REGULATION
OF INVESTIGATORY POWERS BILL
PART
I : INTERCEPTIONS OF COMMUNICATIONS
HOUSE
OF COMMONS STANDING COMMITTEE STAGE
March 2000
REGULATION
OF INVESTIGATORY POWERS BILL
HUMAN RIGHTS COMPLIANCE
INTRODUCTION
1.1.
The purpose of
the Regulation of Investigatory Powers Bill is to ensure that certain
surveillance methods used during investigations by the police and other law
enforcement agencies are compatible with the Human Rights Act 1998. The
fundamental rights likely to be affected by covert policing are the right to
respect for privacy under Art.8 and the right to a fair trial under Art. 6 of
the European Convention on Human Rights. The text of these Articles are set out
in Annex 1.
1.2.
In its report, Under Surveillance, JUSTICE came to the
overall conclusion that the present legislative and procedural framework
governing the use of these proactive policing methods is out of date, inconsistent
and unable to provide the safeguards required to comply with the Human Rights
Act. We strongly urged the Government
to take an integrated approach when looking at future regulation of
surveillance methods in order to bring some consistency and cohesion to this
complex area of regulation. Given the similarities between all forms of
eavesdropping, such an approach would avoid confusion and uncertainty both for
the policing agencies and suspects.
1.3.
While JUSTICE
welcomes the introduction of this Bill, we believe it represents a missed
opportunity to rationalise a patch-work of legal measures. Despite its
intentions to balance law enforcement needs with individual privacy rights, it
succeeds largely in making an already complex legal environment even more so. It will result in some nine or so separate
but overlapping statutory regimes covering surveillance conduct by the police,
intelligence services and other agencies (see Annex 2). An investigation
may well require authorisation under more than one regime.
THE BILL’S COMPLIANCE
2.1.
The Bill’s five
parts cover interception of communications, access to communications data, the
decryption of encrypted material and covert surveillance operations, including
the use of informers and undercover officers. It replaces the Interception of
Communications Act 1985 with a new regime and amends other legislation
including Part III of the Police Act 1997, the Security Service Act 1989 and
the Intelligence Services Act 1994. As
we set out below, we believe that some of its provisions do not sufficiently
comply with ECHR rights.
2.2.
One of the
problems is that this is framework legislation with much of the detail to be
provided for in secondary legislation, either in orders, regulations or codes
of practice. It is therefore not possible to assess fully the human rights
compliance of some of the activities, particularly where a wide discretion is
given to ministers in the making of that legislation. It contains some
twenty-two provisions for secondary legislation, most of which are subject only
to negative resolution, and where the scope, intent and safeguards of the
delegated powers are insufficiently set out in the statute. In some cases, this
may mean that the provisions fall foul of the ECHR requirement that any
interference with rights is clearly ‘prescribed by law’. In other cases, the
breadth of the delegated powers is such that significant breaches of human
rights in the orders, regulations or codes cannot be ruled out. There is no
obligation to provide a certificate of compliance with the ECHR for delegated
legislation as there is for primary. In this briefing, we refer to those
delegated powers that raise important human rights concerns.
2.3.
We are grateful
for the assistance of Clare Montgomery QC, Helen Mountfield, Keir Starmer and
Tom de la Mare with this briefing.
PART 1
INTERCEPTION OF COMMUNICATIONS
Executive authorisation
clause 7:
3.1 Authorisations for interception of telecommunications are to continue to be the responsibility of the Secretary of State. The Home Office in its consultation paper stated that it is ‘not persuaded’ of the need to depart from this regime, although it does not give reasons for this other than that it considers that the executive would still need to issue warrants applied for on national security grounds.
3.2 The question of who authorises intrusive surveillance operations is an important one. And it is a debate that has taken place several times before, most recently in relation to the use of bugging devices under Part III of the Police Act 1997. Putting it shortly, it is argued that a member of the executive lacks the necessary independence to authorise interception by a state agency and that it offends against the concept of the separation of powers; a senior judge would be a more appropriate arbiter of the balance between the rights of the individual and the interests of the state.
