Office of Surveillance Commissioners issues warning over social media snooping

The Office of Surveillance Commissioners (OSC), led by Chief Surveillance Commissioner The Rt Hon Sir Christopher Rose, has published its Annual Report for 2013-2014. Emma Carr (director of Big Brother Watch) highlights some of the main points.

*Intrusive surveillance authorisations have increased from 362 to 392
*Directed surveillance by law enforcement agencies (LEAs) has increased from 9,515 to 9,664
*Directed surveillance by public authorities (PAs) has decreased from 5,827 to 4,412
*Active LEA covert human intelligence sources: 4,377 were authorised, 3,025 remain authorised
*Active covert human intelligence sources (non-LEA): 53 were authorised

The Commissioner notes that the information included in the 2013-2014 Annual Report is for 100% of LEAs and 96.6% of all other PAs. However, Sir Christopher Rose notes: “I am once again slightly disappointed that a few public authorities appear to treat my request for statistical returns as an option” and that: “I have therefore decided that, as from next year, those public authorities which have failed to respond within the set deadline will be named in my Annual Report.”

The Commissioner also raises the fact that there have been a number of occasions where senior officers have failed to meet with inspectors. These comments would therefore indicate that among some LEA and PAs there’s a potential problem of the OSC not being taken seriously.

The Commissioner also notes that, since the Protection of Freedoms Act 2012 was introduced, there has been a “downward trend” in the number of applications made and authorisations granted which “may or may not be attributable to this enactment.”

Emma Carr: director of Big Brother Watch

The Commissioner raises concerns about the lack of a common approach from councils towards the authorising process now that it’s controlled by Magistrates. He goes on to warn that “the knowledge and understanding of RIPA among magistrates and their staff varies widely.” The Commissioner notes that there’s certainly a need for “adequate training or magistrates” and their colleagues.

Worryingly, the Commissioner cites two examples of inappropriate authorisations: one having granted approval for activity retrospectively, and another having signed a formal notice despite it having been erroneously completed by the applicant with details of a different case altogether.

Social media and covert investigations

One of the most interesting sections of the report relates to the use of social media for covert investigations by PAs. The Commissioner states that he “strongly” advises all public bodies to put in place proper policies designed to deal with social media investigations due to a lack of demonstrable understanding of the law from some workers involved in investigations.

The report states that: “In cash-strapped public authorities, it might be tempting to conduct online investigations from a desktop as this saves time and money and often provides far more detail about someone’s personal lifestyle, employment and associates, etc, but just because one can does not mean one should.”

While long overdue, the Commissioner is absolutely right to acknowledge that many PAs around the country may well be covertly gathering intelligence from social media sites on an illegal basis.

RIPA 2000 was created while Google was still in its infancy and social media sites like Facebook and Twitter didn’t exist. It would therefore be ridiculous to expect that the legislation would allow the use of the Internet to proportionately investigate crimes while ensuring that safeguards are in place to protect the public’s privacy.

A far more open discussion about what data should be monitored – as well as whether the legal framework is truly fit for the digital age – is now required.

Liberty represents MPs David Davis and Tom Watson in legal challenge to Government’s “emergency” surveillance law

At 11.00 am this morning, Liberty announced that it will seek a Judicial Review of the Government’s ’emergency’ surveillance law on behalf of MPs David Davis and Tom Watson. The announcement comes days after the Data Retention and Investigatory Powers Act 2014 (DRIP) was – according to Liberty – “rushed through Parliament” onto the statute book.

Liberty is arguing on Davis and Watson’s behalf that the new legislation is incompatible with Article 8 of the European Convention on Human Rights (ECHR), the right to respect for private and family life, and Articles 7 and 8 of the EU Charter of Fundamental Rights relating to respect for private and family life and the protection of personal data.

