|
Introduction
In March 2003 the Home Office published a consultation paper Access
to communications data: respecting privacy and protecting the public
from crime (http://www.homeoffice.gov.uk/docs/consult.pdf)
inviting views on the implementation of Part I Chapter II of the Regulation
of Investigatory Powers Act 2000 (RIPA).
2. Part I Chapter II of RIPA provides for the lawful acquisition
of communications data by public authorities for specific purposes,
primarily for the purpose of preventing and detecting crime, and only
then when both necessary and proportionate to what the authority is
seeking to achieve.
3. Section 25 of RIPA lists those public authorities that Parliament
has already approved should have lawful access to communications data
using RIPA. The consultation paper concerned additional public authorities
that might be added to that by an Order approved by Parliament.
4. Specifically the consultation paper invited views on:
- options for imposing restrictions upon additional public authorities’
lawful access to communications data under RIPA
- options for additional safeguards regulating their access to
data
5. The consultation also invited views on the need for a review,
wider than the issue of communications data, of the balance between
privacy and protection of the public. The responses on that will be
published separately.
6. This paper attempts to summarise over 170 responses that covered
a wide range of opinions submitted in a range of formats from thought-provoking
papers to terse e-mails. Inevitably it is not possible to describe
all those responses in detail. The objective is to reflect the views
that emerged.
7. Further information about this paper and about the detailed consultation
responses is available from:
Simon Watkin
Covert Investigation Policy Team
Home Office
Room 732
50 Queen Anne’s Gate
London
SW1H 9AT
and by e-mail commsdata@homeoffice.gsi.gov.uk
Summary of responses
8. Although the consultation period ended on 3 June some late responses
were accepted. In all 178 responses were received. Of those 31 were
from commercial organisations, 27 from a variety of interest groups,
52 from individuals and 68 from public authorities. The annex to this
document lists the respondents, excluding 5 that asked that their
response be treated in confidence.
9. In parallel to the consultation exercise the Home Office commissioned
independent research into the views of a representative sample of
UK public opinion regarding access to communications data by additional
public authorities.
10. There was broad acceptance of the Government’s approach,
described in the consultation paper – that public authorities’
access to communications data should be restricted within a regulatory
regime that is transparent, compliant with human rights legislation
and under the oversight of an independent commissioner.
Public authorities access to communications data
11. The consultation paper, and supporting material published on
the Home Office website (http://www.homeoffice.gov.uk/crimpol/crimreduc/regulation/part1/pas.html),
described in some detail why various public authorities responsible
for crime prevention and detection and public safety use, or need
to use, communications data to reduce crime and safeguard the public.
Although the consultation paper did not explicitly ask for views on
the necessity of their requirements to access data, some respondents
had comments.
12. Thirteen respondents expressly stated they did not wish any public
authorities to have access to communications data under RIPA, a further
11 expressly opposed any of the proposed additional authorities.
Access to communications data under RIPA
13. Support for a single regime governing public authorities’
access to communications data, and for RIPA as that regime, was given
explicitly by 19 respondents. Only 2 respondents explicitly opposed
RIPA providing a single regime for the lawful acquisition of communications
data.
14. There were 26 respondents who called either for the repeal of
so-called “legacy” legislation, which public authorities
use to lawfully acquire communications data or called for public authorities
not to use pre-existing legislation once the RIPA legislation come
into force. Repeal of legislation is not straightforward. The powers
being used are usually information-gathering powers used to lawfully
obtain information, of which communications data is a part and often
a small part.
15. One respondent submitted a draft Bill that would have the effect
of amending the Data Protection Act 1998 such that the disclosure
of personal data, which is also communications data, would be permitted
only in accordance with RIPA or the Order of a Court.
16. Many respondents (92) chose to comment on certain public authorities,
76 were supportive and 16 opposed to particular public authorities
having access to data. Local authorities were most commented on –
both favourably and unfavourably (though many of the favourable comments
came from local authorities themselves).
17. There was clear support from a number of respondents (11) for
the Radiocommunications Agency to be allowed access to the full range
of communications data in order to combat effectively the nuisance
and dangers posed by pirate radio stations.
18. Responses on behalf of, or from individual members of, Crime
and Disorder Reduction Partnerships were supportive of local authority
trading standards and environmental health services having access
to communications data.
Human Rights Principles
19. The statutory safeguards within RIPA were overwhelmingly supported.
The tests of necessity and proportionality that must be met in every
requirement for data were supported explicitly by 27 respondents and
opposed by none. The designation of suitably senior persons within
public authorities able to exercise the powers received more support
(32 respondents) and no opposition.
