Another year, another brief Annual Report by a RIPA Commissioner
Interception of Communications Commissioner Annual Report for 2009 (.pdf) , the right hon. Sir Paul Kennedy.
As with all the previous RIPA reports, the statistics about the number of Interception warrants or about the number of Communications Data requests are deliberately not broken down into any meaningful level of detail and should be ignored, although there will no doubt be plenty of media articles which are based on the headline figures.
How many people do these figures represent ? One criminal suspect could have many mobile phones, one interception warrant could be used to capture millions or billions of email messages.
There should be a breakdown of Communications Data requests since not all Public Authorities are allowed to request the full set of subscriber details, "friendship tree" call or email patterns and location data. Revealing such figures would not prejudice ongoing investigations.
As before, there are a trivial number of minor reported procedural and form filling Errors by the Police and Intelligence agencies (Interception and Communications Data) and , to a lesser extent the hundreds of other Public Authorities who have Communications Data powers, mostly due to keyboard typing errors.
Fewer of these Errors are now even being reported, in order to reduce bureaucracy:
3.11 Accordingly I agreed to a change in the error reporting system whereby public authorities now only report errors which have resulted in them obtaining the wrong communications data and where this has resulted in intrusion upon the privacy of an innocent third party. Other errors are simply recorded.
[...]
As before, we challenge the claim that the public are in any way "reassured" by this RIPA Commissioner (or any of the other RIPA Commissioners):
2.2
[...]
The Agencies always make available to me the personnel and documents that I have asked to see. They welcome my oversight, as ensuring that they are acting lawfully, proportionately and appropriately, and they seek my advice whenever it is deemed appropriate. It is a reassurance to the general public that their activities are overseen by an independent person who has held high judicial office
National Technical Assistance Centre snooping infrastructure down for 3 days
The National Technical Assistance Centre was formerly under the Home Office / MI5 now it is under the Foreign & Commonwealth Office and GCHQ.
Amongst other things they operate the "black box" legally authorised snooping under RIPA infrastructure which taps into major telephone and internet company infrastructure (not the same as GCHQ's main interception infrastructure)
2.27 Three errors attributable to the National Technical Assistance Centre (NTAC) were reported during the period of this report, one of which I now explain. NTAC reported a technical fault within their infrastructure that resulted in the prevention of delivery of intercept related information to the intercepting agencies for three days. A project to prevent this type of error occurring has been initiated and is expected to deliver improvements in the system in 2010.
How much public money is now being spent on NTAC and its "black boxes" ?
No Interception of Communications Commissioner involvement with Encryption, again ?
Yet again, on RIPA Part III, whilst the boilerplate text explaining the legal section of the Act is copied from previous reports, there is no mention of the Interception of Communications Commissioner having been advised of any Section 49 Notices demanding access to cryptographic de-cryption keys or to the plaintext information which has been protected by encryption.
Were all the cases in the past year really dealt with by the Other RIPA Commissioners ?
There is no mention of any reports or inspections by the Inspectors or by the ICC himself into how well or how badly the Code of Practice is being adhered to regarding electronic information protected by encryption.
Mobile phones in Prisons
It is interesting to see that the ICC and his inspectors seem to have finally taken our suggestion regarding illegal Mobile Phones in Prisons, made in previous years, that whilst they are inspecting the procedures for Interception and Communications Data analysis in Prisons, something which technically they have no power to do under the RIPA, but which they have been asked to do by successive Home Secretaries.
4.12 The inspections have also revealed that an alarming number of Category B local prisons appear to have a very limited capacity to monitor prisoners who pose a real threat to good order and security and this is a cause for concern. The smuggling of drugs and illicit mobile telephones are serious problems for most prisons, irrespective of their security status, and if a serious incident were to occur, which could have been prevented through the gathering of intercept intelligence, then prison managers and staff could find themselves in an indefensible position. Regrettably on occasions my Inspectors still have to emphasise this point in a number their reports.
4.13 The Category B local prisons, which were inspected during the reporting period, were asked to provide details of the numbers of illicit mobile telephones and associated equipment that had been seized in a six month period. Statistics from 25 prisons were collated and these revealed that 1,456 mobile telephones and 797 SIM cards were seized. Under the Offender Management Act 2007 and Prison Order 1100 dated 26 March, 2008 it is now a criminal offence to convey a mobile telephone or a component part of this equipment into a prison without the authorisation of the Governor and 11 of the prisons were making use of this legislation. However, the availability of such a large number of illicit telephones in the prison system is a serious cause for concern because prisoners can also use them to access the Internet.
