Tag: RIPA

The Role of PACE  in Local Authority Regulatory Investigations 

For local authority investigators, interviewing is at the heart of effective casework. Interviews aren’t just fact finding conversations; they are a formal investigative tool with legal significance. The way you conduct them can determine whether your evidence stands up in court or during enforcement action. 

But good interviewing isn’t just about instinct or experience. It requires a clear understanding of the law, particularly the Police and Criminal Evidence Act 1984 (PACE), and a professional approach supported by structured techniques like the PEACE model (Planning and preparation, engage and explain, account, closure and evaluation). 

When interviews are handled lawfully and skilfully, they generate reliable evidence, support sound decision-making, and protect the public interest. When mishandled, they can result in inadmissible evidence, failed prosecutions, or reputational damage to your authority. 

PACE  

PACE isn’t just for the police. If your investigation might result in a criminal prosecution, PACE applies to you too. This includes interviews carried out under caution by local authority officers acting in their enforcement role; whether you’re interviewing a business owner suspected of misleading trading, a landlord accused of a housing offence or a shop keeper breaching licensing conditions. 

PACE protects the rights of suspects and ensures fairness in the gathering of evidence. The key provisions every local authority investigator must know include: 

Caution 
You must caution a person before asking questions if you suspect them of an offence and intend to use their answers in evidence. The standard caution reads: 
“You do not have to say anything, but it may harm your defence if you do not mention when questioned something which you later rely on in court. Anything you do say may be given in evidence.” 

Using the wrong caution, or failing to use it when required, risks making the evidence inadmissible. 

Right to Legal Advice 
Under PACE, suspects have the right to free legal advice. You must make them aware of this right before the interview starts. Proceeding without making this clear can jeopardise your case. 

Recording Interviews (Code E) 
Local authority investigators must follow the rules for audio-recording interviews when interviewing suspects for indictable offences or where required by enforcement policy. Correct handling, sealing, and storage of recordings protect both you and the interviewee. 

Safeguarding Vulnerable People 
If the interviewee is under 18 or considered vulnerable (for reasons such as mental health or learning difficulties), an appropriate adult must be present during the interview. Failing to ensure this safeguard can invalidate the interview. 

Avoiding Oppression and Misconduct 
You must always act with integrity and fairness, even in difficult interviews. 

Any evidence obtained through threats, unfair pressure, or oppressive behaviour is likely to be excluded.  

PEACE 

While PACE sets the legal rules, PEACE (Planning and preparation, engage and explain, account, closure and evaluation) provides a practical structure for conducting effective, professional interviews in the regulatory enforcement context. 

Unlike formal suspect interviews under PACE, PEACE can also help structure fact-finding interviews with witnesses, business representatives, or those who may later become suspects. 

1. Planning and preparation: Successful interviews start long before you sit down with the interviewee. Good planning involves: 

  • Clarifying your interview objectives. 
  • Understanding the evidence you already have. 
  • Deciding whether a caution is required. 
  • Considering the need for legal advice or an appropriate adult. 
  • Structuring your questions logically. 

Inadequate planning often leads to missed opportunities, legal errors or unreliable evidence. 

2. Engage and explain: Your professional approach is crucial. This includes: 

  • Building rapport and explaining the purpose of the interview. 
  • Clarifying rights and procedures, including the right to legal advice and, if relevant, explaining the caution. 
  • Being neutral, objective, and professional throughout. 

Your approach can affect the cooperation of the interviewee and the credibility of the evidence obtained.  Experienced interviewers have suggested that there is a positive correlation between constructive interpersonal relationships between the suspect and the interviewer and a higher level of information given. 

3. Account clarification and challenge: This is the main part of the interview. This includes: 

  • Starting with open questions, 
  • Gaining the suspects explanation of what has happened in relation to the suspected offence. 
  • Gradually asking more specific questions. 
  • Using closed questions if required to obtain finer details. 

4. Closure: Closing an interview properly matters. You should: 

  • Summarise key points with the interviewee. 
  • Offer them the chance to clarify or add anything. 
  • Explain what will happen next in the investigation. 
  • Ensure all paperwork, recordings, and notes are accurate and complete. 

Closure isn’t just administrative; it helps protect the integrity of the investigation. 

5. Evaluation: After the interview, critically assess what happened. Ask yourself 

  • Did I meet my objectives? 
  • Was the interview PACE compliant? 
  • Has new information come to light requiring further action? 
  • Are my records and recordings complete? 

The evaluation stage reinforces accountability and learning, helping you improve your practice and ensure evidential quality. 

Regulatory investigations often operate in complex legal and social environments. PACE protects the rights of individuals and the admissibility of evidence. PEACE helps you apply structure, professionalism, and investigative skill. Mastering both frameworks is key to investigative success. 

Training 

Interviewing is a professional skill, and like any skill, it needs regular practice and updating. 

