Home Office

Access to Communications Data

Response to the Consultation Paper

Introduction

In March 2003 the Home Office published a consultation paper Access to communications data: respecting privacy and protecting the public from crime (http://www.homeoffice.gov.uk/docs/consult.pdf) inviting views on the implementation of Part I Chapter II of the Regulation of Investigatory Powers Act 2000 (RIPA).

2. Part I Chapter II of RIPA provides for the lawful acquisition of communications data by public authorities for specific purposes, primarily for the purpose of preventing and detecting crime, and only then when both necessary and proportionate to what the authority is seeking to achieve.

3. Section 25 of RIPA lists those public authorities that Parliament has already approved should have lawful access to communications data using RIPA. The consultation paper concerned additional public authorities that might be added to that by an Order approved by Parliament.

4. Specifically the consultation paper invited views on:

  • options for imposing restrictions upon additional public authorities’ lawful access to communications data under RIPA
  • options for additional safeguards regulating their access to data

5. The consultation also invited views on the need for a review, wider than the issue of communications data, of the balance between privacy and protection of the public. The responses on that will be published separately.

6. This paper attempts to summarise over 170 responses that covered a wide range of opinions submitted in a range of formats from thought-provoking papers to terse e-mails. Inevitably it is not possible to describe all those responses in detail. The objective is to reflect the views that emerged.

7. Further information about this paper and about the detailed consultation responses is available from:

Simon Watkin
Covert Investigation Policy Team
Home Office
Room 732
50 Queen Anne’s Gate
London
SW1H 9AT
and by e-mail commsdata@homeoffice.gsi.gov.uk

Summary of responses

8. Although the consultation period ended on 3 June some late responses were accepted. In all 178 responses were received. Of those 31 were from commercial organisations, 27 from a variety of interest groups, 52 from individuals and 68 from public authorities. The annex to this document lists the respondents, excluding 5 that asked that their response be treated in confidence.

9. In parallel to the consultation exercise the Home Office commissioned independent research into the views of a representative sample of UK public opinion regarding access to communications data by additional public authorities.

10. There was broad acceptance of the Government’s approach, described in the consultation paper – that public authorities’ access to communications data should be restricted within a regulatory regime that is transparent, compliant with human rights legislation and under the oversight of an independent commissioner.

Public authorities access to communications data

11. The consultation paper, and supporting material published on the Home Office website (http://www.homeoffice.gov.uk/crimpol/crimreduc/regulation/part1/pas.html), described in some detail why various public authorities responsible for crime prevention and detection and public safety use, or need to use, communications data to reduce crime and safeguard the public. Although the consultation paper did not explicitly ask for views on the necessity of their requirements to access data, some respondents had comments.

12. Thirteen respondents expressly stated they did not wish any public authorities to have access to communications data under RIPA, a further 11 expressly opposed any of the proposed additional authorities.

Access to communications data under RIPA

13. Support for a single regime governing public authorities’ access to communications data, and for RIPA as that regime, was given explicitly by 19 respondents. Only 2 respondents explicitly opposed RIPA providing a single regime for the lawful acquisition of communications data.

14. There were 26 respondents who called either for the repeal of so-called “legacy” legislation, which public authorities use to lawfully acquire communications data or called for public authorities not to use pre-existing legislation once the RIPA legislation come into force. Repeal of legislation is not straightforward. The powers being used are usually information-gathering powers used to lawfully obtain information, of which communications data is a part and often a small part.

15. One respondent submitted a draft Bill that would have the effect of amending the Data Protection Act 1998 such that the disclosure of personal data, which is also communications data, would be permitted only in accordance with RIPA or the Order of a Court.

16. Many respondents (92) chose to comment on certain public authorities, 76 were supportive and 16 opposed to particular public authorities having access to data. Local authorities were most commented on – both favourably and unfavourably (though many of the favourable comments came from local authorities themselves).

17. There was clear support from a number of respondents (11) for the Radiocommunications Agency to be allowed access to the full range of communications data in order to combat effectively the nuisance and dangers posed by pirate radio stations.

18. Responses on behalf of, or from individual members of, Crime and Disorder Reduction Partnerships were supportive of local authority trading standards and environmental health services having access to communications data.

Human Rights Principles

19. The statutory safeguards within RIPA were overwhelmingly supported. The tests of necessity and proportionality that must be met in every requirement for data were supported explicitly by 27 respondents and opposed by none. The designation of suitably senior persons within public authorities able to exercise the powers received more support (32 respondents) and no opposition.
Restricted access to communications data by purpose

20. Support (27 responses) was expressed for restricting the purposes for which public authorities may require communications data. Two respondents opposed restricting access by purpose.