4.14 Following the publication of the Blakey report in 2008 the Chief Operating Officer issued the Mobile Phones Good Practice Guide which was designed to help prisons minimise the number of mobile phones entering prisons and disrupt the number of mobile telephones that they were unable to find. Intelligence from the Pin-phones does help to prevent and detect attempts to smuggle them into the prison and this was part of the strategy. Clearly quite a number of the establishments are unable to implement the strategy fully because the resources and equipment are weighted far too heavily in favour of the offence related monitoring and this is a continuing problem. It is crucially important that prisoners are prevented from using mobile telephones to conduct criminal or illicit activity inside and outside the prison. Better use of the Interception Risk Assessments will eventually reduce the amount of offence related monitoring which needs to be conducted and this will in turn increase the capability to conduct more intelligence-led monitoring.
No mention of the Wilson Doctrine
There is no mention of the Wilson Doctrine in this year's public report, except for the background reference to current Prisons policy:
4.2[...]
Communications which are subject to legal privilege are protected and there are also special arrangements in place for dealing with confidential matters, such as contact with the Samaritans and a prisoner's constituency MP
See the previous Spy Blog article: When will Prime Minister David Cameron re-affirm and extend the Wilson Doctrine on the protection from snooping on constituents' communications with their elected representatives ?
Still no progress on the use of Intercept Evidence in Court proceedings
2.10 Both the Advisory Group of Privy Counsellors and the government believe
that the potential gains from intercept as evidence justify further work in order to
establish whether the problems identified are capable of being resolved. The issues
involved are complex and difficult. I hope to be able to report on the progress
made on the planned further work in my 2010 Annual Report.
There are couple of positive bits of this report:
National Anti Fraud Network Single Point of Contact
3.40 Local authorities are required to adhere to the Code of Practice and requests for communications data are approved at a senior level, the level having been enhanced by recent changes to the legislation. In most cases this has been the head of the trading standards service or the head of the environmental health department or housing benefits sections although solicitors have also often been involved.The specialist staff who process applications for communications data are not trained to the same standard as their counterparts in other public authorities, and the infrequent use which most Councils make of their powers sometimes makes it difficult for relevant members of staff to keep abreast of developments in the communications data community. I am pleased that the Home Office has provided funding to the National Anti-Fraud Network (NAFN) and it is able to provide a national SPoC facility to all of its members. During the reporting year we have encouraged local authorities to make use of the facility, as the accredited staff at NAFN have been trained to the same standards as their counterparts in the police. One of my Inspectors has already visited NAFN and the systems and processes are being maintained to a good standard. Local authorities can use the facility with confidence and in the full knowledge that the data will be obtained in accordance with the law. Of course the Designated Person in the local authority still has responsibility for approving the application for communications data but the accredited staff in NAFN scrutinise it independently and this should weed out any which are unnecessary or unjustified.
Possibly the most useful role which the Interception of Communications Commissioner's Inspectors fulfil is the cross check to see that Police and Intelligence agencies are not actually requesting more Communications Traffic Data from Communications Services Providers than is reported to the ICC.
3.20 My Inspectorate receives good cooperation from the CSPs who have a requirement to comply with any lawful requests for communications data which are received from the public authorities. Once again the CSPs were asked to provide my Inspectors with details of the communications data they had disclosed to the public authorities during a specified period. These disclosures were randomly checked against the records kept by the public authorities in order to verify that documentation was available to support the acquisition of the data. I am pleased to say that in all cases my Inspectors were satisfied the correct process had been applied and the data had been obtained with the approval of a designated person. I regard this as a very important check upon the integrity of the process and it is most reassuring that so far it has not exposed any instances of abuse or the unlawful acquisition of communications data.
Less welcome is this unnecessary secrecy:
Another secret Investigatory Powers Tribunal case
Determination made by the Tribunal in favour of a complainant6.4 During 2009 the Investigatory Powers Tribunal made one determination in favour of a complainant. This is the fourth occasion since its inception that the Investigatory Powers Tribunal has upheld a complaint. On the grounds of confidentiality, the Investigatory Powers Tribunal Rules 2000 prohibit me from disclosing specific details about the complaint, but it is sufficient to say that the conduct complained of was not authorised in accordance with the relevant provisions of RIPA.
What possible risk to national security etc. is there in naming the actual Public Body which was found to have been in breach of the law ?
Leave a comment