Surveillance and the DPA

survey_iconRoger J Bescoby of the Brownsword Group writes:

Brownsword Group is often engaged to undertake covert surveillance on behalf of clients, including public bodies and insurance companies, where, for example, there are allegations of insurance fraud or spurious personal injury claims. All surveillance is done in compliance with relevant laws and codes of practice including the Data Protection Act 1998.

In the last two weeks we have been asked to clarify two procedural points in relation to the submission of video surveillance evidence. In both matters we were fully confident of our position, but in order to confirm beyond doubt, we have received excellent and swift support from the Information Commissioner’s Office (ICO). We would like to share the events with you:

TO PIXELATE OR NOT TO PIXELATE?

We were asked to comment as to the necessity of pixelating the faces of ‘others’ (third parties) when submitting a covert video surveillance report. Our client was of the opinion that this may indeed be a requirement under the Data Protection Act (DPA).

We do not routinely pixelate the faces of others captured on film, irrespective of them being adults or minors, believing there is no such requirement. (The filming of minors and ‘others’ is avoided at all times, where logistically possible, to minimise any collateral intrusion. This is a key element in our operatives’ training regime.)

Following direct consultation, the ICO confirmed to us that there is no requirement under DPA to pixelate out the faces of others in Civil Cases such as personal injury claims. The only time the DPA requires pixelation is when providing film data under a Subject Access Request (SAR).

The ICO helpfully went further, saying that pixelation could be seen or construed as ‘tampering’ with the evidence upon which all parties are to carry out an evidential assessment. It could also deny the data subject the opportunity to identify potential witnesses which may assist their case.

Pixelation is a laborious process that adds time and expense to the production of evidence. We think any such requests should be strenuously refuted, quoting the ICO’s clear opinion above. (see also the ICO’s CCTV Code of Practice)

FILMING OF MINORS?

One of our surveillance films was recently used in evidence in an Employment Tribunal. The circumstances were that an employee, off sick with a severe back condition, was believed to be ‘malingering’. Surveillance evidence strongly suggested this was the case; at one stage during the surveillance the subject was observed to freely bend down to pick up his infant child and secure him in a car seat, involving continued bending and twisting etc.

The employee instructed a Trade Union lawyer to represent him at Tribunal, during which the extraordinary claim was made that ‘filming of children is illegal’.

Again we were fully confident that our processing here was justified, fair and relevant. The Tribunal (who you would have thought should know better) however required confirmation on the point. We made immediate and urgent contact with the ICO requesting a clarification. By return of email the ICO confirmed that the DPA 1998 does not prohibit the processing of personal data  relating to children as such. What it does is set out is how personal data should be processed, i.e. fairly and lawfully. Furthermore the ICO confirmed the Act would not prohibit filming of a child if it were proportionate in the circumstances and was of such evidential worth that the omission of the images would be prejudicial to the case in hand.

There is no doubt that a new air of sensitivity exists surrounding the filming of minors. Brownsword Group have strict policies and procedures in place that ensure we avoid the capturing of children on film wherever logistically possible. The ‘Savile /and others’ enquiry has understandably played its part in this, but it is important to be alert to spurious arguments now being raised, perhaps with a scurrilous intent to muddy the waters?

Collateral Intrusion is recognised, fully understood and accepted by the ICO, providing there is evidence that the surveillance operative has, overall, demonstrated the due discrimination and proportionality that the DPA requires.

THE ICO AND COVERT SURVEILLANCE GENERALLY

We have had several extremely useful meetings with the ICO recently, finding them very helpful and indeed supportive of some exciting initiatives we have put forward.

Be in no doubt, the ICO fully understand the necessity and the vital role covert surveillance plays in the prevention and validation of insurance fraud. The DPA still usefully provides the same ‘Legitimate Interest’ exemptions that have existed since 1998. All the ICO reasonably ask is that surveillance is undertaken fairly, justifiably and proportionately.

We know exactly how the ICO like things to be – follow those rules and surveillance is there, ready and waiting to be deployed just as it always has been – to protect honest policyholders.

Please get in touch if you require further information on any of the above.

Roger J Bescoby MABI is Director of Strategic Development at Brownsword Group (Visit www.brownsword.com & www.talk-safe.co.uk)

Act Now is running a series of webinars on aspects of surveillance law including the CCTV Code and an update on RIPA. Details here: http://www.actnow.org.uk/content/93

RIPA Part 2 Inspections: Common Criticisms by the OSC

examThe Office of Surveillance Commissioners (OSC) is responsible for overseeing the use of covert surveillance by designated public authorities by carrying out regular inspections. (Appendix E of the Chief Surveillance Commissioner’s Annual Report (2012-13) lists those whom the OSC inspects and how often.) In the UK the inspections check councils’ compliance with Part 2 of the Regulation of Investigatory Powers Act 2000(RIPA) (and in Scotland The Regulation of Investigatory Powers (Scotland) Act 2000 (RIP(S)A)) for use directed surveillance, intrusive surveillance and covert human intelligence sources (CHIS).

