Law Library Stacks

Back to Foreign Intelligence Gathering Laws

Summary

Foreign intelligence gathering in the United Kingdom is regulated by the Intelligence Services Act, the Human Rights Act, and the Regulation of Investigatory Powers Act. These Acts provide for a system of warrants to be obtained to conduct surveillance and intercept communications, provided the surveillance is necessary to complete the statutory functions of the relevant agency.  Issuing warrants in the UK remains an executive, rather than judicial, act.  UK intelligence agencies are subject to parliamentary oversight.

The UK is currently in the process of introducing an Investigatory Powers Bill.  This bill, now before the House of Lords, would substantially repeal and re-enact the majority of the legal framework governing the interception of communications.  The aim of the bill is to provide a clearer framework of powers and oversight.  The bill would also require judicial approval of warrants issued by the Secretary of State and provide for the enhanced ability to intercept Internet communications records, which contain more information than communications data.  It would also allow for the interception and retention of data in bulk.  As with all previous bills that address the interception of communications, there has been significant criticism that the provisions are still not clear enough and are too wide-ranging.  The government claims that the bill would essentially re-enact existing legislation and that the limited expansion of powers is necessary to fill gaps in the ability of law enforcement and the intelligence services to keep the country safe.

I.  Introduction

The UK has three intelligence and security agencies, which are commonly referred to collectively as the Agencies or the Intelligence Services.  These Agencies consist of the Secret Intelligence Service (SIS), also known as MI6 (“MI” standing for Military Intelligence), the UK’s overseas intelligence agency; the Government Communications Headquarters (GCHQ), the UK’s signals intelligence gathering agency; and the Security Service, also known as MI5, the UK’s domestic intelligence agency.  The Security Service has statutory responsibility to protect the national security of the UK from international threats, including those from terrorism.  It is supported in this role by the SIS and GCHQ, who provide intelligence gathered from overseas.[1]

While these are the primary agencies in charge of collecting, gathering, and analyzing intelligence information, they are not the only parts of the intelligence machinery in the UK.  Additional intelligence is compiled by the Cabinet Office, Defence Intelligence (part of the Ministry of Defence), and the Joint Terrorism Analysis Centre (JTAC).[2]  The National Crime Agency addresses organized crime and economic crime that occurs within the UK’s borders.[3]  All of these agencies must act within the bounds of the law and their operations “must relate to national security, the prevention or detection of serious crime, or the UK’s economic well-being.”[4]

Back to Top

II.  Legislative Framework

The work of the SIS and GCHQ is undertaken in accordance with the legislative framework of the Human Rights Act,[5] the Regulation of Investigatory Powers Act (RIPA),[6] and the Intelligence Services Act 1994 (the ISA),[7] which placed the SIS and GCHQ on a statutory footing and under the responsibility of the Foreign Secretary. 

The ISA defines the function of the SIS as follows:

(a)  to obtain and provide information relating to the actions or intentions of persons outside the British Islands; and

(b)  to perform other tasks relating to the actions or intentions of such persons.[8]

The GCHQ’s role is defined as follows:

(a) to monitor or interfere with electromagnetic, acoustic and other emissions and any equipment producing such emissions and to obtain and provide information derived from or related to such emissions or equipment and from encrypted material; and

(b) to provide advice and assistance about—(i) languages, including terminology used for technical matters, and (ii) cryptography and other matters relating to the protection of information and other material, to the armed forces of the Crown, to Her Majesty’s Government in the United Kingdom or to a Northern Ireland Department or to any other organisation which is determined for the purposes of this section in such manner as may be specified by the Prime Minister.[9]

These functions may only be exercised in the interests of national security with regard to the defense and foreign policies of the UK, in the interests of the economic well-being of the UK, and in support of the prevention or detection of serious crime.[10]

The ISA provides for a system of warrants that authorize entry on and interference with property or with wireless telegraphy upon application from any of the three Intelligence Services.[11]  Due to the important role the Intelligence Services play in safeguarding the UK’s national security, the ISA’s requirements for an authorization are much broader than those for the Acts that cover domestic surveillance. 

Each warrant must be approved by the Secretary of State.[12]  The Secretary of State must believe that the conduct is proportionate and necessary to assist the Security Service, SIS, or GCHQ in conducting any of their functions under their respective Acts and that the information sought cannot be obtained by other means.[13]  Warrants provided to the SIS and GCHQ for the purposes of preventing or detecting crime may not relate to the British Islands.  The Intelligence Services Act was amended by the Prevention of Terrorism Act 2005, which provides the Intelligence Services authority to obtain a warrant to conduct activities in the UK as well as overseas.  The Security Service also can obtain a warrant to interfere with property or wireless telegraphy if it is acting on behalf of the SIS or GCHQ and the action proposed is to be “undertaken otherwise than in support of the prevention of detection of serious crime.”[14]

Back to Top

III.  Interception of Communications

The use of covert surveillance, use of covert human intelligence sources,[15] and interception of both communications and communications data in England and Wales is allowed, provided the relevant laws regulating this procedure are adhered to.[16]

There is no single legislative regime that applies to the interception of communications; instead the laws and procedures vary according to the body that is seeking the interception.  The main piece of legislation in this area is the Regulation of Investigatory Powers Act 2000 (RIPA).[17]  RIPA serves to augment the ISA, providing for distinct authorization processes for warrants that apply to the interception of communications[18] and the interception of communications data.[19]  