Restricted access to communications data by purpose
20. Support (27 responses) was expressed for restricting the purposes
for which public authorities may require communications data. Two
respondents opposed restricting access by purpose.
Restricted access to communications data by purpose and function
21. One third of respondents expressing an opinion (8 out of 26)
were against the proposal of restricting access to data by both purpose
and function (although it received a better reception in public opinion
research). Most of those opposing restriction by purpose and function
were public authorities – simply because of the practical difficulties
in defining public authority functions in legal terms. Local authorities,
in particular, are responsible for enforcing wide and diverse pieces
of legislation. Respondents also argued restriction by function was
not necessary, as public authorities investigating crime not within
their statutory remit would be acting ultra vires by definition, and
not in accordance with the law.
Restricted access by type of communications data
22. An opinion on restricting access by type of data was expressed
by 44 respondents. Of those 35 supported such a restriction.
23. The case for restricting access to communications data by data
type was put by the Government in the consultation paper. This was
an acknowledgement that an approach which gave all public authorities
the potential to acquire sensitive communications traffic data, subject
to meeting the statutory tests of necessity and proportionality in
each case, was inappropriate – because most public authorities
had no requirement for such data.
24. Some public authorities used their response to the consultation
paper to demonstrate the range of communications data they have cause
to acquire in support of their statutory functions to prevent and
detect crime or protect the public.
Designation of specific persons within public authorities
25. Ahead of the public consultation there was concern that “anyone”
in a public authority could, without reference to a suitably senior
official, acquire communications data. RIPA provides for designation
of individuals holding particular posts, ranks or grades. 32 respondents
commented specifically on this and all expressed support for clear
designation of specific suitably senior officials able to authorise
disclosure of data.
Accreditation and Single Points of Contact (SPoCs)
26. The consultation paper indicated the Government’s support
for an accreditation scheme for officials in public authorities involved
in access to communications data, linked to single points of contact
between an authority and the communications service industry. This
builds practice and training modules established by the police and
customs with the support of industry. Thirty-eight respondents commented
favourably on accreditation. Thirty-six supported the idea of SPoCs.
None were against.
27. The consultation paper acknowledged that consideration might
need to be given to the creation of multi-agency SPoCs to support
additional public authorities that seek to acquire communications
data only infrequently. Notwithstanding that section 23 (3) of RIPA
has the effect of requiring the disclosure of data to the person who
gave notice of that requirement or to a person within the same public
authority, 32 respondents expressly supported the concept of one or
more multi-agency SpoCs. Only one respondent took an expressly opposite
view.
28. Nine respondents commented on the need for a process, or processes,
to authenticate RIPA notices requiring disclosure of data or to provide
accelerated processes for the emergency services. Five respondents
commented that a central register of – variously – public
authorities, accredited personnel and SpoCs should be established.
Six respondents (6) commented that, notwithstanding section 23(3)
of RIPA, additional public authorities should exercise their requirements
for communications data through their local police SPoC.
Oversight of the Interception of Communications Commissioner
29. The consultation paper acknowledged the statutory role of the
independent Interception of Communications Commissioner to keep under
review the exercise of powers under RIPA to acquire communications
data. Oversight by the Commissioner received explicit support from
16 respondents and opposition from 3 others.
30. However, there were some concerns expressed about the Commissioner’s
role. Firstly, would the Commissioner have enough resources available
to him effectively to oversee the exercise of powers under Part I
Chapter II of RIPA as well as those exercised quite separately, and
very differently, under Part I Chapter I to intercept lawful the content
of communications. Secondly, it was argued by 8 respondents that the
public profile of the Commissioner and his work is, and might remain,
too low to provide significant reassurance that he is truly independent
and both championing and protecting the interests of the public. The
level of public recognition of the Interception of Communications
Commissioner was contrasted with that of the Information Commissioner.
31. One respondent suggested that the appointment of a lay regulator
and a panel of lay people would provide further oversight of use of
the RIPA powers.
32. Those who took part in the public research thought both the Commissioner
and the Investigatory Powers Tribunal, which considers complaints
about the exercise of RIPA powers, were crucial safeguards. One respondent
to the consultation considered that a Parliamentary Select Committee
should replace the Tribunal.
Sanctions
33. The consultation paper addressed the issue of sanctions for officials
from public authorities who access communications data inappropriately
or unlawfully. Just 6 respondents specifically addressed this point,
2 were content with the sanctions currently available. 4 were not.
Double lock on restricted access
34. The consultation paper invited views on a range of potential
additional safeguards, described in the paper as a “double lock”
on access that might supplement the statutory safeguards contained
in RIPA. Respondents’ views on the various double lock options
were mixed.