As part of our provision of tailored in house training, we have to read OSC inspection reports. The following is a list of common mistakes highlighted by the OSC. They are not attributable to any particular organisation.

FORMS

  • Use of out of date forms
  • No Unique Reference Number (URN)
  • Not amending forms so that only those grounds are present which are available to the public authority e.g. councils – preventing or detecting crime
  • Pre completed forms
  • Use of cut and paste in boxes/repetitive narrative

AUTHORISATION PROCESS

  • Rubber stamping – no real thought given to authorisation
  • Necessity, proportionality and collateral intrusion not fully understood/considered by investigators and authorisers
  • Likelihood of obtaining Confidential Information not fully considered
  • Some ‘open source’ internet research is being conducted which may actually meet the criteria of Directed Surveillance and therefore require authorisation
  • Confusion re: reviews and renewals
  • Lack of understanding of when a person is a CHIS
  • Two many Authorising Officers
  • Authorising Officers are not making adequate provision for destruction of product that is collateral intrusion or of no value to the operation
  • Several authorities are pooling resources but then not obtaining authorisations and keeping records in relation to a proper designated authority
  • Confusion about interference with property powers under Police Act 
1997
  • NB councils cannot do this
  • More robust management and quality assurance procedures required 


RECORD KEEPING

  • Central records not compliant with the Code of Practice
  • Inadequate monitoring, recording and audit of surveillance equipment
  • Inadequate handling and storage of surveillance product/evidence 


POLICIES AND PROCEDURE DOCUMENTS

  • Inadequate/no RIPA policy
  • In adequate guidance document (or out of date)
  • No CCTV protocol/procedure
  • OSC may wish to visit your CCTV control room

TRAINING AND AWARENESS

  • Inadequate training
  • Lack of regular training/refresher trainer
  • Inadequate record of those who have been trained
  • OSC may ask to see recent training materials

If you are considering refresher training for RIPA investigators and authorisers, please see our full program of RIPA Courses and our online webinars. We can also deliver tailored in house training at your premises.

Ever since the changes to the council surveillance regime, which came into force on 1st November 2012, the OSC has taken an interest in ensuring councils do not authorise surveillance under RIPA for “minor offences.” In addition they have been keen to ensure that council’s have an agreed protocol and procedure for presenting authorisation applications to the Magistrates’ Courts. Finally where surveillance needs to be done outside the scope of RIPA then a Non RIPA authorisation policy should be implemented and followed.

Do your RIPA documents need revision? Avoid re inventing the wheel! Our RIPA Policy and Procedures Toolkit gives you a standard policy as well as forms (with detailed notes to assist completion) for authorising RIPA and non-RIPA surveillance. Over 200 different organisations have bought this document (available on CD as well).

The Law of Employee Surveillance

RIPA4Decreasing public sector budgets and increasingly affordable technology mean that more and more employers are turning to surveillance to catch errant or work shy employees. But this area is a legal minefield. Mistakes can end up with adverse headlines in the media or worse still legal action. In August, West Yorkshire Fire Service was criticized in the papers when a 999 operator, who was on sick leave, found a GPS tracker planted on her car by a private detective hired by her bosses.

A public sector employer wanting to conduct lawful staff surveillance must first ask the question, which legislation applies? If the surveillance involves covert techniques or equipment, it is easy to assume that Part 2 of the Regulation of Investigatory Powers Act 2000 (“RIPA”) applies and that the surveillance must be the subject of an written authorisation by a senior officer and, in the case of a local authority employer, Magistrates’ approval. However, the Investigatory Powers Tribunal has ruled in the past that not all covert surveillance of employees is regulated by RIPA.

In C v The Police and the Secretary of State for the Home Department (14th November 2006, No: IPT/03/32/H), a former police sergeant (C), having retired in 2001, made a claim for a back injury he sustained after tripping on a carpet in a police station. He was awarded damages and an enhanced pension due to the injuries. In 2002, the police instructed a firm of private detectives to observe C to see if he was doing anything that was inconsistent with his claimed injuries. Video footage showed him mowing the lawn. C sued the police claiming that they had carried out Directed Surveillance under RIPA without an authorisation. The Tribunal first had to decide if it had jurisdiction to hear the claim. The case turned on the interpretation of the first limb of the definition of Directed Surveillance i.e. was the surveillance “for the purposes of a specific investigation or a specific operation?”

The Tribunal ruled that this was not the type of surveillance that RIPA was enacted to regulate. It made the distinction between the ordinary functions and the core functions of a public authority:

“The specific core functions and the regulatory powers which go with them are identifiable as distinct from the ordinary functions of public authorities shared by all authorities, such as the employment of staff and the making of contracts. There is no real reason why the performance of the ordinary functions of a public authority should fall within the RIPA regime, which is concerned with the regulation of certain investigatory powers, not with the regulation of employees or of suppliers and service providers.”

