Report of the Interception of Communications Commissioner - March 2015
7.38 Query based searches. My office has direct engagement with the software
companies that supply secure auditable systems for administering communications
data applications in the majority of the police forces and law enforcement agencies
(who between them account for nearly 90% of the communications data requests). The
software companies have developed capabilities to enable my office to retrieve data by
means of query based searches relating to the applications so as to give better insight
into all of the activities undertaken by an authority. This enables specific areas to be
tested for compliance, and, trends and patterns to be identified from the extraction of
information from large volumes of applications, for example:
•
•
•
extraction of named DP and their recorded considerations for each application
to check they are discharging their statutory duties responsibly, i.e. that they
are not rubber stamping applications, that they are of the appropriate rank
or level to act in that capacity, that they are independent of the investigation
or operation;
requests where service use or traffic data has been applied for over lengthy
time periods to check relevance and proportionality;
the acquisition of particularly intrusive data sets to examine the proportionality
and intrusion considerations balanced against the necessity.
7.39 Furthermore it enables us to examine within the operational environment the
interference actually being undertaken. When an application for communications data
is submitted the proportionality and collateral intrusion considerations in particular
are based at a certain point in time and, importantly, prior to any interference being
undertaken. In our view, in practice, an additional and appropriate test as to whether
something is, was or continues to be proportionate to the interference undertaken can
only be obtained by scrutinising the operational conduct carried out or, put another way,
the downstream use of the material acquired, for example by examining:
•
•
•
•
•
•
how the material has been used / analysed;
whether the material was used for the stated or intended purpose;
what actual interference or intrusion resulted and whether it was proportionate
to the aim set out in the original authorisation;
whether the conduct become disproportionate to what was foreseen at the
point of authorisation and in instances where future data is being acquired
why the operational team did not initiate the withdrawal of the authority; and
whether any errors / breaches resulted from the interference or intrusion.
in a scientific sense, we test the operational hypothesis set down in the initial
application that was authorised.
7.40 Inspection Reports. The reports contain a review of compliance against a strict
set of baselines that derive from Chapter II of Part I and the code of practice. They contain
formal recommendations with a requirement for the public authority to report back
within two months to say that the recommendations have been implemented, or what
progress has been made.
54
@iocco_oversight