3.3 While the European Court of Human Rights (EctHR) has not specifically required that such oversight by judicial, it has on several occasions stressed the importance of it being so. In Klass v Germany, it stated that ‘it is in principle desirable to entrust supervisory control to a judge’. Likewise, in discussing the safeguards offered by French law on telecommunications interceptions, it placed considerable emphasis on the safeguard of prior judicial authorisation.[1]
3.4 JUSTICE’s position is that the most intrusive surveillance operations, including interceptions, should all be subject to the same warrant procedures with authorisations by a High Court judge (whether acting as a Commissioner as under Part III Police Act or otherwise). This is the practice in a great number of countries, including Canada, New Zealand, the United States and other EU member states. It would also have the advantage of bringing the law on interceptions in line with similarly intrusive surveillance operations under the Police Act and Part II of this Bill.
3.5 As to the issue of warrants based on national security grounds, we question why the judiciary is not considered to be sufficiently competent to undertake the authorisation as they do in many other countries, such as Australia and Canada. And even if it is shown to be necessary that such warrants remain with the Secretary of State, it would be possible to run parallel regimes with only those applications made by the security services remaining with the Secretary of State. This is what is proposed for ‘intrusive surveillance’ applications under Part II of this Bill (see cl.39).[2]
Participant monitoring
3.6 Under section 1(2)(b) of IOCA 1985, there was an exemption where one party to the communications consented to it being intercepted. This is commonly known as the ‘participant monitoring’ exemption. It has the effect of circumventing the warrant procedures and safeguards of IOCA and is particularly relevant in cases where police or informers are used to extract evidence from suspects.
3.7 Although the exemption is not repeated in Part I of the Bill, it is to be found in Part II. The combination of clauses 25(4) and 45(4) have the effect of exempting interceptions of telecommunications done on the basis of the consent of one of the parties to the communication from being considered as ‘intrusive surveillance’ under Part II. Although unclear, it seems that the intention is to place such conduct under the lesser controls of ‘directed surveillance under Part II (requiring only self-authorisation within the agency undertaking the conduct).
3.8 JUSTICE would strongly argue that this is insufficient: the non-consenting person whose privacy is infringed is entitled to the same level of safeguards as any other person whose private telecommunications is being intercepted by a state agency. And, in any event, we question how such conduct could properly fall within the category of ‘directed surveillance’ which is defined as being covert but not intrusive (see cl.25(2)): an interception is clearly intrusive of the non-consenting person, irrespective of whether the statute attempts to describe it as otherwise (see cl.25(4)).
3.9 We believe that any such different treatment for the non-consenting person potentially breaches Art.8 of ECHR. In the case of Lambert v France (1999), the EctHR considered a judgment of the French Court of Cassation which had denied legal remedy to a person whose telephone calls had been intercepted on a friend’s line. It held that, as a matter of principle, Art. 8 protects people, not telephone lines:
‘The Court of Cassation’s
reasoning could lead to decisions whereby a very large number of people are
deprived of the protection of the law, namely all those who have conversations
on a telephone line other than their own. That would in practice render the
protective machinery largely devoid of substance.’
3.10 This reasoning is in accordance with the decision of the Canadian Supreme Court in the case of R v Duarte (1990). This was a case of an informer who had been wired-up to record conversations between himself and the suspect. While the Canadian Criminal Code required a warrant for the use of electronic surveillance devices generally, none was needed for such consent operations. The Court held that this ‘participant monitoring’ exemption directly contradicted the principle that it is the person whose privacy is being infringed who should be afforded safeguards. The Canadian Criminal Code now requires judicial authorisation for the interception of a private communication even where one party consents to it. The Irish Law Commission has recently come to the same conclusion in a report on interception of communications.[3]
Office and business monitoring
clauses
1(6) and 4(2)
3.11 Clause 1(6) provides that a private telecommunications system may be lawfully intercepted with the consent of the controller of the system. Because of the definitions in cl.2(1), it appears that the systems falling within the remit of this provision are principally to be computer networks in offices and other establishments such as universities and private telephone exchanges as in hotels.