The Tribunal also stated that it would not be right to apply RIPA to such surveillance for a number of reasons:

  1. RIPA does not cover all public authorities, and there was no sense in police employee surveillance being conducted on a different legal footing than, for example, the Treasury, which does not have the same surveillance rights under RIPA.
  2. The Tribunal has very restrictive rules about evidence, openness and rights of appeal. The effect of these would lead to unfairness for employees of RIPA authorities when challenging their employers’ surveillance as compared to those who were employed by non RIPA authorities.

This case suggests that, even where employee surveillance is being carried out for the purpose of preventing or detecting crime, the question has to be; is it for a core function linked to one of the authority’s regulatory functions? In the local authority context this would include, amongst others, trading standards, environmental heath and licensing. If the surveillance is not being done for one of these purposes it will not be Directed Surveillance and consequently will not be regulated by RIPA.

Of course just because RIPA may not apply, it does not mean that the employer can do what it likes. Whatever type of surveillance is conducted, the right to privacy, under Article 8 of the European Convention on Human Rights, protects employees within the work environment.  This means that the surveillance must be carried out in a manner that is in accordance with the law and is necessary and proportionate. There have been a number of cases where employers have been criticised by the courts for failing to take account of the human rights issues when doing surveillance of employees e.g. Copland v UK (3rd April 2007 ECHR) concerning communications surveillance and Jones v Warwick University ((2003) 3 All ER 760) concerning a claim for personal injury. Compliance with the Data Protection Act 1998 (DPA) will be evidence that the surveillance has also been done in compliance with Article 8.

All employers, be they public or private sector, have to comply with the DPA when doing surveillance, as they will be gathering and using personal information about living individuals. The Information Commissioner has published the Data Protection Employment Practices Code, which sets out rules to be followed when dealing with employees’ personal data.

Part 3 of the code covers all types of employee surveillance from video monitoring and vehicle tracking to email and Internet surveillance. Indeed those public authorities who are doing surveillance of their employees which now, in the light of the above Tribunal case, cannot be authorised under RIPA also have to pay special attention to the code. Whilst the code is not law, it can be taken into account by the Information Commissioner and the courts in deciding whether the DPA has been complied with.

One of the other main recommendations of the code is that senior management should normally authorise any covert surveillance of employees. They should satisfy themselves that there are grounds for suspecting criminal activity or equivalent malpractice. They should carry out an impact assessment and consider whether the surveillance is necessary and proportionate to what is sought to be achieved i.e. the same considerations that public sector employers subject to RIPA would have to consider when doing a RIPA authorisation. This assessment is best done in writing using a “Non-RIPA” surveillance form (Our RIPA Policy and Procedures Toolkit contains such a form).

If covert surveillance of an employee results in his/her dismissal, the matter will usually end up before the Employment Tribunal in the form of unfair dismissal proceedings. Here the Tribunal will also have to consider whether evidence has been gathered fairly and lawfully. In City And County Of Swansea v Gayle UKEAT 0501_12_1604 (16 April 2013) Swansea Council conducted covert video surveillance on the claimant, when he was for good reason suspected of playing squash during work time, whilst claiming payment for being at work at the time.  The surveillance confirmed he was seen at the sports centre on a succession of Thursdays when he should have been at work.

The Employment Tribunal upheld a claim for unfair dismissal (though awarding nil compensation, for contributory conduct) because of the Tribunal’s distaste for the employer’s use of covert surveillance. Its view was that Article 8 (right to privacy) was engaged and broken in doing so. It took account of the council’s lack of awareness of its obligations under the DPA and the Code.

These views were rejected on appeal to the Employment Appeal Tribunal. The appeal was allowed with a substituted finding that the dismissal was not unfair. The Tribunal did not accept that here there was any breach of Article 8(1) so as to require the Tribunal to consider the requirements of 8(2) at all.  If, however, the Tribunal had done so it would have been bound to consider the legitimate aim which the Council claimed to have.  Here one of two such aims might have been identified.  The first was the prevention of crime, the second the protection of the rights and freedoms of others, the “others” here being the employers whose money was at stake and who had contractual rights in agreement with the claimant that he would behave in a way in which as it happened he did not.

This is an interesting case for employers. Dismissals will not necessarily be unfair when covert surveillance is used as part of the dismissal process. Employees acting fraudulently on employer’s time cannot expect their actions to be kept private from the employer. However, employers would be well advised to tread with caution. Following the correct procedures and being mindful of their obligations under the DPA (as well as Human Rights) will inevitably put an employer in a better position.

Employee surveillance may not always engage RIPA. However data protection and human rights laws will always have to be carefully considered. In cases of surveillance of staff e-mail and internet usage Section 4 of RIPA and the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 will also need to be considered. For more on the latter please see our online training course (Email and Internet Monitoring: How to do it lawfully).

Act Now can help you get to grips with this difficult area. Please see our full program of surveillance law courses which can also be customised and delivered at your premises. If you want a quick update try our forthcoming webinars.

Listen to Ibrahim Hasan’s interview on BBC File on Four on Secrecy and Surveillance: of http://www.bbc.co.uk/programmes/b03bdsyk

The 2013 Surveillance Commissioner Report – Key Points

RIPA22The Chief Surveillance Commissioner published his 2013 annual report (covering the period from 1st April 2012 to 31st March 2013) on 18th July 2013. It is important reading for those public authorities who conduct surveillance under Part 2 of the Regulation of Investigatory Powers Act 2000 (RIPA).

