44
IPCO Annual Report 2018
way SIS makes judgements about risk in this context: every officer we spoke to clearly
demonstrated a strong grip on compliance and legal issues which are evidently treated
as a core part of SIS’s everyday work. We made a number of recommendations to further
improve the way SIS presents its assessment of risk in submissions to the Secretary of State.
We note, however, that SIS must carefully balance submissions to the Secretary of State,
which must set out key considerations and details that they are obliged by the legislation
to provide, but cannot necessarily give a comprehensive overview of all elements of the
operation; this is due both to the complexities and number of possible scenarios that the
operation might encounter and to restrictions imposed by Departments of State in relation
to the length and format of submissions.
Covert Human Intelligence Sources (CHIS)
7.5
Agent running activity under the Regulation of Investigatory Powers Act 2000 (RIPA)
is a small proportion of SIS’s work, the majority of which is overseas and is therefore
appropriately authorised under the ISA. However, SIS officers do undertake some agent
operations and undercover activity in the UK which require authorisation under RIPA,
as does some such activity conducted overseas. During our two CHIS inspections, we
scrutinised a number of these cases in greater depth than in previous inspections. We
intended to probe how SIS was conducting oversight and management during agent
handling work to meet the requirements of the CHIS Code of Practice (CoP). We asked for
and were provided with a wider range of documents than we had seen before and were
able to gain greater assurance around the end-to-end agent running process at SIS. We
previously noted that SIS’s paperwork did not always explicitly set out the extent to which
operational actions would take place in the UK, either physically or technically, but have
now seen a trend towards greater clarity.
7.6
In some areas, SIS’s methodology deviates from the CHIS CoP. We were concerned that
in many of the cases we inspected the authorisation chain was compressed with either
the CHIS being the Case Officer, the Case Officer being the Controlling Officer or the
Controlling Officer being the Authorising Officer (AO). In some cases, the AO was not of
greater seniority than others in the chain, which is not ideal. The CoP does allow for AOs
to authorise their own activity in certain circumstances (in small organisations, for security
reasons or in urgent cases), but these should be exceptional rather than the norm. SIS is
not a small organisation but is organised in a series of smaller units that are separate for
security reasons. We have recommended that SIS should, wherever possible, separate the
roles and record any instances where an AO is authorising their own activity and that, in
such cases the AO should record the reason for doing so. These instances should then be
brought to our attention prior to inspection so that we can apply additional scrutiny to
ensure that the AO has fully discharged their obligations and adequately recorded their
consideration.
7.7
On a few occasions in 2017, SIS officers mistakenly did not obtain the necessary RIPA
authorisation in relation to agent activity in the UK. We noted in our 2017 report that
SIS were implementing new training to address this issue, which would prevent future
errors. We are satisfied that this has been initiated. However, SIS informed us that their
Head Office team had identified a RIPA error relating to an overseas agent engaging with a
subject of interest (SOI) in the UK while preparing for our station inspection. Shortly after
this inspection a second similar error was identified at another station. SIS are aware that
work to ensure that all staff working overseas are up-to-date on training in this area, and
understand the local, international and UK legal frameworks relevant to their operations.
We will continue to keep a spotlight on this area.