BIG BROTHER WATCH AND OTHERS v. THE UNITED KINGDOM JUDGMENT
7.14. In general, automated systems must, where technically possible, be used to
effect the selection in accordance with section 16(1) of RIPA. As an exception, a
certificate may permit intercepted material to be accessed by a limited number of
specifically authorised staff without having been processed or filtered by the
automated systems. Such access may only be permitted to the extent necessary to
determine whether the material falls within the main categories to be selected under
the certificate, or to ensure that the methodology being used remains up to date and
effective. Such checking must itself be necessary on the grounds specified in
section 5(3) of RIPA. Once those functions have been fulfilled, any copies made of
the material for those purposes must be destroyed in accordance with section 15(3) of
RIPA. Such checking by officials should be kept to an absolute minimum; whenever
possible, automated selection techniques should be used instead. Checking will be
kept under review by the Interception of Communications Commissioner during his or
her inspections.
7.15. Material gathered under a section 8(4) warrant should be read, looked at or
listened to only by authorised persons who receive regular mandatory training
regarding the provisions of RIPA and specifically the operation of section 16 and the
requirements of necessity and proportionality. These requirements and procedures
must be set out in internal guidance provided to all authorised persons and the
attention of all authorised persons must be specifically directed to the statutory
safeguards. All authorised persons must be appropriately vetted (see paragraph 7.10
for further information).
7.16. Prior to an authorised person being able to read, look at or listen to material, a
record should be created setting out why access to the material is required consistent
with, and pursuant to, section 16 and the applicable certificate, and why such access is
proportionate. Save where the material or automated systems are being checked as
described in paragraph 7.14, the record must indicate, by reference to specific factors,
the material to which access is being sought and systems should, to the extent
possible, prevent access to the material unless such a record has been created. The
record should include any circumstances that are likely to give rise to a degree of
collateral infringement of privacy, and any measures taken to reduce the extent of the
collateral intrusion. All records must be retained for the purposes of subsequent
examination or audit.
7.17. Access to the material as described in paragraph 7.15 must be limited to a
defined period of time, although access may be renewed. If access is renewed, the
record must be updated with the reason for the renewal. Systems must be in place to
ensure that if a request for renewal is not made within that period, then no further
access will be granted. When access to the material is no longer sought, the reason for
this must also be explained in the record.
7.18. Periodic audits should be carried out to ensure that the requirements set out in
section 16 of RIPA and Chapter 3 of this code are being met. These audits must
include checks to ensure that the records requesting access to material to be read,
looked at, or listened to have been correctly compiled, and specifically, that the
material requested falls within matters certified by the Secretary of State. Any
mistakes or procedural deficiencies should be notified to management, and remedial
measures undertaken. Any serious deficiencies should be brought to the attention of
senior management and any breaches of safeguards (as noted in paragraph 7.1) must
be reported to the Interception of Communications Commissioner. All intelligence
reports generated by the authorised persons must be subject to a quality control audit.
35