Local authorities have powers, under Part I Chapter 2 of the Regulation of Investigatory Powers Act 2000(RIPA), to acquire communications data from Communications Service Providers (CSPs). The definition of “communications data” includes information relating to the use of a communications service (e.g. phone, internet, post) but does not include the contents of the communication itself. It is broadly split into 3 categories: “traffic data” i.e. where a communication was made from, to whom and when; “service data” i.e. the use made of the service by any person e.g. itemised telephone records; “subscriber data” i.e. any other information that is held or obtained by a CSP on a person they provide a service to.
Some public authorities have access to all types of communications data e.g. police, ambulance service, HM Revenues and Customs. Local authorities are restricted to subscriber and service use data and even then only where it is required for the purpose of preventing or detecting crime or preventing disorder. For example, a benefit fraud investigator may be able to obtain an alleged fraudster’s mobile phone bill. As with other RIPA powers, e.g. Directed Surveillance, there are forms to fill out and strict tests of necessity and proportionality to satisfy.
The Prime Minister under Section 57(1) of RIPA 2000 appointed Sir Anthony May in January 2013 as the Interception of Communications Commissioner. His function is to keep under review the interception of communications and the acquisition and disclosure of communications data by intelligence agencies, police forces and other public authorities (including councils). He is required to make an annual report to the Prime Minister with respect to the carrying out of his functions.
In March the Commissioner’s Annual Report, covering the period January to December 2014, was laid before Parliament. (Read the useful summary produced by Big Brother Watch here). Key findings in relation to communications data are set out in the extract below:
Despite media headlines, local authorities now make little or no use of these powers. A big reason for this is that, since 1st November 2012, councils have had to obtain Magistrates’ approval for even the simplest communications data applications (e.g. mobile subscriber checks). (Read about the changes in detail here.) Another reason may be that since December last year, the Home Office has required councils to go through the National Anti Fraud Network to access communications data rather than make direct applications to CSPs. This has also made the internal SPoC’s (Single Point of Contact) role redundant.
The Commissioner also has the power to conduct inspections of public authorities using these powers. He still inspects councils despite their infrequent use. A typical inspection may include the following:
A review of the action points or recommendations from the previous inspection to check they have been implemented.
An audit of the information supplied by the CSPs detailing the requests that public authorities have made for disclosure of data. This information is compared against the applications held by the SPoC (Single Point of Contact) to verify that the necessary approvals were given to acquire the data.
Examination of individual applications to assess whether they were necessary in the first instance and then whether the requests met the necessity and proportionality requirements.
Scrutinising at least one investigation or operation from start to end to assess whether the communications data strategy and the justifications for acquiring all of the data were proportionate.
Examination of the urgent oral approvals to check the process was justified and used appropriately.
A review of the errors reported or recorded, including checking that the measures put in place to prevent recurrence are sufficient.