Report of the Interception of Communications Commissioner - July 2016
Interception Errors
6.86 The Commissioner has a duty under sections 58(2) and (3) of RIPA to report to the
Prime Minister any contravention of the provisions of RIPA, or any inadequate discharge
of section 15 safeguards.
6.87 In our last annual report we noted that there was no provision for error reporting
in the Code of Practice, unlike the clear provisions in the Acquisition and Disclosure
of Communications Data Code of Practice. Error reporting is an important part of the
oversight regime and aids accountability and public confidence. It is vital to ensure
consistency of approach from all interception agencies in terms of thresholds, judgments
and reporting criterion for errors. We welcome efforts in the IP Bill and the draft IP Bill
Code of Practice for the Interception of Communications to define an error and introduce
error reporting procedures. However we have a number of concerns with the adequacy
of these provisions and have suggested amendments as set out in our various evidence
submissions and in Section 5 of this report.
6.88 We have for some time raised concerns with a number of the interception
agencies about the timeliness of the submission of error reports to IOCCO. In 2015 GCHQ
had a significant backlog in their error reports. Although it is appreciated that due to
the complexity of the different collection and selection systems at GCHQ it sometimes
takes longer to investigate the cause of errors and to put systems and procedures in
place to prevent recurrence, a number of the errors that they were slow to report were
fairly simple one-off human errors and in our view there should be no reason for those
reports to be delayed significantly. GCHQ has worked hard to reduce the backlog by
streamlining their error reporting process and by allocating more resources to the central
team who deal with the investigation and reporting of errors. There is still more work to
be done to speed up the reporting time and it is important for the IP Bill Interception
of Communications Code of Practice to provide a defined timescale for errors to be
reported.
6.89 Last year we mentioned that an interpretation issue had arisen with regard to
instances where an interception agency applies for a warrant in good faith and exercises
due diligence to check that the identifier is being used by the subject of interest but
where the identifier turns out not to be used by the person expected. We would expect
such instances to be reported to us as, even though the interception of the identifier
was authorised by the secretary of state and so arguably there was no contravention of
RIPA, the conduct did result in intrusion into the privacy of an individual who was not of
intelligence interest and for whom the secretary of state did not consider the necessity
or proportionality case. The fact that such occurrences are unintentional and are not
generally the result of some direct or deliberate action or other failure does not mean
that they should not be reported to us. The Commissioner rejects the suggestion that
interception which infringes on the privacy (or other) rights of an individual who was
not the subject of interest should not be reported on the grounds that the intrusion was
unintentional. We understand why the agencies are reluctant to classify these instances as
“errors” and agree these occurrences might better be described as “reportable instances”.
It is important that the IP Bill Code of Practice for the Interception of Communications
www.iocco-uk.info
37