  • PACE Training: Make sure you’re familiar with the latest Codes of Practice, particularly around cautions, legal rights, and vulnerable interviewees. 
  • PEACE Interview Skills: Keep refining your questioning techniques, planning, and post-interview evaluation. 
  • Scenario-Based Practice: Realistic training scenarios help bridge the gap between theory and practice. 

Regular training not only sharpens your skills but demonstrates your authority’s commitment to lawful and effective enforcement. 

Act Now has a range of customised in house training courses on RIPA, PACE, investigations and interview techniques. Our associates include Naomi Mathews who is a Senior Solicitor and was a co-ordinating officer for RIPA at a large local authority in the Midlands. Naomi has extensive experience in all areas of regulatory law and investigations.  She has worked as a defence solicitor in private practice and as a prosecutor for the local authority in a range of regulatory matters including Trading Standards, Health and Safety and Environmental prosecutions. Naomi has higher rights of audience to present cases in the Crown Court. 

Get in touch if you would like a free 30 minute consultation to discuss your training needs. 

When the RIPA Inspector Calls 

Every local authority using (or having the ability to use) covert surveillance, under the Regulation of Investigatory Powers Act 2000 (RIPA), should expect regular inspections by the Investigatory Powers Commissioner’s Office (IPCO). Typically, these are conducted every three years, though frequency may vary based on activity levels and past findings. These inspections are a key part of demonstrating lawful and proportionate use of surveillance powers.  

The Inspection Process 

IPCO inspections are now commonly conducted remotely, although on-site visits still occur when deemed necessary. You will usually be given advance notice and asked to submit key documents, including your RIPA policy, examples of authorisations (even if only historical), and training records. 

The inspection will generally follow this structure: 

  1. Document Review: The inspector will examine your authority’s policy and procedures to assess whether they reflect current law and Home Office Codes of Practice.  
  1. Case Sampling: Even if your authority hasn’t used RIPA powers in recent years, inspectors will want to see how you handle applications when they occur, or how you maintain readiness. If you have used powers, expect a thorough review of sample applications, authorisations, reviews, renewals and cancellations. 
  1. Interviews with Key Personnel: Typically, the inspector will speak with the Senior Responsible Officer (SRO), Authorising Officers and the RIPA Coordinator. They will be looking for a clear understanding of roles, responsibilities, and legal thresholds for authorisation. 
  1. Feedback and Report: The inspector will provide immediate feedback and later issue a formal report highlighting commendations, recommendations and any required actions. 

Common Inspection Findings 

As part of our provision of tailored in house training, we have to read IPCO inspection reports. The following is a list of common mistakes highlighted by IPCO. They are not attributable to any particular organisation.  

RIPA Forms 

  • Use of out of date forms 
  • No Unique Reference Number (URN)  
  • Not amending forms so that only those grounds are present which are available to the public authority e.g. councils – preventing or detecting crime  
  • Pre completed forms  
  • Use of cut and paste in boxes/repetitive narrative 

Authorisation Process  

  • Rubber stamping – no real thought given to authorisation  
  • Necessity, proportionality and collateral intrusion not fully understood/considered  
  • Likelihood of obtaining Confidential Information not fully considered 
  • Some ‘open source’ internet research is being conducted which may actually meet the criteria of Directed Surveillance and therefore require authorisation  
  • Confusion regarding reviews and renewals  
  • Lack of understanding of when a person is a CHIS 
  • Too many Authorising Officers 
  • Authorising Officers are not making adequate provision for destruction of product that is collateral intrusion or of no value to the operation  
  • Joint investigations without authorisation and/or record keeping 
  • Lack of robust management and quality assurance procedures  

Social Media 

  • Failing to consider the application of RIPA to social media monitoring 
  • Lack of understanding of when the Directed Surveillance and CHIS definitions are met 

Record Keeping  

  • Central records not compliant with the Code of Practice  
  • Inadequate monitoring, recording and audit of surveillance equipment  
  • Inadequate handling and storage of surveillance product/evidence 
 

Policies and Procedure Documents 

  • Inadequate/no RIPA policy  
  • Inadequate/out of date guidance document  
  • No CCTV protocol/procedure  

Preparing for an IPCO Inspection 

The key to a smooth inspection lies in preparation. This starts long before the inspection is announced: 

  1. Review and Update Your Policy Regularly: Your RIPA policy should be reviewed at least annually and whenever guidance or legislation changes. Make sure it is accessible to relevant staff and reflects current best practice. 
  1. Keep Your RIPA Registers in Order: Whether your authority uses an electronic register or paper records, they must be accurate and up to date. This includes entries for authorisations that were refused, cancelled or not proceeded with. 
  1. Prioritise Training (see below) 
  1. Test Your Processes: Carry out internal audits or mock inspections. Review recent authorisations (if any), check register completeness, and ensure all relevant staff understand their responsibilities. 
  1. Engage Your SRO: The SRO isn’t just a figurehead; they should champion compliance, oversee training provision, ensure policy updates, and actively monitor RIPA use within the authority. 
  1. Learn from Past Reports: If your authority has had previous inspections, review past reports and ensure all recommendations have been addressed. Be ready to explain what improvements have been made. 
  1. Stay Connected: Keep up with Home Office guidance, IPCO publications and professional networks. Sharing good practice with other local authorities can help avoid common pitfalls. 