Restricted access to communications data by purpose and function

21. One third of respondents expressing an opinion (8 out of 26) were against the proposal of restricting access to data by both purpose and function (although it received a better reception in public opinion research). Most of those opposing restriction by purpose and function were public authorities – simply because of the practical difficulties in defining public authority functions in legal terms. Local authorities, in particular, are responsible for enforcing wide and diverse pieces of legislation. Respondents also argued restriction by function was not necessary, as public authorities investigating crime not within their statutory remit would be acting ultra vires by definition, and not in accordance with the law.
Restricted access by type of communications data

22. An opinion on restricting access by type of data was expressed by 44 respondents. Of those 35 supported such a restriction.

23. The case for restricting access to communications data by data type was put by the Government in the consultation paper. This was an acknowledgement that an approach which gave all public authorities the potential to acquire sensitive communications traffic data, subject to meeting the statutory tests of necessity and proportionality in each case, was inappropriate – because most public authorities had no requirement for such data.

24. Some public authorities used their response to the consultation paper to demonstrate the range of communications data they have cause to acquire in support of their statutory functions to prevent and detect crime or protect the public.

Designation of specific persons within public authorities

25. Ahead of the public consultation there was concern that “anyone” in a public authority could, without reference to a suitably senior official, acquire communications data. RIPA provides for designation of individuals holding particular posts, ranks or grades. 32 respondents commented specifically on this and all expressed support for clear designation of specific suitably senior officials able to authorise disclosure of data.

Accreditation and Single Points of Contact (SPoCs)

26. The consultation paper indicated the Government’s support for an accreditation scheme for officials in public authorities involved in access to communications data, linked to single points of contact between an authority and the communications service industry. This builds practice and training modules established by the police and customs with the support of industry. Thirty-eight respondents commented favourably on accreditation. Thirty-six supported the idea of SPoCs. None were against.

27. The consultation paper acknowledged that consideration might need to be given to the creation of multi-agency SPoCs to support additional public authorities that seek to acquire communications data only infrequently. Notwithstanding that section 23 (3) of RIPA has the effect of requiring the disclosure of data to the person who gave notice of that requirement or to a person within the same public authority, 32 respondents expressly supported the concept of one or more multi-agency SpoCs. Only one respondent took an expressly opposite view.

28. Nine respondents commented on the need for a process, or processes, to authenticate RIPA notices requiring disclosure of data or to provide accelerated processes for the emergency services. Five respondents commented that a central register of – variously – public authorities, accredited personnel and SpoCs should be established. Six respondents (6) commented that, notwithstanding section 23(3) of RIPA, additional public authorities should exercise their requirements for communications data through their local police SPoC.

Oversight of the Interception of Communications Commissioner

29. The consultation paper acknowledged the statutory role of the independent Interception of Communications Commissioner to keep under review the exercise of powers under RIPA to acquire communications data. Oversight by the Commissioner received explicit support from 16 respondents and opposition from 3 others.

30. However, there were some concerns expressed about the Commissioner’s role. Firstly, would the Commissioner have enough resources available to him effectively to oversee the exercise of powers under Part I Chapter II of RIPA as well as those exercised quite separately, and very differently, under Part I Chapter I to intercept lawful the content of communications. Secondly, it was argued by 8 respondents that the public profile of the Commissioner and his work is, and might remain, too low to provide significant reassurance that he is truly independent and both championing and protecting the interests of the public. The level of public recognition of the Interception of Communications Commissioner was contrasted with that of the Information Commissioner.

31. One respondent suggested that the appointment of a lay regulator and a panel of lay people would provide further oversight of use of the RIPA powers.

32. Those who took part in the public research thought both the Commissioner and the Investigatory Powers Tribunal, which considers complaints about the exercise of RIPA powers, were crucial safeguards. One respondent to the consultation considered that a Parliamentary Select Committee should replace the Tribunal.

Sanctions

33. The consultation paper addressed the issue of sanctions for officials from public authorities who access communications data inappropriately or unlawfully. Just 6 respondents specifically addressed this point, 2 were content with the sanctions currently available. 4 were not.

Double lock on restricted access

34. The consultation paper invited views on a range of potential additional safeguards, described in the paper as a “double lock” on access that might supplement the statutory safeguards contained in RIPA. Respondents’ views on the various double lock options were mixed.

