Investigatory Powers Commissioner’s Annual Report 2019
had begun work to investigate the problem and retrain staff to improve this standard. The
refreshed training on the IPA provisions and the additional training provided by PCNs have
improved GCHQ’s compliance in this area. We do not expect to see a slip in this standard at
future inspections but will continue to review this area closely.
Safeguards
10.49
We conducted a bespoke inspection at GCHQ to examine safeguards for data obtained
under warrant in May 2019. The primary focus of this inspection was a detailed briefing
on the approach taken by GCHQ to technical safeguards across systems which handle
such data. GCHQ has an agreed set of principles to which any system designed to handle
operational data (including data obtained under warrant) must adhere. These principles are
known as the Principles for Operational Data Systems (PODS).
10.50
It is the responsibility of a system developer or owner to ensure that their system adheres
to the PODS. Having reviewed the PODS in detail, we were satisfied that they cover, in a
comprehensive way, the obligations which apply to GCHQ’s handling of operational data
under the IPA. In addition, in preparation for implementation of the IPA, GCHQ undertook
an extensive amount of work in assessing system compliance with the requirements of
the Act, allocating around 20,000 hours of staff time in total. One of the outcomes of this
work was a comprehensive list of all systems in use across GCHQ which handled data
obtained under warrant. Complementary processes (contained within the PODS) mean that
any new systems must be recorded in a central register. As such, GCHQ now has reliable
processes that enable a centralised record of systems which handle operational data. The
responsibility for the compliance of these systems rests with the system owner.
10.51
On the basis of material provided to us by GCHQ, including an outline of the measures
taken by GCHQ to ensure it was not carrying additional compliance risk as a result of
having shared data with MI5 which was being stored in Technology Environment 1
(TE1), we were satisfied that GCHQ did not have a systemic compliance issue akin to
the problems identified at MI5 with TE1 (see chapter 8). Nevertheless, we will revisit
this technically complex area in greater depth on future inspections to review GCHQ’s
safeguards arrangements.
Section 7 Intelligence Services Act 1994 (ISA)
10.52
In our 2018 report, we stated that the majority of the work that GCHQ historically
conducted under section 7 of the ISA, which authorises activity outside of the British Isles,
is now conducted under Parts 5 and 6 of the IPA. This continues to be the case. Section 7
is now relied upon by GCHQ to conduct operations which do not acquire communications,
equipment data or other relevant information under the IPA. We have worked with GCHQ
throughout the period of transition to the IPA to ensure that all operations are fully
and appropriately authorised, particularly so that the JCs and Inspectorate have a clear
understanding of how the operation is conducted and what level of interference with
any individual(s)’ privacy results. We have been pleased by the proactive approach that
GCHQ continue to take in briefing our teams and we have a high degree of confidence that
section 7 is being used appropriately and that operations are being conducted with minimal
collateral intrusion.
10.53
We reviewed casework and internal approval documentation for section 7 authorisations
as part of a broader inspection of equipment interference operations. This gave us the
opportunity to discuss with GCHQ how they were managing the delineation of IPA and ISA
71