Since 2009, communications data has been retained by public communications services and network providers under a 2009 EU Data Retention Directive. However, back in April the Court of Justice of the European Union (CJEU) ruled that the Directive was invalid because it was so sweeping in its interference with individual privacy rights. The judgement made clear that existing UK legislation, including the Regulation of Investigatory Powers Act 2000 (RIPA), required urgent review.

On 10 July 2014, the DRIP Bill was introduced by ministers claiming that “emergency” legislation was necessary. The Bill was privately agreed following discussions between the three main party leaders. It became law within just three days – a timescale which Liberty feels has rendered proper parliamentary scrutiny, amendment and even debate impossible.

James Welch: Liberty’s legal director

James Welch, legal director for Liberty, said: “It’s as ridiculous as it is offensive to introduce an “emergency” law in response to an essay crisis. The court ruling that blanket data retention breached the privacy of every man, woman and child in the UK was more than three months ago. The Government has shown contempt for both the rule of law and Parliamentary Sovereignty. This private cross-party stitch-up, rail-roaded onto the statute book inside three days, is ripe for challenge in the Courts.”

David Davis, Conservative MP for Haltemprice and Howden, added: “This Act of Parliament was driven through the House of Commons with ridiculous and unnecessary haste to meet a completely artificial emergency. As a result, Members of Parliament had no opportunity to either research it, consider it or debate it properly. The aim of this legal action is to make the Government give the House the opportunity to do what it should have been allowed to do in the first place – in other words proper, considered and effective law-making. The overall aim is to create law which both protects the security of our citizens without unnecessarily invading their privacy.”

David Davis MP

Tom Watson, Labour MP for West Bromwich East, added: “The three party leaders struck a private deal to rail-road through a controversial Bill in a week. You cannot make good laws behind closed doors. The new Data Retention and Investigatory Powers Act does not answer the concerns of many that the blanket retention of personal data is a breach of fundamental rights to privacy.”

Tom Watson MP

The Human Rights Act 1998

The Human Rights Act 1998 incorporates the ECHR into UK law. Section 3 requires that, so far as it is possible to do so, primary and subordinate legislation must be read and given effect in a way which is compatible with Convention rights.

Section 4 stipulates that in any proceedings in which a court determines whether a provision or primary legislation is compatible with a Convention right, the court may – if it’s satisfied that the provision is incompatible – make a declaration of that incompatibility.

Liberty’s clients (ie David Davis MP and Tom Watson MP) claim that Section 1 of the DRIP 2014 is incompatible with the Human Rights Act and, in particular, Article 8 of the ECHR, together with Articles 7 and 8 of the EU Charter.

The powers within Section 1 of DRIP are extraordinarily wide. In its letter before claim to the Home Secretary, Liberty argues that such powers are incompatible with Article 8 of the ECHR and/or Articles 7 and/or 8 of the EU Charter for a number of reasons, including the following:

*Communications data can provide a very intimate picture of a person’s life – who they communicated with, by what means, the time and length of the communication, where the communication took place and the frequency of the communications. As the CJEU ruling said: “Those data, taken as a whole, may allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, the activities carried out, the social relationships of those persons and the social environments frequented by them”

*Communications data retained under DRIP is subject to an extremely lax access regime – still governed by the RIPA (Communications Data) Order 2010 – allowing such data to be acquired by hundreds of public authorities

*The Act allows the Home Secretary to command, by order, the blanket retention of all communications data for 12 months – no link with the prevention or detection of serious crime is required

Via its letter before claim, Liberty has invited the Home Secretary Theresa May to concede that the Act is indeed incompatible and to publish and present a replacement Bill, in turn allowing Parliament to fulfil its proper constitutional function.

Alternatively, the Home Secretary is invited to concede that Peter Davis MP and Tom Watson MP’s claim is arguable and that a substantive hearing ought to follow.

Data Retention and Investigatory Powers Bill receives Royal Assent

Legislation to ensure UK law enforcement and intelligence agencies continue to have access to the vital evidence and information they need in order to investigate criminal activity, prevent terrorism and protect the public has received Royal Assent.

