20
IPCO Annual Report 2017
3.41
The MOD must reflect changing circumstances in renewal documents and not simply
repeat the substance of earlier applications. SIS should record review dates, together with
a summary of the review, in accordance with the CHIS code of practice.
3.42
Most SIS CHIS activities take place overseas, although in some cases SIS assess that a
particular CHIS operation may affect individuals in the UK. SIS documentation did not
always explain sufficiently clearly why a CHIS authorisation was needed. We recommended
that when there is a likely UK connection (e.g. a human intelligence source or the target of
an approach is possibly travelling to the UK or a UK-based individual may engage with the
CHIS online), SIS should clearly set this out in the application and any related paperwork.
This recommendation is in line with the code of practice.
3.43
We examined one MI5 operation which took place largely overseas without the need for a
RIPA authorisation but where there was a small amount of CHIS conduct within the UK before
MI5 obtained a RIPA authorisation. Shortly afterwards, MI5 sought a CHIS authorisation to
cover further activity within the UK. MI5 must ensure it obtains a timely CHIS authorisation
for any UK conduct. We recommended that where an overseas operational plan risks this
eventuality, MI5 should seek a RIPA authorisation from the outset to ensure that all the
activity is lawfully authorised.
Law Enforcement
3.44
In recent years there has been improvement across law enforcement as to how they manage
and authorise CHIS, including the quality of the documentation and the assessment of
necessity and proportionality.
3.45
However, there is an evident gap in the knowledge of various senior officers and officials,
as well as on the part of some of those involved in day-to-day operations, as to the minimum
requirements to manage and safeguard CHIS. Indeed, there have been a number of occasions
when it was apparent that the AO had little or no in-depth knowledge of the CHIS they had
authorised. It is essential that AOs have adequate knowledge of the CHIS’s background, the
specific risks they face and any potential difficulties for the organisation.
3.46
The points made above concerning weaknesses within MI5 as regards collateral intrusion
apply with equal force to law enforcement; it is to be particularly stressed that undercover
authorisations need to be assessed on a regular basis.
3.47
Risk assessments do not always contain sufficient detail to enable the AO to judge whether
suitable risk-management measures are in place. However, in cases in which more detail
is provided, it can be repetitive and formulaic. Risk assessments should provide a depth of
information to enable officers to identify and anticipate risks throughout the lifetime of the
authorisation, and thereafter. We recommend using an accredited risk-assessment model.
With renewals, we found examples of officers repeating out-of-date information which risked
distorting the risk-assessment process. Up-to-date information is essential in this context,
and we have recommended that renewal submissions should focus on the most recent
period, providing an explanation if there has been no progress.
3.48
It is critical to continue developing national standards for the management of CHIS and to
implement a programme of ongoing professional, operational and occupational development
for practitioners. Accredited training for AOs needs to be readily available.
3.49
The documentation and standards for the authorisation of relevant sources remain
generally high for undercover officers, and the quality has improved as a result of enhanced
standardisation. These processes have improved since forces increased oversight for UCs.