CHAPTER 12: CIVIL SOCIETY
regime, and in particular RIPA s8(4), the curtailment of such powers was urged, in a
number of ways.
12.37. Some were of the view that only where a single person or premises can be identified
would interception be appropriate. Another suggestion was that there should be a
ceiling on the number of warrants that can be granted. Others have emphasised that
s8(4) warrants must be detailed and specific (at least by purpose or geography), 42
such that there could not be a very small number covering a large proportion of
internet traffic. Some have argued for the need for warrants set out by programme,
such that individual warrants would cover particular operations run by intelligence or
crime-fighting agencies, under which a range of targets would be covered. A further
suggestion is to introduce a limiting requirement such as “reasonable suspicion” into
the requirements for granting interception or collection of data.
12.38. A more common suggestion was for a shift in the legal framework (or, at the least, its
interpretation), such that only targeted interception, rather than bulk or mass
interception, is permitted.43 In such a framework, a high threshold and robust
safeguards attach to the first stage (the interception of data), rather than safeguarding
only the access to or use of the information collected. This might entail the removal
of the distinction between internal and external communications, discussed above.
12.39. The same, it is argued, should be true for collection of and access to communications
data, such that obtaining such data is only possible in “targeted” situations. Moreover,
in relation to obtaining communications data, some argue that the purposes set out in
RIPA s22(2) are far too broad, and should be restricted, e.g. to “serious crime”.44 A
similar, although less common, suggestion is that fewer public authorities should have
access to communications data, to ensure control over the scope of the powers. 45
However, others suggest that so long as the authorisation process and threshold are
sufficiently robust, the specific body involved is less important.
12.40. One broad suggestion in relation to both interception and obtaining communications
data was the adoption of a test that focused in particular on the nature and degree of
intrusion, rather than the specific type of data, technology or authorising body
involved.46 This, it is suggested, would lead to a more nuanced proportionality
assessment which would take better account of the interests and rights of the
individual at stake, as well as future-proofing the system such that it would not be
dependent upon types or definitions of technology or access.
12.41. For some, this would involve abolishing the distinction between content and
communications data (discussed at 12.20 (b) and (c) above), such that there was a
sliding scale of intrusion based on current categories: subscriber data, service use
data, traffic data and content. There could be different levels of authorisation
attaching to each, such that the lowest level (subscriber) could be self-authorised, and
42
43
44
45
46
See for example the submissions of the Guardian Media Group and Graham Smith.
See the submissions of Big Brother Watch, Open Rights Group and the Equality and Human Rights
Commission.
See the definition in RIPA s81(2) and (3); and RIPA s5(3).
See for example the submission of the Bingham Centre on the Rule of Law.
See for example the submission of the Equalities and Human Rights Commission.
225