3.12
JUSTICE considers that cl.1(6) is too broad and fails to provide the
safeguards required by Art.8 ECHR. As the Bill is
drafted, the consent defence completely removes the need to satisfy either the
substantive tests of having legitimate grounds for the interception or any of the
procedural safeguards. Effectively, the
provision provides for wholly unregulated interceptions by an employer of an
intranet office system, for example. However, as importantly, it potentially
also allows a law enforcement agency to intercept such a system on the sole
grounds of the consent of the controller of the system. The latter would
clearly be an unlawful circumvention of the warrant procedures in Part I.
3.13 The only deterrent upon the employer in these circumstances is the potential liability to a civil tort under cl.1(3). This is a less effective and only post facto remedy for individuals who will have serious difficulties in either knowing or proving that an interception has taken place. Cl.1(3) is also phrased in such a way that the giving of consent under cl.1(6) is a prerequisite of the tort – i.e. the tort cannot overlap with an offence under cl.1(2). We believe that there is little sense in this and that the tort should exist independently of cl.1(6) and should also apply to interceptions of public telecommunications.
3.14 As currently drafted, there is no relationship on the face of the Bill between cl.1(6) and the provisions on interceptions for business monitoring under cl.4(2). This needs to be clarified. Interceptions under cl.4(2) are clearly intended to be narrower: for example, it has to be for a legitimate business purpose and be made in the course of transmission on apparatus provided by the employer (i.e. a handset). On the other hand, business monitoring under this clause is to extend to public as well as private telecommunications.
3.15 Although the Secretary of State’s regulation making powers under cl.4(2) are wide, the danger (as has persistently been the problem with UK privacy regulation) is under-regulation. JUSTICE believes that there are certain principles which must be complied with in order that the practice of business monitoring is legitimate: for example, openness and transparency, protection for legal and other privileged material and protection for private confidences. It is therefore essential that a draft version of the first set of regulations under cl.4(2) should be published contemporaneously with the Bill.
Intercept material as evidence
clauses 16 and 17
3.16 In general terms, the current position of prohibiting the use of intercept material as evidence is to remain. However, there is a significant difference under cl.17(5) which is to permit disclosure of this material to the prosecution. The prosecution may be ordered to disclose it to the trial judge who may, in turn, direct the making of an admission of fact. There is no provision for the disclosure of this material to the defence (other than for specific intercept offences).
3.17 JUSTICE would argue that this arrangement breaches the ‘equality of arms’ principle in Art.6 of the ECHR which guarantees a defendant a fair trial. This is on several grounds. First, it permits the prosecution to have access to potentially relevant evidence, but not the defence. Even though the material may not be used by the prosecution as admissible evidence, it nevertheless may assist the prosecution as to how it conduct its case, including the asking of questions based on knowledge of the material. Second, it is a blanket provision whereby there are no circumstances when the merits of disclosing to the defence may be considered. This means that disclosure to the defence cannot be ordered even where the circumstances are ‘exceptional’ and the making of an admission by the prosecution is ‘essential (i.e.when the material goes to the heart of the prosecution case). There are also no grounds for disclosure even when to do so would clearly not damage the public interest.
3.18 Third, the disclosure to the ‘relevant judge’ under cl.17(b) has implications for both procedural and substantive fairness. For example, the clause is silent about the circumstances in which a judge might make an order for disclosure to him or herself alone. Although cl.16 sets up a complete prohibition on making disclosures in legal proceedings, the prosecution will have to communicate in some way to the judge that it has this material and that it might be relevant to the proceedings. One question is how is this to be done?
3.19 For example, the communication might be made in an ex parte public interest immunity (p.i.i.) hearing. The question would then be whether there are sufficient procedural safeguards for the defence as required by the recent EctHR decisions in Rowe and Davis v UK, Jasper v UK and Fitt v UK.[4] We would argue that the procedure for disclosing intercept material to the judge and the judge being able to order an admission fall short of the p.i.i. procedures scrutinised and endorsed in these cases. In particular:
· there is no provision for disclosure to the defence in any circumstances (see above)
· the threshold for making admissions is not ‘fairness’ but both ‘exceptional circumstances’ and ‘essential’ admissions (i.e. some higher and unspecified criteria)
· there is no opportunity for the defence to make representations as to what are ‘exceptional circumstances’ and what admissions might be ‘essential’.
