Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SCL Conference 8 June 2017 - Investigatory Powers Act


Published on

Introduction to Investigatory Powers Act 2016.

Published in: Law
  • Be the first to comment

  • Be the first to like this

SCL Conference 8 June 2017 - Investigatory Powers Act

  1. 1. Investigatory Powers Act introduction Graham Smith SCL Annual Conference 8 June 2017
  2. 2. Background to the Act
  3. 3. Multiple sources - two main ones
  4. 4. ● Bulk interception under RIPA ● Equipment interference (CNE) 2013 - Snowden
  5. 5. 2012 Communications Data Retention
  6. 6. 2014 ● Digital Rights Ireland (CJEU) ● Data Retention and Investigatory Powers Act (DRIPA)
  7. 7. 2015
  8. 8. "RIPA, obscure since its inception, has been patched up so many times as to make it incomprehensible to all but a tiny band of initiates" "comprehensive and comprehensible" Page 8
  9. 9. Overview of #IPAct powers
  10. 10. Overview of #IPAct powers 300 page Act ● Interception warrants • Bulk, targeted, thematic; Content and ‘secondary’ data ● Equipment interference (hacking) warrants • Bulk, targeted, thematic; Content and ‘equipment’ data ● Communications data acquisition and disclosure • Bulk warrants, targeted notices + request filter ● Mandatory communications data retention notices • Browsing histories (Internet Connection Records) ● Technical capability notices • E2E encryption ● National security notices ● Bulk personal dataset warrants Page 10
  11. 11. What? How? Who to? Enforce? Secret? Warrant (SoS + JC) TelOp Crim + Civ Crim Warrant (SoS [some LE] + JC) TelOp UKpers only, Civ Crim Notice (SoS + JC) TelOp UKpers only, Civ Civ Notice (various authorities) TelOp Civ Crim Warrant (SoS + JC) TelOp UKpers only, Civ Crim Notice (SoS + JC) TelOp (inc prospective) As per substantive powers Yes Notice (SoS + JC) UK TelOp UKpers only, Civ Yes Overview of #IPAct powers Comms Data Retention (inc ICRs) Comms Data Acquisition (targeted)(?) Equipment interference (targeted, thematic) Encryption removal Equipment interference (bulk) Request filter (comms data) Technical capability notices Comms Data Acquisition (bulk) Interception (targeted, thematic) Interception (bulk) Interception (secondary data) Equipment interference (equipment data) National security notices Page 11
  12. 12. What? How? Who by? Purposes? Warrant (SoS + JC) MI5, SIS, GCHQ, MoD, 5 LE bodies, MLAT National security; prevent/detect serious crime; UK economic well- being (nat sec-related, non-BI persons) Warrant (SoS + JC) MI5, SIS, GCHQ; MoD (nat sec only) Warrant (LE head + JC) Police (various), National Crime Agency Prevent/detect serious crime, prevent death, prevent or mitigate injury/damage to physical/mental health Immigration, Revenue/Customs, Competition/Markets, Police investigations Prevent/detect serious crime Warrant (SoS + JC) MI5, SIS, GCHQ (overseas- related main purpose) National security; national security and prevent/detect serious crime, UK economic well-being (non-BI persons) Warrant (SoS + JC) MI5, SIS, GCHQ Notice (plus court order for local authorities) Numerous authorities 11 different purposes Notice (+ JC) (up to 12 mths) Secretary of State Notice (+ JC) Secretary of State National security Warrants, comms data acquisition notices Overview of #IPAct powers Equipment interference (targeted, thematic) Equipment interference (bulk) Comms Data Acquisition (bulk) Interception (targeted, thematic) Interception (bulk) National security notices Technical capability notices (inc decryption) Comms Data Acquisition (targeted)(?) Request filter (comms data) Comms Data Retention (inc ICRs) Page 12
  13. 13. What has changed?
  14. 14. New or not new? ● Explicit powers re-enacted ● Semi-explicit powers (scale of use hidden) now made explicit ● Opaque powers now made explicit ● Opaque powers still (arguably) opaque Interception (targeted) Comms Data Acquisition (bulk) Equipment interference (targeted, thematic) Encryption removal Interception (bulk) Interception (thematic) Equipment interference (bulk) Interception (related communications data) Page 14
  15. 15. New and extended Authorisation and oversight – new safeguards ● Judicial Commissioner approval of most warrants and notices • Except targeted communications data acquisition - But Watson. Extended mandatory data retention powers ● Extended to all kinds of communications data • including Internet Connection Records (site level browsing histories) ● Extended to all kinds of communication (background, IoT) ● Extended to include generation and obtaining data for retention ● Abolition of 'processed within UK' limitation ● Extended to include private telecommunications operators Page 15
  16. 16. New and extended Content-derived metadata ● Interception, equipment interference, BPD warrants. • Targeted, thematic, bulk ● New power to extract some information from content and treat as metadata Page 16
  17. 17. New and extended Technical capability notices ● Permanent technical capability to assist with warrants and communications data acquisition notices ● Extended from interception (RIPA) to most powers (IPAct) ● Extended to include private telecommunications operators • Subject to any limitations in regulations Draft regulations ● No minimum threshold for communications data acquisition ● Black boxes (communications data acquisition) ● Hacking back door ● End to end encryption? Page 17
  18. 18. New and extended New non-disclosure obligations on warrant/notice recipients ● Criminal (targeted and bulk) • Interception warrants (59(1), 156(2)) • Equipment interference warrants (134(1), 197) • Bulk communications data acquisition warrants (174(1)) • Targeted communications data acquisition notices (82(1)) ● Civil • Data retention notices (95(2)) ● Indeterminate • Technical capability notices (255(8)) • National security notices (255(8)) Page 18
  19. 19. Tweaks ● Extraterritoriality ● Content v metadata ● Categories of metadata ● Journalists, MPs, legal privilege ● Interception offence ● etc Page 19
  20. 20. Timetable ● Data retention partially in force 30 December 2016 • Existing notices continue for max 6 mths ● The rest of the Act? • New oversight regime • New warrantry procedures • ‘Some time … timetable in due course’ Page 20
  21. 21. Graham Smith @cyberleagle Bird & Bird is an international legal practice comprising Bird & Bird LLP and its affiliated and associated businesses. Bird & Bird LLP is a limited liability partnership, registered in England and Wales with registered number OC340318 and is authorised and regulated by the Solicitors Regulation Authority. Its registered office and principal place of business is at 15 Fetter Lane, London EC4A 1JP. A list of members of Bird & Bird LLP and of any non-members who are designated as partners, and of their respective professional qualifications, is open to inspection at that address. Thank you