Investigatory Powers Commissioner’s Annual Report 2019
has withdrawn the original policy and replaced it with revised, legally compliant guidance
which is available to all staff on their intranet. A significant investment in training related to
the Regulation of Investigatory Powers Act 2000 (RIPA) has also been undertaken to raise
awareness amongst staff of the provisions governing the lawful and effective use of human
sources of intelligence. We expect these measures will ensure such errors are not repeated.
UK Intelligence Community (UKIC) errors
18.5
For 2019, the errors reported did not suggest systemic failures of safeguards or an attempt
to act unlawfully or circumvent safeguards. The tables and graphs below are intended
to enable comparisons to be made with performance over previous years. We consider
the absence of any pattern of errors to be important, as this suggests that UKIC are not
repeating known errors. In 2019 an unusual number of ‘systems’ errors were identified. We
have used this category to describe errors with IT systems handling different types of data.
The identification of some of these has stemmed from the intensive IT improvement work
which followed MI5’s compliance errors. Some other categories, such as bulk personal data
(BPD) errors, have also increased for this reason, following work across UKIC to interrogate
and improve their IT structures. Whilst it is very disappointing to note that several systems
were not handling data as expected and in accordance with the requirements of the
Investigatory Powers Act 2016 (IPA) and the Codes of Practice (CoP), we are satisfied that
this work has initiated a significant improvement in how compliance is considered at all of
the agencies.
Table 2: UKIC errors, 2019
Agency
Powers
MI5
GCHQ
SIS
Total
5
0
9
14
Directed surveillance
13
3
0
16
Property interference
6
1
0
7
14
1
10
25
–
1
0
1
23
10
4
37
Bulk interception
–
41
–
41
Equipment interference
1
2
3
6
Bulk equipment interference
–
1
–
1
Communications data (reportable)
55
1
1
57
Systems
13
0
0
13
130
61
27
218
Covert human intelligence source
Bulk personal data
Section 7
Targeted interception
Total
18.6
A total of 218 errors were reported to us by UKIC in 2019. No errors were reported by the
warrant granting departments (WGDs) or the Ministry of Defence (MOD). Comparison
of these figures with previous years is complicated because the IPA has essentially
re-categorised existing powers, and in some cases established a threshold for errors of
those powers.54
54 Note that the figures printed for UKIC errors in 2018 were inconsistent within the report. 163 errors
were reported in total. Of those, 122 were reported by MI5, 37 by the Government Communications
Headquarters (GCHQ) and 4 by the Secret Intelligence Service (SIS).
125