30. A project was also established to provide the technical support to
reinforce the requirement for all interception to be properly reviewed to ensure
that it remained justified. The project also addressed the auditing of systems to
demonstrate post hoc whether an individual has or has not been the subject of
action by GCHQ and, if so, that this was authorised, justified and
proportionate. The project evaluated a large number of systems: technical
modifications were made to a small number and procedural controls were
recommended for others.
31. In addressing the safeguards contained within section 15 of RIPA, GCHQ
developed a new set of internal compliance documentation for staff, together
with an extensive training programme that covered staff responsibilities under
both RIPA and the Human Rights Act. This compliance documentation was
submitted to the Foreign Secretary who was satisfied that it described and
governed the arrangements required under section 15. I have also been told it
also constituted the written record of the arrangements required to be put in
place by the Director, GCHQ, under section 4(2)(a) of the Intelligence
Services Act 1994 (to ensure that no information is obtained or disclosed by
GCHQ except so far as is necessary for its statutory functions). In discharging
my functions under section 57(1)(d), I examined the documentation and the
processes which underpin it and satisfied myself that adequate arrangements
existed for the discharge of the Foreign Secretary’s duties under section 15 of
RIPA. Of course, GCHQ recognises that its compliance processes must evolve
over time, particularly as they become more familiar with the intricacies of the
new legislation and develop new working practices, and that the process of staff
education remains a continuing one. To this end, GCHQ has developed further
training programmes and is issuing revised compliance documentation as part
of the ongoing process (see also under paragraph 56 under Safeguards).
32. In advance of the coming into force of RIPA, GCHQ approached me as to
the warrants it would seek after that date and provided a detailed analysis as to
how those warrants would be structured - this was helpful as it gave me an
insight into how GCHQ saw the workings of RIPA/Human Rights Act and
permitted me to comment in advance. Since the commencement of RIPA, in
reviewing warrants I have looked carefully at the factors to be considered by
the Secretary of State when determining whether to issue an interception
warrant, and especially the new requirement to consider “proportionality”
under section 5(5)(2)(b) of RIPA.
Security Service
Implementation: General
33. The Security Service welcomed the introduction of RIPA, having taken
an active part in its drafting. However, it found that the process of changing
arrangements for warrantry and internal authorisations, as required by the Act,
required a considerable re-allocation of resources within the Service. Staff
attended Home Office working groups which considered the various aspects of
the legislation and its implementation. Internal working and steering groups
were necessary to consider the practical effects of the new arrangements on
working practices in the Service. An initial far-reaching training programme
was devised and delivered. There is a continuing programme of training for new
entrants to the Service and refresher training for existing staff, including
managers. The warrantry unit was expanded to cover the additional paperwork
and the provision of advice to staff.
RIPA Part I, Chapter I - Interception of Communications
34. Change 1: unlike the Interception of Communications Act 1985 (IOCA)
warrants, which were served on the communications service provider (CSP),
warrants obtained under RIPA Part I are served on the organisation which has
applied for the warrant. The legislation requires the CSP to assist in carrying
out warranted intercepts.
6