3.20
In addition, even where the ‘exceptional
circumstances’ make the disclosure ‘essential’ in the interests of justice and
the judge considers admissions should be made, cl.17(8) places severe
restrictions on the kind of admissions that can be made. It says that nothing may be admitted that
breaches any of the prohibitions in cl.16(1) – that is, an admission cannot in
any way tend to suggest that an interception has taken place. Therefore even an admission which is
considered ‘essential’ may not be made if by doing so it breaches cl.16(1). It
is difficult to see how a fair trial could follow in such circumstances.
3.21 JUSTICE believes that lawfully intercepted material should be prima facie admissible as evidence in criminal proceedings, subject to the usual disclosure of evidence rules under the Criminal Procedure and Investigation Act 1996 and judicial discretion under s.78 of PACE. This is the position for other material obtained by intrusive surveillance methods under Part III of the Police Act and Part II of this Bill. If the objections can be overcome for one form of surveillance, it is hard to understand the continued justification for interception material to be treated differently.
ACQUISITION
AND DISCLOSURE OF COMMUNICATIONS DATA
4.1
Under cl.20(4)
communications data is defined as all that information relating to the use of a
communication service other than the contents of the communication itself. It
includes subscriber’s details, the names, addresses and numbers of those
contacted, web sites visited and, in the case of mobile phones, the user’s geographical
location. Such data is increasingly valuable to criminal investigations and its
disclosure more intrusive to individuals.
4.2.
Following
the ECtHR decision in Malone v UK (1984) that such data fell within Art.8, the UK government inserted a new
section 45 into the Telecommunications Act 1984. This has allowed disclosure on
the broad grounds of prevention and detection of crime without any of the Art.8
safeguards. In the absence of any published figures, the Home Office should be
asked to give an indication of the extent of this practice of seeking
disclosure of communications data.
4.2 Under the Bill, the disclosure of such data is to be authorised by a ‘designated person’ from one of the ‘relevant authorities’ (see cl.21 and cl.24(1) and (2)). The latter includes a police force, NCIS, NCS, Customs and Excise, the intelligence services and any other public authority as may be specified by the Secretary of State (cl.24 (1)(f)). As prior authorisation is a key safeguard, the Home Secretary should be asked to give details of the status of the person who is to be prescribed as the ‘designated person’. Likewise, he should be asked why it is necessary to include further public authorities and which authorities does he consider may be included in a future order.
4.3
However, there is a serious question
whether self-authorisation within an agency is sufficiently independent to
comply with Art. 8 requirements.
The ECtHR has frequently criticised the practice of self-authorisation. In the
recent case of Kopp v Switzerland (1998) it said: ‘Above all, in practice, it is, to say the least, astonishing that
this task should be assigned to an official of the Post Office’s legal
department, who is a member of the executive, without supervision by an
independent judge, especially in this sensitive area…’
4.4 As the nature of the communications data becomes more sensitive, the need for the prior authorisation to be independent becomes stronger. This is particularly so where, as under this Bill, there is no challenge mechanism for those holding the data. JUSTICE therefore believes that obtaining access to communications data should be safeguarded in the same way as access to special material under section 9 and Schedule I of PACE. This means that an application should be made to a circuit judge.
4.5 The grounds on which a person’s privacy may be lawfully interfered with under Art. 8 are closely proscribed in Art 8(2) (see Annex 1). It is therefore unclear why the Bill includes the collection of tax etc. as a legitimate ground for the disclosure of communications data (see cl.21(1)(f). Either the collection of tax is legitimate as falling within one of the other grounds or it is not an aim that may be pursued under Art.8. And, in any event, it is far from clear why communications data is considered to be relevant to the collection and assessment of taxes. It is also curious that the Bill permits the Secretary of State the right by order to add to the list of permitted grounds in cl.21(2)(h): as the permitted grounds of Art.8(2) are already reflected in the clause, any additional grounds are likely to go beyond the scope of Art.8(2). JUSTICE therefore believes that cl. 21(2(f) and (h) should be deleted from the Bill on grounds that they may breach Art. 8 ECHR.
