CHAPTER 6: POWERS AND SAFEGUARDS
6.19.
I am informed that many, but not all, of those powers will be removed following the
bringing into force of the Consumer Rights Act 2015.24 The powers in (b) and some
of those in (c) will remain on the statute book.
6.20.
Three important general observations arise in connection with non-RIPA investigatory
powers:
6.21.
(a)
There is little or nothing in the public domain that explains how frequently (if at
all) they are used.
(b)
It appears that at least some (perhaps many) Agencies and Departments
exercise these powers without any published Code of Practice in place.
(c)
As to the exercise of concurrent RIPA and non-RIPA powers, the position is a
little clearer in respect of communications data than it is in relation to
interception. The Acquisition Code states (at para 1.3) that public authorities
should not use other statutory powers to obtain communications data from a
postal or telecommunications operator unless that power explicitly provides that
they may obtain communications data (or they are authorised to do so by a
warrant or order from the Secretary of State or a person holding judicial office).
DRIPA 2014 s1(6)(a) also states that a service provider must not disclose data
retained under DRIPA 2014, except under RIPA Part I Chapter 2 or as provided
by regulations.
I set out my recommendations concerning consolidation and reform in this area at
13.31-13.34 and Recommendations 1, 6 and 7 below.
Other intrusive capabilities
Surveillance, interference and CHIS
6.22.
The security and intelligence agencies and police also have available to them a
number of other intrusive capabilities such as intrusive and directed surveillance,
interference with property, and CHIS. Those capabilities are provided for by RIPA Part
II, Regulation of Investigatory Powers (Scotland) Act 2000 [RIP(S)A] and Police Act
1997 and are the subject of regular review by the ISCommr and OSC.
6.23.
Those capabilities do not form part of the principal subject-matter of this Report,
though a number of them are referred to for the purposes of comparison at 8.4-8.34
below.
CNE
6.24.
24
25
But deserving of mention here is CNE (hacking, in common parlance), which may be
carried out in order to access stored communications, amongst other things, under
ISA 1994 ss5 and 7.25
See in particular Schedule 6.
See also 7.62-7.65 below. Accessing stored communications may be an interception, for the purposes
of RIPA, as set out at 6.4-6.5 above.
100