The report details statistics relating to the use of Part 2 of RIPA by public authorities and information about how the Office of the Surveillance Commissioner (OSC) conducts its oversight role. Non-law enforcement agencies (including councils) authorised Directed Surveillance on 5,827 occasions. This continues a downward trend over the last few years.

The report highlights a number of important issues some of which are listed below:

  • Common errors by RIPA authorities include miscommunication or failure to communicate the details of an authorisation; failure to conduct thorough reviews, renewals or cancellations; ignorance on the part of officers; or poor administration or processes.
  • The Commissioner says that all public authorities have struggled with the use of the Internet for investigations, particularly social networking sites. At paragraph 5.7 he advises caution on conflating the offline word with the online world. There may be cases where RIPA authorisation is required when doing research about a person on the Internet. He goes on to say, “… it is important to bear in mind that it is not always possible to give a definitive answer as to whether a particular activity requires authorisation: facts are infinitely variable. Where there is doubt authorisation is prudent.”  Act Now has developed a course on E-Crime and Social Networking Sites which examines all the relevant RIPA and wider legal issues.
  • Too many tactics requested by investigating officers are unused. Authorising officers and Senior Responsible Officers should monitor whether applicants are lazily requesting tactics out of habit rather than necessity.
  • Too many cancellations provide an insufficient record of surveillance actually conducted and the details of collateral intrusion. Rarely does guidance on the retention or destruction of product go beyond an inadequate reference to policy. It is vital that surveillance product that does not match the objectives stated in the authorisation is not retained on databases.
  • At paragraph 5.5, the Commissioner reiterates his view that RIPA is permissive legislation and there may be occasions where surveillance outside the scope of RIPA may be required. He points to the recent IPT decision in BA and others v Cleveland Police (IPT/11/129/CH). This is in keeping with Ibrahim Hasan’s view as explained on this blog.
  • Where there is an invasion of privacy and RIPA does not apply, due to all conditions not being met, then the Commissioner recommends use of a similar written authorisation mechanism where Article 8 issues (privacy) are considered.
  • The Commissioner also considers the changes, which took effect on  1st November 2012; namely magistrates’ approval for council surveillance and a new six month threshold test for Directed Surveillance.  On the whole they are working well. There were 142 approval requests made to a Magistrate in the reporting period of which only two were rejected.
  • Finally the Commissioner fires a shot across the bows of those authorities who drag their feet in accepting his recommendations. At paragraph 5.18 he says, “I expect the recommendations of my reports to be followed whether or not individual officers agree with them. Continued failure to do so – especially on the ground that current practices have been unchallenged in court proceedings – may result in publication of my guidance or recommendations to a wider audience.”

Now is the time to consider refresher training for RIPA investigators and authorisers. Please see our full program of RIPA Courses which have been revised to take account of all the latest developments. We can also deliver these courses at your premises, tailored to the audience. Finally, if you want to avoid re inventing the wheel, our RIPA Policy and Procedures Toolkit gives you a standard policy as well as forms (with detailed notes to assist completion) for authorising RIPA and non-RIPA surveillance. Over 200 different organisations have bought this document (available on CD as well).

RIPA, CHIS and the IPT

A recent legal case about undercover police officers’ activities whilst investigating protest groups, has raised the importance of RIPA forms being completed correctly and care being taken when authorising them.

Ten women have launched  a legal action claiming they were tricked into forming “deeply personal” relationships with undercover police officers acting as a Covert Human Intelligence Source (CHIS) under Part 2 of the Regulation of Investigatory Powers Act 2000 (RIPA). The case is the first civil action to be brought before a court.

Three of the women referred to in court had intimate relationships with Mark Kennedy, who spent seven years living as an environmental campaigner. Kennedy’s deployment was made public last year after activists worked out he was a police spy.

Lawyers for the police are currently applying to have the case moved from the High Court to “a secret Tribunal”. Normally cases involving a breach of RIPA are heard by the Investigatory Powers Tribunal (IPT). Most cases heard by the Tribunal are in private and not open to the media. Very few judgements are published. Most cases are about conduct by, or on behalf of, the Intelligence Services (MI5, MI6and GCHQ). The Tribunal has the power to award damages to complainants and to quash or cancel any authorisation to do the surveillance.

Not surprisingly, the IPT is the forum of choice for the police in this case. According to a report in The Guardian:

“Monica Carrs Frisk QC, representing the police, said their argument was not about denying the women remedy, but determining the correct forum for determining their claims.The police argue the case should be heard in the investigatory powers tribunal, as it was set up specifically to consider allegations of unjustifiable surveillance by the state.They also argue they may be unable defend the case because they have a long-established policy of neither confirming nor denying the identity of undercover police officers.”

