Regulation of Investigatory Powers Act 2000/Part I

< Regulation of Investigatory Powers Act 2000

Current Position of RIPA

Since coming into force on 26 July 2000, RIPA has given public authorities a wide ranging set of powers that allow them to monitor both individuals and businesses. These powers include the ability to [1]:

  • intercept communications under a warrant according to Part 1, chapter 1 of RIPA, where it is necessary for one of the reasons prescribed in section 5(3) of RIPA
  • acquire communications data under chapter II of part I of RIPA, for the purposes prescribed in section 22(2) of RIPA
  • carry out surveillance and use covert human intelligence sources under part II of RIPA

The current legal position regarding the retention of data is contained within the Data Retention Regulations 2009. The Regulations state that internet service providers which have received notice from the secretary of state are required to retain certain data generated or processed in connection with the provision of their communications services for a period of 12 months. By utilising Chapter 2 of Part 1 of RIPA, public authorities may acquire this data by serving a notice on an ISP which requires it to disclose identified communications data.[2]

What does Part 1 relate to?

Part 1 of the Act relates to 'communications' and is sub-divided into two chapters.

  • Chapter 1 relates to the interception of communications
  • Chapter 2 relates to the acquisition and disclosure of communications data

Chapter 1: Interception of Communications

Section 1 of RIPA 2000[3] states that it is an offence to intercept any communications (i.e emails, letters etc) in the course of its transmission.In this instance, interception is interpreted as a process which allows all or part of the communication to a party other than the sender or intended recipient.

RIPA provides exceptions this rule, where it will not be a criminal offence to intercept communications such as emails. This is achieved by the use of an 'Interception Warrant' which can only be issued by the Home Secretary. Section 5 of the Regulation of Investigatory Powers Act 2000[4] requires that the Home Secretary should not issue a warrant unless he/she believes that the warrant is proportionate and necessary:

In addition to this, section 10 of RIPA also allows the Home Secretary to modify the provisions of any previously signed interception warrant.[5]

Problems with Interception Warrants

Inadmissibility of Interception Information as Evidence

Poor Drafting/Wording

Some commentators believe that the exceptions provided in RIPA may be used to perform mass surveillance of internet traffic and phone calls. The vague grounds on which the exceptions are based may allow the Home Secretary to issue warrants in just about any circumstances.[6]

Warrant-less Interception in Certain Circumstances

A warrant is not required to intercept communications if one party to the communication consents to the interception. The party who is unaware of the interception has its privacy impacted upon in the same way as any other person whose communications have been intercepted albeit with lower authorisation levels and less safe guards. This is a blatant loophole that has the potential to be abused but could be remedied by an amendment that requires all interception warrants to have judicial authorisation.

Lack of Judicial Authorisation

In the 2008 annual report[7], the interception of communications commissioner reported that the Home Secretary issued 1508 warrants and 5344 modifications were made. From this data it can be inferred that a warrant is modified on average 3-4 times after originally being issued. Liberty opines that it is wrong to give the power to issue interception warrants to an elected politician. The interception of an individuals private communication is a serious infringement of privacy hence this process should be heavily scrutinised. Liberty states that the sheer volume of warrants issued on a daily basis, suggests that this process is not being scrutinised well enough since it is only carried out by a single person whose job functions extend well beyond the scope of issuing interception warrants. With all these other duties, how is it humanly possible to rigorously scrutinise each application. Their view is that the application for warrants would be better scrutinised and less prone to abuse if they were authorised by a senior judge.[8]

Global Comparisons of Authorisation of Interception Warrants

As noted above, interception warrants in the UK are authorised by the Executive rather than the Judiciary and for the reasons noted above, it is a major problem. There is no argument for Executive authorisation since many other countries with similar legal systems have systems of judicial authorisation before interception warrants are authorised which is undeniably more in line with democratic thinking and less prone to abuse.

