Report of the Interception of Communications Commissioner - 2016
or analyst sets out in an application why it is necessary and proportionate to gain access
to the data. Authority to access the data retained by the Security Service is given by a
designated person (DP) of appropriate seniority within the Security Service.
Inspectors had access to the system used by investigators and analysts within the
Security Service to apply to access the bulk communications data and were able to
undertake random sampling and run query-based searches19 on that system. This meant
that inspectors could, for example: evaluate the analysts’/investigators’ necessity and
proportionality considerations; examine particular operations; and identify requests for
more intrusive data sets or those requiring data over longer time periods.
In 2016, the Security Service made 19,995 applications to access communications data obtained
pursuant to section 94 directions. These applications related to 97,382 items of communications
data. Overall, I concluded that the Security Service applications examined were submitted to
an excellent standard and satisfied the principles of necessity and proportionality.
Errors
There is no statutory requirement under section 94 of the Telecommunications Act 1984
to report an error when acquiring or accessing bulk communications data. No errors have
been voluntarily reported to IOCCO in relation to the acquisition of bulk communications
data by means of a section 94 direction.
The Security Service has, however, developed and implemented an internal process
to report to IOCCO instances they consider to be errors when accessing data already
retained as a consequence of a section 94 direction and accessed in error. In 2016, the
Security Service reported 23 errors relating to accessing bulk communications data.
A breakdown of the causes of the errors reported to IOCCO is as follows:
•
•
•
•
•
•
4 were non-MI5 errors;
7 errors were caused by the applicant (i.e. the investigator / analyst) acquiring
data on an incorrect communications address or identifier;
6 errors were caused by continuing to collect data when deemed no longer
necessary or proportionate;
1 error was caused by the applicant acquiring communications data over an
incorrect date/time period;
3 errors were caused by excess data being acquired that fell outside the scope
of the authorisation; and
2 errors were caused by undertaking conduct not compliant with the Security
Service’s handling arrangements.
uploads/system/uploads/attachment_data/file/426248/Acquisition_and_Disclosure_of_Communications_Data_Code_
of_Practice_March_2015.pdf
19 Query-based searches involve inquiries against defined criteria or subjects. See paragraphs 7.36 to 7.39 of our
March 2015 Report for more on random and query-based searches http://www.iocco-uk.info/docs/IOCCO%20
Report%20March%202015%20(Web).pdf
30
@iocco_oversight