Monday, 16 March 2015

IOCC frustrates the militant privacy campaigners

Bad news for the militant wing of the privacy lobby who want to believe that the Interception of Communications Commissioner is simply an establishment patsy, an apologist for anything and everything a spook or law enforcement agency wants to get away with.

Sir Anthony May’s latest annual report lays out more evidence of the independent and impartial approach that he and his inspectors take on the thorny question as to what ethical policing means in practice.

Time and time again, the report points not only to areas that require remediation, but it also highlights issues where progress has been made, thanks to recommendations made following earlier inspections.

The militants particularly won't like the next 3 paragraphs, which have been lifted from the report, but I make no apology for reproducing them here:

"My inspectors identified that communications data was frequently relied on to provide both inculpatory and exculpatory evidence. The communications data acquired revealed suspects movements and tied them to crime scenes. It often led to other key evidence being identified or retrieved. Links to previously unidentified offenders and offences were revealed. Dangerous offenders were located and offences were disrupted with the assistance of communications data. Patterns of communication provided evidence of conspiracy between suspects. The data highlighted inconsistencies in accounts given by suspects and corroborated the testimony of victims. The data determined the last known whereabouts of victims and persons they had been in contact with. Similarly, communications data assisted to eliminate key suspects or highlighted inconsistencies in accounts given by victims. [7.65]

In a couple of the operations examined the inspectors concluded that there were potentially gaps in the acquisition process where the investigation teams had not identified the full range of data necessary to achieve the objective. This failure to identify relevant data may adversely impact on the ability to, for example, corroborate the account given by a witness, corroborate the testimony and / or determine the last known whereabouts of a victim or properly determine the role of a suspect in a crime or indicate their innocence. This may present the acquisition process as arbitrary and serious implications could result. This is an area in which it is important for the SPOCs to engage with the applicants to develop strategies to ensure that the appropriate data is sought to fully achieve the investigative objective. [7.66]

In the operations where large elements of the offences, if not all the offences, took place within a ‘virtual world’ e.g. some of the fraud and sexual offences, the requirement for communications data was ever more apparent. It was also apparent from these operations that as technologies have developed police forces and law enforcement agencies have increasingly looked at a wider range of technologies to investigate offences. The inspectors noted that in relation to the investigation of serious and organised criminals, the increasing tactical awareness of criminals means that a larger amount of data, on a potentially wider range of devices and individuals, has to be acquired to meet operational objectives which may have been more simply achieved in previous years. [7.67]

The report also criticizes institutions that have ignored past recommendations: 

"Last year I made the point that the numerous policy documents governing the interception of prisoners communications were fragmented, overlapping and contradictory in places and that this made it difficult for the prisons themselves to understand the requirements fully and for our inspectors to conduct the oversight. I am disappointed that there has not been any progress on these matters. I reiterate that NOMS must get to grips with these issues and put in place clear and defined policy and risk assessment documents for the interception of prisoners’ communications. Our experience shows that the prisons are trying extremely hard to comply with the various policies in this area, but they are in need of clear direction and better quality policy." [p.87]

Interestingly, while SPOCs in general are highly thought of, the report focuses its criticism on some Professional Standards departments (the teams that investigate investigators), where poor practices prevail:

"The inquiry found that an excessively high number of the applications submitted by Professional Standards departments were completed to a poor standard and did not adequately justify the necessity and proportionality justifications. In a number of applications the criminal allegation or the criminal offences suspected were not set out or there was no description as to how they were linked to, and aggravated by, the officer’s misuse of a position in public office. The applications often relied upon vague and dubious descriptions under the ‘umbrella’ of misconduct in public office and my inspectors were not satisfied that the high threshold for the offence of misconduct in public office had been met. There did not appear to be any intention for some of the matters to be subject of a prosecution within a criminal court. Turning to proportionality lengthy periods of traffic or service use data were often sought without sufficient justification and it was not clear whether other lines of inquiry had been considered and if so why they had not been pursued. For example, a number of the applications concerned investigations into officers forming inappropriate relationships with victims of crime. Whilst in some cases the circumstances may justify that it is reasonable to suspect serious inappropriate activity was taking place, for example, the formation of sexual relationships with vulnerable victims; some of the applications examined detailed fairly minor transgressions and did not identify whether serious wrongdoing was suspected, or failed to give convincing reasons to suspect that serious wrongdoing was occurring. In these applications it was also not apparent why other action, such as intervention by the officer’s supervisors or misconduct interviews were not considered, or if they had been why they were not deemed appropriate. In such cases my inspectors concern was exacerbated where there appeared to be little resolve to subsequently pursue a prosecution when evidence was acquired which supported the initial premise of the application." [7.81]

Strong stuff.

However, these criticisms should be read in their context. They should not detract from the Commissioner’s conclusion that, overall, "my office’s inquiries did not find significant institutional overuse of communications data powers by police forces and law enforcement agencies. … However, my office did find that a proportion of the applications did not adequately deal with the question of necessity or proportionality and we found some examples where the powers had been used improperly or where they had been used unnecessarily. Overall the operational reviews showed that the communications data that was acquired was necessary and proportionate to the matter under investigation." [7.94]

So, we won’t be hearing much from the militant wing of the privacy lobby about this report because, frankly, there’s not much for them to complain about.

The more independently minded privacy advocates will probably take some comfort from the report – both in learning how RIPA (and DRIPA) actually work in practice, and in realising what a world-leading supervisory system the UK actually has.