CHAPTER 7: PRACTICE
There is however no statute or Code of Practice governing how exchanges should be
authorised or take place. The Government’s position is that the routine sharing of
intelligence reports and the more occasional sharing of raw, unanalysed intercepted
material are governed, instead, by “detailed internal guidance ... and by a culture of
compliance”.50
7.67.
7.68.
The applicable arrangements were described in outline by the ISC in its recent
report.51 To summarise:
(a)
No warrant is required to seek intelligence reports from overseas partners,
though there are internal processes for verifying that the intelligence has been
obtained in a manner compatible with the security and intelligence agencies’
obligations under UK law.
(b)
GCHQ has in practice always had an interception warrant in place for any raw
intercepted material that it has sought from its overseas partners, and
additionally (but voluntarily) applies the RIPA safeguards to all its data
irrespective of how and under what authorisation regime it has been acquired.52
The Government’s rationale for intelligence sharing was set out in the Charles Farr
statement to the IPT (see 10.30).53
Bulk Personal Datasets
7.69.
The use by the security and intelligence agencies of bulk personal datasets was
publicly avowed only on 12 March 2015 when the ISC published its report.54 I had
already been extensively briefed on their use at all three agencies, and was also
aware that the ISCommr has, for several years, been reviewing the use of bulk
personal datasets as part of his duties.
7.70.
I do not repeat the information contained in those reports, which is in every respect
consistent with the information and demonstrations I was given.
The Management of Relationships with CSPs
7.71.
50
51
52
53
54
Much of the Government, intelligence and police relationship with CSPs providers is
conducted by NTAC. The Home Office has the lead responsibility for investigatory
powers, sponsors the relevant legislation and guidance and is responsible for the
payments to companies. The overall framework of legislation for the companies is
however the responsibility of the Department of Culture, Media and Sport. There is
an Interception and Communications Data Board chaired by the Home Office that
coordinates work within the Government and warrant-requesting agencies on
technical and policy issues. CSPs are not represented.
Charles Farr Statement, para 51.
ISC Privacy and Security Report, paras 247-254.
GCHQ evidence to ISC, July 2014.
Charles Farr Statement, paras 15-30.
ISC Privacy and Security Report, paras 151-163.
139