66
IPCO Annual Report 2018
11. Law Enforcement Agencies
Overview: Implementation of the Investigatory Powers Act 2016
11.1
Throughout 2018 Law Enforcement Agencies (LEAs) were making arrangements for
the transition from using Regulation of Investigatory Powers Act 2000 (RIPA) to acquire
communications data (CD) and intercept communications, and the Police Act 1997 to
conduct equipment interference, over to the Investigatory Powers Act 2016 (IPA). This
transition does not introduce new powers but implements safeguards to protect sensitive
data and ensure that applications to conduct covert operations are reviewed impartially
and independently. This transition has been accompanied by the introduction of new Codes
of Practice (CoP), which go further than previous iterations to set out in full how authorities
should use their powers and how material should be handled. Our inspections of LEAs have
the dual function of ensuring compliance with the legislative framework and providing
guidance to users to ensure that best practice is maintained across the UK. This particularly
helps smaller users benefit from lessons learnt by larger forces.
11.2
The most significant change for LEAs has come in relation to CD, with the creation of the
Office for Communications Data Authorisations (OCDA) as set out at paragraph 2.39.
Under the guidance of the Investigatory Powers Commissioner (IPC), our Inspectors have
been assisting with the training of OCDA authorisers in the run-up to the office taking
applications from early 2019. We will cover the implications and first months of OCDA in
more detail in the 2019 report.
11.3
The IPA also introduces specific safeguards to protect journalistic confidentiality, which
means that a Judicial Commissioner (JC) must pre-authorise any application seeking
to identify a journalistic source. Additionally, from February 2019 there has been a
requirement for LEAs to demonstrate that an investigation for which CD “events” (for
example, itemised billing) is being sought meets a new definition of serious crime.28
Our inspections in 2019 will consider whether this definition is being met in all
authorised cases.
11.4
It is worth noting that two new criminal offences have been introduced by the IPA. The
first (section 11) applies to anyone in a public authority who intentionally or recklessly
acquires CD without lawful authority; the second (section 82) prohibits anyone working for
a telecommunications operator from disclosing the existence of an application to acquire
CD. We did not investigate any activity in relation to these offences in 2018.
28 As defined at s.263(1) of the IPA and amended by s.86(2A).