a Home Affairs Committee report on Counter-terrorism published in April 2014 recommended "that a Joint Committee of both Houses of Parliament should be appointed in order to hold an inquiry with the ability to take evidence on the Act with a view to updating it."
- Concurrently with the Data Retention and Investigatory Powers Act 2014 a Review of Communications Data and Interception Powers was announced, the first part of which will produce a report for a future Joint Committee.
- After it was revealed in 2014 that police had used RIPA access to discover the identities of journalist sources, several newspapers have called for reform of this use.
Definition of 'Communications Data'
For the purposes of this Act, the definition of 'communications data' is contained in Chapter 2 of Part 1 of the RIPA. In layman terms 'communications data' does not include the content of the communication (i.e what was said or written)but instead it encompasses the 'who', 'when' and 'where' of a communication.
Simon Watkin (Home Office) "Public consultation on draft codes of practice for both Part I Chapter II and Part III of RIPA will open in the week commencing 5 June 2006."
The return of the Crypto Wars.
We have detailed information on Regulation of Investigatory Powers Act 2000/Part III.
We also have a Regulation of Investigatory Powers Act 2000/Part I Chapter II page for the on going consultation. As Spy Blog has said "This Draft Code of Practice has massive implications when combined with the European Union's plans for mandatory Data Retention of Communications Traffic Data."
- Richard Clayton, Computer Laboratory, University of Cambridge (on ORG Advisory Council)
- Professor Ross Anderson, chairman of the Federation for Information Policy if it involves encryption and you have not talked to Ross you have not done your homework. wikipedia: Ross Anderson
- Justice response to Home Office consultation: "Protecting the Public in a Changing Communications Environment"
- Justice response to Home Office Consultation: "Regulation of Investigatory Powers 2000: Consolidating Orders and Codes of Practice"
- Big Brother Watch: "The Grim RIPA: Cataloguing the ways in which local authorities have abused their covert surveillance powers"
- Surveillance bill under fire, BBC News, 2000-02-10
- Counter-terrorism - Conclusions and recommendations, Home Affairs Committee, 2014-04-30]
- The Guardian view on the police and the rights of the press, 2014-10-08