UK: Draft Investigatory Powers Bill: official documents
09 November 2015
In early November 2015 the UK government published proposed new surveillance legislation - the Draft Investigatory Powers Bill. All the relevant official documentation is published here (pdf format) and will be updated as the Bill develops.
Draft Investigatory Powers Bill Joint Committee - oral evidence
Draft codes of practice
- 13 January 2016 (pdf): Evidence given by Rt Hon Theresa May MP, Home Secretary
- 6 January 2016 (pdf): Evidence given by Christopher Graham, Information Commissioner; Jesper Lund, Chairman, IT-Political Association of Denmark, and William E. Binney, formerly Technical Director of the United States National Security Agency; Sir Bruce Robertson, New Zealand Commissioner of Security Warrants
- 21 December 2015: Evidence given by Suzy Lamplagh Trust, NSPCC, and Amnesty International; Professor Bill Buchanan, Head, Centre for Distributed Computing, Networks and Security, Edinburgh Napier University, Eric King, Visiting Lecturer at Queen Mary, University of London, and Erka Koivunen, Cyber Security Advisor, F-Secure Corporation (at 3.00pm); Henry Jackson Society and Policy Exchange (at 3.45pm).
- 16 December 2015: Evidence given by Child Exploitation and Online Protection Centre, and National Crime Agency; David Davis MP, and Baroness Jones of Moulsecoomb (at 5.00pm); Peter Carter QC, Martin Chamberlain QC, Matthew Ryder QC, and Graham Smith, solicitor (at 5.45pm).
- 14 December 2015 (pdf): Evidence given by Society of Editors, The Law Society, The Law Society of Scotland, and the National Union of Journalists; Vodafone, O2 Telefonica, EE, and 3 (at 5.00pm).
- 9 December 2015 (pdf): Evidence given by BT Security, Virgin Media, and Sky; Internet Service Providers Association, Andrews & Arnold Ltd; Open Rights Group, Liberty, Privacy International, and Big Brother Watch
- 7 December 2015 (pdf): Evidence given by Professor Ross Anderson, Professor of Security Engineering, University of Cambridge, Dr Paul Bernal, Lecturer in Information Technology, Intellectual Property and Media Law, University of East Anglia, Professor Sir David Omand GCB, King’s College London, and Professor Mark Ryan, Professor of Computer Security, University of Birmingham; The Rt Hon the Lord Blunkett, and Rt Hon Owen Paterson MP
- 2 December 2015 (pdf): Evidence given by Sir Mark Waller, Intelligence Services Commissioner; Lord Judge, Chief Surveillance Commissioner, Clare Ringshaw-Dowle, Chief Surveillance Inspector, Sir Stanley Burnton, Interception of Communications Commissioner, and Jo Cavan, Head of the Interception of Communications Commissioner’s Office; David Anderson QC, Independent Reviewer of Terrorism Legislation, and Professor Michael Clarke, Retiring Director of the Royal United Services Institute
- 30 November 2015 (pdf): Evidence given by Paul Lincoln, Director – National Security, OSCT, Home Office; Richard Alcock, Director, Communications Capability Development Programme, OSCT, Home Office; Lewis Neal, Director – Intelligence Policy, Foreign and Commonwealth Office; Simon York, Director of the Fraud Investigation Service, HMRC; Keith Bristow, Director General, National Crime Agency; Chris Farrimond, Deputy Director Intelligence Collection, National Crime Agency; Richard Berry, Assistant Chief Constable, National Police Chiefs’ Council
- Interception of communications: DRAFT code of practice: "This code of practice relates to the powers and duties conferred or imposed under Chapter I of Part I of the Regulation of Investigatory Powers Act 2000 (“RIPA”), amended in 2014 by the Data Retention and Investigatory Powers Act 2014 (“DRIPA”). It provides guidance on the procedures that must be followed before interception of communications can take place under those provisions. This code of practice is primarily intended for use by those public authorities listed in section 6(2) of RIPA. It will also allow postal and telecommunication operators and other interested bodies to acquaint themselves with the procedures to be followed by those public authorities."
- Equipment interference: DRAFT code of practice: "This code of practice provides guidance on the use by the Intelligence Services of section 5 of the Intelligence Services Act 1994 to authorise equipment interference to which the code applies. It provides guidance on the procedures that should be followed before equipment interference can take place under that provision, and on the processing, retention, destruction and disclosure of any information obtained by means of the interference."