Before the Secretary of State can authorize a warrant to intercept communications, he must believe that the conduct requested by the warrant cannot be obtained by other means, is proportionate and necessary in what it is seeking to achieve, and has as its purpose one of the following: protecting the interests of national security, preventing or detecting serious crime,[20] safeguarding the economic well-being of the UK from the acts or intentions of individuals outside the British Isles, or giving effect to an international mutual assistance agreement whose purpose is equivalent to that of preventing or detecting serious crime.[21]  Before signing the warrant, the Secretary of State must also consider whether the warrant is operationally required and if its issuance is proportionate and necessary.[22]

RIPA provides for the lawful acquisition and disclosure of communications data in specified circumstances.  Communications data does not include the content of a communication but the information that relates to the use of a communications service; thus the requirements to obtain an authorization are less stringent and the list of individuals who can request an authorization is less restrictive.   An authorization to obtain communications data can only be obtained if necessary in the interests of national security or the economic well-being of the UK; for the purposes of preventing or detecting crime or preventing disorder; in the interests of public safety; for assessing or collecting a tax, duty, levy or other imposition; or for protecting public health or, in an emergency, preventing death, injury, or damage to an individual’s physical or mental health, or mitigating such damage.[23]

The range of officials who can authorize the interception of communications data is much broader than in other areas of surveillance, and such authorization can be granted by a senior official in the relevant public authority.[24]

Back to Top

IV.  Oversight

The Intelligence Agencies are also subject to parliamentary oversight by the Intelligence and Security Committee, which operates within the “ring of secrecy” to examine the expenditure, administration, and policy of all the Intelligence Agencies.[25]  RIPA further requires that the Prime Minister appoint an Intelligence Services Commissioner to review how the Secretary of State issues warrants for both surveillance and interference with property by the Intelligence Services, as well as how the Secretary of State exercises and performs the powers and duties granted by RIPA in relation to the Intelligence Services, although the power to review warrants by this Commissioner is retrospective.[26]

Back to Top

V.  Investigatory Powers Bill 2015-16

The government stated in 2015[27] that it would introduce a new Investigatory Powers Bill to regulate the interception of communications data.[28]  The bill was published in draft form in November 2015,[29] with the government emphasizing that it did not create a series of new powers, but merely served to repeal and re-enact in a clearer manner existing powers already provided for in legislation.  The draft bill was reviewed by three parliamentary committees,[30] which criticized the existing framework of investigatory powers,[31] noting that the existing legislation had developed in a patchwork fashion and was in need of reform.[32]  The disclosures of Edward Snowden also highlighted the need for a new, clearer legislative framework to govern the interceptions of communications.  Snowden’s disclosures caused significant concern among UK citizens that the government was collecting data about them en masse,and led technology companies to improve privacy protections and strengthen the encryption they offer their customers, the results of which have been to place many communications outside the reach of the intelligence agencies and courts.[33]  

The bill was introduced in the House of Commons on March 1, 2016.[34]  The bill has passed through the House of Commons and is currently awaiting its second reading in the House of Lords.[35]  Prime Minister David Cameron has stated there is a pressing need for the bill to be enacted before the sunset provision of the Data Retention and Investigatory Powers Act 2014 takes effect on December 31, 2016,[36] which would leave law enforcement and the intelligence services without lawful authority to intercept certain communications absent passage of a replacement measure.  The bill aims to modernize the laws on communications data[37] and bring together all investigatory powers available to law enforcement and the intelligence services. 

A.  Provisions in the Bill

The Investigatory Powers Bill is substantive, containing 243 sections and ten schedules in 268 pages.  If enacted, it will repeal and replace almost the entire system that regulates the interception of communications.[38]  The main parts of the bill address the interception of communications, the retention and acquisition of communications data, equipment interference, the retention and examination of bulk personal datasets, and the decryption of communications.  These are areas where the government claims the gap in capabilities is putting lives at risk, and addressing these areas would enable law enforcement to effectively target terrorist communications.[39]  The bill provides for these powers to be used on both a targeted basis and, in certain instances, for the collection, retention, and examination of bulk datasets.[40]  The government claims that the only new capability provided for in the bill is the ability to require the retention of Internet connection records, which the Home Secretary has compared to itemized phone bills as it shows the websites that an individual has visited.[41]  

1.  Interception of Communications

Chapter 1 of the bill provides the process for the lawful interception of communications.  There are three different types of interception and examination warrants that would be authorized under this part of the bill: 

  • Targeted interception warrants.  This authorizes the interception of communications and the acquisition of associated communications data that relates to a particular organization, person, premises, or group of connected to subjects that are part of a single investigation.[42]
  • Targeted examination warrants.  This authorizes the examination of intercepted materials obtained by a bulk interception warrant.
  • Mutual Assistance warrants.  This allows requests for assistance with overseas interception.[43]

Interference with communications in certain instances and locations is lawful without a warrant and the bill clarifies these circumstances.  These instances include when there is consent to the interception; if the interception occurs in a prison, psychiatric hospital, or immigration detention facility; or if the interception is for regulatory enforcement or business purposes.[44]

2.  Warrant Authorization for the Interception of Communications

The process to obtain warrants varies according to the type of information for which interception is sought.  Given that intercepting communications covers the content of those communication, the criteria and authorities permitted to intercept communications is more stringent than that required to intercept communications data.

