The Chief Surveillance Commissioner published his annual report on 4th September 2014. The report covers the period from 1st April 2013 to 31st March 2014 and is essential reading for those public authorities, especially councils, who conduct surveillance under Part 2 of the Regulation of Investigatory Powers Act 2000 (RIPA) (Directed Surveillance, Intrusive Surveillance and the deployment of a Covert Human Intelligence Source (CHIS)). The report details statistics relating to the use of these tactics and information about how the Office of Surveillance Commissioners (OSC) conducts its oversight role.
Non-law enforcement agencies (including councils) authorised Directed Surveillance on 4,412 occasions in the reporting period. This continues a downward trend over the last few years. Last year there were 5,827 of such authorisations. 75% of these were completed by the Department for Work and Pensions.
The report also considers the changes, which took effect on 1st November 2012; namely magistrates’ approval for council surveillance and a new six-month threshold test for Directed Surveillance. There were 517 approval requests made to a magistrate in the reporting period of which only 26 were rejected. On the whole the changes are working well but the Chief Surveillance Commissioner has expressed concern about the level of RIPA knowledge amongst magistrates:
“What has become clear is that the knowledge and understanding of RIPA among magistrates and their staff varies widely. Adequate training of magistrates is a matter for others, but I highlight the need. The public is not well served if, through lack of experience or training, magistrates are not equipped effectively to exercise the oversight responsibility, which the legislation requires. I am aware, for example, of one magistrate having granted an approval for activity retrospectively, and another having signed a formal notice despite it having been erroneously completed by the applicant with details of a different case altogether.” (Para 3.10)
The Commissioner notes a continuing steady decline in the use of Directed Surveillance by local councils which may, or may not, have resulted from the introduction of the need to seek a magistrate’s approval. In one borough council there had been 47 directed surveillance authorisations between 2010 and the introduction of The Protection of Freedoms Act 2012 and none in the 16 months thereafter. (It is important to note that, as the Commissioner pointed out at paragraph 5.5 of last year’s report, RIPA is permissive legislation and there may be occasions where surveillance outside the scope of RIPA may be required. He pointed to the IPT decision in BA and others v Cleveland Police (IPT/11/129/CH). This is in keeping with Ibrahim Hasan’s view as explained previously on this blog. )
Where councils have continued to use their RIPA powers, the OSC has identified a lack of a corporate approach to the new process. Some councils have established or used existing relationships with their local magistrates’ court to ensure that both parties were prepared for the impact of the new Act; some have gone so far as to provide a training input to local magistrates and their clerks, so they understand RIPA and the type of case and associated documentation which will be presented to them. (The Home Office guidance document is a good place to start for authorities new to the approval process.)
The Commissioner draws special attention in his report to the use of the Internet for investigations, particularly involving social networking sites:
“5.30. This is now a deeply embedded means of communication between people and one that public authorities can exploit for investigative purposes. I am reasonably satisfied that there is now a heightened awareness of the use of the tactic and the advisable authorisations under RIPA that should be considered. Although there remains a significant debate as to how anything made publicly available in this medium can be considered private, my Commissioners remain of the view that the repeat viewing of individual “open source” sites for the purpose of intelligence gathering and data collation should be considered within the context of the protection that RIPA affords to such activity.”
The Commissioner advises caution when conducting online investigations:
“5.31. In cash-strapped public authorities, it might be tempting to conduct on line investigations from a desktop, as this saves time and money, and often provides far more detail about someone’s personal lifestyle, employment, associates, etc. But just because one can, does not mean one should. The same considerations of privacy, and especially collateral intrusion against innocent parties, must be applied regardless of the technological advances.”
He goes on to suggest that a RIPA authorisation may be required for some online investigations:
“5.32. Access to social networking sites by investigators in all public authorities is something we examine on inspections. Many, particularly the law enforcement agencies, now have national and local guidance available for their officers and staff. However, many local authorities and government departments have still to recognise the potential for inadvertent or inappropriate use of the sites in their investigative and enforcement role. Whilst many have warned their staff of the dangers of using social media from the perspective of personal security and to avoid any corporate damage, the potential need for a RIPA authorisation has not been so readily explained.
5.33. I strongly advise all public authorities empowered to use RIPA to have in place a corporate policy on the use of social media in investigations. Some public authorities have also found it sensible to run an awareness campaign, with an amnesty period for declarations of any unauthorised activity or where, for example, officers have created false personae to disguise their on line activities.”
We have a workshop on investigating E – Crime and Social Networking Sites, which considers all the RIPA implications of such activities.
Common inspection findings
Over the past year, the OSC has carried out in excess of 140 council inspections in England and Wales. At paragraph 5.37 of the report, the Commissioner lists the main issues that he has commented upon in his inspection reports:
· Unsubstantiated and brief, or, conversely, excessively detailed intelligence cases
· Poor and over-formulaic consideration of potential collateral intrusion and how this will be managed
· Poor proportionality arguments by both applicants and Authorising Officers – the four key considerations (identified by my Commissioners and adopted within the Home Office Codes of Practice) are often not fully addressed
· A surfeit of surveillance tactics and equipment being requested and granted but rarely fully used when reviews and cancellations are examined
· At cancellation, a lack of adequate, meaningful update for the Authorising Officer to assess the activity conducted, any collateral intrusion that has occurred, the value of the surveillance and the resultant product; with, often, a similarly paltry input by Authorising Officers as to the outcome and how product must be managed
· On the CHIS documentation, a failure to authorise a CHIS promptly as soon as they have met the criteria; and in many cases (more typically within the non-law enforcement agencies) a failure to recognise or be alive to the possibility that someone may have met those criteria
· Some risk assessments can be over-generic and not timeously updated to enable the Authorising Officer to identify emergent risks
· Discussions that take place between the Authorising Officer and those charged with the management of the CHIS under Section 29(5) of RIPA are not always captured in an auditable manner for later recall or evidence
· As resources become stretched within police forces, the deputy to the person charged with responsibilities for CHIS under Section 29(5)(b) often undertakes those functions: as with an Authorising Officer, this is a responsibility which cannot be shared or delegated
· Outside pure documentary issues, a lack, in some public authorities, of ongoing refresher training for those that require it; and a need for an improved level of personal engagement in the oversight process by the Senior Responsible Officer.
Now is the time to consider refresher training for RIPA investigators and authorisers. We have a full program of RIPA Courses and can also deliver these at your premises, tailored to the audience. If you want to avoid re inventing the wheel, our RIPA Policy and Procedures Toolkit gives you a standard policy as well as forms (with detailed notes to assist completion) for authorising RIPA and non-RIPA surveillance. There is substantial discount for orders received before 30th September 2014.