When the Kennedy case came to light, Her Majesty’s Inspectorate of Constabulary (HMIC) conducted a report into the circumstances. It concluded that, whilst undercover officers deployed into protest communities gathered intelligence which enabled the police to prevent acts of serious violence, there was serious intrusion into the lives of others, and this risk needs to be better managed in the future.

More will come about these cases especially if (as is likely) the civil case remains in the High Court. The circumstances shows the importance of all public authorities, not just the police, considering the applicability of Part 2 of RIPA , especially the CHIS provisions, very carefully when engaging staff to “go undercover”. In addition to the usual considerations of necessity and proportionality, the CHIS authorisation form  requires a risk assessment to be done, together with a need to have a separate CHIS Handler and a Controller. Detailed records also need to be kept in accordance with the RIPA (Source Records) Regulations 2000 (SI 2000/2725). If these roles were carried out correctly then abuses of RIPA, as in this case, would be very rare.

Of course local authorities are very infrequent users of the CHIS process (and they certainly do not authorise CHIS operations involving sleeping with the targets!). Any potential for abuse has been minimised even further by the Protection of Freedoms Act 2012 (sections 37 and 38) which came into force on 1st November 2012. This changes the procedure for the authorisation of local authority surveillance under RIPA. From 1st November, local authorities have been required to obtain the approval of a Magistrate for the use of any one of the three covert investigatory techniques available to them under RIPA namely Directed Surveillance, the deployment of a Covert Human Intelligence Source and accessing communications data. On 5th November, Gateshead Council received (what could be) the first Magistrates’ approval.

The case of Mark Kennedy (and others) does beg the question; Is it time the police were required to seek judicial approval for surveillance under RIPA? Should we even stop there? What about surveillance abuses by the press which have come to light as a result of the Leveson Inquiry? Is it time to RIPA it up and start again?

Act Now can help you prepare for the new RIPA process. We have an update  course in December in London. If you would like advice on what needs to be done or customised in house training, please get in touch.

Finally all RIPA authorities need to revise their guidance and policy documents. See our RIPA Policy and Procedures Toolkit.

First Magistrates’ Approval of RIPA Surveillance

Gateshead Council MAY HAVE become the first local authority in the country to successfully obtain Magistrates’ approval for covert surveillance under new laws which came into force on 1st November 2012.

Chapter 2 of Part 2 of the Protection of Freedoms Act 2012 (sections 37 and 38) changes the procedure for the authorisation of local authority surveillance under the Regulation for Investigatory Powers Act 2000 (RIPA). From 1st November, local authorities have been required to obtain the approval of a Magistrate for the use of any one of the three covert investigatory techniques available to them under RIPA namely Directed Surveillance, the deployment of a Covert Human Intelligence Source and accessing communications data.

The Home Office has now published its RIPA Magistrates’ Approval Guidance both for local authorities and the Magistrates’ Court. However until recently, no council had reported a successful application to the Magistrates. We believe, Gateshead Council is the first to do so.

Colin Howey, Senior Trading Standards Officer, explains what they did:

“Like most authorities we were a bit anxious about the new RIPA regime. Whilst we wanted to continue to use covert surveillance techniques in a necessary and proportionate manner, we were concerned about the cost and resource implications of the new Magistrates’ approval process.

Following a full day training workshop we were more confident about what was required. But the new process was still untested.

On 5th November though we obtained what may well be the country’s first judicial approval of a RIPA authorisation. Gateshead Magistrates’ Court approved our use of Directed Surveillance to investigate some serious trading standards offences.

We carefully followed the procedure as set out in the Home Office RIPA Magistrates’ Approval Guidance.  We were also careful to ensure the surveillance was necessary on the amended grounds set out in The Regulation of Investigatory Powers (Directed Surveillance and Covert Human Intelligence Sources) (Amendment) Order 2012, SI 2012/1500  which also came into force on 1 November 2012. This makes Directed subject to a new Serious Crime Test.

Once we obtained the internal authorisation in the usual way we contacted the Gateshead Magistrates’ Court to arrange a hearing.  They asked us to e mail through the original RIPA authorisation form as well as the completed judicial application/order form.

The hearing was attended by the investigating officer and the Council Solicitor. The court was also aware that it was the first RIPA application it had received so a District judge heard the application advised by the Clerk of the Court.  The hearing was in private. The judge considered the RIPA authorisation and the judicial application/order form.  He asked one or two relevant questions to satisfy himself that the surveillance was necessary and proportionate and then signed the judicial order form

The whole thing was relatively straightforward. It only took the judge fifteen minutes to consider and approve the application.

My tips for those who need to make a similar application are:

1. Train your staff – All investigators and authorising officers need to know about the new process.  Those who will be attending court need to be trained in completing the new judicial application/order form.

2. Designate staff who will be attending the Magistrates Court -This is done under section 223 of the Local Government Act 1972.  It is worth giving staff a letter of designation to take to the court when making the application.

3.  Contact your local Magistrates Court now to discuss how they will deal with RIPA applications. Like ours they may want documents e mailed to them beforehand. This will also save time on the day.”

Our thanks to Colin Howey and the Regulatory Services Team at Gateshead Council for this fascinating insight. The training provided to Gateshead Council was conducted by Ibrahim Hasan, of Act Now Training.

