20 The investigatory powers available to the security and intelligence agencies, law enforcement and other public authorities are currently contained in a number of pieces of legislation. These powers include the interception of communications, the retention and acquisition of communications data, equipment interference, and the acquisition of bulk data.
21 RIPA contains much of the current legislative scheme governing the investigatory powers used by the security and intelligence and law enforcement agencies to interfere with communications. Part 1 of the Act concerns communications. Chapter 1 of Part 1 concerns the interception of communications in the course of their transmission. It provides that such interception is an offence if carried out without lawful authority, and sets out the circumstances in which interception may be lawful. It also provides for the circumstances in which the Secretary of State may issue warrants for the interception of communications, and the protections for intercepted material. Chapter 2 of Part 1 concerns powers to acquire communications data (information concerning a communication, but not its content) from communications service providers. It sets out the public authorities who may acquire such data, the purposes for which they may do so, and the procedure for the authorisation of such conduct.
22 Part 4 contains oversight measures, providing for the Interception of Communications Commissioner, the Intelligence Services Commissioner and giving additional powers to the Chief Surveillance Commissioner established under the Police Act 1997. Part 4 also establishes the Investigatory Powers Tribunal.
23 Sections 1 and 2 of DRIPA and the Data Retention Regulations 2014 (DRR) contain the legislative scheme concerning the power of the Secretary of State to require communications service providers to retain communications data. DRIPA also made clear the extra-territorial extent of Part 1 of RIPA. Part 3 of the Counter-Terrorism and Security Act 2015 (CTSA) amends DRIPA so that an additional category of data - that necessary to resolve Internet Protocol addresses – can be included in a requirement to retain data. DRIPA contains a sunset clause and sections 1 to 7 are repealed on 31 December 2016. Part 11 of the Anti-Terrorism, Crime and Security Act 2001 provides for a voluntary code of conduct concerning the retention of communications data.
24 The SSA sets out the functions of the Security Service, and provides that the Service can only obtain or disclose information so far as is necessary for those functions.
25 ISA sets out the functions of the Secret Intelligence Service and GCHQ, and contains similar provision concerning the obtaining and disclosure of information. Section 5 provides for the Secretary of State to authorise interference with property or wireless telegraphy where necessary for assisting the carrying out of any of the three agencies’ functions. Section 7 provides for the Secretary of State to authorise activities overseas that would otherwise incur civil or criminal liability, where necessary for the proper discharge of the functions of SIS or GCHQ. These powers are currently used to authorise certain activities of the agencies that will be included in the new legislation.
26 Part 3 of the Police Act 1997 provides for the authorisation of interference with property or with wireless telegraphy. It also provides for the appointment of Surveillance Commissioners, who are given additional powers by Part 4 of RIPA.
27 The Wireless Telegraphy Act 2006 (section 49) provides for the authorisation of the use of wireless telegraphy equipment to obtain information about a communication, or the disclosure of such information. Such conduct is otherwise an offence under section 48 of the Act.
28 Section 94 of the Telecommunications Act 1984 gives the Secretary of State power to issue a direction of a general character to OFCOM or to a communications provider, in the interests of national security or international relations. Such directions must be kept secret.
29 Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the telecommunications sector (‘the e-Privacy Directive’) contains a general requirement of confidentiality of electronic communications, as well as requirements to delete traffic data when no longer needed, and other protections for electronic communications. Article 15(1) provides that Member States may derogate from certain rights in the directive (including the right to privacy) where this is a necessary, appropriate and proportionate measure within a democratic society to safeguard national security, defence, public security, the prevention or detection of crime and the purposes laid down in Article 13 of the Data Protection Directive. Article 15(1) specifically provides for the retention of communications data.
Directive 2006/24/EC (‘the Data Retention Directive’) harmonised the retention of communications data. The Data Retention Directive was struck down by the European Court of Justice as incompatible with Articles 7 and 8 of the Charter of Fundamental Rights in joined cases C-293/12 and C-594/12 Digital Rights Ireland & Seitlinger, on the basis that it did not contain sufficient safeguards. No replacement Directive has, as yet, been proposed.