Investigatory Powers Bill (HC Bill 143)

Investigatory Powers BillPage 40

(a) in the case of a warrant under Chapter 1 of this Part, a disclosure made
to, or authorised by, a Judicial Commissioner;

(b) in the case of a warrant under Chapter 1 of Part 1 of RIPA, a disclosure
made to, or authorised by, the Interception of Communications
5Commissioner or a Judicial Commissioner;

(c) a disclosure made to the Independent Police Complaints Commission
for the purposes of facilitating the carrying out of any of its functions.

(4) Head 3 is—

(a) a disclosure made by a legal adviser—

(i) 10in contemplation of, or in connection with, any legal
proceedings, and

(ii) for the purposes of those proceedings;

(b) a disclosure made—

(i) by a professional legal adviser (“L”) to L’s client or a
15representative of L’s client, or

(ii) by L’s client, or by a representative of L’s client, to L,

in connection with the giving, by L to L’s client, of advice about the
effect of the relevant provisions (see subsection (6)).

(5) But a disclosure within Head 3 is not an excepted disclosure if it is made with
20a view to furthering any criminal purpose.

(6) In subsection (4)(b) “the relevant provisions” means—

(a) in the case of a warrant under Chapter 1 of this Part, the provisions of
this Part;

(b) in the case of a warrant under Chapter 1 of Part 1 of RIPA, the
25provisions of that Chapter.

(7) Head 4 is—

(a) a disclosure that—

(i) is made by a postal operator or a telecommunications operator
in accordance with a requirement imposed by regulations made
30by the Secretary of State, and

(ii) relates to the number of warrants under Chapter 1 of this Part
to which the operator has given effect or has been involved in
giving effect;

(b) a disclosure of information that does not relate to any particular
35warrant under Chapter 1 of this Part but relates to such warrants in
general.

(8) Nothing in this section affects the operation of section 48 (which, among other
things, prohibits the making of certain disclosures in, for the purposes of or in
connection with legal proceedings).

51 40Offence of making unauthorised disclosures

(1) A person who fails to comply with section 49(1) commits an offence.

(2) A person who is guilty of an offence under this section is liable—

(a) on summary conviction in England and Wales—

(i) to imprisonment for a term not exceeding 12 months (or 6
45months, if the offence was committed before the

Investigatory Powers BillPage 41

commencement of section 154(1) of the Criminal Justice Act
2003), or

(ii) to a fine,

or to both;

(b) 5on summary conviction in Scotland—

(i) to imprisonment for a term not exceeding 12 months, or

(ii) to a fine not exceeding the statutory maximum,

or to both;

(c) on summary conviction in Northern Ireland—

(i) 10to imprisonment for a term not exceeding 6 months, or

(ii) to a fine not exceeding the statutory maximum,

or to both;

(d) on conviction on indictment, to imprisonment for a term not exceeding
5 years or to a fine, or to both.

(3) 15In proceedings against any person for an offence under this section in respect
of any disclosure, it is a defence for the person to show that the person could
not reasonably have been expected, after first becoming aware of the matter
disclosed, to take steps to prevent the disclosure.

Interpretation

52 20Part 2: interpretation

(1) In this Part—

  • EU mutual assistance instrument” has the meaning given by section 8(3);

  • “intercepting authority” is to be read in accordance with section 16;

  • “international mutual assistance agreement” has the meaning given by
    25section 8(3);

  • “mutual assistance warrant” has the meaning given by section 13(4);

  • “police force” means any of the following—

    (a)

    any police force maintained under section 2 of the Police Act
    1996;

    (b)

    30the metropolitan police force;

    (c)

    the City of London police force;

    (d)

    the Police Service of Scotland;

    (e)

    the Police Service of Northern Ireland;

    (f)

    the Ministry of Defence Police;

    (g)

    35the Royal Navy Police;

    (h)

    the Royal Military Police;

    (i)

    the Royal Air Force Police;

    (j)

    the British Transport Police;

  • “relevant content”, in relation to a targeted examination warrant, has the
    40meaning given by section 13(3);

  • “relevant Scottish application” has the meaning given by section 20;

  • “secondary data” has the meaning given by section 14, and references to
    obtaining secondary data from a communication are to be read in
    accordance with that section;

  • 45“targeted examination warrant” has the meaning given by section 13(3).