Training and Awareness 

The last annual report (2023) published by IPCO states: 

“As a general rule, we encourage local authorities to ensure that authorising officers (AOs) and those members of staff engaged in investigative or enforcement roles, receive either classroom-based or online training from a trusted supplier on an annual or biennial basis.” 

When it comes to training, there is no one size fits all solution. It should be tailored depending on the audience, their role and frequency of using surveillance powers. Consider: 

  • Initial Training for New Staff: Any officer designated as an Authorising Officer or investigator must receive formal RIPA training before undertaking the role. 
  • Refresher Training: Aim for annual refresher sessions. Even if you’ve had no activity, this keeps knowledge alive and demonstrates proactive governance. 
  • Wider Awareness Training: Consider regular briefings for investigative and enforcement teams so they understand when RIPA applies and how to seek authorisation. 

By embedding a culture of continual learning, maintaining robust policies and records, and keeping oversight active, you’ll not only pass your inspection with confidence but also ensure your authority upholds the highest standards of accountability and public trust. 

How We Can Help 

Act Now have a range of training solutions to assist you to raise RIPA awareness and prepare for IPCO inspections: 

  • RIPA Essentials. An e learning course, consisting of an animated video followed by an online quiz. In just 30 minutes your employees can learn about the main provisions of Part 2 of RIPA including the different types of covert surveillance, the serious crime test and the authorisation process. The course also covers how RIPA applies to social media monitoring and how to handle the product of surveillance having regard to data protection.  
  • Online workshops: Our RIPA workshops  provide a thorough explanation of the RIPA requirements, processes and documentation to ensure compliance. Case studies and real life examples help to embed the learning. 
  • In House Training: We have RIPA experts who can deliver customised in house training to your organisation, whether online or face to face. Our associates include Naomi Mathews who is a Senior Solicitor and a co-ordinating officer for RIPA at a large local authority in the Midlands. She is also the authority’s Data Protection Officer and Senior Responsible Officer for CCTV.  

Leading Surveillance Law Expert Joins the Act Now Team

Act Now Training welcomes solicitor and surveillance law expert, Naomi Mathews, to its team of associates. Naomi is a Senior Solicitor and a co-ordinating officer for RIPA at a large local authority in the Midlands. She is also the authority’s Data Protection Officer and Senior Responsible Officer for CCTV.

Naomi has extensive experience in all areas of information compliance and has helped prepare for  RIPA inspections both for the Office of Surveillance Commissioners and Investigatory Powers Commissioner’s Office (IPCO). She has worked as a defence solicitor in private practice and as a prosecutor for the local authority in a range of regulatory matters including Trading Standards, Health and Safety and Environmental prosecutions. Naomi has higher rights of audience to present cases in the Crown Court.

Naomi has many years of practical knowledge of RIPA and how to prepare for a successful prosecution/inspection. Her training has been commended by RIPA inspectors and she has also trained nationally. Naomi’s advice has helped Authorising Officers, Senior Responsible Officers and applicants understand the law and practicalities of covert surveillance. 

Like our other associates, Susan Wolf and Kate Grimley Evans, Naomi is a fee paid member of the Upper Tribunal assigned to the Administrative Appeals Chamber (Information Rights Jurisdiction and First Tier Tribunal General Regulatory Chamber (Information Rights Jurisdiction).

Ibrahim Hasan, director of Act Now Training, said:

“ I am pleased that Naomi has joined our team. We are impressed with her experience of RIPA and her practical approach to training which focuses on real life scenarios as opposed to just the law and guidance.”

Naomi will be delivering our full range of RIPA workshops as well developing new ones. She is also presenting a series of one hour webinars on RIPA and Social Media. If you would like Naomi to deliver customised in house training for your organisation, please get in touch for a quote. 

Surveillance under RIPA: neither a strict legal framework nor rigorously overseen – Sam Lincoln

Interesting post from Sam Lincoln, an ex OSC Chief Inspector. Sam is the author of our RIPA E Learning course: http://www.actnow.org.uk/content/185

CCTV and the Law

By Steve Morris[ File # csp0356261, License # 1228612 ] Licensed through http://www.canstockphoto.com in accordance with the End User License Agreement (http://www.canstockphoto.com/legal.php) (c) Can Stock Photo Inc. / fintastique

The updated version of the Information Commissioner’s CCTV Code of Practice address the rising phenomena of surveillance technologies and methods. No longer are surveillance cameras passive image collectors, providing a resource for immediate use or historical evidence.

