The Chief Surveillance Commissioner published his 2013 annual report (covering the period from 1st April 2012 to 31st March 2013) on 18th July 2013. It is important reading for those public authorities who conduct surveillance under Part 2 of the Regulation of Investigatory Powers Act 2000 (RIPA).
The report details statistics relating to the use of Part 2 of RIPA by public authorities and information about how the Office of the Surveillance Commissioner (OSC) conducts its oversight role. Non-law enforcement agencies (including councils) authorised Directed Surveillance on 5,827 occasions. This continues a downward trend over the last few years.
The report highlights a number of important issues some of which are listed below:
- Common errors by RIPA authorities include miscommunication or failure to communicate the details of an authorisation; failure to conduct thorough reviews, renewals or cancellations; ignorance on the part of officers; or poor administration or processes.
- The Commissioner says that all public authorities have struggled with the use of the Internet for investigations, particularly social networking sites. At paragraph 5.7 he advises caution on conflating the offline word with the online world. There may be cases where RIPA authorisation is required when doing research about a person on the Internet. He goes on to say, “… it is important to bear in mind that it is not always possible to give a definitive answer as to whether a particular activity requires authorisation: facts are infinitely variable. Where there is doubt authorisation is prudent.” Act Now has developed a course on E-Crime and Social Networking Sites which examines all the relevant RIPA and wider legal issues.
- Too many tactics requested by investigating officers are unused. Authorising officers and Senior Responsible Officers should monitor whether applicants are lazily requesting tactics out of habit rather than necessity.
- Too many cancellations provide an insufficient record of surveillance actually conducted and the details of collateral intrusion. Rarely does guidance on the retention or destruction of product go beyond an inadequate reference to policy. It is vital that surveillance product that does not match the objectives stated in the authorisation is not retained on databases.
- At paragraph 5.5, the Commissioner reiterates his view that RIPA is permissive legislation and there may be occasions where surveillance outside the scope of RIPA may be required. He points to the recent IPT decision in BA and others v Cleveland Police (IPT/11/129/CH). This is in keeping with Ibrahim Hasan’s view as explained on this blog.
- Where there is an invasion of privacy and RIPA does not apply, due to all conditions not being met, then the Commissioner recommends use of a similar written authorisation mechanism where Article 8 issues (privacy) are considered.
- The Commissioner also considers the changes, which took effect on 1st November 2012; namely magistrates’ approval for council surveillance and a new six month threshold test for Directed Surveillance. On the whole they are working well. There were 142 approval requests made to a Magistrate in the reporting period of which only two were rejected.
- Finally the Commissioner fires a shot across the bows of those authorities who drag their feet in accepting his recommendations. At paragraph 5.18 he says, “I expect the recommendations of my reports to be followed whether or not individual officers agree with them. Continued failure to do so – especially on the ground that current practices have been unchallenged in court proceedings – may result in publication of my guidance or recommendations to a wider audience.”
Now is the time to consider refresher training for RIPA investigators and authorisers. Please see our full program of RIPA Courses which have been revised to take account of all the latest developments. We can also deliver these courses at your premises, tailored to the audience. Finally, if you want to avoid re inventing the wheel, our RIPA Policy and Procedures Toolkit gives you a standard policy as well as forms (with detailed notes to assist completion) for authorising RIPA and non-RIPA surveillance. Over 200 different organisations have bought this document (available on CD as well).