Under the bill, the heads of the intelligence services, National Crime Agency, the Police, HM Revenue and Customs, and Chief of Defence Intelligence, and a competent authority from another jurisdiction as part of a mutual assistance agreement, would be known as “intercepting authorities” who may apply for a warrant to intercept communications.  The Secretary of State would be able to issue a warrant to intercept communications if he or she believes it is necessary on the grounds of national security, for the prevention or detection of serious crime, to safeguard the economic well-being of the UK, to preserve national security, or to give effect to an international mutual assistance agreement.  The warrant must be proportionate to the goal that it seeks to achieve.[45] 

In a substantial change from the current system used to authorize warrants, the decision of the Secretary of State would then need to be approved by a Judicial Commissioner.  When reviewing the decision, the Judicial Commissioner would be required to consider whether the Secretary of State met the test of necessity and proportionality when granting the warrant, using the same criteria as a court would during judicial review,[46] meaning that the lawfulness of the decision would be determined according to the process the Secretary of State used to make it.[47]  Provided the decision process was reasonable and rational, or in cases where human rights and EU law were involved, the decision was also proportionate to the objective it sought to achieve, the warrant would stand.[48]  The Judicial Commissioner could refuse to approve the warrant if he or she feels that the tests have not been met, and must set out the grounds for the decision in writing.  The agency that requested the warrant could then attempt to address the concerns and resubmit the request.  If the Judicial Commissioner refused to approve the warrant again, the application could be sent to the Information Commissioner for reconsideration.  There would be no further course for appeal if the Information Commissioner refused to approve the warrant.[49]  In urgent cases, approval of the Judicial Commissioner would not be necessary, but would need to be obtained within three days.  If the Judicial Commissioner did not approve the warrant, it would cease to have any effect and the Judicial Commissioner would have discretion to determine what happened to any intelligence or material gathered during the period the warrant was lawfully in effect.

Critics have expressed concern that the judicial oversight provided is too narrow as it looks only at whether the process and reasonableness of the home secretary’s decision rather than the merit and substance of the warrant.[50]

3.  Warrant Authorization for the Interception of Communications Data

The number of authorities that may request a warrant for the interception of communications data is wider and includes the intelligence services, law enforcement agencies, government departments, regulatory bodies, and the National Health Service.  A designated person from these agencies may grant a warrant if they are satisfied that it is necessary and proportionate, and related to one of the ten following grounds: 

  • In the interests of national security
  • To prevent or detect crime, or prevent disorder
  • In the interests of the economic well-being of the UK if these are also relevant to the national security of the UK
  • In the interests of public safety
  • To protect public health
  • To assess or collect any tax, duty, levy, or charge payable to a government department
  • To prevent death, injury, or damage to a person’s mental or physical health, or mitigate any injury or damage
  • To assist into any investigation into the miscarriage of justice
  • To assist in the identification of any person who has died or who is unable to identify themselves due to a physical or mental condition
  • To exercise functions relating to the regulation of financial services and markets or financial stability[51]

Except in urgent cases, prior to granting the authorization, the designated senior officer would have to consult with “an officer in a relevant public authority trained to facilitate lawful acquisition of communications data and effective cooperation between public authorities and CSPs.”[52] 

4.  Interception of Internet Connection Records

The interception of Internet connection records is provided for in clause 59, which states that these records may only be obtained to identify the sender of an online communication, the communication service a person has used, where the person has accessed illegal content, which Internet service is being used, and when and how it is being used.[53]  Any authorization obtained under this provision is valid for one month, although it may be renewed or cancelled.[54]  The bill creates a duty on communications service providers to comply, as far as reasonably practicable, with any request for communications data.[55]  Information that may be obtained under this section includes communications data for the purposes of identifying a journalist’s source of information.  The approval of the Judicial Commissioner is required in cases where a public authority wishes to obtain this information.[56]

In cases where a complex request for data is made, clauses 63–65 would provide the Secretary of State with the ability to establish a “request filter” system, where any material that is not directly relevant to an investigation would be filtered and deleted before the data is supplied.  This filter would be overseen by the Investigatory Powers Commissioner, who would be required to submit an annual report on the operation of this system.[57] 

These provisions are among the most controversial of the bill.  Internet connection records were initially described by the Home Secretary as being the equivalent of an itemized phone bill.[58]  The definition of “Internet connection records” has been criticized as being vague.[59]  Individuals in the technology sector have expressed concern that the term does not exist within the industry and the information required to be collected is not within a recognized data type.[60]  The lack of clarity regarding the meaning of Internet connection records has also led many within the technology sector to express concern that the cost of compliance with the bill, and the impact on businesses and consumers, cannot be accurately assessed.[61] 

5.  Interception of Communications of Members of Parliament

There has been a convention, known as the Wilson Doctrine, that communications of Members of Parliament should not be intercepted by the Intelligence Services or police.[62]  A recent case determined that this doctrine did not have any legal effect, however.[63]  The bill places the ability of law enforcement to conduct equipment interference and intercept the communications of Members of Parliament on a statutory basis.  Prior to approving any warrant to undertake these activities, the Secretary of State must consult with the Prime Minister.[64]

6.  Retention and Use of Intercepted Material

Clause 83 provides the Secretary of State with the ability to issue a retention notice to communications service providers that would require them to retain communications data for up to twelve months.[65]  The Secretary of State may issue one of these notices if he or she considers that one of the grounds for issuing an authorization to intercept communications data is met and that the retention is necessary and proportionate.  The retention notice can apply to more than one operator and all data or to a specified type of data for up to twelve months.  Prior to issuing a retention notice, the Secretary of State must take into account a number of factors, including the benefits of any information obtained from the notice; the potential number of users that the notice relates to; the technical feasibility of complying with the notice; and the effect on the communications service provider.  Prior to giving the notice, the Secretary of State should take reasonable steps to consult with any communications service provider to whom the notice relates.[66] 