CCTV, ANPR, Body Worn Cameras, Aerial Drones, together with the associated analytical tools and software, are all technologies being used within many public and private sector organisations.

These technologies are invaluable for efficient and effective public protection as well as revenue collection and enforcement activities. Just one such example might be lone workers performing a caring function and for their safety, wearing audio and video recording equipment when they leave the safety of their own home. These persons then enter the private dwelling of a vulnerable person in need of assistance. In some instances the video and audio will be running throughout the whole of the attendance – often with a live feed to a control room. The benefits for the safety of the carer are clear, and the immediate response and advice by control room personnel is undoubtedly beneficial for the person requiring assistance. But this equipment is capturing images and conversation of an individual, and perhaps family and friends, within that person’s private home. The images and conversation, being witnessed by others many miles away is likely to be very intimate and private.

Does this vulnerable person or those responsible for them realise this is actually taking place?

Do they consent to it as a part of the provision of the service?

Before a public authority undertakes such activity it must conduct a privacy impact assessment, and perhaps obtain consent for the collection and processing of such information. Without such consideration – and a record of such assessment, then it might easily be argued that the organisation has not shown “Respect for the private life” in accordance with Article 8 of the European Convention on Human Rights, and the activity might be deemed to be unlawful – and indeed might be in breach of the Data Protection Act 1998. The Care Quality Commission has issued guidance on use of cameras in care homes.

The Surveillance Camera Commissioner, Tony Porter, pursuing compliance with a Code of Practice issued in accordance with the Protection of Freedoms Act has identified several aspects non-compliance when it comes to CCTV cameras:

  • Inadequate or non-existent privacy impact assessments
  • Equipment deployed with no respect or consideration for privacy or consideration for the benefit balanced with intrusion (proportionality)
  • Equipment in use not fit for purpose
  • Excessive use of surveillance
  • Removal of surveillance such as CCTV to reduce costs with little regard for the void left in relation to public safety and security

In a speech to the CCTV User Group, Mr Porter said budget cuts had led councils to decide to spend less on public space CCTV, meaning there was less money for staff training, poorer understanding of legal issues and a reduced service. He said councils could face greater scrutiny of their use of CCTV, including potential inspections and enforcement. Organisations should carry out annual reviews of their CCTV capacity but many failed to do so. He cited a West Midlands local authority which, upon review, reduced the number of ineffective cameras and saved £250,000 in the process.

Mr Porter, who has been in his post since March 2014, has written to council chief executives to remind them of the law and code of practice.

My latest series of one day CCTV law workshops examine the ‘surveillance landscape’ and the regulatory regime of the Information Commissioner, the Office of the Surveillance Commissioner, and the Surveillance Camera Commissioner. Attendees will be able to identify which regime(s) and codes of practice apply to their surveillance activity, and how to manage efficient, effective and lawful surveillance systems.

Steve Morris is an ex police officer and one of our expert surveillance law trainers. His CCTV law workshops take place in Manchester and London in October.

Facebook, Social Networks and the Need for RIPA Authorisations

canstockphoto12584745By Ibrahim Hasan

Increasingly local authorities are turning to the online world, especially social media, when conducting investigations. There is some confusion as to whether the viewing of suspects’ Facebook accounts and other social networks requires an authorisation under Part 2 of the Regulation of Investigatory Powers Act 2000 (RIPA). In his latest annual report the Chief Surveillance Commissioner states (paragraph 5.42):

“Perhaps more than ever, public authorities now make use of the wide availability of details about individuals, groups or locations that are provided on social networking sites and a myriad of other means of open communication between people using the Internet and their mobile communication devices. I repeat my view that just because this material is out in the open, does not render it fair game. The Surveillance Commissioners have provided guidance that certain activities will require authorisation under RIPA or RIP(S)A and this includes repetitive viewing of what are deemed to be “open source” sites for the purpose of intelligence gathering and data collation.”

Careful analysis of the legislation suggests that whilst such activity may be surveillance, within the meaning of RIPA (see S.48(2)), not all of it will require a RIPA authorisation. Of course RIPA geeks will know that RIPA is permissive legislation anyway and so the failure to obtain authorisation does not render surveillance automatically unlawful (see Section 80).

There are two types of surveillance, which may be involved when examining a suspect’s Facebook or other social network pages; namely Directed Surveillance and the deployment of a Covert Human Intelligence Source (CHIS). Section 26 of the Act states that surveillance has to be covert for it to be directed:

“surveillance is covert if, and only if, it is carried out in a manner that is calculated to ensure that persons who are subject to the surveillance are unaware that it is or may be taking place” (my emphasis)

If an investigator decides to browse a suspect’s public blog, website or “open” Facebook page (i.e. where access is not restricted to “friends”, subscribers or followers) how can that be said to be covert? It does not matter how often the site is accessed as long as the investigator is not taking steps to hide his/her activity from the suspect. The fact that the suspect is not told does about the “surveillance” does not make it covert. Note the words in the definition of covert; “unaware that it is or may be taking place.” If a suspect chooses to publish information online they can expect the whole world to read it including law enforcement and council investigators. If he/she wants or expects privacy it is open to them to use the available privacy settings on their blog or social network.