Did your council achieve a RIPA approval before Gateshead? Use the comment field to let us know.

Act Now can help you prepare for the new RIPA process. We have an update  course in December in London. If you would like advice on what needs to be done or customised in house training, please get in touch.

Finally all RIPA authorities need to revise their guidance and policy documents. See our RIPA Policy and Procedures Toolkit.

RIPA Policy and Procedure Toolkit (November 2012)

Major changes to the local authority surveillance regime (under RIPA) come into force this today.

  • Local authorities will need to obtain Magistrates’ approval for all surveillance done under RIPA.
  • Directed Surveillance will be subject to a new serious crime test

For detailed discussion on the changes please see our blog:

http://actnowtraining.blog/2012/10/17/1st-november-d-day-for-council-surveillance/

Now is the time to revise your RIPA polices and procedures and make your staff aware of the new rules. Ibrahim Hasan, one of the UK’s leading writers and trainers on public sector surveillance, has developed a RIPA procedures and guidance toolkit to assist you. Why reinvent the wheel?

The toolkit includes an updated version of our previous RIPA Forms Guidance document, which was bought by over one hundred different organisations. In addition there are detailed guidance notes on deciding when surveillance is caught by RIPA, how to authorise it and what to do about surveillance which is not regulated by RIPA. The toolkit is written in straight forward language (avoiding legal jargon) and includes flowcharts to assist understanding. For more information click on the link below:

http://www.actnow.org.uk/content/116

There is a 20% discount for those who bought the previous RIPA Forms Guidance (now updated and included in this toolkit.)

1st November: D-Day for Council Surveillance

1st of November 2012 will see big changes in the way local authorities carry out surveillance under Regulation fo Investigatory Powers Act 2000 (RIPA):

1. Magistrates’ Approval for all Surveillance

Sections 37 and 38 of the Protection of Freedoms Act 2012 amends RIPA so as to require local authorities to obtain the approval of a Magistrate for the use of any one of the three covert investigatory techniques available to them under RIPA; namely Directed Surveillance, the deployment of a Covert Human Intelligence Source (CHIS) and accessing communications data. Click on the links below for more

Details of the new legal provisions

How to apply for Magistrates’ approval

RIPA Policy and Procedures Toolkit

2. New Serious Crime Test for Directed Surveillance

From 1st November 2012, local authority Authorising Officers may not authorise Directed Surveillance unless it is for the purpose of preventing or detecting a criminal offence which punishable by a maximum term of at least 6 months of imprisonment (subject to exceptions).

Details of the new test

Will councils still be able to do surveillance for “minor offences”?

Read my view here

How Act Now Can Help

1. New procedures and guidance will have to be issued – see our RIPA Policy and Procedures Toolkit

2. Officers will need to be made aware of the new procedures. See our training courses. If you would like customised in house training, please get in touch.

New RIPA Procedure Guidance: Magistrates’ Approval

Chapter 2 of Part 2 of the Protection of Freedoms Act 2012 (sections 37 and 38) comes into force on 1st November 2012. This changes the procedure for the authorisation of local authority surveillance under the Regulation for Investigatory Powers Act 2000 (RIPA).

From 1st November local authorities will be required to obtain the approval of a Justice of the Peace (JP) for the use of any one of the three covert investigatory techniques available to them under RIPA namely Directed Surveillance, the deployment of a Covert Human Intelligence Source (CHIS) and accessing communications data.

An approval is also required if an authorisation to use such techniques is being renewed. In each case, the role of the JP is to ensure that the correct procedures have been followed and the relevant factors have been taken account of. There is no requirement for the JP to consider either cancellations or internal reviews.For a full explanation of the 2012 Act and the new section 37 and 38 of RIPA read my article.

Home Office Guidance

The Home Office has now published its RIPA Magistrates’ Approval Guidance both for local authorities and the Magistrates’ Court. This guidance is non-statutory but provides advice on how local authorities can best approach these changes in law and the new arrangements that need to be put in place to implement them effectively.  It is supplementary to the legislation and to the two statutory Codes of Practice.

The New Magistrates’ Approval Process

  1. The first stage will be to apply for an internal authorisation in the usual way. Once it has been granted, the local authority will need to contact the local Magistrates Court to arrange a hearing.
  2. The hearing is a ‘legal proceeding’ and therefore local authority officers need to be formally designated to appear, be sworn in and present evidence or provide information as required by the JP. It is envisaged that the investigating officer will be best suited to fulfill this role. The local authority may consider it appropriate for the SPoC (Single Point of Contact) to attend for applications involving communications data.
  3. The local authority will provide the JP with a copy of the original RIPA authorisation or notice.  This forms the basis of the application to the JP and should contain all information that is relied upon. In addition, the local authority will provide the JP with two copies of a partially completed judicial application/order form (which is included in the Home Office Guidance).
  4. The hearing will be in private and heard by a single JP who will read and consider the RIPA authorisation or notice and the judicial application/order form.  He/she may have questions to clarify points or require additional reassurance on particular matters.  The forms and supporting papers must by themselves make the case.  It is not sufficient for the local authority to provide oral evidence where this is not reflected or supported in the papers provided.
  5.  The JP will consider whether he or she is satisfied that at the time the authorisation was granted or renewed or the notice was given or renewed, there were reasonable grounds for believing that the authorisation or notice was necessary and proportionate.  He/She will also consider whether there continues to be reasonable grounds.  In addition they must be satisfied that the person who granted the authorisation or gave the notice was an appropriate designated person within the local authority and the authorisation was made in accordance with any applicable legal restrictions, for example that the crime threshold for directed surveillance has been met (see below).
  6.  The order section of the above mentioned form will be completed by the JP and will be the official record of the his/her decision.  The local authority will need to retain a copy of the form after it has been signed by the JP.

