We have produced a briefing document on the Regulation of Investigatory Powers Act 2000 (RIPA), the main surveillance legislation that is used by public authorities, law enforcement, and intelligence agencies. The briefing can be accessed here.
RIPA governs the use of covert surveillance powers. In 2012 the Protection of Freedoms Act was introduced, partly to solve some of the issues created by the legislation, such as the use of intrusive surveillance for minor issues. Many problems still remain and the need to enact serious reform is now more pressing than ever.
- RIPA was drafted for a pre-social media age, it is now woefully outdated.
- More transparency is needed around how RIPA powers are used, including the way that authorisations to use the powers are approved.
- RIPA’s oversight mechanisms are in need of reform.
- Members of the public should be able to seek redress if they have been subject to surveillance.
The Government has announced that it will bring forward proposals to enable IP address matching. The measures would require internet firms to keep records of customer information, to enable law enforcement bodies to decipher who was using a device, such as a smart phone or computer, at a given time.
We have produced a briefing note (PDF) on the proposals.
The key issues with the proposals are:
- There are questions over whether or not this will be technically feasible.
- Proper safeguards must be introduced to ensure that these techniques are used transparently, that there is a proper level of authorisation and that the oversight and redress mechanisms can function effectively.
- If this measure is introduced, time should be allowed to ensure that its effectiveness to law enforcements investigations can be evaluated with due care and transparency.
With the concept of a ‘capability gap’ in the acquisition of communications data being increasingly discussed, we have created a briefing on the key issues and definitions of the issue which can be viewed here (PDF).
The purpose of the briefing is to demonstrate that using the concept as an argument for the introduction of mass communications data collection is fundamentally flawed and unhelpful to what is a serious debate.
The key areas covered in the briefing are:
- The definition of the capability gap
- Key issues with the capability gap
- The Interception of Communicatiions Commissioner’s Report
- Resolving the capability gap
Our new report, NHS Data Breaches (PDF), highlights the scale of data breaches in the NHS. The research reveals examples of medical data being lost, shared on social media, and inappropriately shared with third parties.
The report shows that between 2011 to 2014, there have been at least 7,255 breaches. This is the equivalent to 6 breaches every day. Examples of the data breaches include:
- At least 50 instances of data being posted on social media
- At least 143 instances of data being accessed for “personal reasons”
- At least 124 instances of cases relating to IT systems
- At least 103 instances of data loss or theft
- At least 236 instances of data being shared inappropriately via Email, letter or Fax
- At least 251 instances of data being inappropriately shared with a third party
- At least 115 instances of staff accessing their own records.
- There have been at least 32 resignations during the course of disciplinary proceedings.
- There is 1 court case pending, for a breach of the Data Protection Act. In this instance the individual may have also resigned prior to proceedings.
Today we are publishing a report
highlighting the true scale of police forces’ use of surveillance powers. The report comes at a time when the powers have faced serious criticism, following revelations that police have used them to access journalists’ phone records.
The research focuses on the use of ‘directed surveillance’ contained in the controversial Regulation of Investigatory Powers Act (RIPA) by police forces; a form of covert surveillance conducted in places other than residential premises or private vehicles which is deemed to be non-intrusive, but is still likely to result in personal information about the individual being obtained.
Although the report details how directed surveillance powers were authorised more than 27,000 times over a three year period, police forces are not compelled to record any other statistics; therefore we cannot know the exact number of individuals that these authorisations relate to.
As part of the investigation into the use of RIPA by police, a request for details of ‘covert human intelligence’ (informers) and ‘intrusive surveillance’ (covert surveillance carried out in residential premises or private vehicles) was also submitted. However the request was rejected by forces as they believe releasing the information would negatively impact on police capability
Despite the law being changed in 2012 to stop local authorities using the same powers without a magistrate’s approval, police forces do not require any such permission. The report proposes three measures that should be introduced, including:
- a requirement for police forces to publish data on how often and why these powers are used,
- judicial approval of all surveillance operations
- the right for subjects of surveillance to be informed.