The Data Retention and Investigatory Powers Act addresses urgent issues around the retention of communications data by companies as well as the interception of communications.

The legislation was brought forward after the European Court of Justice struck down the European directive that formed the basis of UK regulations governing the ability of the police service and others to access communications data retained by communication service providers.

The Act provides a clear basis in UK law for the retention of communications data and ensures this crucial information continues to be available when it’s needed.

Home Secretary Theresa May

The Act is also a response to uncertainty from overseas communications service providers around the legal framework that underpins their co-operation with intelligence and law enforcement agencies regarding investigatory powers. The Act makes clear the obligations that apply to anyone providing communications services to customers in the UK under Part 1 of the Regulation of Investigatory Powers Act 2000 (RIPA), irrespective of where those companies are based.

The Act, which comes into effect immediately, only maintains and clarifies the existing regime and does not create any new powers, rights of access or obligations on companies beyond those that already exist.

It also strengthens existing safeguards and includes a two-year ‘sunset clause’ to ensure the legal framework is kept under review into the next Parliament.

In parallel, the Government has announced new measures to increase transparency and oversight.

Necessary powers and capabilities

Home Secretary Theresa May said: “The threats faced by the UK from terrorism and organised crime remain considerable, and the Government would have been negligent if it had not made sure the people and the organisations that keep us safe have the powers and capabilities they need.”

May added: “If we had not acted immediately, investigations could have suddenly gone dark overnight. Criminals and terrorists would have been able to go about their work unimpeded, and innocent lives would have been lost.”

Continuing the theme, the Home Secretary said: “The Data Retention and Investigatory Powers Act will ensure the job of those who protect us does not become even more difficult and that they can maintain the use of vital powers to solve crime, save lives and protect the public from harm.”

May concluded: “This Act has cross-party support and I would like to express my gratitude to all those who recognised both the need for this legislation and the reason why it was so important to see it enacted quickly.”

Bringing offenders to justice

Communications data is the ‘who, when, where and how’ of a communication, such as a telephone call or an e-mail, but not its content.

It’s often the decisive factor in successful prosecutions and has helped police solve a large number of serious crimes, including the Oxford and Rochdale child grooming cases as well as the Soham and Rhys Jones murders.

As a result of the ECJ ruling, communications service providers may have started to delete data they are currently required to retain. This would have had potentially devastating consequences for investigations, which often rely on communications data that’s several months old at the point at which it’s requested.

The Act provides a clear basis in domestic law for the retention of communications data in the UK.

Protecting national security

Interception powers, which are subject to very strict controls and oversight, are used alongside other covert capabilities and techniques to identify, understand and disrupt serious criminals and terrorists before they can cause damage or endanger lives.

The Act has made explicit what is already implicit in RIPA that the provisions in RIPA which relate to communications data and interception apply to overseas communications companies offering services to UK customers.

Any loss of co-operation from the companies would have immediately resulted in a major loss of the powers and capabilities that are used every day to counter the threats we face from terrorists and organised criminals.

Introducing new safeguards

The UK has one of the best communications data oversight and authorisation systems in the world. Nonetheless, the following steps will be taken to strengthen oversight and transparency:

(1) The Independent Reviewer of Counter-Terrorism Legislation will hold a full review of powers and capabilities.
(2) The Interception of Communications Commissioner will report every six months on the operation of the legislation.
(3) A senior diplomat will be appointed to lead discussions with overseas Governments and communication service providers to assess and develop formal arrangements for the accessing of data for law enforcement and intelligence purposes held in different jurisdictions.
(4) An Independent Privacy and Civil Liberties Board will be created to consider the balance between the threat and civil liberties concerns in the UK where they are affected by policies, procedures and legislation relating to the prevention of terrorism.
(5) The number of public bodies currently able to request communications data will be reduced.
(6) The UK Government will publish annual transparency reports to make more information publicly available than ever before on the ways in which surveillance powers are operated.