Protection of Freedoms Bill

Memorandum submitted by Sir Paul Kennedy (PF 27)

FAO - Protection of Freedoms Bill Public Bill Committee

Re: Views in relation to Part 2, Chapter 2, Section 37 of the Bill – Judicial approval for obtaining or disclosing communications data

This note, as requested, sets out the information and the views I expressed when giving oral evidence, and answers two specific questions asked by the committee (one in the next couple of paragraphs, and the other - as to other statutory powers available to local authorities - on the final page).

In 2010, 134 local authorities used their powers to acquire communications data and between them they made 1811 requests. This was a marginal increase from the year before.

The Committee asked for the number of communications data requests made each year by local authorities since 2005. I publish this figure each year in my Annual Report to the Prime Minister which is available to the public and can provide these as follows;

Year

No. of local authorities who used powers

No. of requests made

No. of requests made by all public authorities

%age of requests made by local authorities

2010

134

1,811

552,550

0.3%

2009

131

1,756

525,130

0.3%

2008

123

1,553

504,073

0.3%

2007

154

1,707

519,260

0.3%

2006

122

1,694

Not report

Not reported

Jan 2005 – Mar 2006*

(*previous commissioner)

124

Not reported

Not reported

Not reported

The figures show that the number of requests for communications data submitted by local authorities is small in comparison with the total requests submitted by all public authorities. In fact for the last 4 years the percentage of the local authority requests to the overall total has remained the same (0.3%).

In 2010, my team of Inspectors conducted 27 inspections of local authorities and in addition my team also inspected 54 local authorities who are using the National Anti Fraud Network (NAFN) service which is described below. Virtually all of the local authorities, which have used their powers, have been inspected at least once since the legislation was introduced. My Inspectorate identified the largest users of communications data at an early stage and they are inspected more regularly, for example NAFN are inspected on a 6 monthly basis.

I am aware that some sections of the media continue to be very critical of local authorities and there are allegations that they often use the powers which are conferred upon them under RIPA inappropriately. However, I can categorically state that no evidence has emerged from our inspections that have taken place between 2005 and 2010, which indicates that communications data is being used to investigate offences of a trivial nature, such as dog fouling or littering. On the contrary it is evident that good use is being made of communications data to investigate the types of offences which cause harm to the public, such as investigating rogue traders, loan sharks and fly tipping offences. I have provided the extract from my 2009 Annual Report that relates to local authorities at the end of this report and this outlines in paragraph 3.45 some examples of investigations where communications data has been used effectively to detect crime. Often the telephone number or communications address is the only information / intelligence the local authority has to progress the investigation and identify the alleged offender. During my oral evidence, the Committee outlined the example of a fly tipping case where other investigation methods may be available to negate using these powers, such as witnesses or CCTV. Indeed this may be true in a minority of cases, but for obvious reasons fly tippers tend not to fly tip next to CCTV cameras or witnesses. Local authorities are required to justify why it is necessary and proportionate to acquire communications data in their applications and part of the proportionality test is whether less intrusive methods have been considered or tried to achieve the investigative objective.

It is probably inevitable that introducing judicial approvals into the process will result in a reduction in the number of requests that local authorities will make for communications data, as it will significantly increase the bureaucracy and reduce the efficiency and effectiveness of the current process. Opportunities to exploit communications data as an effective tool to prevent and detect crime may therefore be lost.

There would also be significant cost and training implications in introducing judicial approvals into the process. The Home Office impact assessment (http://www.homeoffice.gov.uk/publications/legislation/freedom-bill/ripa-local-ia?view=Binary) estimates that a Magistrate would need 20 minutes to consider an application and based on an hourly rate of £365, the 1811 requests made in 2010 would have cost approximately a quarter of a million pounds per annum to approve. In addition there would be training costs and in my view there would also be significant costs for a local authority to prepare the documents for the Magistrate and travel to and from the Court to present the case.