There is a review process for data retention notices by the Secretary of State.  In certain circumstances, the specifics of which will be provided for at a later date in regulations, the operator that receives a retention notice may refer the notice back for review by the Secretary of State, who must undertake the review in consultation with the Technical Advisory Board and the Investigatory Powers Commissioner.  Until the review is complete, there is no obligation to comply with the requirements in the notice.[67]  During the review, the technical requirements and financial consequences of compliance with the notice will be considered, as well as whether the notice is proportionate.  The Secretary of State may then affirm, vary, or revoke the retention notice.  The Communication Service Provider must have steps in place to ensure that data retained in compliance with the notice is securely stored, protected against unlawful disclosure, and destroyed when it is no longer authorized.[68]

7.  Equipment Interference

Equipment interference (also known as computer network exploitation) involves accessing individuals’ devices and computers to obtain data, which includes geolocation, text messages, and emails, and also allows law enforcement agencies to access encrypted communications.[69]  The bill provides for the process to authorize equipment interference to obtain communications or private information that would otherwise be an offence under the Computer Misuse Act 1990.[70]  The bill provides for targeted equipment interference, which would authorize the interference with equipment to obtain communications, private information or equipment data, and allow the recipient to get, monitor, examine, and disclose any material obtained as a result of the warrant.  Targeted examination authorizes the person to examine material obtained under a bulk equipment interference warrant.  As with warrants to intercept communications, warrants for equipment interference may apply to a specific person, group of people, organization, multiple organizations, or a specific location or locations where the equipment is located.[71]  The warrant may also be targeted at equipment where there is a link between different people, locations, or organizations if it is necessary for the purposes of a single investigation.

The Secretary of State may issue a warrant to authorize equipment interference upon application by the heads of the intelligence services where it is necessary on the grounds of national security, the prevention or detection of serious crime, or the interests of the economic well-being of the UK, and proportionate to the objective that it is seeking to achieve.[72] 

Law enforcement may also obtain a warrant for equipment interference if it is necessary and proportionate for the purposes of preventing and detecting serious crime, or other purposes if necessary to prevent death or serious harm to a person’s physical or mental health.[73]  The warrant must be personally signed by the Secretary of State and approved by a judicial commissioner applying the principles of judicial review.[74]

Warrants issued under these provisions continue in force for up to six months, but may be renewed, modified or canceled.[75]   

Items covered by legal privilege may be the subject of a targeted equipment interference or examination warrant and in these cases, the warrant would need to specify that it is the intention to obtain this information, and exceptional and compelling circumstances must exist to justify the warrant.[76]   

As with warrants to intercept communications, communications service providers have a duty to assist with the implementation of any equipment interference warrant[77] and must take all steps necessary to give effect to the warrant.  The bill contains provisions that aim to not unreasonably burden providers when complying with its provisions.  Communications service providers are not required to take any steps that are not reasonably practicable for them to take;[78] however; the Secretary of State may enforce on any person in the UK the duty to comply with a warrant.  This may be done through civil proceedings for an injunction or specific performance of a statutory duty under section 45 of the Court of Session Act 1988, or through proceedings to obtain “any other appropriate relief.”[79]

Safeguards must be in place to protect any data acquired by the warrant, and equivalent safeguards to those that exist in the UK must be in place before any material is shared with an agency located overseas.[80]  The offense of unauthorized disclosure applies to the details or existence of a warrant, and to any material obtained under it.[81]

There have been numerous objections to the proposed equipment interference provisions in the bill, with critics claiming that the bill does not acknowledge the “dangers inherent with equipment interference.”[82]

8.  Warrants for Bulk Data

The bill provides for a number of warrants that would authorize the acquisition of data in the form of bulk interception warrants, bulk communications warrants, bulk equipment interference warrants, and bulk personal dataset warrants.[83]

Bulk communication warrants would enable the collection of bulk communications of individuals outside the British Islands, which includes the UK, Guernsey, Jersey, and the Isle of Man, followed by the selection of specific communications to be reviewed.  Warrants would only be issued where the main purpose it to obtain overseas communications or other data on specific grounds, one of which must be national security.  The heads of the intelligence services, or someone acting on their behalf, would be responsible for applying for a warrant, which must be personally signed by the Secretary of State and approved by a Judicial Commissioner. 

The provisions that apply to bulk interception warrants also apply to bulk acquisition warrants.  The main difference is that these warrants would be available for domestic communications, and communications service providers could be required to disclose specific communications data, or they may be required to obtain and then disclose data if they do not have it.  A targeted examination warrant is required to examine material of any person within the British Islands.[84]

Bulk equipment interference warrants would allow the collection of data relating to a number of devices and enable the intelligence services to collect data from a number of devices without targeting specific people, equipment, or activities.  These warrants aim to obtain overseas-related communications, private information, or equipment data.  As with bulk interception, a targeted examination warrant is required to examine material of any person within the British Islands.[85]

Warrants may also be obtained for bulk personal datasets.  This would enable the intelligence services to apply for two types of warrants to intercept datasets in bulk.  A class warrant would enable the intelligence services to retain and examine bulk datasets about a large class of people that must be described in the warrant, and the majority of people within this class are not of interest to the agencies—for example, a list of people who are in possession of a passport.[86]  The intelligence services would only be able to retain or examine a bulk personal dataset with a warrant under these provisions if the material does not fall under another warrant provided for in the bill. 

