Regulation of Invesigatory Powrs Act 2000 (RIPA) Commissioners Annual Reports for 2008 (self censord, with a confidential annex):
- Report of the Intelligence Services Commissioner for 2008 - The Rt. Hon. Sir Peter Gibson
- Report of the Interception of Communications Commissioner for 2008 - The Rt. Hon. Sir Paul Kennedy
- Annual report of the Chief Surveillance Commissioner to the Prime Minister and to Scottish Ministers for 2008-2009 - The Rt. Hon. Sir Christopher Rose
Interception of Communications Commissioner:
2.33 Warrants (a) in force, under the Regulation of Investigatory Powers Act, as at 31 December 2008 and (b) issued during the period 1 January 2008 to 31 December 2008 a b
Home Secretary 844 [929]* 1508 [1881]*
The total number of RIPA modifications from 01/01/2008 - 31/12/2008 = 5344 [5577]*
Scottish Executive 43 [28]* 204 [145]*
The total number of RIPA modifications from 01/01/2008 - 31/12/2008 = 610 [367]*
* For comparison purposes I have included in the parentheses warrant information for the period 1 January 2007 to 31 December 2007 as detailed in my 2007 Annual Report
[NB: Under the Regulation of Investigatory Powers Act 2000 there is no longer a breakdown of the figures between Telecommunications and Letters.]
[...]
3.8 During the year ended 31 December 2008, public authorities as a whole made 504,073 requests for communications data to CSPs and Internet Service Providers (ISP). This figure is slightly below the number of requests which were made in the previous year. I do not intend to give a breakdown of these requests because I do not think that it would serve any useful purpose, although the intelligence agencies, police forces and other law enforcement agencies are the principal users of communications data.
We respectfully disagree.
This data should be broken down, by public authority, by the number of requests for Subscriber Details, for Location Based Services data (both one off instantaneous or last known position fixes, and for full Location History Tracking, and for full Traffic Analysis of friendship trees etc.
3.29 In some instances, however, errors may result in catastrophic consequences for members of the public. When that happens it is my responsibility and that of my Inspectors to investigate the circumstances and work with the public authority concerned to review their systems and processes to prevent them recurring. In this particular example the police took swift action when information from a reliable source suggested that a number of very young children were at immediate risk of falling into the hands of a paedophile ring. Subscriber information relating to an Internet Protocol (IP) Address was obtained in order to locate an address for the children but unfortunately it would appear this was not correct. The police entered the address and arrested a person who was completely innocent and further enquiries are continuing. This was a very unfortunate error and the whole process of obtaining data relating to IP addresses has been re-examined. In this case there was confusion between the Internet Service Provider and the public authority over how the data should be interpreted, particularly in relation to the critical international time zones. Better checks and balances have been put in place to help clarify the process, which includes liaison with the SPoC trainers and these should help to prevent similar errors in the future.
Has there been a prompt public apology and generous financial compensation for the victim of this "very unfortunate error" ? We doubt it.
3.51 There are approximately 110 other public authorities which are registered for the purpose of acquiring communications data. These include the Serious Fraud Office, Independent Police Complaints Commission, Charity Commission, Royal Mail and the Medicines & Healthcare Products Regulatory Agency (MHRA), to name just a few.
3.52 A temporary shortage of staff in the Inspectorate and a requirement to prioritise other inspections meant that it was possible only to inspect a few of these public authorities during the reporting year.
[...]
4.6 During the period covered by this report my Inspectors visited 89 prisons which roughly equates to two thirds of the whole estate.
i.e. the ISC is still spending a lot of resources on informally checking on Prisons,which are not formally covered by RIPA, but does not have the resources to check on Local Authorities etc. , who are.
Prisons should be inspected, so they should be formally put under the RIPA framework.
Such inspections should also look into the number of illegal mobile phones discovered in each prison, and into any collateral damage caused to Emergency Services and the neighbouring public by any jamming or shielding or IMEI / IMSI tracking systems put in place to counter them.
7.3 Finally I would like to draw your attention to the Wilson Doctrine. My predecessor could find no justification for it, and neither can I. The statute and the oversight regime exist to ensure that, so far as is reasonably practicable, no-one's privacy is invaded without proper authorisation given because there seems to be good reason to take that step. Why should Members of Parliament not be in the same position as everyone else? At a time when other parliamentary privileges are under review it might be appropriate for this one to be swept away.
This assumes that the the public believe that the secretive RIPA Commissioners scheme is actually effective and trustworthy in holding over zealous petty officals in check, but that is simply not true.
Yet again, for some reason, the Interception of Communications Commissioner fails to even mention Encryption, except in his re-statement of his powers and duties, and about the NTAC centre visit which the RIPA Commissioners made.
Intelligence Services Commissioner
For a second year running, no Section 49 notices regarding access to cryptographic keys or de-crypted plaintext have been notified to the Intelligence Services Commissioner.
Part III of RIPA.
34. As I have noted above, Part III of RIPA came into force on 1 October 2007. However, no notification of any directions to require disclosure in respect of protected electronic information has been given to me in 2008 and there has been no exercise or performance of powers and duties under Part III for me to review.
[...]
Omagh Bombing
Furthermore, I concluded that there was no evidence before me to make good a number of assertions made in both the Panorama television programme and the article in the Sunday Telegraph newspaper.
Investigatory Powers Tribunal
For some reason, both the Intelligence Services Commissioner and the Interception of Communications Commissioner report annually and vaguely on the activities of the secretive Investigatory Powers Tribunal, which has never yet called any of the RIPA Commissioners before it for assistance.
The Tribunal received 136 new applications during the calendar year 2008 and completed its investigation of 70 of these during the year as well as concluding its investigation of 32 of the 41 cases carried over from 2007. 75 cases have been carried forward to 2009.6.3 In 2007 the Tribunal received 66 new applications and completed its investigation in relation to 31 of them, so in 2008 the workload increased by over 100%
[...]
Determination made in favour of two separate complainants by the Investigatory Powers Tribunal
46. During 2008 the Tribunal made two determinations in favour of two separate complainants. These are the second and third occasions that the Tribunal has upheld a complaint,
[...]
In its ruling in the 1st case the Tribunal ordered payment of an award of compensation to the complainant, as provided by section 67(7) of RIPA, though the respondents were not required to destroy the relevant records. In the second case, no award of compensation was made but the respondents were ordered to destroy the evidence of the unauthorised conduct.
The number of cases being considered by the Investigatory Powers Tribunal is surprising, given the secrecy which surrounds it.
Chief Surveillance Commissioner:
Section 49 - Encryption
4.11. My Commissioners and Inspectors attended a briefing by the National Technical Assistance Centre (NTAC) regarding the processes and procedures for the investigation of protected electronic information. During the period of this report, NTAC approved 26 applications for the service of a notice under s.49 of RIPA Part III.
1 Of these 17 went on to obtain permission from a Judge. No permissions were refused and 15 Notices were served.
2 Eleven individuals failed to comply resulting in seven charges and two convictions. The types of crime under investigation were: counter terrorism, child indecency and domestic extremism.
4.12. One Notice was served without the proper involvement of NTAC. The force concerned had relied on incorrect information from the Police National Legal Database. The individual on whom the Notice was served refused to comply but it was decided not to proceed.
Leave a comment