This is wholly unnecessary. In my view there is already a robust authorisation process in place which, as we know from our inspections, ensures that communications data is only acquired where it is necessary and proportionate to prevent and/or detect crime. Local authorities are required to adhere to the RIPA Act and its associated Code of Practice and requests for communications data are approved at a Senior Level (Director, Head of Service or Service Manager). In most cases this will be the Head of either the Trading Standards Department or the Environmental Health Department, although Council Solicitors are also often involved. Furthermore, prior to being approved, all applications are submitted to a trained and accredited Single Point of Contact (SPoC) in each local authority. Their role is to provide a guardian and gatekeeper function ensuring that all requests for communications data are lawful and made in accordance with the Act and Code of Practice. The Communication Service Providers (CSPs) will only disclose communications data to an Accredited SPoC in a public authority and therefore this part of the process cannot be by-passed. Each local authority also has to appoint a Senior Responsible Officer (SRO) who is responsible for the integrity of the process, compliance with the Act and Code of Practice and for engaging with IOCCO.

Furthermore approximately 35% of local authorities who reported using their powers in 2010 are routing their applications to the NAFN which, since November 2009, has provided a national SPoC facility to all of its local authority members. The Home Office made a substantial contribution to the establishment of this facility. The accredited SPoCs at NAFN scrutinise the applications independently and provide objective advice to ensure the local authorities act in an informed and lawful manner. Therefore local authorities who are using the NAFN SPoC system already have even more independent scrutiny and this should weed out any requests which are unnecessary or unjustified.

Additionally, as the Home Office impact assessment acknowledges, there is a risk of a magistrate approving an authorisation for a trivial case, in which case the proposed additional safeguard would be totally ineffective.

If judicial approvals were introduced into the process then consideration would need to be given to the future mechanics of my oversight responsibilities. If the powers and duties under Chapter II of Part 1 are exercised by a judicial authority, then I cannot oversee the use of the powers as I do at present. Paragraph 7 of Schedule 7 of the Protection of Freedoms Bill states that RIPA will be amended as follows; "it shall not be the function of the Interception of Communications Commissioner to keep under review the exercise by the relevant judicial authority (within the meaning of section 23A) of functions under that section or section 23B." That means that I am not to review the decisions of a magistrate. I understand that, but I still have a duty, pursuant to section 57(2)(b) of the 2000 Act, to review the exercise and performance by the persons on whom they are conferred or imposed of the powers and duties conferred or imposed by or under Chapter 2 of Part 1. That means that my Inspectors will still be going to local authorities to look at what is being done by applicants, authorised persons, Designated Persons, etc. They may find that with the approval of a magistrate data has been requested and obtained when it was disproportionate to seek it. If so they will report to me. That would normally go into my Annual Report to the Prime Minister. Am I to omit this in order to comply with Paragraph 7 of Schedule 7 of the Bill? My current oversight of local authorities only takes up 1/5 of one of my Inspector’s time, but nevertheless our inspections are important. I believe that independent oversight provides the public with reassurance that local authorities are complying with the Act and Code of Practice and are not misusing their powers. If any serious breaches were identified during our inspections, or indeed identified by the local authority themselves, they would be reported as errors and described in my Annual Report to the Prime Minister.

There is also a risk that the increase in bureaucracy that would result from introducing judicial approvals into RIPA would encourage local authorities to revert back to using other powers to acquire communications data, such as the Social Security & Fraud Act 2001 and the Enterprise Act 2002. For some time we have been trying to encourage local authorities to use RIPA and not to use other powers that are not subject to the same controls or scrutiny. If local authorities were to revert back to using other powers, their communications data requests would have no oversight by either the Interception of Communications Commissioner or a Magistrate. We would welcome a statutory requirement for local authorities to acquire communications data only pursuant to RIPA.

Finally the Committee asked how communications data requests could be excluded from the judicial approval part of the Bill if this exclusion was not also applied to the surveillance and CHIS authorities. It was suggested that I was advocating an anomaly in the legislation. This is not the case as there are already differences across the three types of authorisations (surveillance, CHIS and communications data) in the proposed Bill. For example communications data requests have already been excluded from the serious crime threshold section of the Bill (although directed surveillance authorities have not) and therefore there would be no difference in also excluding communications data requests from the judicial approval process.

In summary, the findings from our inspections of local authorities should provide the necessary reassurance to the public that the use which local authorities have made of their powers under Part I Chapter II of RIPA has met my expectations and that no evidence has emerged which indicates that communications data is being used to investigate offences of a trivial nature. I regard the proposed measures in the Bill as wholly unnecessary and unjustified.

