Overview of the Regulation of Investigatory Powers Act 2000 Andrew Charlesworth University of Warwick 10 June 2002

Introduction The RIP Act is designed to meet a number of aims: The RIP Act is designed to meet a number of aims: To implement changes in the law required as a result of a ruling in the ECourtHRTo implement changes in the law required as a result of a ruling in the ECourtHR To bring modern communications interception fully within a statutory frameworkTo bring modern communications interception fully within a statutory framework To provide the police and other agencies with new powers with regard to encrypted communicationsTo provide the police and other agencies with new powers with regard to encrypted communications To implement Art. 5 of EU Directive 97/66/EC concerning the processing of personal data and protection of privacy in the telecoms sector.To implement Art. 5 of EU Directive 97/66/EC concerning the processing of personal data and protection of privacy in the telecoms sector.

ECHR - Interception The RIP Act repeals the Interception of Communications Act 1985 (IOCA) The RIP Act repeals the Interception of Communications Act 1985 (IOCA) IOCA was originally designed to meet the standards required by the ECourtHR in the Malone case – interception by state. IOCA was originally designed to meet the standards required by the ECourtHR in the Malone case – interception by state. IOCA did not apply to private sector regulation & monitoring which was unregulated. IOCA did not apply to private sector regulation & monitoring which was unregulated. The ECourtHR in the Halford case held that private sector interception could be a breach of Art 8. EConventionHR. The ECourtHR in the Halford case held that private sector interception could be a breach of Art 8. EConventionHR.

ECHR - Interception Halford case – interception of calls from telephones in Halfords office were a breach of her "private life" and "correspondence" under Article 8 (1) ECHR Halford case – interception of calls from telephones in Halfords office were a breach of her "private life" and "correspondence" under Article 8 (1) ECHR As her employer had not informed her that calls from those phones might liable to interception, she had a reasonable expectation of privacy in relation to them. As her employer had not informed her that calls from those phones might liable to interception, she had a reasonable expectation of privacy in relation to them. No legal redress for her to pursue her case against her employer, meant there was a violation of Article 13 ECHR (failure to provide an effective domestic remedy) No legal redress for her to pursue her case against her employer, meant there was a violation of Article 13 ECHR (failure to provide an effective domestic remedy)

Interception Powers The main purpose of the Act is to ensure that investigatory powers are used in line with human rights. The main purpose of the Act is to ensure that investigatory powers are used in line with human rights. It thus intersects with the Data Protection Act 1998 and the Human Rights Act It thus intersects with the Data Protection Act 1998 and the Human Rights Act It deals with It deals with interception of communicationsinterception of communications acquisition of communications dataacquisition of communications data intrusive surveillance, covert surveillance in the course of specific operations, use of covert human intelligence sourcesintrusive surveillance, covert surveillance in the course of specific operations, use of covert human intelligence sources

Interception Powers For each of these powers, the Act provides for: For each of these powers, the Act provides for: the purposes for which they may be used;the purposes for which they may be used; which authorities can use the powers;which authorities can use the powers; who should authorize each use of the power;who should authorize each use of the power; the use that can be made of the material gained;the use that can be made of the material gained; independent judicial oversight;independent judicial oversight; a means of redress for the individual.a means of redress for the individual.

Encryption The Act contains provisions to maintain the effectiveness of existing law enforcement powers in the face of increasing criminal use of encryption. The Act contains provisions to maintain the effectiveness of existing law enforcement powers in the face of increasing criminal use of encryption. Specifically, it introduces a power to require disclosure of encrypted data. Specifically, it introduces a power to require disclosure of encrypted data. The encryption provisions were originally part of the Electronic Communications Bill, but were left out of the resulting Act due to their controversial nature. The encryption provisions were originally part of the Electronic Communications Bill, but were left out of the resulting Act due to their controversial nature.

Legislation The RIP Act 2000 received Royal Assent in July in force in October The RIP Act 2000 received Royal Assent in July in force in October It covers the interception of communications made via It covers the interception of communications made via public postal systems,public postal systems, public telecoms systemspublic telecoms systems private telecoms systems (including computer communications).private telecoms systems (including computer communications). It applies to England, Wales, Scotland (with minor exceptions) and N. Ireland. It applies to England, Wales, Scotland (with minor exceptions) and N. Ireland.

Legislation Public telecoms systems are any telecoms service which is offered or provided to, or to a substantial section of, the public in … the UK. Public telecoms systems are any telecoms service which is offered or provided to, or to a substantial section of, the public in … the UK. This would include fixed line providers, mobile service providers and ISPs.This would include fixed line providers, mobile service providers and ISPs. "Private telecom systems" are any telecoms system that is not a public telecoms system but is attached to such a system. "Private telecom systems" are any telecoms system that is not a public telecoms system but is attached to such a system. This would include internal telephone networks that are linked to a public telecoms system by a private exchange and internal computer networks connected to the Internet.This would include internal telephone networks that are linked to a public telecoms system by a private exchange and internal computer networks connected to the Internet. Thus institutional telecoms networks, and computer networks are covered by the Act. Thus institutional telecoms networks, and computer networks are covered by the Act.

Overview Large parts of the Act are of relevance only to police and related state agencies. Large parts of the Act are of relevance only to police and related state agencies. However, institutional interception and monitoring of communications must conform with the Act & its regulations. However, institutional interception and monitoring of communications must conform with the Act & its regulations. Data must also be collected and held in line with the DPA Data must also be collected and held in line with the DPA Institutions should be aware of Institutions should be aware of their rights and obligations when required by police to intercept & monitor communicationstheir rights and obligations when required by police to intercept & monitor communications their rights and obligations with regard to encrypted materialstheir rights and obligations with regard to encrypted materials