- Authorisation: "All of the powers in the Bill will be overseen by independent and powerful Judicial Commissioners; The most intrusive powers in the Bill will be subject to a ‘double-lock’ of Executive and Judicial authorisation... In an emergency, powers can be authorised orally by the Secretary of State, and reviewed by a Judicial Commissioner who will have the power to quash a warrant."
- Bill definitions: "The Bill updates the definition of communications data in respect of telecommunications services to provide for technologically neutral, modernised definitions; The Bill creates, for the first time, a definition of the content of a communication or an item of information; New definitions of related communications data and equipment data mean that data acquired under the powers in the Bill can be handled with appropriate safeguards, regardless of the power under which it was acquired."
- Bulk communications data: "Fast and secure access to communications data is essential to the security and intelligence agencies in protecting the UK. Communications data has played an important part of every MI5 investigation over the last decade."
- Bulk equipment interference: "Bulk Equipment Interference (Bulk EI) is a form of Equipment Interference that collects data relating to a number of devices (for example, devices in a particular area) in order to identify potential targets of interest; Bulk EI is reserved for activity with a foreign focus and may only be undertaken by the security and intelligence agencies and only for matters relating to national security."
- Bulk interception: "The Bill will ensure that the security and intelligence agencies can continue to undertake bulk interception, subject to enhanced safeguards. It will clearly differentiate between targeted interception warrants and those which are issued for the purpose of bulk collection."
- Bulk personal datasets: "A bulk personal dataset (BPD) is a dataset containing information about a wide range of people, most of whom are not of interest to the security and intelligence agencies. Lists of people who have a passport or a licensed firearm are good examples of a BPD – they includes a large amount of personal information, the majority of which will relate to people who are not of security or intelligence interest."
- Communications data: "Communications service providers retain some communications data under existing law, but data relating to the use of internet services is often unavailable. That includes data about what communications services a suspect or victim was using. Without new legislation, crimes enabled by email and the internet will increasingly go undetected and unpunished, and law enforcement agencies will find it more and more difficult to locate vulnerable people at risk of harm."
- Internet connection records: "The draft Bill will require that ICRs are retained by communications service providers. It will limit access to ICRs for one of three purposes: To identify the sender of a communication... To identify the communications services that a person is using... To determine whether a person has been accessing or making available illegal material online."
- Investigatory Powers Commission: "The Bill will significantly reform the current independent oversight regime for investigatory powers... The new single oversight body, which will be called the Investigatory Powers Commission, will have significantly greater resources, including technical and legal resources, to ensure that they can effectively hold the intelligence agencies and law enforcement to account."
- Oversight: "The current tripartite structure of three Commissioners who oversee all investigatory powers exercised by public authorities, will be consolidated into a new single and more powerful oversight body, the Investigatory Powers Commission, headed in statute by the Investigatory Powers Commissioner."
- Request filter: "The request filter will mean that when a public authority makes such a request, they will only see the data they need to. Any irrelevant data will be deleted and not made available to the public authority. The filter acts as a safeguard to minimise collateral intrusion."
- Targeted equipment interference: "Equipment interference (EI), sometimes referred to as computer network exploitation, is the power to obtain a variety of data from equipment... The Bill creates clearer, robust safeguards to the regime, making sure that equipment interference is only used when necessary and proportionate for a legitimate purpose... Law enforcement agencies able to apply for an EI warrant are limited to UK police forces, the NCA, HMRC, the Ministry of Defence police, Royal Military Police, Royal Navy Police and the Royal Air Force Police."
- Targeted interception: "Only nine agencies can apply for an interception warrant. These include the Security and Intelligence Agencies, five Law Enforcement Agencies and the armed forces; As is currently the case, the Bill makes clear that targeted interception warrants can be served on Communications Service Providers (CSPs) who offer services to customers in the UK irrespective of where they are based in the world. CSPs have a duty to give effect to a warrant if required to do so."
- Delegated powers: "This memorandum identifies the provisions of the Draft Investigatory Powers Bill (the Draft Bill) which confer powers to make delegated legislation, and explains why these powers have been taken and the nature of, and reason for, the procedure selected for exercising those powers."
- European Convention on Human Rights: "This memorandum addresses issues arising under the European Convention on Human Rights (“ECHR”) in relation to the Investigatory Powers Bill. The Department is satisfied that, in the event that the Bill is introduced into Parliament, the responsible Minister could make a statement under section 19(1)(a) of the Human Rights Act 1998 that, in the Minister’s view, the provisions of the Bill are compatible with the Convention rights."