[Updated 8 February 2015 and 10 June 2015]
The Section 8(4) RIPA warrant is the most powerful interception
tool available to UK intelligence agencies. While a targeted Section 8(1)
warrant has to name a person or a set of premises, a section 8(4) warrant can
authorise bulk interception of millions of simultaneous communications on an
internet backbone.
Periodically renewed Section 8(4) warrants are thought to
authorise GCHQ’s TEMPORA programme of tapping into transatlantic fibre optic
cables, which reportedly processes 40 billion items of data per day.
Following the Snowden revelations a group of NGOs including Liberty,
Privacy International and Amnesty International
challenged Section 8(4) in the Investigatory Powers Tribunal. The IPT found in December that, in the light of disclosures of interception practice made by the
government in the proceedings, future use of Section 8(4) warrants would be ‘in
accordance with the law’ under Article 8 of the European Convention on Human
Rights. The legality of previous Section 8(4) interception has still to be
determined. [Now held to have been lawful: IPT judgment 6 Feb 2015, para 12.]
The justification for the Section 8(4) warrant is that investigating
terrorism and crime abroad is harder than domestically. It is said that a
Section 8(4) warrant is primarily aimed at external communications (sent, received
or both outside the British Islands) and not primarily at people located here;
and that the purpose of accessing external communications is primarily to
obtain information about people abroad. (IPT judgment, [145] and [147]).
But is the purpose of Section 8(4) to gain access to external
communications? Or is it to gain access to the communications of people outside
the British Islands? Is it a mixture of the two? Bearing in mind that people
within the British Islands may send and receive external communications, the objectives
are significantly different.
In fact Section 8(4) goes some way towards both objectives,
but gives full effect to neither. The
result is a warrant with an avowed purpose to intercept external
communications, but which in reality sweeps up both internal and external
communications and then treats them identically. Or, if its purpose is to access
communications of people outside the British Islands, it nevertheless allows some
access to the communications of people within the British Islands.
These points are especially significant when it is
appreciated that under Section 8(4) not only capture of communications but also
their searchability does not depend on pre-existing grounds for suspicion. The bulk capture stage is suspicionless. Agencies
trawling the intercepted material are then not confined to looking for activities of
known suspects. The agencies can use keyword and other subject-matter searches
to fish for new targets in the general pool of captured internal and external
communications. It is apt to describe
Section 8(4) as a fishing warrant.
This dual use of RIPA was confirmed by senior Home Office
official Charles Farr in the IPT proceedings:
“Other information that is
obtained via interception is used to identify other previously unknown
communications of existing targets, and
to identify new targets for investigation. Indeed, a significant proportion of initial intelligence leads derive
from interception operations.” (emphasis added) (Farr witness statement, paragraph 31)
This article discusses how the Section 8(4) warrant implements
the two avowed purposes and concludes with some observations on points for consideration
in the forthcoming likely reform of RIPA.
How far is it the
purpose of Section 8(4) to gain access to external communications?
A Section 8(4) warrant, like a targeted Section 8(1)
warrant, has to be for a statutory purpose: national security, preventing or
detecting serious crime or safeguarding the UK’s economic wellbeing (if relevant
to national security). These purposes
govern all three stages of the Section 8(4) warrant structure: Capture, Select,
Examine. The scheme is illustrated in this diagram:
Section 8(4) (in conjunction with Sections 8(5) and 5(6)) authorises “the interception of external
communications in the course of their transmission by means of a
telecommunication system”. However it also authorises “all such conduct
(including the interception of communications not identified by the warrant) as
it is necessary to undertake in order to do what is expressly authorised or
required by the warrant”.
In other words, internal as well as external communications
can be captured under a Section 8(4) warrant if they are unavoidably swept up
in the interception process.
On 4 July 2000 the government Minister Lord Bassam, in a letter to
Lord Phillips during passage of the Bill, pointed out that:
“Clause 8(5) could, for example,
make lawful the interception of internal communications where these mixed with
external communications on a trunk used mainly for external purposes.”
In the House of Lords debate on the Bill on 12 July 2000 he said:
“It is still the intention that
Clause 8(4) warrants should be aimed at external communications. Clause 8(5)
limits such a warrant to authorising the interception of external
communications together with whatever other conduct is necessary to achieve
that external interception. Whenever such a warrant is signed, the Secretary of
State must be convinced that the conduct it will authorise as a whole is
proportionate—my favourite word—to the objects to be achieved. His decision to
sign will be overseen by the Interception of Communications Commissioner.”
