Thursday 28 June 2012 by Ibrahim Hasan
Local authorities will soon face severe restrictions on their powers to undertake surveillance of citizens under the Regulation of Investigatory Powers Act 2000 (RIPA).
In January 2011, the Home Office published its long-awaited Review of Counter-terrorism and Security Powers (the January 2011 review). Amid all the headlines and controversy about control orders for suspected terrorists, it was easy to miss a number of proposed changes to local authority surveillance powers. The changes will be given legislative force through amendments to RIPA via secondary legislation and the Protection of Freedoms Act 2012.
From 1 November, the grounds upon which local authorities can authorise directed surveillance under RIPA will be restricted. At present they can authorise such surveillance, under section 28(3)(b), where it is necessary 'for the purpose of preventing or detecting crime or preventing disorder'. Surveillance is often used to investigate a benefit fraud or to gather evidence of anti-social behaviour. Typical methods include covertly following people, taking photographs of them and using hidden cameras to record their movements.
The Regulation of Investigatory Powers (Directed Surveillance and Covert Human Intelligence Sources) (Amendment) Order 2012, SI 2012/1500 (the 2012 order), was made on 11 June. It amends the Regulation of Investigatory Powers (Directed Surveillance and Covert Human Intelligence Sources) Order 2010, SI 2010/521 (the 2010 order), which prescribes which officers within a public authority have the power to grant authorisation to carry out directed surveillance and the grounds, under section 28(3) of RIPA, upon which authorisation can be granted.
From 1 November, authorising officers may not approve directed surveillance unless it is for the purpose of preventing or detecting a criminal offence and it meets the condition set out in new article 7A(3)(a) or (b) of the 2010 order. Those conditions are that the criminal offence which is sought to be prevented or detected is punishable, whether on summary conviction or on indictment, by a maximum term of at least six months' imprisonment, or would constitute an offence under sections 146, 147 or 147A of the Licensing Act 2003 or section 7 of the Children and Young Persons Act 1933. The latter are all offences involving the sale of tobacco and alcohol to underage children.
Introducing a six-month imprisonment test will ensure that directed surveillance is no longer an option when local authorities are investigating 'minor offences' such as dog fouling and littering, but there is an exception to the general rule. Because of the importance of directed surveillance in corroborating investigations into underage sales of alcohol and tobacco, the test will not apply in these cases. The 2012 order also removes the second limb of section 28(3)(b) ('preventing disorder'). Directed surveillance for the purposes of tackling antisocial behaviour will no longer be able to be authorised, unless of course the behaviour constitutes a criminal offence carrying a maximum prison term of six months or more.
This will have an immediate impact on the work of local authority antisocial behaviour units. However, the government's new proposals set out in the antisocial behaviour white paper will, once enacted, bring some disorder offences (breaches of certain orders) within the remit of RIPA.
Another recommendation of the January 2011 review will be implemented via the Protection of Freedoms Act 2012, which received royal assent on 1 May. The RIPA provisions in this act are yet to come into force, but when they do they will require local authorities to have all their RIPA surveillance authorisations (that is, use of directed surveillance and covert human intelligence sources, and the acquisition of communications data) approved by a magistrate before they take effect.
The Draft Communications Data bill was also published recently. The bill provides an updated framework for ensuring the availability of communications data and its acquisition by public authorities. The most controversial aspects of the bill will enact proposals, announced in the Queen's speech in May, which will require internet firms to give the police, Serious Organised Crime Agency, intelligence agencies and HM Revenue & Customs access to a wider range of communications data on demand and, in some cases, in real time.
The Home Office said that it is updating the law 'in terms of social media and new devices'. It said that without action there is a growing risk that crimes enabled by email and the internet will go undetected and unpunished. However, civil liberties groups, and internet service providers (ISPs) have voiced concerns about the bill from a privacy and technical perspective. I have discussed these concerns in detail on my Bigger Brother blog. The bill will replace part 1 of chapter 2 of RIPA. Sections 21 to 25 of RIPA (and the related order) currently sets out who can access what types of communications data and for what purposes. This includes the police and security services as well as councils, government departments and various quangos. RIPA restricts access to the different types of communications data depending on the nature of the body requesting it and the reason for doing so.
The definition of 'communications data' includes information relating to the use of a communications service (such as telephone, internet and postal service), but does not include the contents of the communication itself. Such data is broadly split into three categories: 'traffic data', such as where a communication was made from, to whom and when; 'service data', such as the use made of the service by any person, for example itemised telephone records; and 'subscriber data', such as any other information that is held or obtained by an operator on a person it provides a service to.
Some public bodies already get access to all types of communications data, such as the police, security service, ambulance service and HMRC. Local authorities are restricted to subscriber and service-use data, and even then only where it is necessary for the purpose of preventing or detecting crime or preventing disorder. At present, access to communications data is done on a system of self-authorisation. There are forms to complete (signed by a senior officer) and tests of necessity and proportionality to satisfy. Notices have to be served on the service provider requesting the data.
The new bill will broadly replicate the current system for accessing communications data by local authorities. There is no provision to widen the scope of the information available to councils or the grounds for doing so (unlike the police and law enforcement agencies mentioned above). However, the bill does replicate the changes to the local authority RIPA regime, to be made by the Protection of Freedoms Act 2012. In future, all authorisations for access to communications data, however minor, will have to be approved by a magistrate.
The bill also implements another recommendation in the January 2011 review. This stated that the range of non-RIPA legislative frameworks by which communications data can in principle be acquired from ISPs 'should be streamlined to ensure that, as far as possible, RIPA is the only mechanism by which communications data can be acquired'.
Clause 24 introduces schedule 2 to the bill, which repeals certain general information powers so far as they enable public authorities to secure the disclosure by a telecommunications operator of communications data without the consent of the operator. This includes powers under the Trade Descriptions Act 1968, Environmental Protection Act 1990
, Social Security Administration Act 1992 and the Enterprise Act 2002. Local authority officers in environmental health, trading standards and benefit fraud departments, who may not be have been using RIPA to gain access to communications data previously, will now need to get to grips with a new regime.
The forthcoming changes to the local authority RIPA regime will have a big impact on investigation and enforcement activities. Now is the time to review RIPA processes and procedures and to make staff aware of the changing legal landscape.