35. Judicial authorisation of requirements to acquire communications data attracted divergent views. Opinions were split almost equally amongst those respondents who expressed a view about it – 24 against, 20 in favour. The responses from public authorities showed clear opposition to judicial authorisation (17 against, 2 in favour). This was one of the few areas where the view of public authorities differed significantly from other respondents. The public opinion sampled in research did not see judicial authorisation as an important safeguard.

36. Some doubts were expressed about prior approval by an independent third party but it was more popular than judicial approval, both in responses from public authorities and others. In all 48 respondents expressed an opinion, 28 were in favour and 20 against. Excluding responses from public authorities, 18 were in favour and 6 against.

37. A clear majority of respondents (33 out of 37 expressing an opinion) were against requiring the police to undertake investigations on behalf on public authorities. Public opinion research showed greater support for this option, though here too there were doubts, and more popular was the police working in conjunction with the additional public authorities.

38. The most widely supported form of additional safeguard was a certification scheme for public authorities with access to communications data providing a positive public statement that a public authority was fit to exercise its powers under RIPA and that its processes met, or exceeded, a required standard. Although certification gained only lukewarm support from the public research groups, 47 of 49 respondents who commented on it were in favour. (This was the highest number of respondents to comment on any one aspect of the consultation.)

The Short List Option

39. The consultation paper floated the option of a “short list” of additional public authorities comprising a small number of police bodies and other emergency services. Only one respondent explicitly favoured the short list approach, 29 expressed opposition to that.

Other Issues

40. Respondents to the consultation raised a number of issues not addressed directly in the paper.

41. Some respondents mentioned a need for openness and publication of statistics about the extent of the use of the RIPA powers, including one that called for the annual publication of a full table of disclosures made under RIPA.

42. Several correspondents mentioned the importance of public authorities having robust processes for safeguarding data they have acquired and for guarding against onward disclosure.

43. Eleven respondents specifically called for the after-the-event notification of individuals whose communications data had been subject of a disclosure requirement, envisaging that public authorities should inform anyone whose data they have acquired – delaying that notification where it would be prejudicial to an ongoing investigation. The respondents commented that such notification would reassure the public about the use made of powers to acquire communications data and would discourage abuse of powers by officials of public authorities.

44. Nineteen respondents commented that the statutory definitions of communications data contain in RIPA needed clarifying or amending.

45. Five respondents expressed specific concern that public authorities would “fish” for information from communications data records without a necessary and proportionate requirement.

46. “Scope creep”, or a perceived inevitable extension of the number of public authorities able to access communications data or the range of purposes for which public authorities might lawfully access data was mentioned by one or two respondents.

Conclusion

47. The Home Office is very grateful to all the respondents for their comments, particularly those who took the time to prepare very detailed submissions.

48. The responses have provided a variety of views about the issues surrounding public authorities’ access to communications data and the implementation of Part I Chapter II of RIPA specifically. Some issues raised by respondents about access to communications data, relating to trust in public authorities and their officials and the openness and accountability with which they exercise powers that impact on individual privacy, have a much wider relevance. They will be considered with the comments about the need for a wider review of the balance of individual privacy and protection of the public.

49. The response to the consultation paper, both at the time of its publication and in the comments from respondents, have indicated broad support for the fresh approach to implementation of Part I Chapter II of RIPA signalled in the consultation paper.

50. The Government will lay a revised RIPA (Communications Data) Order very different to the withdrawn Order, the adverse reaction to which prompted the consultation. The comments and views put forward in response to the consultation paper have informed the development of the new Order and are informing the development of new double lock safeguards.