The JP may decide to –

  • Approve the grant or renewal of an authorisation or notice

The grant or renewal of the RIPA authorisation or notice will then take effect and the local authority may proceed to use the technique in that particular case. The local authority will need to provide a copy of the order to the communications service provider (CSP), via the SPoC (Single Point of Contact), for all CD requests.

  • Refuse to approve the grant or renewal of an authorisation or notice

The RIPA authorisation or notice will not take effect and the local authority may not use the technique in that case.  Where an application has been refused the local authority may wish to consider the reasons for that refusal.  For example, a technical error in the form may be remedied without the local authority going through the internal authorisation process again.  The local authority may then wish to reapply for judicial approval once those steps have been taken.

  • Refuse to approve the grant or renewal and quash the authorisation or notice

This applies where a Magistrates’ court refuses to approve the grant, giving or renewal of an authorisation or notice and decides to quash the original authorisation or notice.The court must not exercise its power to quash that authorisation or notice unless the applicant has had at least two business days from the date of the refusal in which to make representations.

Appeals

A local authority may only appeal a JP’s decision on a point of law bymaking an application for judicial review in the High Court. The Investigatory Powers Tribunal (IPT) will continue to investigate complaints by individuals about the use of RIPA techniques by public bodies, including local authorities.  If, following a complaint to them, the IPT finds fault with a RIPA authorisation or notice it has the power to quash the JP’s order which approved the grant or renewal of the authorisation or notice. It can also award damages if it believes that an individual’s human rights have been violated by the public authority doing the surveillance.

Plan Now

Local authorities should Act Now to ensure they are ready for the new procedure. They should:

  1. Train staff – All investigators and authorising officers need to know about the new process. Those who will be attending court need to be trained in completing the new judicial application/order form.
  2. Designate staff who will be attending the Magistrates Court – The usual procedure would be for local authority Standing Orders to designate certain officers( including SPoCs) for the purpose of presenting RIPA cases to JPs under section 223 of the Local Government Act 1972.  A pool of suitable officers could be designated before 1st November and adjusted as appropriate throughout the year.
  3. Amend the RIPA Policy and Procedures to reflect the new process.

New Serious Crime Test The Regulation of Investigatory Powers (Directed Surveillance and Covert Human Intelligence Sources) (Amendment) Order 2012, SI 2012/1500  (“the 2012 Order”), was made on 11 June 2012 and will also come into force on 1 November 2012. Directed Surveillance will be made subject to a new Serious Crime Test. The days of councils authorising surveillance for dog fouling and littering will soon be over. More information here

Act Now can help you prepare for the new RIPA process. We have a new RIPA Policy and Procedures Toolkit as well as courses throughout the UK.

 If you would like advice on what needs to be done or customised in house training, please get in touch.

Mind the (Surveillance) Gap!

Before the 2010 election, both coalition parties made a big thing about “rolling back the Surveillance State.” They announced in the Coalition Agreement:

 “We will ban the use of powers in the Regulation of Investigatory Powers Act (RIPA) by councils, unless they are signed off by a magistrate and required for stopping serious crime.”

The first part of this commitment has been enacted via sections 37 and 38 of the Protection of Freedoms Act 2012 . This amends the Regulation of Investigatory Powers Act 2000 (RIPA) so as to require local authorities to obtain the approval of a Magistrate for the use of any one of the three covert investigatory techniques available to them under RIPA; namely Directed Surveillance, the deployment of a Covert Human Intelligence Source (CHIS) and accessing communications data. (Read our blog post for more on this requirement, which comes into force on 1st November).

The second part of the Coalition’s commitment also comes into force on the same day in the form of The Regulation of Investigatory Powers (Directed Surveillance and Covert Human Intelligence Sources) (Amendment) Order 2012, SI 2012/1500 (“the 2012 Order”).  This amends the Regulation of Investigatory Powers (Directed Surveillance and Covert Human Intelligence Sources) Order 2010, SI 2010/521 (“the 2010 Order”).