The police should not be able to keep the details secret of how and why members of the public are spied on. To do so whilst not having to seek a courts approval to use the powers is simply unacceptable. Local authorities now have to justify how they will snoop on members of the public and it is about time that this authorisation procedure became the norm, not the exception.
Any member of the public that has been put under surveillance should be told that that has been the case when there is no risk to an on-going investigation. This is standard practice in a number of other countries with it being recognised as being an important oversight mechanism. It is clear that this added level of accountability will ensure that the public will only face being spied on when it is truly necessary.
With Police forces around the UK conducting trial schemes and roll outs of body worn cameras (BWCs), we have created a briefing on the use of the technology which can be viewed here (pdf).
The largest trial has taken place within the Metropolitan Police Service, beginning on 8 May 2014 and seeing the distribution of 500 BWCs to officers in 10 London boroughs in an aim to repeat the success of a similar scheme in Rialto, Los Angeles. The £815,000 trial scheme will see the distribution of BWCs to police officers in Barnet, Bexley, Bromley, Brent, Camden, Croydon, Ealing, Havering, Hillingdon and Lewisham. The MPS and Ministers believe that the pilot will show whether or not BWCs will boost accountability, improve the accuracy of evidence and speed up convictions.
The Civil Society groups behind the Don’t Spy On Us coalition have produced a briefing on the fast-track Data Retention and Investigatory Powers Bill (PDF).
You can read our initial analysis of the emergency legislation announcement, as well as our amendment recommendations here.
The Data Retention and Investigatory Powers (DRIP) Bill was published on 10th July 2014 following a press conference given by the Prime Minister and Deputy Prime Minister announcing emergency surveillance legislation. They indicated that the leader of the Opposition had already given Labour’s support to the Bill following private cross-party discussions and this was confirmed by the Shadow Home Secretary in the Chamber later in the day. The Bill is now due to receive all its substantive stages in the House of Commons next Tuesday 16th July. The Lords will be invited to pass the Bill on Wednesday and the Commons will consider any Lords amendments on Thursday. Royal Assent is to be granted before summer recess and the legislation will come into effect immediately. Parliamentary scrutiny and debate is therefore effectively neutered and it is unlikely that the Bill will be substantively amended.
Concerns have been raised in recent weeks regarding the European Commission’s plans for all new cars to be installed with event data recorders in order to enable the eCall system.We have produced a briefing (PDF) to explain the background of the policy, the concerns that have been raised and the other potential uses for event data recorders once they have been installed. The key points raised in our briefing are:
- There is an important distinction to be made between eCall and the Event Data Recorders (EDRs). Whilst the eCall system may not record the location of the car constantly, the EDR does have that capability.
- There are concerns that the EDRs ability to gather extensive data can and will be misused as:
- the data could be accessed by hackers to track individuals’ location.
- insurance companies can use this to promote personalised insurance quotes by recording how individuals drive.
- police forces have already been using eCall systems to track suspicious motorists.
- The installation of the EDR will be mandatory, a move that goes against British principles of liberty and freedom of choice.
- The eCall system is not cost efficient nor will it have a significant impact on safety in the UK.
In the debate around state surveillance, we all too often we hear officials say that we have nothing to fear as only the communications data (or metadata) is examined, not the content of a communication.
Big Brother Watch has therefore published a briefing on why communications data matter. In the briefing note you will find answers to questions like: what are communications data?; what can communications data reveal?; and how are communications data analysed?. We also include details of how communications data have evolved and whether the legal framework currently in place provides sufficient safeguards.
We hope you find the information informative and interesting. Do get in touch to let us know if there are any other topics that you would like us to publish information on.
Today we have published our latest report, Traffic Spies, highlighting how hundreds of councils have turned to static CCTV cameras and spy cars to raise £312m in revenue.
Many councils are continuing to use CCTV to hand out fines, despite the government publishing a Surveillance Camera Code of Practice highlighting the need to use CCTV for traffic offences “sparingly”, this research highlights that the number of CCTV cars in operation in the UK has increased by 87% since 2009.
The question must therefore be asked, if CCTV cameras are about public safety, why are local authorities able to use them to raise revenue? Furthermore, why are local authorities publishing no meaningful information about their use of CCTV for parking enforcement? Read more