The USA

The USA has two federal statutes that apply to lawful interception of communications. The 1968 Omnibus Crime Control and Safe Streets Act, Title III (Wiretap Act) relates to lawful interception in criminal investigations and the Foreign Intelligence Surveillance Act, or FISA, as amended by the US Patriot Act, governs wiretapping for intelligence purposes where the subject of the investigation must be a foreign (non-US) national or a person working as an agent on behalf of a foreign country.[9] The Wiretap Act requires Federal, state and, other government officials to obtain judicial authorization for intercepting "wire, oral, and electronic" communications such as telephone conversations and e-mails. It also regulates the use and disclosure of information obtained through authorized wiretapping.[10] This order is often called a super warrant because it is even more difficult to obtain than a regular search warrant.[11] Under the Foreign Intelligence Surveillance Act 1978, if the interception involves the acquisition of communications of any US person within the US, it must be conducted after first obtaining a court order.[12]

Canada

In Canada it is unlawful to intercept private communications unless the interception is in accordance with the authorisation issued by a judge.[13] Under Part VI Criminal Code s.185 an application for an authorization to be given under section 185 shall be made ex parte and in writing to a judge of a superior court of criminal jurisdiction or a judge as defined in section 552 and shall be signed by the Attorney General of the province in which the application is made or the Solicitor General of Canada...[14] The judge must be satisfied that granting the authorization would be in the best interests of the administration of justice, and that other investigative procedures have been tried and have failed, or other investigative procedures are unlikely to succeed or the matter is so urgent that it would be impractical to carry out the investigation using only other investigative procedures.[15]

Australia

In Australia under s.39 Telecommunications (Interception and Access) Act 1979[16], law enforcement interception warrants must be issued by an eligible Judge or a nominated Administrative Appeals Tribunal judge[17]

New Zealand

In New Zealand under Part 11A of the Crimes Act, and under the Misuse of Drugs Amendment Act 1978, police can only intercept a private communication in a narrow range of circumstances, including requiring a warrant or emergency permit that can only be issued by a High Court Judge[18]

Oversight by the Interception Commissioner

The Government has consistently countered the argument against the lack of judicial authorisation by pointing t0 the supervisory role played by the Interception of Communications Commissioner. Section 57[19] of RIPA requires that the Interception Commissioner to be a person who hold or who has held high judicial office. The idea that the Interception Commissioner provides a sufficient safeguard against the disproportionate use of interception warrants has proved to be much more theoretical than practical. In their report Justice[20] criticise the role of Interception Commissioner for the following reasons:

  • his remit is too narrow
  • he appears to review only a small proportion of warrants made
  • he has no power to quash a defective warrant
  • he has never once publicly questioned an interception decision made by the Secretary of State on human rights grounds
  • his work in general lacks sufficient transparency

Chapter 2: Communications Data

Part 1, Chapter 2 Of RIPA provides a legal framework which encompasses the acquisition and disclosure of 'communications data'. It also explains the responsibilities and duties placed upon each party involved in these processes. A system of safeguards have been put in place which brings the Act in line with the requirements of Article 8 of the ECHR.Part 1 Chapter 2 sets up a formal system for the serving of notices on telcos and ISPs to obtain 'communications data'

The provisions of Chapter 2 are distinctly different from Chapter 1 and its interception of communications in the course of their transmission.. Interceptions are concerned with 'what' was said -put simply it refers to the content of the communication-, while communications data is concerned with the 'who','when' and 'where'.

Definition of Communications Data

'Communications data'is defined in section 21(4) of the Regulation of Investigatory Powers Act 2000[21]. As discussed above, the term 'communications data' encompasses the 'who', 'when'and 'where'of a communication. It specifically excludes the content of what was said or written during the communication. This chapter relates to data held in respect of any postal service or telecommunication system.

Grounds to Obtain Communications Data

Section 22(2)[22]outlines the grounds under which 'communications data' can be obtained.It is necessary on grounds falling within this subsection to obtain communications data if it is necessary—

  • in the interests of national security;
  • for the purpose of preventing or detecting crime or of preventing disorder;
  • in the interests of public safety;
  • for the purpose of protecting public health;
  • for the purpose of assessing or collecting any tax, duty, levy or other imposition, contribution or charge payable to a government department;
  • for the purpose, in an emergency, of preventing death or injury or any damage to a person’s physical or mental health, or of mitigating any injury or damage to a person’s physical or mental health
  • for any purpose (not falling within paragraphs (a) to (g)) which is specified for the purposes of this subsection by an order made by the Secretary of State.