A “specific warrant” is also provided for in the bill, which would allow the intelligence services to retain and examine bulk personal data that is described in the warrant.[87]  These warrants would be necessary if the dataset does not fall in a class of information that could be covered by a class warrant, the dataset contains novel or new information, or in cases where the “dataset may raise issues of sensitivity such that it would be appropriate for the Secretary of State to issue a specific warrant.”[88]  In cases of both types of warrants, no data that is held in the bulk dataset may be examined unless it is necessary for the operational purposes specified in the warrant.[89]  Only trained staff may access the datasets, and any search “must be justified on the basis of necessity and proportionality and for one of the authorised operational purposes.”[90]  

The Secretary of State must authorize warrants for bulk personal datasets and specific warrants and believe that it is necessary on the grounds of national security, serious crime, or economic well-being of the UK where relevant to national security.  The warrant must be proportionate to the objective that it seeks to achieve and satisfactory arrangements must be in place to handle data.  The warrant must then be approved by a Judicial Commissioner.[91]  

Warrants continue in force for up to six months, and may be renewed, modified or cancelled.  In cases where the warrant expires or is cancelled, in order to retain and examine the dataset a new warrant must be applied for within three months.[92]  UK datasets from the UK must be examined within three months, and datasets originating from overseas must be examined with six months.[93]

 

Provisions that allow for bulk interception and interference have been among the most controversial in the bill, with many critics asserting that it provides intelligence agencies with the ability to undertake mass surveillance.[94]  Critics argue that the routine collection of bulk information gives rise to privacy concerns and that gathering data should be as targeted as possible.[95] 

9.  Encryption

The Secretary of State may issue a national security notice to communication service providers that would require them to take steps that are necessary and proportionate in the interest of national security.  These notices could require conduct, such as the “provision of services or facilities to assist an intelligence service to carry out its functions more effectively.”[96] 

The Secretary of State, after consulting with the technical advisory board and any affected communication service provider, would be able to use regulations to impose obligations on communication service providers in the form of technical capability notices to help facilitate assistance in response to warrants under the bill.  These obligations could include removing electronic protection to any communications or data.[97]  The communications service provider can only be required to remove encryption that it has applied, or that it has had a third party apply on its behalf.[98]  Prior to issuing a notice that imposes obligations to remove electronic protection, the Secretary of State must take into account the technical feasibility and cost of compliance.[99]  The communications service provider may refer the notice back to the Secretary of State for review, and during this period there is no obligation to comply with the requirements of the notice.  During review, the Secretary of State must consult the Technical Advisory Board and Investigatory Powers Commissioner and, after consultation, he or she may then vary, revoke or confirm the notice.[100] 

The Investigatory Powers Bill would replace existing provisions, currently contained in the Regulation of Investigatory Powers Act; however, UK technology groups have expressed concerns that clause is unclear as to whether it extends to end-to-end encryption, where the keys are generated for two unique users.  TechUK notes that if the provisions of the bill apply to end-to-end encryption it will limit companies’ ability to use security to safeguard customers privacy and security, and would result in UK companies having to weaken the security of products in order to comply with the legislation.[101]  Major technology companies, including Apple, Facebook, Google, Microsoft, Twitter, Yahoo, and Mozilla, have expressed concern that the provisions in the bill would require them to insert “backdoors” into their software to facilitate government access.[102]  Concern has also been raised that systems that utilize end-to-end encryption, which service providers currently do not have the capability to decrypt, could be banned in the UK.[103]   

10.  Offenses

In addition to providing for an authorization mechanism for the lawful interception of communications, the bill also provides for the offenses of unlawfully intercepting or obtaining communications.[104]  There are monetary penalties for certain unlawful interceptions.[105]  The Bill provides restrictions on authorizing interceptions from overseas authorities as well as under mutual assistance agreements.

The bill imposes a duty, with limited exemptions, not to disclose the existence or details of any warrant or intercepted materials obtained under a warrant.  It is an offense to do so.[106]  This offense is designed to “prevent the ‘tipping-off’ of suspects or subjects of interest that their data has been sought, thus informing them that they are under suspicion.”[107]

11.  Extraterritorial Application

Provisions relating to the interception of communications data would have extraterritorial application, meaning that communications service providers based overseas that handle communications data of citizens of the UK would be covered by the provisions of the Act.[108]

12.  Miscellaneous Provisions

In an amendment, the Government Communication Headquarters and Secret Intelligence Service would be allowed to engage in property interference where the property is located in the UK, removing a current restriction that only allows them to undertake activities involving overseas property.[109]

13.  Oversight

If enacted, the bill would establish an Investigatory Powers Commissioner and Judicial Commissioners to oversee the implementation of legislation.  The three Commissioners that currently oversee the use of investigatory powers would be replaced for the first time by an element of judicial oversight.  The Judicial Commissioners would be appointed by the Prime Minister after consultation with senior members of the judiciary and must have held high judicial office.[110]   

In cases where a public authority commits a serious error and fails to comply with a requirement over which the Investigatory Powers Commissioner has oversight, the Commissioner may inform the individual of the error and his or her right to bring a case to the Investigatory Powers Tribunal.[111]

B.  Reaction to the Bill

The only committee that has reviewed the draft bill with full security clearance was the Intelligence and Security Committee, which expressed concern that the bill did not cover all the intrusive capabilities of the intelligence services, leaving some of the powers governed by other legislation, and that privacy protections provided in the bill were inconsistent.[112]  The government reportedly responded to these criticisms only by amending the heading of Part I of the bill from “general protections” to “privacy.”[113]  This response was strongly criticized in both the press and by human rights groups.  The Independent noted that

