In the Media

All power to GCHQ

PUBLISHED April 24, 2012

Thursday 26 April 2012 by Gustaf Duhs and Olivia Perrott

Home Office plans to widen the ­powers of intelligence agency Government Communications Headquarters (GCHQ) to access ­communications data without judicial scrutiny have provoked strong ­reactions. But what is the ­content of the new law and how does it compare to the current situation in respect of the exercise of regulatory powers by public authorities?

Criticism of the proposal

The plan to increase the power of GCHQ to monitor electronic ­communications has been described by Tory backbencher David Davis as 'an unnecessary extension of the ability of the state to snoop on ordinary people'. Civil liberties pressure group Big Brother Watch has claimed that the move 'will see Britain adopt the same kind of surveillance seen in China and Iran'.

The effectiveness of the proposed powers to prevent and detect crime has also been questioned. Some commentators have suggested that users may find it relatively easy to avoid communicating in a way which would be subject to the scrutiny of GCHQ under the new proposal.

Government response

The government claims that the plans involve a mere modernisation of current measures under the Regulation of Investigatory Powers Act 2000 (RIPA). The Home Office has stated that the new law will serve only to 'maintain the continued availability of communications data as technology changes'. While details of the proposals have not yet been revealed, it appears that the plans are to grant GCHQ powers beyond those already found in RIPA. These changes would allow GCHQ, without judicial involvement, to gain access to and monitor a wider range of data about individuals' online activities, such as details of websites visited and electronic communications sent. GCHQ will, if the plans are implemented, be permitted to access specified communications data without a warrant, and it seems that such communications could be 'monitored' by GCHQ, in the sense that the agency would be allowed live access to data as it is collected.

The Home Office has been at pains to point out that the data concerned would not include the contents of communications such as the text of an email or the exchange on a telephone call (the obtaining of which would still require a warrant). Instead, it would include the time and duration of a communication, the telephone number or email address which has been contacted and, in some cases, the location of the originator of the communication.

Current position

Since RIPA came into force, public authorities (including GCHQ) have had wide-ranging powers to monitor businesses and individuals. RIPA allows various public authorities to:

  • intercept communications under a warrant under chapter I of part I of RIPA, where it is necessary for one of the reasons prescribed in section 5(3) of RIPA;
  • acquire communications data under chapter II of part I of RIPA, for the purposes prescribed in section 22(2) of RIPA; and
  • carry out surveillance and use covert human intelligence sources under part II of RIPA.

    Under the Data Retention Regulations 2009, internet service providers (ISPs) which have received notice from the secretary of state are required to retain certain data generated or processed in connection with the provision of their communications services for a period of 12 months. Public authorities may acquire such data using powers in chapter II of part I of RIPA by serving a notice on an ISP requiring it to disclose identified ­communications data.

    At least 80 public bodies are permitted to obtain data in this way. A major criticism of the current RIPA regime is that powers to obtain communications data have been used by certain bodies, particularly local councils and trading standards agencies, for a broader range of purposes than was parliament's intention when RIPA was passed (examples given include a
    local council obtaining data to verify whether a family lives within a particular school catchment area).

    The government has attempted to address these issues in the Protection of Freedoms bill, currently passing through parliament. This bill proposes to limit the powers of local authorities to obtain communications data by requiring judicial approval for certain notices and authorisations issued under chapter II of part I of RIPA.

    Impact of the proposal

    It is arguable that the proposed powers for GCHQ are not as groundbreaking as some reports have suggested, given the already substantial powers to obtain information about individuals' internet and email activity. Indeed, it may be that the limited proposal in relation to GCHQ viewed together with the suggested limitation of powers in the Protection of Freedoms bill might mean that government powers to 'snoop' may not be significantly increased during this parliament.

    Notwithstanding this and irrespective of the details of the proposed law, it seems inevitable that any bill will face a difficult journey through parliament. The previous Labour government's attempt to introduce similar plans in relation to electronic communications was dropped after encountering strong opposition.

    Balancing the rights to privacy with the perceived need to increase national security is the difficult task of government. It also seems certain that the envisaged changes in this area will continue to involve lawyers advising the government, public authorities, businesses and individuals. As lawyers advising in this area we are forced to grapple with ever-increasing regulation in a world that is being run to an ever greater extent through 'online' activity. This leads to increased risks and unprecedented challenges.

    Gustaf Duhs is head of competition and Olivia Perrott an associate at Stevens & Bolton