The Commissioner stated in last year’s annual report:

“5.31 In cash-strapped public authorities, it might be tempting to conduct on line investigations from a desktop, as this saves time and money, and often provides far more detail about someone’s personal lifestyle, employment, associates, etc. But just because one can, does not mean one should. The same considerations of privacy, and especially collateral intrusion against innocent parties, must be applied regardless of the technological advances.” (my emphasis)

I agree with the last part of this statement. The gathering and use of online personal information by public authorities will still engage Human Rights particularly the right to privacy under Article 8 of the European Convention on Human Rights. To ensure such rights are respected the Data Protection Act 1998 must be complied with. A case in point is the monitoring last year of Sara Ryan’s blog by Southern Health NHS Trust. Our data protection expert Tim Turner wrote recently about the data protection implications of this kind of monitoring.

Where online surveillance involves employees then the Information Commissioner’s Office’s (ICO) Employment Practices Code (part 3) will apply. This requires an impact assessment to be done before the surveillance is undertaken to consider, amongst other things, necessity, proportionality and collateral intrusion. Whilst the code is not law, it will be taken into account by the ICO and the courts when deciding whether the DPA has been complied with. In December 2014, Caerphilly County Borough Council signed an undertaking after an ICO investigation found that the Council’s surveillance of an employee , suspected of fraudulently claiming to be sick, had breached the DPA.

Facebook Friends – A Friend Indeed

Of course the situation will be different if an investigator needs to become a “friend’ of a person on Facebook in order to communicate with them and get access to their profile and activity pages. For example, local authority trading standards officers often use fake profiles when investigating the sale of counterfeit goods on social networks. In order to see what is on sale they have to have permission from the suspect. This, in my view, does engage RIPA as it involves the deployment of a CHIS defined in section 26(8):

“For the purposes of this Part a person is a covert human intelligence source if—

(a) he establishes or maintains a personal or other relationship with a person for the covert purpose of facilitating the doing of anything falling within paragraph (b) or (c);

(b) he covertly uses such a relationship to obtain information or to provide access to any information to another person; or

(c) he covertly discloses information obtained by the use of such a relationship, or as a consequence of the existence of such a relationship”  (my emphasis)

Here we have a situation where a relationship (albeit not personal) is formed using a fake online profile to covertly obtain information for a covert purpose. In the case of a local authority, this CHIS will not only have to be internally authorised but also, since 1st November 2012, approved by a Magistrate.

This is a complex area and staff who do not work with RIPA on a daily basis can be forgiven for failing to see the RIPA implications of their investigations. From the Chief Surveillance Commissioner’s comments (below) in his annual report, it seems advisable for all public authorities to have in place a corporate policy and training programme on the use of social media in investigations:

“5.44 Many local authorities have not kept pace with these developments. My inspections have continued to find instances where social networking sites have been accessed, albeit with the right intentions for an investigative approach, without any corporate direction, oversight or regulation. This is a matter that every Senior Responsible Officer should ensure is addressed, lest activity is being undertaken that ought to be authorised, to ensure that the right to privacy and matters of collateral intrusion have been adequately considered and staff are not placed at risk by their actions and to ensure that ensuing prosecutions are based upon admissible evidence.”

We have a workshop on investigating E – Crime and Social Networking Sites, which considers all the RIPA implications of such activities. It can also be delivered in house.

In conclusion, my view is that RIPA does not apply to the mere viewing of “open” websites and social network profiles. However in all cases the privacy implications have to be considered carefully and compliance with the Data Protection Act is essential.

Ibrahim will be looking at this issue in depth in our forthcoming webinars.

Looking to update/refresh your colleagues’ RIPA Knowledge. Try our RIPA E Learning Course. Module 1 is free.

We also have a full program of RIPA Courses and our RIPA Policy and Procedures Toolkit contains standard policies as well as forms (with detailed notes to assist completion).

New RIPA E-Learning Course

capture-20150824-141930

Regular refresher training for those conducting covert surveillance under Part 2 of the Regulation of Investigatory Powers Act (RIPA) is a common recommendation by the Office of Surveillance Commissioners (OSC) following inspections. Up to now, public authorities have had a choice of sending their staff on external courses or engaging our RIPA experts to deliver customised in house training at their premises. Both these options have cost implications. Some authorities can only afford to train a handful of staff thereby running the risk of non compliance by others who may not know what RIPA is and when it is engaged.