Investigatory Powers BillPage 42

(2) In this Part references to a member of a police force, in relation to the Royal
Navy Police, the Royal Military Police or the Royal Air Force Police, do not
include any member of that force who is not for the time being attached to, or
serving with, that force or another of those police forces.

(3) 5See also—

  • section 223 (telecommunications definitions),

  • section 224 (postal definitions),

  • section 225 (general definitions),

  • section 226 (index of defined expressions).

10Part 3 Authorisations for obtaining communications data

Targeted authorisations for obtaining data

53 Power to grant authorisations

(1) Subsection (2) applies if a designated senior officer of a relevant public
15authority considers—

(a) that it is necessary to obtain communications data for a purpose falling
within subsection (7),

(b) that it is necessary to obtain the data—

(i) for the purposes of a specific investigation or a specific
20operation, or

(ii) for the purposes of testing, maintaining or developing
equipment, systems or other capabilities relating to the
availability or obtaining of communications data, and

(c) that the conduct authorised by the authorisation is proportionate to
25what is sought to be achieved.

(2) The designated senior officer may authorise any officer of the authority to
engage in any conduct which—

(a) is for the purpose of obtaining the data from any person, and

(b) relates to—

(i) 30a telecommunication system, or

(ii) data derived from a telecommunication system.

(3) Subsections (1) and (2) are subject to—

(a) section 54 (additional restrictions on grant of authorisations),

(b) sections 61 and 64 to 66 and Schedule 4 (restrictions relating to certain
35relevant public authorities),

(c) section 67 (requirement to consult a single point of contact), and

(d) section 68 (Commissioner approval for authorisations to identify or
confirm journalistic sources).

(4) Authorised conduct may, in particular, consist of an authorised officer—

(a) 40obtaining the communications data themselves from any person or
telecommunication system,

(b) asking any person whom the authorised officer believes is, or may be,
in possession of the communications data to disclose it to a person
identified by, or in accordance with, the authorisation,

Investigatory Powers BillPage 43

(c) asking any person whom the authorised officer believes is not in
possession of the communications data but is capable of obtaining it, to
obtain it and disclose it to a person identified by, or in accordance with,
the authorisation, or

(d) 5requiring by notice a telecommunications operator—

(i) whom the authorised officer believes is, or may be, in
possession of the communications data to disclose the data to a
person identified by, or in accordance with, the authorisation,
or

(ii) 10whom the authorised officer believes is not in possession of the
communications data but is capable of obtaining the data, to
obtain it and disclose it to a person identified by, or in
accordance with, the authorisation.

(5) An authorisation—

(a) 15may relate to data whether or not in existence at the time of the
authorisation,

(b) may authorise the obtaining or disclosure of data by a person who is
not an authorised officer, or any other conduct by such a person, which
enables or facilitates the obtaining of the communications data
20concerned, and

(c) may, in particular, require a telecommunications operator who controls
or provides a telecommunication system to obtain or disclose data
relating to the use of a telecommunications service provided by another
telecommunications operator in relation to that system.

(6) 25An authorisation—

(a) may not authorise any conduct consisting in the interception of
communications in the course of their transmission by means of a
telecommunication system, and

(b) may not authorise an authorised officer to ask or require, in the
30circumstances mentioned in subsection (4)(b), (c) or (d), a person to
disclose the data to any person other than—

(i) an authorised officer, or

(ii) an officer of the same relevant public authority as an authorised
officer.

(7) 35It is necessary and proportionate to obtain communications data for a purpose
falling within this subsection if it is necessary and proportionate to obtain the
data—

(a) in the interests of national security,

(b) for the purpose of preventing or detecting crime or of preventing
40disorder,

(c) in the interests of the economic well-being of the United Kingdom so
far as those interests are also relevant to the interests of national
security,

(d) in the interests of public safety,

(e) 45for the purpose of protecting public health,

(f) for the purpose of assessing or collecting any tax, duty, levy or other
imposition, contribution or charge payable to a government
department,

Investigatory Powers BillPage 44

(g) for the purpose of preventing death or injury or any damage to a
person’s physical or mental health, or of mitigating any injury or
damage to a person’s physical or mental health,

(h) to assist investigations into alleged miscarriages of justice,

(i) 5where a person (“P”) has died or is unable to identify themselves
because of a physical or mental condition—

(i) to assist in identifying P, or

(ii) to obtain information about P’s next of kin or other persons
connected with P or about the reason for P’s death or condition,
10or

(j) for the purpose of exercising functions relating to—

(i) the regulation of financial services and markets, or

(ii) financial stability.