Parliament’s Intelligence and Security Committee - the only security-checked committee with access to the most sensitive workings of our intelligence agencies -told [government minister] May to place privacy at the heart of the Bill. Her Home Office officials simply added the word “privacy” to a chapter heading. To treat Parliament with such contempt is beneath one of the great offices of state.[114]   

The Times expressed concern that police powers were being coupled with those of the Intelligence Services in the bill, opining that the police, unlike the Intelligence Services, had a long history of exploiting powers that were designed to combat crime for other purposes:[115]

Britain’s security services are known to use their powers discerningly. The same cannot be said about Britain’s police. The House of Commons should be wary of gifting them new powers requiring little oversight from anybody other than senior police officers. The home secretary, meanwhile, should not have jeopardised the vital preservation of national security by packaging it alongside new domestic powers that are almost certain to be abused.[116]  

The Guardian has expressed concern that digital surveillance powers are being expanded to an uncomfortable level and that the government has made only minimal concessions after the review of the draft bill.  It also expressed concern about the burden on communications providers to now automatically keep a year of Internet connection records,[117] and about offenses whose creation was originally justified to tackle terrorism and serious crime being used for other purposes, such as immigration and nationality offenses.[118]

The most heated issues raised by the bill are those of balancing the privacy of individuals and security, concerns of abuse of these inherently intrusive powers, and how much the public should be made aware of the exercise of these powers.[119]  Other concerns involve the technology sector, whose cooperation is essential to the successful operation of the Act.  The UK’s technology industry has raised concerns that the proposed measures may not be feasible to implement, and will have a significant financial impact upon industry and result in a loss of competitiveness in the UK’s technology sector. [120]  Concerns have also been raised about the cost and security implications of the collection and retention of such large volumes of sensitive data and that the provisions that regulate and govern it are not sufficiently clear, as well as the question of who will bear the costs of the implementation.[121]  Given the financial burden on communications service providers that compliance with the provisions in the bill may cause, clause 222 provides that the government would contribute towards any costs incurred when complying with the bill.[122] 

Back to Top

Prepared by Clare Feikert-Ahalt
Senior Foreign Law Specialist
June 2016


[1] Intelligence and Security Committee, Report into the London Terrorist Attacks on 7 July 2005, 2006, Cm. 6785.

[3] About the NCA, National Crime Agency, http://www.nationalcrimeagency.gov.uk (last visited June 14, 2016), archived at https://perma.cc/VF2R-XQUF.

[4] National Intelligence Machinery, supra note 2, at 2.

[5] Human Rights Act 1998, c. 42, http://www.legislation.gov.uk/ukpga/1998/42, archived at https://perma.cc/Y75U-VDHL

[6] Regulation of Investigatory Powers Act 2000, c. 23, http://www.legislation.gov.uk/ukpga/ 2000/23/contents, archived at https://perma.cc/FKT4-V8NF

[7] Intelligence Services Act 1994, c. 13, http://www.legislation.gov.uk/ukpga/1994/13/contents, archived at https://perma.cc/Y3HW-Z98A.

[8] Id. § 1(1).

[9] Id. § 3(1).

[10] Id. § 1(2).

[11] Id. § 5.

[12] The Secretary of State may also issue warrants to enable the SIS or GCHQ to conduct actions outside the UK.  These are known as section 7 warrants, and their purpose is to help protect officers and agents from these agencies from prosecution in the UK.  Rt. Hon. Sir Mark Waller, Intelligence Services Commission, Report of the Intelligence Services Commissioner for 2013, H.C. 302, at 57, https://www.gov.uk/government/uploads/ system/uploads/attachment_data/file/324152/Intelligence_Services_Commissioner_Accessible__2_.pdf, archived at https://perma.cc/4S6M-LBNW

[13] Intelligence Services Act 1994, c. 13, § 5, http://www.legislation.gov.uk/ukpga/1994/13, archived at https://perma.cc/G7VW-XVYZ.

[14] Id. § 5(4), (5).

[15] Directed surveillance may be authorized by a designated person within each of the intelligence services provided that it is necessary to fulfill the agency’s statutory functions, is undertaken for the purpose of a specific investigation, is proportionate, and cannot be achieved through other means.  Regulation of Investigatory Powers Act 2000, c. 23, § 28.

[16] The Regulation of Investigatory Powers Act provides that unlawfully intercepting communications is an offense punishable by up to two years’ imprisonment and/or a fine.  Id. § 1. 

[17] Id

[18] “Communication” is defined broadly in section 81 of the Regulation of Investigatory Powers Act, id.

[19] Communications data includes subscriber data, use data, and traffic data.  Secretary of State for the Home Department, Draft Communications Data Bill, 2012, Cm. 8359, ¶ 10, http://www.official-documents. gov.uk/document/cm83/8359/8359.pdf, archived at https://perma.cc/R5PZ-HF8E

[20] Detecting crime is interpreted in section 81 of the Regulation of Investigatory Powers Act as “(a) establishing by whom, for what purpose, by what means and generally in what circumstances any crime was committed; and (b) the apprehension of the person by whom any crime was committed.” 

[21] Id. § 5.

[22] Id.

[23] Id. § 22(2).

[24] Id. § 22; 2 Current Law Statutes 2000 (Christine Beesley et al. eds., 2000).

[25] The role of the ISC has recently been amended and clarified by the Justice and Security Act 2013, c. 18, http://www.legislation.gov.uk/ukpga/2013/18/contents/enacted, archived at https://perma.cc/LU5A-GFLM

[26] Regulation of Investigatory Powers Act 2000, c. 23, § 59(1)–(2).

