As always, the Chief Surveillance Commissioner tends to reveal a little more than either the Interception of Communications Commissioner or the Intelligence Services Commissioner ever do in their Annual reports.
Unlike the other two RIPA Commissioners, Sir Christopher Rose does actually have something to report about RIPA Part II:
CHIS = Covert Human Intelligence Sources
i.e. spies , undercover agents, paid informers, unpaid informers etc.
4.8 There were 5,320 CHIS recruited by law enforcement agencies during the year; 4,495 were cancelled (including some who were recruited during the previous year) ; and 3,767 were in place at the end of March 2010. The figures for the previous year which were 4,278, 4,202 and 3,722 indicate a slight increase in usage.
4.9 During the current reporting year other public authorities recruited 229 CHIS of whom 182 were cancelled during the year with 90 in place on 31 March 2010.
During the previous year 234 were recruited, 153 cancelled and 106 were in place at the end of the year. Again just over half of CHIS usage was by government departments. The light use of RIPA/RIP(S)A powers by local authorities is even more pronounced in relation to CHIS recruitment. 97% recruited five or fewer and 86% did not use CHIS.
There are some criticisms of CHIS management and tradecraft:
5.9 There are too many occasions when inspections reveal poor tradecraft in managing CHIS. Infrequent physical meetings and reliance on communication by text messages are rarely adequate. There have also been instances where law enforcement officers have pretended to be the CHIS when communicating with his associates online, without properly providing the CHIS with an alibi. It seems to me that this is an unsafe practice.
The protection of CHIS is one of the main reasons cited for the vast amount of secrecy and lack of freedom of information and transparency in the Police and Intelligence Agencies etc.
Such amateurism in the handling of CHIS should be punished by removal of those responsible from any positions of power or authority involving CHIS - they could literally get people killed through such incompetence.
Encryption Keys and RIPA Part III
At last a few details about RIPA Part III:
NTAC = National Technical; Assistance Centre, now run by GCHQ, politically controlled by the Foreign Secretary.
Section 49 - encryption
4.10 During the period reported on, NTAC granted 38 approvals. Of these, 22 had permission granted by a Circuit Judge, of which 17 have so far been served. Six were complied with and seven were not complied with, the remainder were still being processed. Of the seven that were not complied with, five people were charged with an offence, one was not charged and the other is still being processed. So far there has been one conviction with other cases still to be decided.
4.11 The conviction related to the possession of indecent images of children and this offence is the main reason why section 49 notices are served. Other offences include: insider dealing, illegal broadcasting, theft, evasion of excise duty and aggravated burglary. It is of note that only one notice was served in relation to terrorism offences.
These statistics further aggravate the injustice to someone who does not fall into any of these categories see the previous Spy Blog article: "JFL" provides some more details about his imprisonment for refusing to divulge his cryptographic keys under a RIPA Part III section 49 notice
4.12 These statistics are provided by NTAC which is able to be accurate regarding the number of approvals it has granted. But it is reliant on those processing notices to keep it informed regarding progress. It appears that there has been delay in serving some notices after approval has been granted (hence the difference between the number approved and the number served) . Notices, once approved, should be served without delay. If delays continue, I will require an explanation.
Sir Christopher does not seem to have delved into whether or not the de-crypted plaintext or the cryptographic keys were actually stored securely, ideally also using strong encryption or not, once they had been seized as evidence through the section 49 orders.
Unless and until the public is reassured about that, then there will be lots of non-cooperation from businesses which risk massive "collateral damage" to their core business systems, as a result of police investigations involving only part of their computer infrastructure, or a few employees or customers.
There is nothing specific about Automatic Number Plate Recognition (ANPR), but there is a section on CCTV:
Closed Circuit TeleVision - CCTV
5.22 My Chief Inspector has met the Interim CCTV Regulator and, as a member of the Independent Advisors Group, he will represent me in the development of the National CCTV Strategy.
How things have changed. Previously the Surveillance Commissioners took no interest in overt or covert CCTV spy cameras.
5.23 I am pleased by the proliferation of protocols between local authorities and police forces. In particular, I am satisfied that there is a wider acceptance of the need for authorisations to be shown to those responsible for using cameras covertly. But I am concerned at the number of inspections reporting the ability of some police forces to control, remotely, cameras owned, solely by or in partnership with, a local council. Sometimes control can be taken without the knowledge of the council CCTV Control Room or the guarantee that an appropriate authorisation exists. Equally, there is no guarantee that the person remotely operating the camera is appropriately qualified to conduct such an operation. Protocols should clarify the procedures to be followed when control is taken by others outside the CCTV Control Room and ensure that suitable safeguards are in place to prevent misuse.