Report of the Interception of Communications Commissioner - March 2015
differs. However, in 2014 the inspectors made on average fewer recommendations per
inspection than in 2013 & 2012. The proportions of red, amber, green have remained
broadly the same.
7.43 Figure 10 shows the breakdown of the 2014 recommendations by category. Just
over half of the recommendations fell into 3 key categories:
Applicant.
7.44 The majority of the recommendations in this category focused on the necessity
or proportionality justifications set out by the applicants. The inspectors made
recommendations relating to these two principles in approximately half of the public
authorities inspected as they were not satisfied that they had been sufficiently justified in
all of the applications that were examined.
7.45 For example there were instances where it was not clear how the requirement
met the section 22(2) necessity test as the criminal offence/s under investigation had
not been clearly set out in the application or, where the data required did not appear to
be a proportionate response to the matter under investigation as the time period over
which the data was acquired appeared to be excessive or because the applicant had not
set out the objective of acquiring the data. In such instances the inspectors will seek
further supporting documentation (such as case files, policy logs etc.) or will interview the
applicant or DP. On the basis of this further information the inspector is normal able to
satisfy themselves that the requirements were a necessary and a proportionate response,
but that the application was not properly constructed. On occasions the inspectors noted
that applicants included lengthy extracts of unnecessary or irrelevant information in their
necessity and proportionality justifications to the point that the text totally detracted from
what the application was about. This practice makes it harder for the SPoC and the DP to
focus on the key issues that are relevant to the specific data request and the individual
to whom it relates. In essence, efforts to submit large quantities of text do not add to the
legitimacy of the requirements and the justifications can become opaque to the point
that the ECHR considerations cannot be easily considered. These issues did not affect
all applications submitted by those public authorities who received recommendations
in this area; however they were prevalent enough across the samples examined for the
inspectors to consider that recommendations were necessary.
Single Point of Contact (SPoC).
7.46 The SPoC has an important guardian and gatekeeper role to perform to ensure
that the public authorities act in an informed and lawful manner when acquiring
communications data. The overall picture is that the SPoC process is a stringent safeguard.
However, recommendations were made for the SPoC to exercise their guardian and
gatekeeper role more robustly in certain key areas, or, to improve their efficiency in
approximately one third of the inspections.
56
@iocco_oversight