Report of the Interception of Communications Commissioner - 2016
Phase 3: GCHQ updated IOCCO on the retention, storage and deletion arrangements
for systems containing intercepted material and related communications data. I also
received additional briefings on the various collection systems.
Phase 4: GCHQ provided comprehensive details of the sharing arrangements whereby
Five Eyes partners can access elements of the product of GCHQ’s interception warrants
on their own systems. My inspectors also met representatives of the Five Eyes community
and received a demonstration of how other Five Eyes members can request access to
GCHQ’s data. Access to GCHQ systems is tightly controlled and has to be justified in
accordance with the laws of the host country and handling instructions of section 15/16
safeguards. Before getting any access to GCHQ data, Five Eyes analysts must complete
the same legalities training as GCHQ staff.
Phase 5. My inspectors met GCHQ and other agency staff on several occasions to clarify
what constitutes an error and the timescales in which errors should be reported. I hope
that the new Code of Practice for the Investigatory Powers Act will provide clarity in this
respect. GCHQ now has more resources in this area and has cleared its error backlog.
GCHQ errors tend to be caused by technical rather than human error.
46
@iocco_oversight