March 2011

Attached

Annex A - Biography

Annex B - Relevant Extract from the Interception of Communications Commissioners 2009 Annual Report to the Prime Minister (pages 14-16)

Annex A

The Right Honourable Sir Paul Kennedy,

Interception of Communications Commissioner

Biography

Sir Paul Kennedy (b 1935) was called to the Bar by Gray's Inn in 1960 and took silk in 1973. He served as a Justice of the High Court, assigned to the Queen's Bench Division, from 1983 to 1992. He was Presiding Judge of the North Eastern Circuit from 1985 to 1989. He served as Lord Justice of Appeal from 1992 to 2005 and also as Vice-President of the Queen's Bench Division from 1997 to 2002.

The Prime Minister approved the appointment of Sir Paul Kennedy as Interception of Communications Commissioner under the terms of Section 57 of RIPA from 11 th April 2006 to 10 th April 2009. On 2 nd April 2009 the Prime Minister approved the re-appointment of Sir Paul Kennedy from 11 th April 2009 until 10 th April 2012.

The Interception of Communications Commissioners Office (IOCCO) is a team of staff, who were recruited to assist the Commissioner to carry out his independent statutory oversight regime. IOCCO undertakes a revolving programme of inspection visits to all relevant public authorities (such as local authorities) who are authorised to acquire communications data under Part I of Chapter II of RIPA, and produce a written report of the findings for the Interception of Communications Commissioner. At the end of each calendar year, the Commissioner submits a report to the Prime Minister which is subsequently laid before Parliament and published.

Annex B

Relevant Extract from the Interception of Communications Commissioners 2009 Annual Report to the Prime Minister (pages 14-16)

Local Authorities

3.38 There are approximately 433 local authorities throughout the UK approved by Parliament for the purpose of acquiring communications data, using the provisions of the Act. No local authority has been given the power to intercept a telephone call or any other form of communication during the course of its transmission. However, local authorities may acquire communications data for the purpose of preventing and detecting crime, although there are restrictions upon the types of data which they may obtain. They do not have access to traffic data, which would enable them to identify the location from, or to which, a communication has been transmitted.

3.39 Generally the trading standards services are the principal users of communications data within local authorities although the environmental health departments and housing benefit fraud investigators also occasionally make use of the powers. Local authorities enforce numerous statutes and Councils use communications data to identify criminals who persistently rip off consumers, cheat the taxpayer, deal in counterfeit goods, and prey on the elderly and vulnerable. The environmental health departments principally use communications data to identify fly-tippers whose activities cause damage to the environment and cost the taxpayers large sums to recover or otherwise deal with the waste.

3.40 Local authorities are required to adhere to the Code of Practice and requests for communications data are approved at a senior level, the level having been enhanced by recent changes to the legislation. In most cases this has been the head of the trading standards service or the head of the environmental health department or housing benefits sections although solicitors have also often been involved. The specialist staff who process applications for communications data are not trained to the same standard as their counterparts in other public authorities, and the infrequent use which most Councils make of their powers sometimes makes it difficult for relevant members of staff to keep abreast of developments in the communications data community. I am pleased that the Home Office has provided funding to the National Anti-Fraud Network (NAFN) and it is able to provide a national SPoC facility to all of its members. During the reporting year we have encouraged local authorities to make use of the facility, as the accredited staff at NAFN have been trained to the same standards as their counterparts in the police. One of my Inspectors has already visited NAFN and the systems and processes are being maintained to a good standard. Local authorities can use the facility with confidence and in the full knowledge that the data will be obtained in accordance with the law. Of course the Designated Person in the local authority still has responsibility for approving the application for communications data but the accredited staff in NAFN scrutinise it independently and this should weed out any which are unnecessary or unjustified.

3.41 During the period covered by this report 131 local authorities notified me that they had made use of their powers to acquire communications data, and this is slightly more than last year. A total of 1,756 requests were made for communications data and the vast majority were for basic subscriber information, although 24 Councils reported that they had acquired some service use data under Section 21(4)(b) of the Act. The total number of requests for communications data is marginally above last year’s figure. Virtually all of the local authorities, which have used their powers, have been inspected at least once since the legislation was introduced. The core activities of the trading standards service and environmental health teams are now centralised in a number of the larger local authorities and therefore it is easier for them to manage the process of acquiring communications data. My Inspectorate identified the largest users of communications data at an early stage and they are inspected more regularly.

