34
BIG BROTHER WATCH AND OTHERS v. THE UNITED KINGDOM JUDGMENT
safeguards. All authorised persons must be appropriately vetted (see paragraph 7.10
for further information).
7.16. Prior to an authorised person being able to read, look at or listen to material, a
record should be created setting out why access to the material is required consistent
with, and pursuant to, section 16 and the applicable certificate, and why such access is
proportionate. Save where the material or automated systems are being checked as
described in paragraph 7.14, the record must indicate, by reference to specific factors,
the material to which access is being sought and systems should, to the extent
possible, prevent access to the material unless such a record has been created. The
record should include any circumstances that are likely to give rise to a degree of
collateral infringement of privacy, and any measures taken to reduce the extent of the
collateral intrusion. All records must be retained for the purposes of subsequent
examination or audit.
7.17. Access to the material as described in paragraph 7.15 must be limited to a
defined period of time, although access may be renewed. If access is renewed, the
record must be updated with the reason for the renewal. Systems must be in place to
ensure that if a request for renewal is not made within that period, then no further
access will be granted. When access to the material is no longer sought, the reason for
this must also be explained in the record.
7.18. Periodic audits should be carried out to ensure that the requirements set out in
section 16 of RIPA and Chapter 3 of this code are being met. These audits must
include checks to ensure that the records requesting access to material to be read,
looked at, or listened to have been correctly compiled, and specifically, that the
material requested falls within matters certified by the Secretary of State. Any
mistakes or procedural deficiencies should be notified to management, and remedial
measures undertaken. Any serious deficiencies should be brought to the attention of
senior management and any breaches of safeguards (as noted in paragraph 7.1) must
be reported to the Interception of Communications Commissioner. All intelligence
reports generated by the authorised persons must be subject to a quality control audit.
7.19. In order to meet the requirements of RIPA described in paragraph 6.3 above,
where a selection factor refers to an individual known to be for the time being in the
British Islands, and has as its purpose or one of its purposes, the identification of
material contained in communications sent by or intended for him or her, a
submission must be made to the Secretary of State, or to a senior official in an urgent
case, giving an explanation of why an amendment to the section 8(4) certificate in
relation to such an individual is necessary for a purpose falling within section 5(3) of
RIPA and is proportionate in relation to any conduct authorised under section 8(4) of
RIPA.
7.20. The Secretary of State must ensure that the safeguards are in force before any
interception under section 8(4) warrants can begin. The Interception of
Communications Commissioner is under a duty to review the adequacy of the
safeguards.
...
10. OVERSIGHT
10.1. RIPA provides for an Interception of Communications Commissioner, whose
remit is to provide independent oversight of the use of the powers contained within
the warranted interception regime under Chapter I of Part I of RIPA.