QUALITY OF OVERSIGHT
253. Sir Christopher Rose told us that law
enforcement agencies were inspected every year by his Office while
public authorities were inspected only "every two years or
every three years". The inspection process consisted of "a
dip sample of the paperwork" which led to a report which
he then had to approve and, in the case of law enforcement agencies,
a follow-up meeting with the Chief Constable. (Q 648) Sir Christopher
accepted that this system had its limitations:
"So far as my check on what goes on is concerned,
as I said earlier, all we can do, we are a tiny outfit, is a dip
sample
[but] if [the bodies under inspection] have chosen
to do it improperly, without any paperwork, there will be nothing
for us to inspect, but I have no reason to believe that any public
authority would be foolish enough to embark on that sort of conduct
I cannot prove that [the dip sample] is adequate, because
the 10 per cent of documentation, or whatever it is in the particular
case, which is examined may or may not be representative, so I
cannot prove that it is adequate." (QQ 652, 654)
254. Sir Paul Kennedy, as Interception of
Communications Commissioner, operates by inspecting interception
warrants issued by the Home Secretary and random samples of applications
for communications data within law enforcement agencies and public
authorities. He told us that such inspections needed to continue
indefinitely but that compliant institutions would be inspected
less frequently than non-compliant ones. (QQ 684, 706, 724)
255. This regime of inspections seems to be a
proportionate and cost-effective way of examining the use of RIPA
powers, and to be leading to a general improvement in the level
of compliance.[111]
However, the system does not provide any scope for targeted inspections
in response to alleged abuses that may have caused public concern.
For example, when it emerged that Poole Borough Council had used
covert surveillance powers under RIPA to monitor a family to establish
whether they lived in a particular school catchment area,[112]
and later to monitor fishermen,[113]
there was substantial public concern. The OSC, however, took no
action and did not examine the use of the powers in these cases.
The ICO did investigate, but the OSC only assessed the Council's
conduct as part of its two-yearly inspection process.
256. When we asked Sir Christopher if he
would consider investigating specific cases reported by the press
such as those in Poole, he answered as follows:
"Certainly not. It would be totally impossible
to do that. As I say, there are a very large number of authorities
which we inspect, we have a carefully designed programme. I mean,
I am not ruling it out absolutely, if there was a well documented
manifest abuse of power by a local authority, well then, of course
we would try and do something about it, but I am afraid responding
to press reports is not always a fruitful activity when you only
have a small amount of resources at your disposal." (Q 653)
257. This answer is unsatisfactory. Whilst we
understand that resources are constrained, it is essential that
the regulators overseeing the use of RIPA powers should maintain
public confidence in the regime. We recommend that the Chief
Surveillance Commissioner and the Interception of Communications
Commissioner should introduce more flexibility to their inspection
regimes, so that they can promptly investigate cases where there
is widespread concern that powers under the Regulation of Investigatory
Powers Act 2000 have been used disproportionately or unnecessarily,
and that they seek appropriate advice from the Information Commissioner.
THE INVESTIGATORY POWERS TRIBUNAL
258. The Investigatory Powers Tribunal (IPT)
is charged with investigating complaints against organisations,
including the intelligence services, over their use of powers
regulated by RIPA. The IPT also has jurisdiction over complaints
brought by an individual concerning the acquisition, storage and
use of information by the intelligence services of his or her
entry in the National Identity Register established under the
Identity Cards Act 2006. We note the concern expressed by Nick
Gargan that "very few people" know about the IPT and
that this represents a "missed opportunity" to demonstrate
the transparency of the RIPA regime and to provide a visible means
of redress for those who feel they have been wrongly treated.
(Q 142) He told us that "the tribunal ought to be encouraged
to be a more publicly visible facility both in terms of encouraging
people to use it and, where meaningful claims have been made,
to actually publicise those findings so as to reassure the community
that they are being protected and we are using our powers responsibly."
(Q 144)
259. We recommend that the Investigatory Powers
Tribunal publicise its role, and make its existence and powers
more widely known to the general public.
93 Appendix 4, para 28. Back
94
Data Sharing Review Report, op. cit., Recommendations 7(a) and
7(b), paras 8.30-8.31, 8.34. Back
95
ibid., para 8.34. Back
96
ibid., paras 8.35, 8.38. Back
97
Response to the Data Sharing Review Report, op. cit., pp 14-16. Back
98
A Surveillance Society?, op. cit., para 195. Back
99
Data Sharing Review Report, op. cit., paras 8.61-8.65. Back
100
ibid., para 7.9. Back
101
HC Deb 21 Nov 2007 col 1179. Back
102
Ministry of Justice, The Information Commissioner's Inspection
Powers and Funding Arrangements under the Data Protection Act
1998: Summary of Responses, November 2008, p 6. Back
103
ibid., pp 16-17. Back
104
ICO, Statement, 24 November 2008. Back
105
That is, six months after the Act received Royal Assent. Back
106
Data Sharing Review Report, op. cit., paras 8.52-8.53 Back
107
Protection of Private Data, op. cit., para 26. Back
108
Data Sharing Review Report, op. cit., Recommendation 13, p 4.
See also para 8.67. Back
109
The Information Commissioner's Inspection Powers: Summary of Responses,
op. cit., pp 19-20. Back
110
There is also an Investigatory Powers Commissioner for Northern
Ireland. See Box Two above for a description of the commissioners'
responsibilities. Back
111
See for example the Annual Report of the Chief Surveillance Commissioner
to the Prime Minister and to Scottish Ministers for 2007-2008,
July 2008 (HC 659); and the Report of the Interception of Communications
Commissioner for 2007, July 2008 (HC 947). Back
112
Poole Borough Council "admitted using laws designed to track
serious criminals to spy on a family for nearly three weeks to
find out if they were lying about living in a school catchment
area." Schlesinger F, "Council uses criminal law to
spy on school place applicants", The Guardian, 11
April 2008. Back
113
See for example Morris S, "Council used terror law to spy
on fishermen", The Guardian, 14 May 2008. Back