Enter the new Act Now RIPA E Learning Course. From the comfort of their own desk public authority staff can now receive relevant and up to date training on covert surveillance regulated by Part 2 of RIPA (Directed Surveillance, CHIS and Intrusive Surveillance) including the authorisation process. From as little as £49 plus vat, five interactive modules can be accessed which have a stimulating and creative approach that engages and challenges the learner. Real-life scenarios, knowledge checks, case studies and examples are included to add relevance and increase comprehension and retention. A short final course assessment leads to a certificate.

This course is not just for new staff or those with little knowledge of RIPA. It will also help experience staff to refresh and update their knowledge as it takes into account the latest RIPA codes and new authorisation procedures. Those who are really confident can do the final course assessment first, to test and identify any gaps in their knowledge. These can then be filled by doing each module. The unscored quizzes and interactions within each module and the final scored assessment are designed to challenge even RIPA geeks!

Sam Lincoln, a former OSC chief inspector, has designed the course assisted by Ibrahim Hasan. Sam says:

“I was delighted to be commissioned by Ibrahim and his team at Act Now to produce this eLearning course. When I was Chief Inspector at the OSC I was aware that many local authorities, constrained by budget reductions, were attempting to provide their own training in-house. Despite valiant efforts the result was often regurgitation of the codes of practice and ‘death by PowerPoint’ lectures. I wanted to produce something that was more interesting and included interaction, feedback and assessment.”

Upon reviewing the course our RIPA expert and trainer, Steve Morris, said:

“I have had an opportunity to review the finished product and have to say it is a great mix of knowledge, animation and assessment, using many different learning delivery methods to keep the learner engaged. Sam provides clear well-paced narration and his choice of words make the modules easy to follow and understand. I would say the modules are ideal for anyone involved with the management and application of RIPA, whatever their position.”

The Act Now RIPA E Learning Course is suitable for staff in all public authorities but particularly those in local authorities working in trading standards, environmental health, planning, licensing and enforcement.

Want to know more? Watch module 1 for FREE and join our live demonstration webinar.

Office of Surveillance Commissioners (OSC) Annual RIPA Report (2015) – Key Points

file2871316133148

The Chief Surveillance Commissioner, Sir Christopher Rose, published his final annual report on 25th June 2015. A lot of the report is typical of someone in his position who is leaving office, having a few parting moans. Then again, a £56,000 maintenance fee from the Home Office (paragraph 3.3) for a relatively simple website is well worth moaning about)!

The report covers the period from 1st April 2014 to 31st March 2015 and should be read by public authorities, especially councils, who conduct surveillance under Part 2 of the Regulation of Investigatory Powers Act 2000 (RIPA) (Directed Surveillance, Intrusive Surveillance and the deployment of a Covert Human Intelligence Source (CHIS)). It details statistics relating to the use of these tactics and information about how the Office of Surveillance Commissioners (OSC) conducts its oversight role.

Non-law enforcement agencies (including councils) authorised Directed Surveillance on 2207 occasions in the reporting period. The Department for Work and Pensions completed 25% of these. This continues a downward trend over the last few years. Last year there were 4,412 of such authorisations. Much of this downward trend is due to the continued impact of the changes, which took effect on 1st November 2012; namely magistrates’ approval for council surveillance and a new six-month threshold test for Directed Surveillance.

A total of 373 authorisations were presented to a magistrate for approval under The Protection of Freedoms Act 2012 during the reporting period. Just 17 were rejected. The Commissioner continues to be sceptical about the need for the changes saying, “I remain to be convinced of the value of this additional approval procedure which, obviously, promotes delay.”

The Commissioner, just like in his previous report, has expressed concern about the level of RIPA knowledge amongst magistrates:

“I have good reason to believe that training provision for magistrates in relation to RIPA and The Protection of Freedoms Act 2012 has been minimal and several councils have ended up providing this themselves to enable the new procedure to work effectively: this is commendable but not, presumably, what Parliament contemplated.” (Para 5.27)

Social Networks

The Commissioner advises caution when conducting online investigations especially where this involves examining social networking sites. A RIPA authorisation may be required in some cases:

“5.42 Perhaps more than ever, public authorities now make use of the wide availability of details about individuals, groups or locations that are provided on social networking sites and a myriad of other means of open communication between people using the Internet and their mobile communication devices. I repeat my view that just because this material is out in the open, does not render it fair game. The Surveillance Commissioners have provided guidance that certain activities will require authorisation under RIPA or RIP(S)A and this includes repetitive viewing of what are deemed to be “open source” sites for the purpose of intelligence gathering and data collation.”

