Last month, Home Secretary Theresa May presented the Draft Investigatory Powers Bill (DIP Bill) to Parliament. The draft Bill follows the publication of three reports on the UK’s investigatory powers, all of which highlighted the need for greater transparency, more stringent safeguards and better oversight.
Current Position
The main legislation governing the use of investigatory powers is the Regulation of Investigatory Powers Act 2000 (RIPA). Other regulations, including the Wireless Telegraphy Act 2009 and the Telecommunications Act 1984 are also in force. The DIP Bill is intended to consolidate and update existing legislation governing the use of investigatory powers.
The DIP Bill
The Bill is divided into nine parts, each concerning different aspects of investigatory powers and how they are to be implemented. We highlight the main provisions of the Bill, focusing on those aspects that the world of commerce should be aware of.
Interception
The Bill makes it an offence to intentionally intercept communications without lawful authority. One of the ways in which interception can be carried out lawfully is with a warrant. The Bill provides for three separate interception warrants.
In order to obtain a warrant, an applicant will be subject to greater judicial oversight than under previous legislation. Whilst the Secretary of State will retain the right to issue a warrant, the decision will then be checked by a Judicial Commissioner, who will be a former or serving High Court Judge. This will be known as the “double-lock” oversight process and intends to add to the safeguards already in place.
Acquisitions
The Bill provides powers for public authorities to acquire communications data through ‘authorisations’ where it is clearly justified. A designated senior officer of a relevant public authority can authorise any officer of the same authority to obtain communications data. The acquisition of communications data, such as viewing internet records, may be accessed without a warrant.
Bulk Powers
The Bill also makes provision for ‘bulk warrants’, which refer to the ability of law enforcement and intelligence agencies to obtain communications data on multiple persons with one single warrant. These bulk powers include: bulk interception warrants, bulk acquisition warrants and bulk equipment interference warrants. Therefore, rather than having to target specific and targeted data, relevant agencies will be able to obtain bulk data under the proposed legislation.
Data Retention
Finally, the Bill imposes a requirement on telecommunication operators to retain internet connection records for a maximum of 12 months. This would include websites, applications and services access by a mobile device but not the specific pages visited or the information accessed. This new power adds to an obligation on communication service providers under existing law (Counter-Terrorism and Security Act 2015), which requires the retention of communications data necessary to enable authorities to resolve IP addresses.
Comment
Arguably the biggest change in the draft DIP Bill is the provision allowing relevant agencies to obtain bulk data, rather than specific and targeted data. However, the proposed legislation also provides for a higher level of safeguarding in the form of a “double-lock” oversight process; though there are fears that judicial approval will simply be a case of a rubber stamping exercise.
A joint select committee, made up of MPs and members of the House of Lords, will have until the middle of February to collate evidence, discuss and propose amendments to the suggested law.
To read the full 299 page draft proposal, please click here.
Beverley Flynn