(8) See—

(a) 15sections 61 and 64 for the meanings of “designated senior officer” and
“relevant public authority”;

(b) section 75 for the way in which this Part applies to postal operators and
postal services.

54 Additional restrictions on grant of authorisations

(1) 20A designated senior officer may not grant an authorisation for the purposes of
a specific investigation or a specific operation if the officer is working on that
investigation or operation.

(2) But, if the designated senior officer considers that there are exceptional
circumstances which mean that subsection (1) should not apply in a particular
25case, that subsection does not apply in that case.

(3) Examples of exceptional circumstances include—

(a) an imminent threat to life or another emergency,

(b) the interests of national security, or

(c) the size of the relevant public authority concerned being such that it is
30not practicable to have a designated senior officer who is not working
on the investigation or operation concerned.

(4) A designated senior officer of a relevant public authority which is not a local
authority may not grant an authorisation for the purpose of obtaining data
which is, or can only be obtained by processing, an internet connection record
35unless the purpose of obtaining the data is to identify—

(a) which person or apparatus is using an internet service where—

(i) the service and time of use are already known, but

(ii) the identity of the person or apparatus using the service is not
known,

(b) 40which internet communications service is being used, and when and
how it is being used, by a person or apparatus whose identity is already
known,

(c) where or when a person or apparatus whose identity is already known
is obtaining access to, or running, a computer file or computer program
45which wholly or mainly involves making available, or acquiring,
material whose possession is a crime, or

Investigatory Powers BillPage 45

(d) which internet service is being used, and when and how it is being
used, by a person or apparatus whose identity is already known.

(5) A designated senior officer of a local authority may not grant an authorisation
for the purpose of obtaining data which is, or can only be obtained by
5processing, an internet connection record.

(6) In this Act “internet connection record” means communications data which—

(a) may be used to identify, or assist in identifying, a telecommunications
service to which a communication is transmitted by means of a
telecommunication system for the purpose of obtaining access to, or
10running, a computer file or computer program, and

(b) comprises data generated or processed by a telecommunications
operator in the process of supplying the telecommunications service to
the sender of the communication (whether or not a person).

55 Procedure for authorisations and authorised notices

(1) 15An authorisation must specify—

(a) the office, rank or position held by the designated senior officer
granting it,

(b) the matters falling within section 53(7) by reference to which it is
granted,

(c) 20the conduct that is authorised,

(d) the data or description of data to be obtained, and

(e) the persons or descriptions of persons to whom the data is to be, or may
be, disclosed or how to identify such persons.

(2) An authorisation which authorises a person to impose requirements by notice
25on a telecommunications operator must also specify—

(a) the operator concerned, and

(b) the nature of the requirements that are to be imposed,

but need not specify the other contents of the notice.

(3) The notice itself—

(a) 30must specify—

(i) the office, rank or position held by the person giving it,

(ii) the requirements that are being imposed, and

(iii) the telecommunications operator on whom the requirements
are being imposed, and

(b) 35must be given in writing or (if not in writing) in a manner that produces
a record of its having been given.

(4) An authorisation must be applied for, and granted, in writing or (if not in
writing) in a manner that produces a record of its having been applied for or
granted.

56 40Duration and cancellation of authorisations and notices

(1) An authorisation ceases to have effect at the end of the period of one month
beginning with the date on which it is granted.

(2) An authorisation may be renewed at any time before the end of that period by
the grant of a further authorisation.

Investigatory Powers BillPage 46

(3) Subsection (1) has effect in relation to a renewed authorisation as if the period
of one month mentioned in that subsection did not begin until the end of the
period of one month applicable to the authorisation that is current at the time
of the renewal.

(4) 5A designated senior officer who has granted an authorisation must cancel it if
the designated senior officer considers that the position is no longer as
mentioned in section 53(1)(a), (b) or (c).