4.6 There is nothing in this part of the Bill covering the safeguarding of the communications data disclosed. Although such data is likely to fall within the Data Protection Act 1998, there nevertheless should be uniform provisions on such matters as the destruction of the material within the Bill, as there is for interception material under cl.14.
4.7
Under cl.53(2)(b)
the Interception of Communications Commissioner is required to review the
working of these provisions covering communications data. However, it is not
clear how this is to be achieved. In order that there
is effective accountability, JUSTICE considers that there should be a specific
requirement for each authorisation to be notified to the Commissioner.
Privileged material
4.8
There are
no provisions in Part I of the Bill for special procedures in relation to
legally or otherwise privileged material. The ECtHR in Campbell v UK (1992) stated that a high level of protection is to be accorded to these
sensitive categories of material. Although, it may be
intended to address this issue in a code of practice, we consider that the
provisions should be included on the face of the Bill in relation to both Parts
I and II of the Bill.
March 2000
ANNEX 1
Article 6 :
Right to a fair trial
1.
In the determination of his civil rights and obligations or of any
criminal charge against him, everyone is entitled to a fair and public hearing
within a reasonable time by an independent and impartial tribunal established
by law. Judgment shall be pronounced publicly but the press and public may be
excluded from all or part of the trial in the interests of morals, public order
or national security in a democratic society, where the interests of juveniles
or the protection of the private life of the parties so require, or to the
extent strictly necessary in the opinion of the court in special circumstances
where publicity would prejudice the interests of justice.
2.
Everyone charged with a criminal offence shall be presumed innocent
until proved guilty according to law.
3.
Everyone charged with a criminal offence has the following minimum
rights:
(a)
to be informed promptly, in a language which he understands and in
detail, of the nature and cause of the accusation against him;
(b)
to have adequate time and facilities for the preparation of his
defence;
(c)
to defend himself in person or through legal assistance of his own
choosing or, if he has not sufficient means to pay for legal assistance, to be
given it free when the interests of justice so require;
(d)
to examine or have examined witnesses against him and to obtain the
attendance and examination of witnesses on his behalf under the same conditions
as witnesses against him;
(e)
to have the free assistance of an interpreter if he cannot understand
or speak the language used in court.
Article 8: Right
to respect for private and family life
1.
Everyone has the right to respect for his private and family life, his
home and his correspondance.
2.
There shall be no interference by a public authority with the exercise
of this right except such as is in accordance with the law and is necessary in
a democratic society in the interests of national security, public safety or
the economic well-being of the country, for the prevention of disorder or
crime, for the protection of health or morals, or for the protection of the
rights and freedoms of others.
ANNEX 2
Statutory regimes
covering surveillance include:
·
interception of
communications under Part I RIP Bill [Secretary of State authorisation]
·
the acquisition
and disclosure of communications data under Part l RIP Bill [‘designated
persons’ authorisation]
·
the decryption of
protected material under Part III of RIP Bill [Circuit judge authorisation]
·
‘intrusive
surveillance’ by the police and other law enforcement agencies under Part II of
RIP Bill [approval by Commissioner]
·
‘intrusive surveillance’ by the intelligence services
and armed forces under Part II of RIP Bill [Secretary of State authorisation]
·
intrusive
surveillance (involving trespass or criminal damage) by the police and other
law enforcement agencies under Part III of the Police Act 1997 [approval by
Commissioner]
·
intrusive
surveillance (‘bugging and burglary’) by the intelligence services under the
Intelligence Services Act 1994 [Secretary of State authorisation]
·
‘directed surveillance’ by the police and other law enforcement agencies
under Part II of RIP Bill [self-authorisation by prescribed persons]
·
surveillance by
covert human intelligence sources (informers etc) under Part II of RIP Bill
[self-authorisation by prescribed persons].