Saturday 27 March 2010

RIPA and the naughty step

On 26 January I commented in my blog about the way the Department of Work and Pensions (DWP) had decided not to use the provisions available under the mighty RIPA (Regulation of Investigatory Powers Act) to get information from communication service providers and internet service providers.

I’ve now found 2 other public authorities who have also found RIPA not fit for their purposes, and so I propose to make them sit on the naughty step too.

If things carry on this way, I’ll need a larger naughty step.

So who gets to join the crew from the DWP? Why, it’s our old friends from the Office of Communications (Ocfom) and also the Financial Services Authority (FSA).

Let me try and explain why.

The creators of RIPA tried to make life complicated, by ensuring that various public authorities could only use RIPA powers for certain purposes. But it appears that drafting errors have occurred, which have resulted in Ofcom and the FSA arguing that the powers available to them within RIPA are not wide enough to let them carry out their jobs properly. So they have decided to carry on exercising what are known as concurrent powers (ie powers given to them under other bits of legislation, that they really should have give up if only RIPA was written correctly.)

When was the last time that the RIPA legislation was considered in Parliament? A few years ago? Actually no – believe it or not a raft of RIPA consolidating orders were discussed by Parliament last month. They were considered by the First Delegated Legislation Committee of the House of Commons on 8 February, and on the floor of the House of Lords on 23 February. However, the people who prepared the briefing papers for the debates apparently decided to not to address the thorny problems experienced by Ofcom and the FSA – so no politician mentioned it either.

Lets be clear about the purposes for which communications data can be used (if you get the Home Office to put you on the right list). The Regulation of Investigatory Powers (Communications Data) Order 2010 (SI 2010 No. 480), which will come into force on 6 April, already allows communications data to be used for the following purposes:
(a) in the interests of national security;
(b) for the purpose of preventing or detecting crime or preventing disorder;
(c) in the interests of the economic well-being of the UK;
(d) in the interests of public safety;
(e) for the purpose of protecting public health;
(f) for the purpose of assessing or collecting any tax, duty, levy or other charge payable to a Government Department;
(g) for the purpose, in an emergency, of preventing death or injury or any damage to a person’s physical or mental health, or of mitigating any injury or damage to a person’s physical or mental health.
(h) to assist investigations into alleged miscarriages of justice; and
(i) to assist in identifying a person who has died or is unable to identify himself because of a physical or mental condition, other than one resulting from crime, or to obtain information about his next of kin or others connected with him or about the reason for his death or condition.

Section 7 of the explanatory memorandum to the SI (also known as the Ministerial crib sheet) explains that the consolidating order “provides in one place a list of those public authorities which have a legitimate requirement within the regulation provided by RIPA to interfere with an individual’s right to privacy.”

And, a little confusingly, it also mentions both the FSA and Ofcom.

It explains that the FSA “has statutory responsibilities for investigating and prosecuting particular criminal offences to maintain market confidence. Communications data are used mainly in the investigation and prosecution of insider dealing under the Criminal Justice Act1993. Other investigations in which covert techniques have been used include unauthorised collective investment schemes under the Financial Services and Markets Act 2000 (FSMA). The FSA is increasingly involved in detecting criminal activity on the internet. Unless these kinds of professional financial collaboration are addressed effectively they would operate against the consumer’s interests and could damage the integrity of UK financial markets.”

It also explains that Ofcom “is the independent regulator and competition authority for all the UK communications industries, with responsibilities across television, radio,telecommunications and wireless communications services. It acquires communications data to investigate the location and operation of illegal radio broadcasters under the Wireless Telegraphy Act 2006. This essentially means people who buy equipment from the internet and set up hidden studios to broadcast at any frequency in the radio spectrum regardless of whether that frequency is already licensed to a legitimate station. These unlicensed operators pay no taxes, provide unfair competition, interfere with legitimate broadcasters and their audiences, and disrupt vital safety of life emergency services.”

So what is it that the FSA & Ofcom do that isn’t already listed under the permitted purposes above?

Get out the wet towel and stick your head under it.

It appears that the FSA is required, under Article 12(2) of something called the Market Abuse Directive (as implemented in the UK by Section 173(3) of the FSMA) to have powers to obtain communications data in order to enable the investigation of market abuse. And, incredibly, it is argued that this activity is not covered by any of the current statutory purposes.

Ofcom, on the other hand, is required to assess whether companies are or have been misusing and electronic communications network or electronic services. And as, incredibly, it is argued that this activity is not covered by any of the current statutory purposes, it has decided to use powers given to it under Section 128 of the Communications Act 2003.

I do find it odd that the FSA can’t argue that it's investigations into matters of “market abuse” can’t fall within RIPA purposes of

b) preventing or detecting crime or of preventing disorder, or
c) in the interests of the economic well-being of the United Kingdom

And I also find it odd that Ofcom can’t argue that it's investigations into the misuse of an electronic communications network can't fall within the RIPA purpose of

b) preventing or detecting crime or of preventing disorder

Hey ho, we live in interesting times.

But until they do fall properly within the RIPA regime, they can both keep the DWP company on the naughty step.