From the Commissioner’s comments at paragraph 5.44 it seems advisable that councils should have in place a corporate policy and training programme on the use of social media in investigations:

“Many local authorities have not kept pace with these developments. My inspections have continued to find instances where social networking sites have been accessed, albeit with the right intentions for an investigative approach, without any corporate direction, oversight or regulation. This is a matter that every Senior Responsible Officer should ensure is addressed, lest activity is being undertaken that ought to be authorised, to ensure that the right to privacy and matters of collateral intrusion have been adequately considered and staff are not placed at risk by their actions and to ensure that ensuing prosecutions are based upon admissible evidence.”

We have a workshop on investigating E – Crime and Social Networking Sites, which considers all the RIPA implications of such activities.

Common inspection findings

At paragraph 5.47 of the report, the Commissioner lists the main issues that he has commented upon in his inspection reports:

  • Unsubstantiated and brief, or, conversely, excessively detailed intelligence cases
  • Over-formulaic consideration of potential collateral intrusion and an explanation of how this will be managed
  • Limited proportionality arguments by both applicants and Authorising Officers – the four key considerations (identified by my Commissioners and adopted within the Home Office Codes of Practice), if addressed in turn, should provide a suitably reasoned argument
  • More surveillance tactics and equipment authorised at the outset than appear to have been utilised when reviews and cancellations are examined
  • A regurgitation of the original application content at reviews, including a “cut and paste” proportionality entry that fails to address why the activity is still justified, in place of a meaningful update to the Authorising Officer about what has taken place in the intervening period
  • At cancellation, a rarity of meaningful detail for the Authorising Officer about the activity conducted, any collateral intrusion that has occurred, the value of the surveillance and the resultant product; and whether there has been any tangible outcome
  • Similarly, paltry input by Authorising Officers at cancellation as to the outcome and how product must be managed, and any comment about the use or otherwise of all that had been originally argued for and authorised
  • In the case of higher level authorisations for property interference and intrusive surveillance, an over-reliance by Senior Authorising Officers on pre-­prepared entries that alter little from case to case, or at times, regardless of who is acting as the Authorising Officer
  • In those same cases, often poorly articulated personal considerations as to the matters of necessity, collateral intrusion and proportionality; no or few entries at reviews; and little meaningful comment at cancellation
  • On the CHIS documentation, less common, but still encountered, the failure to authorise a CHIS promptly as soon as they have met the criteria; and in many cases (more typically within the non-law enforcement agencies) a failure to recognise or be alive to the possibility that someone may have met those criteria
  • A huge variation in the standard of risk assessments, whereby some provide an excellent “pen picture” of the individual concerned and the associated risks, whilst others can be over-generic and are not timeously updated to enable the Authorising Officer to identify emergent risks
  • Discussions that take place between the Authorising Officer and those charged with the management of the CHIS under Section 29(5) of RIPA are not always captured in an auditable manner for later recall or evidence, though this is starting to improve following our advice
  • As resources become stretched within police forces, the deputy to the person charged with responsibilities for CHIS under Section 29(5)(b) often undertakes those functions: as with an Authorising Officer, this is a responsibility which cannot be shared or delegated

Finally the Commissioner says that during inspections his staff have found that there is “a continuing lack, in many public authorities, of on-going refresher training for officers who may have been trained many years ago, or who have not been eligible for specialised training by dint of career progression or role.”

Those who have an OSC inspection in the Autumn should read Sam Lincoln’s e book which he has written for us entitled “How To Impress An OSC Inspector.” Get in touch if you want a free copy.

Last year new codes of practice under Part 2 of RIPA were introduced.

STOP PRESS… STOP PRESS… STOP PRESS… STOP PRESS…

ONLINE RIPA TRAINING

Looking for an e-learning solution for your RIPA training needs? http://www.actnow.org.uk/content/185

———————————————————————————————————-

Now is the time to consider refresher training for RIPA investigators and authorisers. We have a full program of RIPA Courses and can also deliver these at your premises, tailored to the audience. If you want to avoid re inventing the wheel, our RIPA Policy and Procedures Toolkit gives you a standard policy as well as forms (with detailed notes to assist completion) for authorising RIPA and non-RIPA surveillance.

New RIPA Communications Data Code of Practice

In March 2015 a new Code of Practice for the Acquisition and Disclosure of Communications Data by public authorities, including councils, under Part I Chapter 2 of the Regulation of Investigatory Powers Act 2000(RIPA), came into force.  It contains several policy changes, which will require careful consideration.

The key change is the need to ensure the independence of the Designated Person (DP). This is the person within the public authority who has to be satisfied that acquiring the communications data is necessary and proportionate and who signs off the application. Paragraph 3.12 of the new code states that DPs must be independent from operations and investigations when granting authorisations, or giving notices related to those operations.

This policy change was brought about in response to the European Court of Justice (ECJ) Judgment which struck down the Data Retention Directive (2006/24/EC) as the Directive did not include sufficient safeguards as to why and by whom such data may be accessed. The Judgment noted that the Directive contained no safeguards in relation to access to the retained data, including in relation to the independence of the person authorising access to the retained data.

