Report of the Interception of Communications Commissioner - March 2015
larger volumes of communications data and this accounts for the increased number of
inspections in 2014.
7.34 An additional 102 local authorities were inspected during the National Anti
Fraud Network (NAFN) inspection. NAFN continues to provide a SPoC service for local
authorities and over 90% of the local authorities that reported using their powers in 2014
submitted their requirements via the NAFN SPoC. NAFN continues to achieve a good
level of compliance with RIPA 2000. On 1st December 2014 the Home Office prescribed
that all local authorities must submit their communications data requirements via the
NAFN SPoC.
7.35 The length of each inspection depends on the type of public authority being
inspected and their communications data usage. The inspections of the larger users,
such as police forces, are conducted by at least two inspectors and take place over 3 or
4 days. The inspections of the smaller volume users are conducted by one inspector and
generally last 1 day.
7.36 Samples. I have previously said that it is important that we scrutinise a sufficient
sample of the individual applications, but in my view inspecting and understanding
systems is in the end as important as scrutinising yet more individual applications. This
is also in line with what Parliament intended, i.e. that the Interception Commissioner
would “check what is happening in practice, rather than examine every case universally.”36
In the smaller public authorities it is usually feasible for my inspectors to examine all of
the applications submitted in the period being examined. For the larger volume users
sampling must be undertaken. We conduct two types of sampling, random sampling
where the application process is examined from start to end, and query based searches
where key parts of the process are scrutinised. In 2014 my inspectors scrutinised at
random approximately 13,000 applications during the 90 inspections and nearly 100,000
applications were subject to query based searches.
7.37
It is worth noting the following points in relation to the random sampling:
•
•
•
it is conducted at both ends of the process – i.e. from the public authority
records and the data obtained from the CSPs;
if the inspectors identify an error or issue during the random sampling which
may impact on other applications, the public authority is required to identify
other applications which may contain the same error or fault. Therefore,
although random sampling may only pick up 1 error, this will lead to all error
instances of that type being investigated and reported;
the inspectors continue to examine applications until they reach the point that
they are satisfied that what they have examined is an accurate representation
of the public authority’s compliance.
36 Standing Committee F - Tuesday 28 March 2000 Regulation of Investigatory Powers Bill Comments by the
Minister of State, Home Office (Mr. Charles Clarke)
www.iocco-uk.info
53