BIG BROTHER WATCH AND OTHERS v. THE UNITED KINGDOM JUDGMENT
141
(see for example, R.E. v. the United Kingdom, no. 62498/11, 27 October
2015 and Uzun, cited above).
352. In any event, it is not necessary for the Court to decide whether the
six minimum requirements apply to the interception of communications data
since, save for the section 16 safeguards, the section 8(4) regime treats
intercepted content and related communications data in the same way. It
will therefore focus its attention on whether the justification provided by the
Government for exempting related communications data from this safeguard
is proportionate to the legitimate aim pursued; that is, ensuring the
effectiveness of that safeguard in respect of content.
353. It is not in doubt that communications data is a valuable resource
for the intelligence services. It can be analysed quickly to find patterns that
reflect particular online behaviours associated with activities such as a
terrorist attack and to illuminate the networks and associations of persons
involved in such attacks, making it invaluable in fast-moving operations;
and, unlike much data relating to content, it is not generally encrypted (see
paragraphs 158, 163, 169, 176 and 301 above).
354. Furthermore, the Court accepts that the effectiveness of the
section 16(2) safeguard depends on the intelligence services having a means
of determining whether a person is in the British Islands, and access to
related communications data would provide them with that means.
355. Nevertheless, it is a matter of some concern that the intelligence
services can search and examine “related communications data” apparently
without restriction. While such data is not to be confused with the much
broader category of “communications data”, it still represents a significant
quantity of data. The Government confirmed at the hearing that “related
communications data” obtained under the section 8(4) regime will only ever
be traffic data. However, according to paragraphs 2.24-2.27 of the ACD
Code (see paragraph 117 above), traffic data includes information
identifying the location of equipment when a communication is, has been or
may be made or received (such as the location of a mobile phone);
information identifying the sender or recipient (including copy recipients) of
a communication from data comprised in or attached to the communication;
routing information identifying equipment through which a communication
is or has been transmitted (for example, dynamic IP address allocation, file
transfer logs and e-mail headers (other than the subject line of an e-mail,
which is classified as content)); web browsing information to the extent that
only a host machine, server, domain name or IP address is disclosed (in
other words, website addresses and Uniform Resource Locators (“URLs”)
up to the first slash are communications data, but after the first slash
content); records of correspondence checks comprising details of traffic data
from postal items in transmission to a specific address, and online tracking
of communications (including postal items and parcels) (see paragraph 117
above).