From 1st November 2012, local authority Authorising Officers may not authorise Directed Surveillance unless it is for the purpose of preventing or detecting a criminal offence and it meets the condition set out in New Article 7A(3)(a) or (b) of the 2010 Order. Those conditions are that the criminal offence which is sought to be prevented or detected is punishable, whether on summary conviction or on indictment, by a maximum term of at least 6 months of imprisonment, or would constitute an offence under sections 146, 147 or 147A of the Licensing Act 2003 or section 7 of the Children and Young Persons Act 1933 (offences involving sale of tobacco and alcohol to underage children).

The Government’s aim in passing the 2012 Order is explained in paragraph 7.2 of the explanatory memorandum :

“The additional restriction that is imposed through this statutory instrument on authorisations of directed surveillance by local authorities is imposed in response to public concern that some local authorities have used directed surveillance in trivial cases such as littering, dog control and school admission. This statutory instrument discharges a Government commitment to prevent local authority use of directed surveillance under RIPA unless required for the purposes of preventing or detecting the more serious kinds of criminal offences which local authorities investigate.”

Whilst the 2012 Order will certainly restrict councils authorising Directed Surveillance under RIPA, can it completely stop them doing covert surveillance when investigating “minor offences”? I do not think so.

RIPA is there to ensure that certain types of covert surveillance undertaken by public authorities is done in such as is human rights compliant. This is done through a system of (until now) internal authorisation from a senior officer. RIPA is permissive legislation. Authorisation under RIPA affords a public authority a defence under Section 27 i.e. the activity is lawful for all purposes. However, failure to obtain an authorisation does not make covert surveillance unlawful. Section 80 of RIPA states:

“Nothing in any of the provisions of this Act by virtue of which conduct of any description is or may be authorised by any warrant, authorisation or notice, or by virtue of which information may be obtained in any manner, shall be construed—

(a)as making it unlawful to engage in any conduct of that description which is not otherwise unlawful under this Act and would not be unlawful apart from this Act;

(b)as otherwise requiring—

(i)the issue, grant or giving of such a warrant, authorisation or notice, or

(ii)the taking of any step for or towards obtaining the authority of such a warrant, authorisation or notice,

before any such conduct of that description is engaged in; or

(c)as prejudicing any power to obtain information by any means not involving conduct that may be authorised under this Act.”

This point was explained more fully by the Investigatory Powers Tribunal in the case of C v The Police (Case No: IPT/03/32/H 14th November 2006 ):

Although RIPA provides a framework for obtaining internal authorisations of directed surveillance (and other forms of surveillance), there is no general prohibition in RIPA against conducting directed surveillance without RIPA  authorisation. RIPA does not require prior authorisation to be obtained by a public authority in order to carry out surveillance. Lack of authorisation under RIPA does not necessarily mean that the carrying out of directed surveillance is unlawful.

In making the 2012 Order, the Government has forgotten to do anything about section 80 of RIPA. They should have repealed or amended it in some way to achieve their aim. Section 80 means that the changes in the 2012 Order will not make surveillance for dog fouling and littering unlawful. All it will mean is that in such cases surveillance will not have the protection of RIPA (the defence in section 27). Local authorities will still be able use covert surveillance for such purposes as long as it is necessary and proportionate in accordance with Article 8 of the European Convention on Human Rights (right to privacy).

This point is made by the Chief Surveillance Commissioner in last year’s annual report (2010/2011):

“The higher threshold in the proposed legislation will reduce the number of cases in which local authorities have the protection of RIPA when conducting covert surveillance; it will not prevent the use of those tactics in cases where the threshold is not reached but where it may be necessary and proportionate to obtain evidence covertly and there will be no RIPA audit trail. Part I of RIPA makes unauthorised interception unlawful. In contrast, Part II makes authorised surveillance lawful but does not make unauthorised surveillance unlawful.”

In his latest annual report (2011/2012) he again acknowledges (at paragraph 5.22) that there is a gap in the law which allows public authorities to undertake covert surveillance (as long as it is human rights compliant) even though it may not be authorisable under RIPA:

“I occasionally encourage the use of similar authorisation mechanisms for activity which cannot be protected by the Acts (for example where covert techniques are used to identify a missing person when no crime is suspected). In these circumstances statutory definitions are met but none of the grounds specified in RIPA section 28(3) or RIP(S)A section 6(3), yet the human rights of the subject of surveillance must be considered. The authorisation process provides a useful audit of decisions and actions.”

So when the 2012 Order comes into force, we will have a void up to the 6 month threshold where Directed Surveillance will not be authorisable under RIPA but may still be desired to be undertaken by investigating officers. What to do? From the above it seems that surveillance can be done as long as it is necessary and proportionate and a proper paper audit trail exists. It may be a good idea to complete a “Non-RIPA authorisation form.” (We have one in our RIPA Policy and Procedure Toolkit).

Will local authorities decide to do “Non-RIPA Surveillance”? Many of the delegates on our training courses have said that they will. This does go against the will of the Government and the purpose behind the changes, BUT it is lawful.

So the question is – “No six month threshold but a need to do surveillance – Should you?”I would welcome colleagues’ thoughts. Please feel free to use the comment field below.

Act now can help you prepare for the new RIPA process. Our training courses run throughout the UK. If you would like customised in house training, please get in touch.