[28] David Cameron, The Report of the Investigatory Powers Review: Written statement, June 10, 2015, HCWS27, http://www.parliament.uk/business/publications/written-questions-answers-statements/written-statement/Commons/2015-06-11/HCWS27, archived at https://perma.cc/U5CS-QZTJ.

[30] David Anderson, QC, A Question of Trust, June 2015, https://terrorismlegislationreviewer. independent.gov.uk/wp-content/uploads/2015/06/IPR-Report-Web-Accessible1.pdf, archived at https://perma.cc/SEQ5-7TSW.This report recommended that the Regulation of Investigatory Powers Act be replaced with new legislation that bulk collection of intercepted materials should be permitted under strict safeguards; the Home Secretary’s role in authorizing the interception of communications should be restricted and replaced with judicial oversight; the definition of communications data should be updated; and a new position, the independent surveillance and intelligence commissioner, should be created and should replace the three current commissioners.  Intelligence and Security Committee of Parliament, Report on the Draft Investigatory Powers Bill, HC 795, 2015-16, http://isc.independent.gov.uk/files/20160209_ISC_Rpt_ IPBill(web).pdf, archived at https://perma.cc/CSK2-AS7M.  This report criticized the current legal framework as being developed in a piecemeal way and that it was unnecessarily complicated, resulting in a lack of transparency.  RUSI, A Democratic Licence to Operate: Report of the Independent Surveillance Review, July 2015, https://rusi.org/ publication/whitehall-reports/democratic-licence-operate-report-independent-surveillance-review, archived at https://perma.cc/BC47-ZAZG.This report claimed that the existing law was too complex and there were inadequacies in oversight.

[31] Draft Investigatory Powers Bill Report, HL 93, HC 651, 2015-16, http://www.publications. parliament.uk/pa/jt201516/jtselect/jtinvpowers/93/93.pdf, archived at https://perma.cc/W785-8TA2; Intelligence and Security Committee of Parliament, supra note 30; House of Commons Science and Technology Commission, Investigatory Powers Bill: technology issues, Third report of Session 2015-2016, HC 573, 2015-16, http://www.publications.parliament.uk/pa/cm201516/cmselect/cmsctech/573/573.pdf, archived at https://perma.cc/5PYM-FQF2.  The government responded to these reports in the following report: Investigatory Powers Bill: Government Response to Pre-Legislative Scrutiny, Cm 9219, 2015-16, https:/ /www.gov.uk/government/uploads/system/uploads/attachment_data/file/504174/54575_Cm_9219_WEB.PDF, archived at https://perma.cc/N35G-DZXG

[32] Investigatory Powers Bill, House of Commons Library, Mar. 11, 2016, http://researchbriefings.parliament. uk/ResearchBriefing/Summary/CBP-7518, archived at https://perma.cc/96TD-5QPH

[33] Intelligence and Security Committee of Parliament, Privacy and Security: A Modern and Transparent Legal Framework, 2014–15, HC 1075, ¶ 4, http://isc.independent.gov.uk/files/20150312_ISC_ P+S+Rpt(web).pdf, archived at https://perma.cc/GNT4-G4XS.

[34] Investigatory Powers Bill 2015-16 to 2016-17, Parliament.uk, http://services.parliament.uk/bills/2015-16/investigatorypowers.html, archived at https://perma.cc/SXB3-L3ED.  The provisions of the Bill as introduced to the House of Commons are available at: Investigatory Powers Bill (HC Bill 2), Parliament.uk, http://www.publications.parliament.uk/pa/bills/cbill/2016-2017/0002/17002.pdf, archived at https://perma.cc/L5FA-2NSJ. The current version of the bill is available at: Investigatory Powers Bill 2015-16, HL Bill 40, http://www.publications.parliament.uk/pa/bills/lbill/2016-2017/0040/17040.pdf, archived at https://perma.cc/8ZVS-V8CE. As the bill is controversial, there are many amendments, and the clauses and numbering are frequently changed.   

[35] Investigatory Powers Bill 2015-16 to 2016-17, Parliament.uk, http://services.parliament.uk/bills/2016-17/investigatorypowers.html (last visited June 13, 2016), archived at https://perma.cc/NTY2-TPAB.

[36] Id.;Data Retention and Investigatory Powers Act 2014, c. 27 § 8(3), http://www.legislation.gov.uk/ukpga/ 2014/27/ contents/enacted, archived at https://perma.cc/Y2ZC-4NNN.  This Act was enacted as emergency legislation and passed through Parliament in four days with cross-party support.

[37] Id. at 8.

[38] Investigatory Powers Bill 2015-16, HL Bill 40, http://www.publications.parliament.uk/pa/bills/lbill/2016-2017/0040/17040.pdf, archived at https://perma.cc/8ZVS-V8CE.  Repeals are provided for throughout the bill.

[39] Prime Minister’s Office, supra note 27, at 6.

[40] House of Commons Library, supra note 32.

[41] Id

[42] Investigatory Powers Bill 2015-16, HL Bill 40, clause 15.

[43] Bill Part I; House of Commons Library, supra note 32, at 19.

[44] Investigatory Powers Bill 2015-16, HL Bill 40, Chapter 2.

[45] Id. clauses 15-25.

[46] House of Commons Library, supra note 32, ¶ 3.4.

[47] Id.

[48] Id.

[49] Investigatory Powers Bill 2015-16, HL Bill 40, clauses 23-25.

