Report of the Interception of Communications Commissioner - July 2016
three months for serious crime or economic well-being purposes. Since this certification
has to relate to an individual, it is broadly equivalent to a section 8(1) warrant.
6.33 Sections 16(4) and (5) of RIPA have the effect that material acquired under a
section 8(4) warrant for a person who is within the British Islands may be examined for
a short period upon the written authorisation of a senior official where the person was
believed to be abroad but it has just been discovered that he or she has in fact entered
the British Islands. This will enable a section 8(1) warrant or section 16(3) certification for
that person to be duly applied for without losing what could be essential intelligence.
6.34 Selection of section 8(4) material. In brief, prior to analysts being able to
read, look at or listen to material, they must first provide a justification which includes
why access to the material is required, consistent with, and pursuant to, section 16 and
the applicable certificate (i.e. how the requirement is linked to one of the statutory
necessity purposes and is a valid intelligence requirement), and why such access is
proportionate. Our inspections and audits show that the selection procedure is carefully
and conscientiously undertaken both in general and, so far as we are able to judge, by
the individuals concerned. The procedure relies mainly on the professional judgment of
analysts, their training and management oversight. However, separate pre-authorisation
by a more senior operational manager is required for the targeting of communications
regarded as confidential under the Code of Practice. All staff are required to undertake and
pass a test at least once every two years to demonstrate their continuing understanding
of the legal and other requirements.
6.35 The Commissioner is responsible under section 57(1)(d) for reviewing the
adequacy of the arrangements as a whole under section 15 (and 16) of RIPA. GCHQ’s
Internal Compliance Team and staff under their direction, conduct audit checks on a
randomised sample of the analysts’ justifications for selection. In addition, the IT
Security Team conducts technical audits to identify and further investigate any possible
unauthorised use. The results of the retrospective audits are provided to IOCCO during
our inspections and any breaches of the section 15 and 16 safeguards will have already
been reported to IOCCO (see the errors section of this section). The retrospective audits
are a strong safeguard and also serve to act as a deterrent against malign use. Later in
this section we set out some of the changes we have made to our interception inspection
regime, one of which relates to our involvement in the audit process.
6.36 There are a number of other security and administrative safeguards in place
within GCHQ (which are not only relevant to interception work). These include the
security policy framework (including staff vetting), the continuing instruction and training
of all relevantly engaged staff in the legal and other requirements of RIPA, with particular
emphasis on Human Rights Act requirements, and the development and operation of
computerised systems for checking and searching for potentially non-compliant use of
GCHQ’s systems and premises.
www.iocco-uk.info
23