35. Judicial authorisation of requirements to acquire communications
data attracted divergent views. Opinions were split almost equally
amongst those respondents who expressed a view about it – 24
against, 20 in favour. The responses from public authorities showed
clear opposition to judicial authorisation (17 against, 2 in favour).
This was one of the few areas where the view of public authorities
differed significantly from other respondents. The public opinion
sampled in research did not see judicial authorisation as an important
safeguard.
36. Some doubts were expressed about prior approval by an independent
third party but it was more popular than judicial approval, both in
responses from public authorities and others. In all 48 respondents
expressed an opinion, 28 were in favour and 20 against. Excluding
responses from public authorities, 18 were in favour and 6 against.
37. A clear majority of respondents (33 out of 37 expressing an opinion)
were against requiring the police to undertake investigations on behalf
on public authorities. Public opinion research showed greater support
for this option, though here too there were doubts, and more popular
was the police working in conjunction with the additional public authorities.
38. The most widely supported form of additional safeguard was a
certification scheme for public authorities with access to communications
data providing a positive public statement that a public authority
was fit to exercise its powers under RIPA and that its processes met,
or exceeded, a required standard. Although certification gained only
lukewarm support from the public research groups, 47 of 49 respondents
who commented on it were in favour. (This was the highest number of
respondents to comment on any one aspect of the consultation.)
The Short List Option
39. The consultation paper floated the option of a “short list”
of additional public authorities comprising a small number of police
bodies and other emergency services. Only one respondent explicitly
favoured the short list approach, 29 expressed opposition to that.
Other Issues
40. Respondents to the consultation raised a number of issues not
addressed directly in the paper.
41. Some respondents mentioned a need for openness and publication
of statistics about the extent of the use of the RIPA powers, including
one that called for the annual publication of a full table of disclosures
made under RIPA.
42. Several correspondents mentioned the importance of public authorities
having robust processes for safeguarding data they have acquired and
for guarding against onward disclosure.
43. Eleven respondents specifically called for the after-the-event
notification of individuals whose communications data had been subject
of a disclosure requirement, envisaging that public authorities should
inform anyone whose data they have acquired – delaying that
notification where it would be prejudicial to an ongoing investigation.
The respondents commented that such notification would reassure the
public about the use made of powers to acquire communications data
and would discourage abuse of powers by officials of public authorities.
44. Nineteen respondents commented that the statutory definitions
of communications data contain in RIPA needed clarifying or amending.
45. Five respondents expressed specific concern that public authorities
would “fish” for information from communications data
records without a necessary and proportionate requirement.
46. “Scope creep”, or a perceived inevitable extension
of the number of public authorities able to access communications
data or the range of purposes for which public authorities might lawfully
access data was mentioned by one or two respondents.
Conclusion
47. The Home Office is very grateful to all the respondents for
their comments, particularly those who took the time to prepare very
detailed submissions.
48. The responses have provided a variety of views about the issues
surrounding public authorities’ access to communications data
and the implementation of Part I Chapter II of RIPA specifically.
Some issues raised by respondents about access to communications data,
relating to trust in public authorities and their officials and the
openness and accountability with which they exercise powers that impact
on individual privacy, have a much wider relevance. They will be considered
with the comments about the need for a wider review of the balance
of individual privacy and protection of the public.
49. The response to the consultation paper, both at the time of its
publication and in the comments from respondents, have indicated broad
support for the fresh approach to implementation of Part I Chapter
II of RIPA signalled in the consultation paper.
50. The Government will lay a revised RIPA (Communications Data)
Order very different to the withdrawn Order, the adverse reaction
to which prompted the consultation. The comments and views put forward
in response to the consultation paper have informed the development
of the new Order and are informing the development of new double lock
safeguards.
