Investigatory Powers Commissioner’s Annual Report 2019
This includes working with analysts to ensure their justifications are up to standard
and providing additional training when audit has found justifications which fall below
requirement. Importantly, GCHQ were able to demonstrate how this process works when
submissions fall short of the required standard.
10.39
Before our inspection, we worked with GCHQ’s Internal Compliance Team to select several
hundred records from the system which we then examined to review the analysts’ necessity
and proportionality justifications for the selection of BCD. During the inspection, we spoke
to the Internal Compliance Team to discuss the findings and outcomes. We concluded that
the analysts had properly justified in each case why it was necessary and proportionate to
access the BCD.
10.40
In addition, GCHQ’s IT Security Team conducts technical audits to identify and further
investigate any areas of concern. This will include any activity that may be a breach of the
operational requirements. The senior managers we interviewed as part of the inspection
process explained and demonstrated in some detail how the audit processes work and the
function of the team. We were satisfied with the thorough overall approach.
Sharing bulk data: Review of procedures at GCHQ
10.41
In our 2018 report, we explained that, in Privacy International v GCHQ & Others
IPT/15/110/CH, the investigatory Powers Tribunal (IPT) had considered the lawfulness of
GCHQ’s use of certain bulk data. The IPT judgment, published on 23 July 2018, called for
“a review of existing procedures at GCHQ in relation to sharing of intelligence and of bulk
datasets… under the supervision of IPCO”. In response, GCHQ conducted a detailed review
of the processes and procedures governing decisions to share data in bulk with foreign
partners and then implemented measures to bring about improvements. In the future, this
area will be covered as part of our regular oversight and inspection arrangements.
10.42
One significant challenge the review faced was the commencement, in August 2018, of
the parts of the IPA relating to the various bulk powers. This included the implementation
of the safeguards contained in the Act, the accompanying Codes and the involvement of
JCs undertaking the double-lock of bulk warrants. This includes the requirement under the
IPA that, before approving the sharing of material obtained as a consequence of conduct
under a bulk warrant, the Secretary of State must be satisfied (to such an extent (if any)
as the Secretary of State considers appropriate) that the overseas authority with whom
material is being shared has in place safeguards in relation to retention, disclosure and
examination. In our supervisory role, we considered the adequacy of GCHQ’s assurances to
meet this requirement.
Summary of outcomes from the review
10.43
The main outcomes of GCHQ’s review are as follows:
• Sharing of bulk data with foreign intelligence partners is now incorporated into our
regular oversight and inspection processes;
• The review has brought new standardisation. Decisions and permissions to share
are captured on a Data Sharing Permission (DSP) form and stored electronically in a
central location;
• Each DSP records the necessity and proportionality of sharing a type of bulk data with
the partner in question and how the partner safeguards operational data, confirms that
69