Types of Communication Data That Can Be Accessed

Communications data is divided into 3 broad categories namely:

  • Account information
  • Service use information
  • Traffic information

Account Information

More commonly known as subscriber information, it relates to information that may be held by the service provider about the person who holds a specific account with them. Examples of the information that can be obtained include:[23]

  • Who is the subscriber of telephone number 01234 567890?
  • Who pays the accounts for telephone number 01234 567890?
  • What are the top-up details of telephone number 01234 567890?
  • Who is the account holder of e-mail account xyz@xyz.anyone.co.uk

N.B: This information obtained can be used in evidence.

Service Use Information

Examples of information that can be obtained is as follows:[24]

  • Itemised records of connections to internet services, i.e. IP Log in history from an e-mail address. This can tell us what computers the person using the e-mail has logged on to during a specified period
  • Itemised records of outgoing calls made by mobile or landline telephones. This includes times of calls and durations
  • IMEI traces – this can establish what SIM cards have been placed in the IMEI(Handset) during a specified period
  • Mail re-direction – Royal mail can inform the relevant Law Authority if there

are existing re-direction instructions on a specified address during a specified period

N.B: This information can be used as evidence

Traffic Information

The user/owner of a computer or telephone typically has no control over this data.

Examples of what can be obtained is as follows:[25]

  • Live Cellsite – This is the live monitoring of a mobile phone when it is switched on and provides mast details of the location
  • Historic Cellsite – This is an historic picture of the above, i.e. where the mobile phone was at a specified date and time
  • Incoming billing – This is a list of calls made to the mobile phone
  • Mail Monitoring – Royal mail can list the letters/packages delivered to a specified address during a specified time. This information cannot be obtained historically as advance measures are set up prior to the information being obtained

Judicial approval

Requests for data under Part1 Chapter 2 are not normally subject to judicial approval. The Protection of Freedoms Act 2012 added section 23A,23B to the Act which, if in force, would require judicial authority for data requests. This would affect requests coming from local authorities.[26]

Justice minister Simon Hughes MP suggested in October 2014[27] that RIPA would be reformed to introduce judicial approval for requests affecting journalists presumed to be acting in the public interest.

Statistics

Statistics regarding the number of notices/authorisations for data have been included in the Interception of Communications Commissioner annual report since the 2005 report.

Period Notices and authorisations issued Oral authorisations Traffic data (%) Service use information (%) Subscriber information (%) Combination (%) Home Office requests[28]
2005 (Jan 2005-Mar 2006)[29] 439054
2006 (Apr-Dec)[30] 253557 1078
2007 [31] 519260 1220
2008 [32] 504073 1028
2009 [33] 525130 796 (Apr-Dec)
2010 [34] 552550 26 6 65 3 2813
2011 [35] 494078 25 6 52 17 4032
2012 [36] 570135 28 5 57 10 5020
2013 [37] 514608 42293 30 4 53 13 6056

Problems with the Acquisition and Disclosure of Communication Data

Broad Access

Intrusive Nature of Communications Data

Journalist sources

In September 2014 it was revealed that the Metropolitan Police had obtained the phone records of the Sun newspaper's political editor and news desk as part of a 2012 investigation into allegations of insults being made to a police-officer ("Plebgate"). [38] The journalist, Tom Newton Dunn, had previously refused to name his sources for an article about the incident. The Sun made an official complaint[39] to the Investigatory Powers Tribunal in October over the matter.

Kent Police then later admitted to retrieving a year of phone records in 2012 for a Mail on Sunday editor and journalist in order to reveal sources that had been withheld by the paper in a case related to speeding points.[40]

When freedom of information requests were made by the Press Gazette about the targeting of journalists by police with RIPA powers, many police forces refused, citing the security exemption.[41] In October 2014 the Interception of Communications Commissioner announced[42][43] an inquiry into the use of RIPA powers to determine whether the acquisition of communications data has been undertaken to identify journalistic sources. Keith Vaz MP, chairman of the Home Affairs Committee also announced that he intended to request a detailed breakdown of RIPA use by police forces.[44]

