Today the High Court has found in favour of the Government on all counts in a challenge brought by Liberty against the Investigatory Powers Act.
The Court found that the Act is compatible with the European Convention on Human Rights because of the safeguards written into the legislation.
Responding to the judgment, Security Minister Brandon Lewis said:
It is vital that our law enforcement and security and intelligence agencies have the tools they need to identify and stop criminals and terrorists but it is equally vital that we strike the right balance between privacy and security.
The Investigatory Powers Act not only made sure these tools were fit for the modern threats we face but also introduced a series of world-leading protections to ensure powers were only used where necessary and proportionate to keep us all safe.
The Court has ruled today that, thanks to the rigorous oversight and safeguards we have in place, we have created a lawful regime that keeps the public safe and protects their right to privacy.
Fact sheet: Investigatory Powers
What are investigatory powers?
In December 2016, the Investigatory Powers Act became law. It brought together powers already available to law enforcement and the security and intelligence agencies to obtain communications and data about communications where it is necessary and proportionate to do so.
It created one new power to enable the Secretary of State to require telecommunications operators to retain internet connection records where strict conditions are met. Internet connection records allow the intelligence agencies and law enforcement to identify the communications service to which a device has connected online. This restored capabilities lost as a result of changes in the way people communicate (i.e. using the internet rather than traditional telephony).
What are the safeguards?
The most significant change in the Act was to overhaul the way these powers are authorised and overseen. It introduced a ‘double-lock’ for interception warrants so that these, and other warrants and notices require the approval of a judge as well as a Secretary of State.
For communications data, the Office for Communications Data Authorisations (an independent body) will authorise the vast majority of requests.
The Act also created the Investigatory Powers Commissioner to oversee how these powers are used.
The Investigatory Powers Tribunal offers a means by which complaints about the security and intelligence agencies can be heard. Through the Investigatory Powers Act we created a route of appeal in certain circumstances.
This oversight comes in addition to parliamentary scrutiny of the work of the security and intelligence agencies through the Intelligence and Security Committee.
What are bulk powers?
The Investigatory Powers Act provides for the use of interception, communications data and equipment interference in bulk. These can be used to obtain large volumes of data that are likely to include communications relating to terrorists or serious criminals. Robust safeguards govern access to this data to ensure it is only examined where it is necessary and proportionate to do so.
The security and intelligence agencies frequently have only small fragments of intelligence or early unformed leads about people overseas who pose a threat to the UK. Additionally, criminals, terrorists and hostile foreign intelligence services are increasingly sophisticated at evading detection by traditional means. Access to bulk data enables the security and intelligence agencies to:
- obtain intelligence on overseas subjects of interest, including threats to UK citizens and our armed forces
- identify threats here in the UK, sometimes from fragments of intelligence
- establish and investigate links between known subjects of interest, at pace, in complex investigations
The Act created a clear statutory framework for the issue of bulk interception, communications data and equipment interference warrants. The ability to seek these bulk warrants is limited to the security and intelligence agencies and warrants in these cases can only be issued if necessary in the interests of national security.
The Secretary of State cannot issue a bulk warrant until it has been approved by a Judicial Commissioner. Access to any data obtained under a bulk warrant must be necessary for a specific operational purpose approved by the Secretary of State and a Judicial Commissioner.
How are bulk powers used?
In 2016, the then Independent Reviewer of Terrorism Legislation, David Anderson QC published a review into bulk powers. As part of his conclusion, he said:
The sheer vivid range of the case studies – ranging from the identification of dangerous terrorists to the protection of children from sexual abuse, the defence of companies from cyber-attack and hostage rescues in Afghanistan – demonstrates the remarkable variety of SIA [Security and Intelligence Agency] activity. Having observed practical demonstrations, questioned a large number of analysts and checked what they said against contemporaneous intelligence reports, neither I nor others on the Review team was left in any doubt as to the important part played by the existing bulk powers in identifying, understanding and averting threats of a national security and/or serious criminal nature, whether in Great Britain, Northern Ireland or further afield.
The report also included a series of case studies which show how bulk investigatory powers are used in practice:
Bulk interception
In this 2009-2010 operation, GCHQ used bulk data to identify, and monitor the activity of, a senior Al Qaida leader and his network in a Middle Eastern country; they had been behind a plot to attack Western interests. These individuals went to great lengths to try to hide their communications; the use of bulk data was vital to GCHQ’s work in keeping track of them. Ultimately, the interrogation of this bulk data led to the identification of an individual in the UK who, it transpired, had offered to use his access to an airport to launch a terrorist attack from the UK. Following an investigation, he was convicted on terrorism charges. (Anderson, Bulk Powers Review, case study A8/4)
Bulk acquisition of communications data
In 2015 MI5 analysis of bulk acquisition data identified a previously unknown contact with a senior Islamist extremist. Given the significance of the contact, MI5 quickly deployed more intrusive, targeted resources. These techniques revealed to MI5 that the individual was aware of plans being developed to conduct attacks in the UK, and enabled MI5 to take steps to manage the threat. Without bulk acquisition data, MI5 is not confident that it could so quickly have identified the threat and managed the risk. (Anderson, Bulk Powers Review, case study A9/4)
Bulk personal datasets
In mid-2016, following attacks in Paris and Brussels, MI6 worked in partnership with MI5 and GCHQ to identify individuals in ISIL networks who posed a threat to the UK. MI6 used Bulk Personal Datasets (BPDs) to identify a number of such individuals. Without the use of BPDs, it would not have been possible to identify these individuals. Following this work, the SIAs were able to take steps to reduce the threat that they posed to the UK. (Anderson, Bulk Powers Review, case study A11/5)
Since 2014, MI6 has been tasked with collecting intelligence on the membership of ISIL. In early 2016, the media reported the existence of approximately 20,000 leaked ISIL registration papers. However, in most cases the information in the documents was not of sufficient quality to enable the SIAs to make a positive identification, with high confidence, of members of ISIL who might pose a threat to the UK. It was only when this information was combined with information obtained from BPDs that MI6 was able positively to identify a number of individuals on the list who posed a threat to national security. (Anderson, Bulk Powers Review, case study A11/6)