3.42 During the reporting year 31 inspections of local authorities were conducted. Six of these were inspected for the first time, either because they had notified me that they had started to make use of their powers, or because they were acquiring communications data on a more frequent basis. Twenty one of the local authorities were inspected for a second time and the remaining four were inspected for the third time. Seventeen of the local authorities which were inspected had made use of service use data and generally the Inspectors were satisfied that it was necessary to obtain it and it was proportionate to the investigative objectives. However, one of the local authorities was criticised for obtaining this type of data before carrying out checks to identify the relevant subscribers. At that stage in the process there was no information or intelligence to indicate whether the telephone numbers or their subscribers were associated with criminal or illicit activity and potentially they could have been innocent members of the public who were in contact with the suspect for perfectly legitimate reasons. Changes have been made to the working practices of the local authority concerned, and they will ensure that service use data is acquired correctly in future. I will give some examples of how the local authorities use communications data later in this section of the report.

3.43 I am aware that some sections of the media continue to be very critical of local authorities, and there are allegations that they often use the powers which are conferred upon them under RIPA inappropriately. However, I can state that no evidence has emerged from the inspections, which indicates communications data is being used to investigate offences of a trivial nature, such as dog fouling or littering. On the contrary it is evident that good use is being made of communications data to investigate the types of offences which cause harm to the public and to which I have already alluded in paragraph 3.40 above.

3.44 Twenty three of the local authorities had achieved good or better standards and the remaining eight were satisfactory. It was good to see that the recommendations from the previous inspections had always been fully implemented and where necessary improvements had been made to the systems and processes. My Inspectors found two instances of local authorities obtaining incoming call records, and these constitute errors because Councils are not lawfully entitled to acquire this type of data. The Inspectors were satisfied that these errors were caused as a result of a genuine misunderstanding and not through any wilful or reckless attempt to circumvent the legislation. Most of the staff in the CSPs are aware that they must not comply with requests from local authorities for traffic data, but inevitably one or two may slip through the net. In both the above cases the errors were drawn to the attention of the SROs in the local authorities concerned and action has been take to prevent any similar errors occurring in the future. Incidentally, the number of errors reported by local authorities last year was ten and this equates to about 0.01% of the requests made. I have not encountered any cases which would be serious enough for me to invoke the powers which I have outlined previously in paragraph 3.35 of this report.

3.45 In three of the inspections technical breaches of the Act and Code of Practice were found and this meant that a small amount of data was not obtained fully in accordance with the law. Nevertheless my Inspectors were satisfied that they had no bearing on the justifications for acquiring the data and the data had been used for a correct statutory purpose. My Inspectors looked at the use which local authorities had made of the communications data, as this is a good check that they are using their powers responsibly. They concluded that effective use was being made of the data to prevent and detect crime. Wolverhampton City Council acquired communications data to investigate the large scale manufacture and distribution of counterfeit media products via the Internet and computer fairs. The offender was convicted and sentenced to three years imprisonment. The estimated loss to legitimate businesses was in the region of £1 million and this was stopped when the four counterfeiting factories were dismantled. The Central England Trading

Standards Regional Scambuster Team based at Solihull Borough Council, and West Midlands Police jointly investigated a rogue builder when complaints were received from two members of the public that they had been ripped off. Initially the Crown Prosecution Service advised against going to trial because there were only two victims and it would therefore be difficult to prove the full extent of his criminality. Outgoing call records were obtained in relation to the suspect’s phone and this enabled the investigation team to identify a number of other victims who were prepared to give evidence, many of whom had been unaware that they had actually been the victim to a fraud. The offender obtained approximately £200,000 by fraud from his victims over an 18 month period. The case was eventually tried in Birmingham Crown Court and the offender pleaded guilty and was sentenced to 4 years imprisonment. It is extremely unlikely that he would have been brought to justice if the investigating officers had not made effective use of the powers to acquire communications data.

3.46 Communications data is a powerful investigative tool but it must always be used responsibly and all persons within the process must ensure that they act fully in accordance with the law. The local authorities appreciate that I oversee the use of their powers and the inspections ensure that they comply with the Act and Code of Practice.