References

  1. http://www.lawgazette.co.uk/in-practice/practice-points/all-power-gchq
  2. http://www.lawgazette.co.uk/in-practice/practice-points/all-power-gchq
  3. http://www.legislation.gov.uk/ukpga/2000/23/section/1
  4. http://www.legislation.gov.uk/ukpga/2000/23/section/5
  5. http://amberhawk.typepad.com/amberhawk/2009/09/home-secretary-spends-90-minutes-per-day-with-interception-warrants.html
  6. http://www.magnacartaplus.org/bills/rip/index.htm
  7. http://www.official-documents.gov.uk/document/hc0809/hc09/0901/0901.pdf
  8. http://www.guardian.co.uk/commentisfree/libertycentral/2009/aug/24/surveillance-email
  9. wikipedia: Lawful_interception
  10. http://www.it.ojp.gov/default.aspx?area=privacy&page=1284
  11. https://ssd.eff.org/wire/govt/wiretapping-protections
  12. http://www.liberty-human-rights.org.uk/pdfs/policy09/liberty-s-response-to-the-ripa-consultation.pdf @page 9, footnote 20
  13. http://www.liberty-human-rights.org.uk/pdfs/policy09/liberty-s-response-to-the-ripa-consultation.pdf @page 9
  14. http://www.efc.ca/pages/law/cc/cc.185.html
  15. http://justice.gc.ca/eng/cons/la-al/g.html#itm26
  16. http://www.austlii.edu.au/au/legis/cth/consol_act/taaa1979410/s39.html
  17. https://www.efa.org.au/Issues/Privacy/tia.html#iw
  18. http://www.liberty-human-rights.org.uk/pdfs/policy09/liberty-s-response-to-the-ripa-consultation.pdf @ page 9
  19. http://www.legislation.gov.uk/ukpga/2000/23/section/57
  20. http://www.justice.org.uk/data/files/resources/305/JUSTICE-Freedom-from-Suspicion-Surveillance-Reform-for-a-Digital-Age.pdf
  21. http://www.legislation.gov.uk/ukpga/2000/23/part/I/chapter/II
  22. http://www.legislation.gov.uk/ukpga/2000/23/section/22
  23. http://www.dyfed-powys.police.uk/sites/default/files/documents/PoliciesProcedures/AccessingCommsDataPolicy.pdf @ page 8
  24. http://www.dyfed-powys.police.uk/sites/default/files/documents/PoliciesProcedures/AccessingCommsDataPolicy.pdf
  25. http://www.dyfed-powys.police.uk/sites/default/files/documents/PoliciesProcedures/AccessingCommsDataPolicy.pdf @ page 8
  26. Protection of Freedoms Act 2012 explanatory notes - Chapter 2 of Part 2: Safeguards for certain surveillance under RIPA
  27. British police’s use of Ripa powers to snoop on journalists to be reined in, Guardian, 2014-10-12
  28. Hansard, 2014-10-15
  29. Interception of Communications Commissioner 2005 report
  30. Interception of Communications Commissioner 2006 report
  31. Interception of Communications Commissioner 2007 report
  32. Interception of Communications Commissioner 2008 report
  33. Interception of Communications Commissioner 2009 report
  34. Interception of Communications Commissioner 2010 report
  35. Interception of Communications Commissioner 2011 report
  36. Interception of Communications Commissioner 2012 report
  37. Interception of Communications Commissioner 2013 report
  38. Plebgate: Met obtained phone records of Sun political editor without consent, Guardian, 2014-09-02
  39. Sun makes official complaint over police use of Ripa against journalists, 2014-10-06
  40. Second police force admits using RIPA to spy on journalists and sources by seizing phone records, Press Gazette, 2014-10-01
  41. More than 30 police forces refuse to reveal uses of RIPA against journalists – with 11 citing national security, Press Gazette, 2014-06-07
  42. Breakthrough! Interception Commissioner orders police forces to reveal use of RIPA spying powers against journalists, Press Gazette, 2014-10-06
  43. IOCCO Launches Inquiry into the use of RIPA powers to acquire communications data relating to the confidential sources of journalists, 2014-10-06
  44. MPs to investigate police use of Ripa powers to snoop on journalists, Guardian, 2014-10-05

Documents