Home Office
September 2003

Back to top

Annex – respondents

Aberdeen City Council
Dr Yaman Akdeniz
Aleckie59
Anthony Alderson
Alliance Against Counterfeiting & Piracy
All-Party Internet Group
Niall Aslen
Gwendoline Barton
Ian Batten
Belfast City Beat
Birmingham City Council (Environmental and Consumer Service Department)
Birmingham City Council (Legal Services)
Birmingham City Council (Trading Standards)
Blackburn with Darwen Crime and
Disorder Reduction Partnership
Bournemouth Council
City of Bradford Metropolitan District
Council
Peter Bray
The British Computer Society
BT
Buckinghamshire County Council (Community Services)
Cable & Wireless
Caerphilly County Borough Council
Cardiff Council
CBI
Cheltenham Borough Council
Cheshire Constabulary
Chrysalis Radio
Nicholas Clark
Richard Clayton
Cleveland Police
Daniel Clift
R J Cobbold
John Collins
Colt Telecom
Commercial Radio Companies Association
Dave Cook
Julian Corner
Corporation of London Trading Standards Authorities
The Cruising Association
Data Protection and Privacy Practice
Department of Health, Social Services & Public Safety (Northern Ireland)
Department of Enterprise, Trade and Investment (Northern Ireland)
Department for Work and Pensions (Jobcentre Plus)
Dundee City Council
Energis
EURIM (The European Information
Society Group)
Farmers For Action
John Farquhar
FIPR (The Foundation for Information Policy Research)
First
Andrew Fisher
Food Standards Agency
Michael Foster DL MP
George Gebbie
Martin Gentle
Gloucestershire County Council (Trading Standards Service)
Mike Goodall
GreenNet
Gwynedd Council (Public Protection Service)
Hampshire County Council
David Hansen
Health & Safety Commission
Hertbeat FM
Anthony Heyes
Jonathan Howells
Martin Hooper
Cllr Martyn Ingram
IEE (The Institution of Electrical Engineers)
IMIS (The Institute for the Management of Information Systems)
The Information Commissioner
The Institute of Chartered Accountants in England & Wales
Intellect (Information Technology Telecommunications & Electronics Association)
Internet Service Providers Association UK (ISPA UK)
Joint Radio Company Ltd
Kent County Council Trading Standards
Kingston Communications (Hull) plc
Dr Anthony Kucernak
Reverend Roger Knight
LACORS (Local Authorities Coordinators of Regulatory Services)
The Law Society
The Law Society of Scotland
Leicestershire County Council Trading
Standards Service
Liberty
Lincoln Crime Reduction Executive
Lincolnshire County Council Trading
Standards Service
Dr Charles Lindsey
The Local Government Staff Commission
for Northern Ireland
London Borough of Hounslow Trading
Standard Department
London Borough of Newham
London Borough of Tower Hamlets
London Fire Brigade
London Underground Limited
Borough of Macclesfield
Manchester City Council (Trading Standards Service)
Steven Mathieson
Nick McAlonan
Siobhain McDonagh MP
Jim McKenzie
Metropolitan Police Service
Microsoft
Mid and West Wales Fire Authority
Mid Sussex District Council
MidCOTS (Midlands Trading Standards Group)
Joe Middleton
Sarah Morris
NAFN (The National Anti-Fraud Network)
National Office of Animal Health Limited
Mark Newall
The Newspaper Society
Norfolk Constabulary
North Cornwall District Council
North East Trading Standards Association
North of England Trading Standards
Group
Northamptonshire County Council Trading
Standards Service
Northern Ireland Ambulance Service
Northern Ireland Fire Brigade
Northumbria Police Authority
ntl
NUMAST
O2 (UK) Ltd
A M O'Leary
Orange UK
Potato Growers Action Group
Powys County Council
Professional Projects Co Ltd
Redcar & Cleveland Borough Council
Reuters
Cllr David Rogers
Tim Sabel
Saga 106.6FM
Sandwell Metropolitan Borough Council
(Environmental Health and Trading
Standards)
Scottish Advisory Committee on
Telecommunications (SACOT)
SETSA (South East Trading Standards
Association)
Shell UK Exploration and Production
Roger Shellard
The Society of Chief Officers of Trading
Standards in Scotland (SCOTSS)
Soul City 107.5
South Wales Fire Service
Southampton Community Safety Partnership
Southend-on-Sea Borough Council
Southend-on-Sea Trading Standards
Service
Staffordshire Fire & Rescue Service
Stand.org.uk
The Standards Board for England
Alan Strachan
Suffolk County Council Trading Standards Service
Tony Sudworth
Chris Sundt
Mark Syal
T-Mobile (UK) Ltd
Taunton Deane Crime and Disorder Reduction Partnership
Sangamon Taylor
Liz Thompson
Thus plc
Tindle Radio Limited
Brian Todd
David Tomlinson
Trading Standards Institute
Telecommunications United Kingdom
Fraud Forum (TUFF)
UKERNA
Jeff Veit
Veterinary Medicines Directorate
Virgin Radio Limited
Vodafone Limited
City of Wakefield Metropolitan District
Council
Prof. Clive Walker
Graham Webster-Gardiner
Welsh Advisory Committee on
Telecommunications (WACT)
Welsh Local Government Association
Paul Williams
Wolverhampton City Council
City of York Council
ZelahRew

Five respondents requested anonymity or that their responses be treated in confidence.