[50] House of Commons Library, supra note 32, at 23.

[51] Investigatory Powers Bill 2015-16, HL Bill 40, clauses 58(7).  This substantively re-enacts the provisions contained in Chapter 2, Part 1 of RIPA.  Clauses 66 and 69 list the public authorities that may obtain communications data under these provisions; the minimum office or rank of the designated senior officer, the types of communications data that may be obtained and the purposes that they may be obtained.

[52]House of Commons Library, supra note 32, at 3.  This officer would be known as the single point of contact.  Investigatory Powers Bill 2015-16, HL Bill 40, clause 72.

[53] Investigatory Powers Bill 2015-16, HL Bill 40, clause 59.

[54] Id. clause 61.

[55] Id. clause 62.

[56] Id. clause 61.

[57] Id. clauses 63–65.

[59] Scott Carey, Snooper’s Charter: What You Need to Know About the Investigatory Powers Bill, ComputerWorldUK (June 8, 2016), http://www.computerworlduk.com/security/draft-inestigatory-powers-bill-what-you-need-know-3629116, archived at https://perma.cc/94F6-JVEN.

[60] Draft Investigatory Powers Bill Report, supra note 31, ¶¶ 109–126.

[61] House of Commons Library, supra note 32, at 36.

[62] 736 Hansard (4th ser.) 1966 634–41, http://hansard.millbanksystems.com/commons/1966/nov/17/telephone-tapping, archived at https://perma.cc/UG95-Y56ASee also House of Commons Library, The Wilson Doctrine, Briefing Paper No. 4258, Feb. 9, 2016, http://researchbriefings.files.parliament.uk/documents/SN04258/ SN04258.pdf, archived at https://perma.cc/8Q8C-M2R5.

[63] Caroline Lucas et al. v. Security Service et al., [2015] UKIPTrib 14 79-CH, http://www.ipt-uk.com/docs/ Caroline_Lucas_JUDGMENT.pdf, archived at https://perma.cc/X3JP-KQHN.  

[64] House of Commons Library, supra note 32, at 18; Investigatory Powers Bill 2015-16, HL Bill 40, clause 26.

[65] Investigatory Powers Bill 2015-16, HL Bill 40, clause 83.

[66] Id. clause 84.

[67] Id. clause 85.

[68] Id. clauses 86–87.

[69] House of Commons Library, supra note 32, at 42.  

[70] Computer Misuse Act 1990, c. 18, http://www.legislation.gov.uk/ukpga/1990/18, archived at https://perma.cc/G963-P2QN

[71] House of Commons Library, supra note 32, at 44.

[72] Id.

[73] Investigatory Powers Bill, 2015-16, HL Bill 40, clause 96.

[74] Id. clauses 97–99.

[75] Id. clause 108.

[76] Id. clause 100.

[77] Id. clause 120.

[78] Id.

[79] Id.

[80] Id. clause 122.

[81] Id. clause 123.

[82] Briefing and Response to New Investigatory Powers Bill, techUK.org (Mar. 2, 2016), https://www.techuk.org/ insights/news/item/7847-techuk-issues-detailed-response-and-briefing-on-new-ip-bill, archived at https://perma.cc/R9L4-S5QV.

[83] Investigatory Powers Bill 2015-16, HL Bill 40, part 6.

[84] House of Commons Library, supra note 32, at 52.

[85] Id.

[86]Id. at 58.

[87] Id.

[88] Id.

[90] Id.

[91] House of Commons Library, supra note 32, at 58.

[92] Investigatory Powers Bill, 2015-16, HL Bill 40, clause 189.

[93] Id. clause 190.

[94] House of Commons Library, supra note 32, at 52.

[95] Carey, supra note 59.

[96] House of Commons Library, supra note 32, at 69; Investigatory Powers Bill 2015-16, HL Bill 40, clause 2226. 

[97] Id. and Investigatory Powers Bill, 2015–16, HL Bill 40, clause 217. 

[98] Id. clause 219.

[99] Id. clause 218.

[100] Id. clause 220.

[101] House of Commons Library, supra note 32, at 75.

[102] Id.

[103] Id.

[104] Investigatory Powers Bill, 2015–16, HL Bill 40 Part I.

[105] Id. clauses 3-10.

[106] Id. chapter 3.

[107] House of Commons Library, supra note 32, at 30.

[108] Investigatory Powers Bill 2015-16, HL Bill 40, clauses 81 & 91.

[109] Id. clause 224.

[110] House of Commons Library, supra note 32, at 61.

[111] Id. at 62. 

[112] Id. at 11.

[113] Only China and Russia Violate Their Citizens Privacy as Much as the Snoopers’ Charter Allows, The Independent (London) (Mar. 2, 2016), http://www.independent.co.uk/voices/only-china-and-russia-violate-their-citizens-privacy-as-much-the-snoopers-charter-a6907136.html, archived at https://perma.cc/4TWV-ZZ24.

[114] Id.

[115] House of Commons Library, supra note 32, at 12.

[116] Id. at 12.

[117] The Guardian View on Surveillance: Keep a Vigilant Eye on the Snoopers, The Guardian (London) (Mar. 1, 2016), http://www.theguardian.com/commentisfree/2016/mar/01/the-guardian-view-on-surveillance-keep-a-vigilant-eye-on-the-snoopers, archived at https://perma.cc/8CWA-XUPY

[118] Id.

[119] House of Commons Library, supra note 32, at 61.

[120] Id.

[121] Id.

[122] Id. & Investigatory Powers Bill 2015-16, HL Bill 40, clause 222.