2012 Annual Report of the Interception of Communications Commissioner
recommendations were given to a small number of the public authorities for the SPoCs to ensure
they provide a more robust guardian and gatekeeper function with regard to the quality of the
applications. Two of the public authorities also received amber recommendations to tighten the
audit trail of the process.
My inspectors concluded that the DPs are generally discharging their statutory duties responsibly.
The DPs in 86% of the Other public authorities were found to be recording their considerations
to a consistently good standard. It was quite clear that the majority of the DPs were individually
assessing each application, taking on board the advice provided by the SPoC and questioning the
necessity and proportionality of the proposed conduct. The statistics provided to my office this
year show that 76 applications were rejected by the DPs in 2012.
In 3 of the inspections my inspectors concluded that some of the applications had not been
approved in a timely fashion by the DPs. For a number of reasons it is vitally important that
applications are approved speedily, otherwise this may have an adverse impact upon the progress
of the investigations. Furthermore, after lengthy periods of time it must be questionable if the
necessity and proportionality justifications are still valid. The comments I have made in the
preceding section of the report in relation to ensuring that Section 22(4) Notices are formally
issued by the DPs are equally pertinent to some of these inspections and technical breaches were
again found in this aspect of the process during 7 of the inspections. Amber recommendations
were made in these two areas.
This year 41% of the recommendations were green and these were made to assist the public
authorities to improve the efficiency and effectiveness of their processes and reduce unnecessary
bureaucracy. For example, to introduce the streamlining procedures outlined in Paragraphs 3.30
to 3.32 of the Code of Practice.
I would like to highlight two further investigations where communications data was used effectively.
This may provide a better understanding of its importance to the criminal investigations that
these types of public authorities undertake.
Case Study 8 – NHS Scotland - Use of Communications Data
Communications data was used very effectively in the investigation of several online
accounts that had been discovered advertising more than £80,000 worth of stolen hospital
and surgical supplies. Amongst items for sale were cranial drill-bits used in neurosurgery.
Communications data was acquired in relation to Internet Protocol (IP) addresses and
email addresses from the online accounts and transactions. The subscriber data acquired
enabled investigators to identify four suspects at two addresses linked to the online seller
accounts. Two of the suspects were employed by the NHS, one as an operating theatre
technician. Search warrants were obtained for both of the addresses which resulted in the
recovery of stolen property to the value of £28,000. Computers and laptops were seized
and analysed, showing that the scope of the selling network was worldwide. The main
suspect pled guilty to theft and was sentenced to 18 months imprisonment.
50