In the IPT proceedings Charles Farr said:
“Section 5(6)(a) makes clear that
the conduct authorised by a section 8(4) warrant may in principle include the
interception of communications which are not external communications insofar as
that is necessary in order to intercept the external communications to which
the warrant relates. But the primary purpose and object of any conduct
authorised or required by a section 8(4) warrant must consist in the
interception of external communications.” (witness statement, paragraph 155)
With this emphasis on external communications we might
expect the distinction between internal and external communications to suffuse the
whole of the Section 8(4) regime including the subsequent selection and
examination stages.
In fact, as can be seen from the IPT’s judgment, the
distinction has no relevance at those stages:
“It is also common ground that
the interception under a s.8(4) warrant (what the Respondents call “Stage one”)
occurs before any question of selection for examination (what the Respondents
call “Stage two”) arises under s.16. As
Mr Ryder put it, the relevance of the internal/external distinction has no
relation to the s.16 examination, when a communication may be accessed and
read. The identification of communication links for interception is, as he
described it, a ‘generic’ exercise, not an exercise which is done specifically
case by case and communication by communication.” [95] (emphasis added)
The criteria that constrain selection and examination are different from internal/external communication.
The primacy that Section 8(4) accords to external communications at the capture stage is thus of limited significance. External and internal communications are inseparable as they pass through a fibre optic cable. If the Secretary of State’s purpose is to capture external communications, and he has a basis for believing that the warrant will fulfil that purpose and is necessary and proportionate, Section 8(4) in practice authorises the capture of all communications passing through the cable whether internal or external. The captured communications, both internal and external, then form a common pool and are treated alike.
The primacy that Section 8(4) accords to external communications at the capture stage is thus of limited significance. External and internal communications are inseparable as they pass through a fibre optic cable. If the Secretary of State’s purpose is to capture external communications, and he has a basis for believing that the warrant will fulfil that purpose and is necessary and proportionate, Section 8(4) in practice authorises the capture of all communications passing through the cable whether internal or external. The captured communications, both internal and external, then form a common pool and are treated alike.
The limited significance of the external/internal
distinction in the overall scheme of Section 8(4) can also be seen in the IPT’s
discussion of the position if the Secretary of State had adopted an incorrect
legal interpretation of ‘external communication’.
“…the distinction only arises at
“Stage one”, when there is no examination:
i) All communications,
whether they be external or internal, intercepted by s.8(4) warrant
come to be considered for examination by reference to s.16 of RIPA, to which we
turn below. It is that section which does what Mr Ryder called in argument the
“heavy lifting”.” (emphasis in
original) [101]
The IPT also referred to what it termed ‘inchoate’ external
communications. This reflects the fact that in many cases the intercepting
agency cannot know whether it is capturing an internal or an external
communication. This is because the distinction depends on the location of the
sender or recipient when the communication is sent or received respectively.
For communications such as e-mails, the location of the recipient cannot be
determined by looking at the communication or its related communications data. The location of the mailbox may be
ascertainable, but that cannot reveal the location of a person who picks up the
message after the interception has taken place.
Lord Bassam recognised this for mobile roaming during the Parliamentary
debate on the Bill:
“Even after interception, it may
not be practicably possible to guarantee to filter out all internal messages. Messages
may well be split into separate parts which are sent by different routes. Only
some of these will contain the originator and the intended final recipient.
Without this information it will not be possible to distinguish internal
messages from external. In some cases it
may not be possible even if this information is available. For example, a
message between two foreign registered mobile phones, if both happened to be
roaming in the UK, would be an internal communication, but there would be
nothing in the message to indicate that.” (emphasis added) (Hansard, 12
July 2000)
The IPT judgment observed:
“It is inevitable that, when a
telephone call is made from a mobile phone or IPhone, or an email is sent to an
email address, it will not necessarily be known whether it will be received in
the United Kingdom or in the course of travel or at a foreign destination. It
is accepted that once and if received abroad by the intended recipient it will
be an external communication, even if the sender did not know, when he or she
made the call or sent the email, that that was to be the case.” [(94(iii)]
Selection and Examination
– people outside the British Islands?
The Selection and Examination stages follow Capture.
Examination is the point at which human analysts can read, look at or listen to
captured material. Although they are limited
to examining material described in the Secretary of State’s certificate on the
warrant, that description could be as wide as all communications between the UK
and a named country, or passing through a particular cable.