(5) The Secretary of State may by regulations provide for the person by whom any
duty imposed by subsection (4) is to be performed in a case in which it would
10otherwise fall on a person who is no longer available to perform it.

(6) Such regulations may, in particular, provide for the person on whom the duty
is to fall to be a person appointed in accordance with the regulations.

(7) A notice given in pursuance of an authorisation (and any requirement imposed
by the notice)—

(a) 15is not affected by the authorisation subsequently ceasing to have effect
under subsection (1), but

(b) is cancelled if the authorisation is cancelled under subsection (4).

57 Duties of telecommunications operators in relation to authorisations

(1) It is the duty of a telecommunications operator on whom a requirement is
20imposed by notice given in pursuance of an authorisation to comply with that
requirement.

(2) It is the duty of a telecommunications operator who is obtaining or disclosing
communications data, in response to a request or requirement for the data in
pursuance of an authorisation, to obtain or disclose the data in a way that
25minimises the amount of data that needs to be processed for the purpose
concerned.

(3) A person who is under a duty by virtue of subsection (1) or (2) is not required
to take any steps in pursuance of that duty which it is not reasonably
practicable for that person to take.

(4) 30For the purposes of subsection (3), where obligations have been imposed on a
telecommunications operator (“P”) under section 217 (maintenance of
technical capability), the steps which it is reasonably practicable for P to take
include every step which it would have been reasonably practicable for P to
take if P had complied with all of those obligations.

(5) 35The duty imposed by subsection (1) or (2) is enforceable by the Secretary of
State by civil proceedings for an injunction, or for specific performance of a
statutory duty under section 45 of the Court of Session Act 1988, or for any
other appropriate relief.

Filtering arrangements for obtaining data

58 40Filtering arrangements for obtaining data

(1) The Secretary of State may establish, maintain and operate arrangements for
the purposes of—

Investigatory Powers BillPage 47

(a) assisting a designated senior officer, who is considering whether to
grant an authorisation, to determine whether the position is as
mentioned in section 53(1)(a), (b) and (c), or

(b) facilitating the lawful, efficient and effective obtaining of
5communications data from any person by relevant public authorities in
pursuance of an authorisation.

(2) Arrangements under subsection (1) (“filtering arrangements”) may, in
particular, involve the obtaining of communications data in pursuance of an
authorisation (“the target data”) by means of—

(a) 10a request to the Secretary of State to obtain the target data on behalf of
an authorised officer, and

(b) the Secretary of State—

(i) obtaining the target data or data from which the target data may
be derived,

(ii) 15processing the target data or the data from which it may be
derived (and retaining data temporarily for that purpose), and

(iii) disclosing the target data to the person identified for this
purpose by, or in accordance with, the authorisation.

(3) Filtering arrangements may, in particular, involve the generation or use by the
20Secretary of State of information—

(a) for the purpose mentioned in subsection (1)(a), or

(b) for the purposes of—

(i) the support, maintenance, oversight, operation or
administration of the arrangements, or

(ii) 25the functions of the Investigatory Powers Commissioner
mentioned in subsection (4) or (5).

(4) Filtering arrangements must involve the generation and retention of such
information or documents as the Investigatory Powers Commissioner
considers appropriate for the purposes of the functions of the Commissioner
30under section 196(1) of keeping under review the exercise by public authorities
of functions under this Part.

(5) The Secretary of State must consult the Investigatory Powers Commissioner
about the principles on the basis of which the Secretary of State intends to
establish, maintain or operate any arrangements for the purpose mentioned in
35subsection (1)(a).

59 Use of filtering arrangements in pursuance of an authorisation

(1) This section applies in relation to the use of the filtering arrangements in
pursuance of an authorisation.

(2) The filtering arrangements may be used—

(a) 40to obtain and disclose communications data in pursuance of an
authorisation, only if the authorisation specifically authorises the use of
the arrangements to obtain and disclose the data,

(b) to process data in pursuance of an authorisation (and to retain the data
temporarily for that purpose), only if the authorisation specifically
45authorises processing data of that description under the arrangements
(and their temporary retention for that purpose).