Home Office
September 2003
Back to top
Aberdeen City Council
Dr Yaman Akdeniz
Aleckie59
Anthony Alderson
Alliance Against Counterfeiting & Piracy
All-Party Internet Group
Niall Aslen
Gwendoline Barton
Ian Batten
Belfast City Beat
Birmingham City Council (Environmental and Consumer Service Department)
Birmingham City Council (Legal Services)
Birmingham City Council (Trading Standards)
Blackburn with Darwen Crime and
Disorder Reduction Partnership
Bournemouth Council
City of Bradford Metropolitan District
Council
Peter Bray
The British Computer Society
BT
Buckinghamshire County Council (Community Services)
Cable & Wireless
Caerphilly County Borough Council
Cardiff Council
CBI
Cheltenham Borough Council
Cheshire Constabulary
Chrysalis Radio
Nicholas Clark
Richard Clayton
Cleveland Police
Daniel Clift
R J Cobbold
John Collins
Colt Telecom
Commercial Radio Companies Association
Dave Cook
Julian Corner
Corporation of London Trading Standards Authorities
The Cruising Association
Data Protection and Privacy Practice
Department of Health, Social Services & Public Safety (Northern
Ireland)
Department of Enterprise, Trade and Investment (Northern Ireland)
Department for Work and Pensions (Jobcentre Plus)
Dundee City Council
Energis
EURIM (The European Information
Society Group)
Farmers For Action
John Farquhar
FIPR (The Foundation for Information Policy Research)
First
Andrew Fisher
Food Standards Agency
Michael Foster DL MP
George Gebbie
Martin Gentle
Gloucestershire County Council (Trading Standards Service)
Mike Goodall
GreenNet
Gwynedd Council (Public Protection Service)
Hampshire County Council
David Hansen
Health & Safety Commission
Hertbeat FM
Anthony Heyes
Jonathan Howells
Martin Hooper
Cllr Martyn Ingram
IEE (The Institution of Electrical Engineers)
IMIS (The Institute for the Management of Information Systems)
The Information Commissioner
The Institute of Chartered Accountants in England & Wales
Intellect (Information Technology Telecommunications & Electronics
Association)
Internet Service Providers Association UK (ISPA UK)
Joint Radio Company Ltd
Kent County Council Trading Standards
Kingston Communications (Hull) plc
Dr Anthony Kucernak
Reverend Roger Knight
LACORS (Local Authorities Coordinators of Regulatory Services)
The Law Society
The Law Society of Scotland
Leicestershire County Council Trading
Standards Service
Liberty
Lincoln Crime Reduction Executive
Lincolnshire County Council Trading
Standards Service
Dr Charles Lindsey
The Local Government Staff Commission
for Northern Ireland
London Borough of Hounslow Trading
Standard Department
London Borough of Newham |
London Borough of Tower Hamlets
London Fire Brigade
London Underground Limited
Borough of Macclesfield
Manchester City Council (Trading Standards Service)
Steven Mathieson
Nick McAlonan
Siobhain McDonagh MP
Jim McKenzie
Metropolitan Police Service
Microsoft
Mid and West Wales Fire Authority
Mid Sussex District Council
MidCOTS (Midlands Trading Standards Group)
Joe Middleton
Sarah Morris
NAFN (The National Anti-Fraud Network)
National Office of Animal Health Limited
Mark Newall
The Newspaper Society
Norfolk Constabulary
North Cornwall District Council
North East Trading Standards Association
North of England Trading Standards
Group
Northamptonshire County Council Trading
Standards Service
Northern Ireland Ambulance Service
Northern Ireland Fire Brigade
Northumbria Police Authority
ntl
NUMAST
O2 (UK) Ltd
A M O'Leary
Orange UK
Potato Growers Action Group
Powys County Council
Professional Projects Co Ltd
Redcar & Cleveland Borough Council
Reuters
Cllr David Rogers
Tim Sabel
Saga 106.6FM
Sandwell Metropolitan Borough Council
(Environmental Health and Trading
Standards)
Scottish Advisory Committee on
Telecommunications (SACOT)
SETSA (South East Trading Standards
Association)
Shell UK Exploration and Production
Roger Shellard
The Society of Chief Officers of Trading
Standards in Scotland (SCOTSS)
Soul City 107.5
South Wales Fire Service
Southampton Community Safety Partnership
Southend-on-Sea Borough Council
Southend-on-Sea Trading Standards
Service
Staffordshire Fire & Rescue Service
Stand.org.uk
The Standards Board for England
Alan Strachan
Suffolk County Council Trading Standards Service
Tony Sudworth
Chris Sundt
Mark Syal
T-Mobile (UK) Ltd
Taunton Deane Crime and Disorder Reduction Partnership
Sangamon Taylor
Liz Thompson
Thus plc
Tindle Radio Limited
Brian Todd
David Tomlinson
Trading Standards Institute
Telecommunications United Kingdom
Fraud Forum (TUFF)
UKERNA
Jeff Veit
Veterinary Medicines Directorate
Virgin Radio Limited
Vodafone Limited
City of Wakefield Metropolitan District
Council
Prof. Clive Walker
Graham Webster-Gardiner
Welsh Advisory Committee on
Telecommunications (WACT)
Welsh Local Government Association
Paul Williams
Wolverhampton City Council
City of York Council
ZelahRew |
Five respondents requested anonymity or that their responses be treated
in confidence.
Back to top
|