The new code requires public authorities to satisfy the Interception of Communications Commissioner’s Office (IOCCO) that they have sufficient measures in place to ensure the DP’s independence. IOCCO have set out certain guidelines. In a nutshell, a DP must not be directly responsible for the operation or investigation (i.e. they should not have a strategic or tactical influence on the investigation). He/she should be far enough removed from the applicant’s line management chain which will normally mean they are not within the same department or unit. Applicants should not be able to choose who the DP will be on a case by case basis (save for in urgent circumstances). Finally, there should be a defined group of DPs in an organisation i.e. a recognised list defined by role and/or position.

Public authorities will need to ensure that they have a formal procedure setting out the arrangements in place to ensure independence. This will be examined by IOCCO during their inspection. It will also explore how the DPs are selected to consider applications and will audit compliance with the code.

There are exceptions to the rule of independence of DPs set out in the IOCCO Circular of the 1st June 2015 advising public authorities of the changes. These exceptions mainly relate to urgent authorisations and where very small teams of investigators mean that independence would be difficult. These exceptions will not normally apply to local authorities.

In all circumstances where public authorities use DPs who are not independent from an operation or investigation (save for the exceptions) this must be notified to the IOCCO at the next inspection. The details of the public authorities and the reasons such measures are being undertaken may be published and included in the IOCCO report.

What Should You Do Now?

  1. Prepare for an IOCCO inspection. The Commissioner still inspects councils despite their infrequent use. Read here what a typical inspection involves.
  1. Review your current DP authorisations and procedures. You may need to nominate additional (independent) DPs
  1. Review training for DPs. Paragraph 3.8 of the code says:

“Individuals who undertake the role of a designated person must  have current working knowledge of human rights principles and  legislation, specifically those of necessity and proportionality, and how they apply to the acquisition of communications data under Chapter II and this code.”

Do all your DP’s have this knowledge to undertake their role?

Act Now is offering live and interactive webinars for DPs tailored to your organisation. The webinars last for one hour which include an online test. All participants receive a certificate of completion. Get in touch for a quote.

How To Impress An OSC Inspector – Free E Book

How to impress an OSC inspector

In recent weeks reports reviewing RIPA by the Independent Reviewer of Terrorism and the Royal United Services Institute have been published. Both reports emphasised the need for clearer law and stronger oversight.

Some may presume that their recommendations persuade the Government to replace the Regulation of Investigatory Powers Act (RIPA), its amendments and related legislation, with something entirely new. That presumption may prove accurate.

However, I believe that any replacement is unlikely to substantially adjust the basic tenet of RIPA which is founded on Human Rights legislation. In particular, it is likely to retain the basic principles of necessity and proportionality along with the requirement for public authorities to produce a verifiable and contemporaneous audit of decisions and actions.

Whether or not local authorities in United Kingdom will be enabled by similar discretionary power remains to be seen. But if the effect of the Protection of Freedoms Act is illustrative, taking away the protection of law does not necessarily prevent covert surveillance conducted intentionally or accidentally. It merely removes protection from liability … neither public authorities nor citizens are properly protected.

Unless, as is the case with an interception, forms of covert surveillance are made unlawful without a warrant or authorisation, it is likely that investigatory powers will remain discretionary. Discretion – even if later approved by a designated official external to the relevant investigating authority – attracts misuse by officials if not official misuse.

The demand for better oversight is a key recommendation in both reports and there is an increasing expectation that the public is better informed regarding the potential for or actual abuse of discretionary powers.

Suffice to say that the Office of Surveillance Commissioners, or a body with similar or enhanced responsibility, will remain. Inspection is likely to be a key method to assess compliance and performance.

Impressing an inspector – and thus providing a mechanism to protect reputation and improve trust – should remain a concern to all those who are enabled to conduct surveillance covertly.

In my new E Book “How To Impress An OSC Inspector”, I provide my personal insights regarding how a local authority might best approach an OSC inspection. The information in the book remains relevant regardless of future change to legislation. It is directed at local authorities but is relevant to other public authorities.

You can download the E Book here.

I would be interested in your views. Please feel free to comment (below) or directly by email.

Sam Lincoln was formerly Chief Surveillance Inspector with the Office of Surveillance Commissioners for seven years.

STOP PRESS… STOP PRESS… STOP PRESS… STOP PRESS…

ONLINE RIPA TRAINING

Looking for an e-learning solution for your RIPA training needs? http://www.actnow.org.uk/content/185

———————————————————————————————————-

Act Now has revised its RIPA Policy and Procedures Toolkit gives you a standard policy as well as forms (with detailed notes to assist completion) for authorising RIPA and non-RIPA surveillance. Now is the time to consider refresher training for RIPA investigators and authorisers. We have a full program of RIPA Courses and can also deliver these at your premises, tailored to the audience.