Interception of Communications Commissioner's Office (IOCCO)
Our inspections are structured to ensure that key areas derived from Chapter 2 of Part I RIPA and the acquisition and disclosure of communications data code of practice (CoP) are scrutinised. For more information about how we carry out our communications data inspections please see the “IOCCOs role” page.
After each inspection we produce a report to the head of the public authority which contains a review of compliance against a strict set of baselines that derive from RIPA and the CoP.
Subject to the approval of the Commissioner, public authorities may publish their inspection reports, in full or in summary, to demonstrate both the oversight to which they are subject and their compliance with Chapter 2 of Part I RIPA and the CoP (see Paragraph 8.5 of the CoP).
The inspection reports contain formal recommendations with a requirement on the public authority to report back within two months to say that the recommendations have been implemented or what progress has been made.
A traffic light system (red, amber, green) is in place for the recommendations to enable public authorities to prioritise the areas where remedial action is necessary.
- Red recommendations - immediate concern - serious breaches and / or non- compliance with Chapter II of Part I RIPA 2000 or the code of practice.
- Amber recommendations - non-compliance to a lesser extent; however remedial action must still be taken in these areas as they could potentially lead to serious breaches.
- Green recommendations - represent good practice or areas where the efficiency and effectiveness of the process could be improved.
Figure 1: Number of Communications Data Recommendations for the last 3 years.
Caveat: Comparisons with previous years are difficult because the public authorities being inspected are not the same and the number of inspections conducted each year differs. However, in 2014 the inspectors made on average fewer recommendations per inspection than in 2013 & 2012. The proportions of red, amber and green have remained broadly the same.
Figure 2: Breakdown of the 346 communications data recommendations made in 2014 by category.
Just over half of the recommendations in 2014 fell into 3 key categories:
Applicants - The majority focused on the necessity or proportionality justifications set out by the applicants. The inspectors made recommendations relating to these two principles in approximately half of the public authorities inspected as they were not satisfied that they had been sufficiently justified in all of the applications that was examined.
Single Point of Contact (SPoC) - The SPoC has an important guardian and gatekeeper role to perform to ensure that the public authorities act in an informed and lawful manner when acquiring communications data. The overall picture is that the SPoC process is a stringent safeguard. However, recommendations were made for the SPoC to exercise their guardian and gatekeeper role more robustly in certain key areas, or, to improve their efficiency in approximately one third of the inspections. In the vast majority of inspections the inspectors did see ample evidence of SPoCs challenging applicants in cases where they believed the requirements had not been met. Although not complete, statistical information obtained by our office indicates that approximately 20% of applications are returned to the applicants by the SPoC for development or improvement
Designated Persons (DPs) - The inspectors made recommendations in relation to the role being performed by DPs in nearly half of the inspections undertaken. The majority of the recommendations in this category fell into two key areas; DP considerations and DP independence. Overall the inspectors were satisfied that the large majority of DPs had discharged their statutory duties responsibly. There is evidence that the DPs are questioning the necessity and proportionality of the proposed conduct. 5% of applications were rejected or returned for redevelopment by the DPs.
Interception of Communications
Our inspections are structured to ensure that key areas derived from Chapter 1 of Part I RIPA and the interception of communications code of practice (CoP) are scrutinised. For more information about how we carry out our interception inspections please see “IOCCO’s role”.
After each inspection we produce a report to the head of the public authority which contains a review of compliance against RIPA and the CoP. The inspection reports contain formal recommendations with a requirement on the public authority to report back within two months to say that the recommendations have been implemented or what progress has been made.
In 2014 we made 69 recommendations to the interception agencies, an average of 8 per agency. We also, for the first time, issued formal inspection reports to the Warrant Granting Departments (WGD’s) in 2014 and 16 recommendations arose from the inspections of the 4 main WGD’s.
Figure 3: Breakdown of the 85 interception recommendations made in 2014 by category.
The majority of the recommendations fell into 3 key categories:
Application Process - 47% of the recommendations. These recommendations can be broken down into six distinct areas – necessity; proportionality; necessity & proportionality; collateral intrusion; thematic warrants; legal privilege / other confidential material. For more information on these recommendations please see Section 6 of our March 2015 report.
Section 15/16 Safeguards - 23% of the recommendations. These recommendations can be broken down into four distinct areas – selection; retention, storage and destruction; information security; training. For more information on these recommendations please see Section 6 of our March 2015 report.
Issue / Implementation of Warrants - 12% of the recommendations. These included recommendations to improve the audit trail for those warrants issued orally under the direction of a Secretary of State, to reduce the pressure on interception agencies to renew warrants excessively early by introducing additional Secretary of State signing slots during recess periods, and to improve the timescales within which instruments, modifications and cancellations are served on CSPs.