(3) An authorisation must record the designated senior officer’s decision as to—

Investigatory Powers BillPage 48

(a) whether the communications data to be obtained and disclosed in
pursuance of the authorisation may be obtained and disclosed by use
of the filtering arrangements,

(b) whether the processing of data under the filtering arrangements (and
5its temporary retention for that purpose) is authorised,

(c) if the processing of data under the filtering arrangements is authorised,
the description of data that may be processed.

(4) A designated senior officer must not grant an authorisation which authorises—

(a) use of the filtering arrangements, or

(b) 10processing under the filtering arrangements,

unless the condition in subsection (5) is met.

(5) The condition is that the designated senior officer (as well as considering that
the position is as mentioned in section 53(1)(a), (b) and (c)) considers that what
is authorised in relation to the filtering arrangements is proportionate to what
15is sought to be achieved.

60 Duties in connection with operation of filtering arrangements

(1) The Secretary of State must secure—

(a) that no authorisation data is obtained or processed under the filtering
arrangements except for the purposes of an authorisation,

(b) 20that data which—

(i) has been obtained or processed under the filtering
arrangements, and

(ii) is to be disclosed in pursuance of an authorisation or for the
purpose mentioned in section 58(1)(a),

25is disclosed only to the person to whom the data is to be disclosed in
pursuance of the authorisation or (as the case may be) to the designated
senior officer concerned,

(c) that any authorisation data which is obtained under the filtering
arrangements in pursuance of an authorisation is immediately
30destroyed—

(i) when the purposes of the authorisation have been met, or

(ii) if at any time it ceases to be necessary to retain the data for the
purposes or purpose concerned.

(2) The Secretary of State must secure that data (other than authorisation data)
35which is retained under the filtering arrangements is disclosed only—

(a) for the purpose mentioned in section 58(1)(a),

(b) for the purposes of support, maintenance, oversight, operation or
administration of the arrangements,

(c) to the Investigatory Powers Commissioner for the purposes of the
40functions of the Commissioner mentioned in section 58(4) or (5), or

(d) otherwise as authorised by law.

(3) The Secretary of State must secure that—

(a) only the Secretary of State and designated individuals are permitted to
read, obtain or otherwise process data for the purposes of support,
45maintenance, oversight, operation or administration of the filtering
arrangements, and

Investigatory Powers BillPage 49

(b) no other persons are permitted to access or use the filtering
arrangements except in pursuance of an authorisation or for the
purpose mentioned in section 58(1)(a).

(4) In subsection (3)(a) “designated” means designated by the Secretary of State;
5and the Secretary of State may designate an individual only if the Secretary of
State thinks that it is necessary for the individual to be able to act as mentioned
in subsection (3)(a).

(5) The Secretary of State must—

(a) put in place and maintain an adequate security system to govern access
10to, and use of, the filtering arrangements and to protect against any
abuse of the power of access, and

(b) impose measures to protect against unauthorised or unlawful data
retention, processing, access or disclosure.

(6) The Secretary of State must—

(a) 15put in place and maintain procedures (including the regular testing of
relevant software and hardware) to ensure that the filtering
arrangements are functioning properly, and

(b) report, as soon as possible after the end of each calendar year, to the
Investigatory Powers Commissioner about the functioning of the
20filtering arrangements during that year.

(7) A report under subsection (6)(b) must, in particular, contain information about
the destruction of authorisation data during the calendar year concerned.

(8) If the Secretary of State believes that significant processing errors have
occurred giving rise to a contravention of any of the requirements of this Part
25which relate to the filtering arrangements, the Secretary of State must report
that fact immediately to the Investigatory Powers Commissioner.

(9) In this section “authorisation data”, in relation to an authorisation, means
communications data that is, or is to be, obtained in pursuance of the
authorisation or any data from which that data is, or may be, derived.

30Relevant public authorities other than local authorities

61 Relevant public authorities and designated senior officers

(1) Schedule 4 (relevant public authorities and designated senior officers) has
effect.

(2) A public authority listed in column 1 of the table in the Schedule is a relevant
35public authority for the purposes of this Part.

(3) In this Part “designated senior officer”, in relation to a relevant public authority
listed in column 1 of the table, means an individual who holds with the
authority—

(a) an office, rank or position specified in relation to the authority in
40column 2 of the table, or

(b) an office, rank or position higher than that specified in relation to the
authority in column 2 of the table (subject to subsections (4) and (5)).