More significantly, analysts can (with some exceptions) only
examine material that has been selected in ways that do not breach the Section
16(2) prohibitions. These are the provisions that do the ‘heavy lifting’
referred to by the IPT. Generally they reflect the second avowed purpose of
Section 8(4) – to gain access to the communications of people outside the
British Isles, but not those of people within the British Isles.
Lord Bassam, in the House of Lords debate on 12 July 2000,
said:
“selection may not use factors
which are referable to an individual known to be for the time being in the
British Islands”
However RIPA is not that straightforward. Under Section
16(2) a selection factor is prohibited if it:
“(a) is referable to an
individual who is known to be for the time being in the British Islands; and
(b) has as its purpose, or one of
its purposes, the identification of material contained in communications sent by him, or intended for him.”
Lord Bassam’s summary reflects (a), but not the significant additional
limitation in (b). This narrows the scope of the Section 16(2) prohibition,
enabling at least one kind of search to be made using the name of someone known
to be within the British Isles.
Some examples illustrate the apparent effect of the Section
16(2) prohibitions. These apply whether the captured communications were
internal or external.
-
An analyst could not (without a modification to
the warrant) search for Joe Smith’s communications by (say) his e-mail address
if he knows that Joe Smith is within the British Islands.
-
If Joe Smith’s communication turns up in
response to:
o
a subject matter search (e.g. ‘Syria’), not
referable to any individual
o
a search using someone else’s name (not known to
be within the British Islands) or the name of a corporation
o
a search for his own name within the body of someone
else’s communication
o
a search for his own name aimed at finding his
own communications, if the agency does not know that he is for the time being
within the British
then according to the letter of Section 16(2) it could apparently be
examined. (However if the examination
itself involves a process of further selection, an analyst could be prohibited (without
a warrant modification) from focusing on communications of someone known to be within
the British Islands of which s/he becomes aware during examination.)
-
If Joe Smith has left the British Islands since
sending the communication, then the analyst could apparently search using his
name, since Joe Smith is no longer ‘for the time being’ within the British
As to the last point, the IPT judgment could be read differently
(para 143):
“Communications intercepted under
a s.8(4) warrant cannot be read if sent by or to a person located in the UK, by
reference to the s.16(2) procedure discussed at some length above.”
However that would not take account of ‘for the time being’,
which on the face of it refers to the time of search, not the time of the communication.
This extract from the Foreign Secretary’s evidence to the
Intelligence and Security Committee on 23 October 2014 also seems to conflate
time of communication and time of search:
“The
Foreign Secretary clarified after the meeting that, if a communication is
intercepted under an s.8(4) warrant, and if one end is outside of the UK, it
may be selected for examination without a 16(3) modification if the subject of
interest is the non-UK end of the communication; however, if the subject of
interest is the party in the UK, or if both ends are UK, there needs to be a
16(3) modification or 8(1) warrant authorised by the Secretary of State before
it can be selected. He undertook to write to the Committee with further detail.”
Section 16 provides some limited gateways permitting
examination even if the material was selected using factors prohibited by
Section 16(2).
The most potentially significant gateway is an additional certificate under
Section 16(3). This allows otherwise prohibited examination if the Secretary of
State certifies that selection by factors referable to the individual in
question is necessary for national security, prevention or detection of serious
crime, or national security-related UK economic wellbeing; and the material
relates only to communications sent during a maximum period of three months
(six months for national security). The extent to which Section 16(3) has been used is not public.
There is also a procedure known as an ‘overlapping’ Section 8(1) targeted warrant. The procedure was first described in the Interception
Commissioner’s Report for 1986 under the pre-RIPA interception regime. It
appears that its purpose is to buttress the examination of communications to or
from persons within the British Isles legitimately available for examination through
the Section 8(4) procedure. However the procedure’s exact use and legal
significance is unclear. The status of overlapping warrants and their relationship to Section 16(3) were issues during the passage of the Bill.
Reform of RIPA
Several reviews of RIPA are currently in progress. They include the Investigatory Powers Review by the Independent Reviewer of Terrorism Legislation under the Data Retention and Investigatory Powers Act 2014 (DRIPA), due to report by May 2015; the RUSI Independent Surveillance Review and an inquiry by the Intelligence and Security Committee of Parliament.
Reform of RIPA will be a priority after the 2015 General Election, with legislators mindful of the sunset date of 31 December 2016 for the RIPA amendments made by DRIPA. The pros and cons of Section 8(4) warrants will be hotly contested. Among the possibilities that we can anticipate being advocated may be:
Reform of RIPA will be a priority after the 2015 General Election, with legislators mindful of the sunset date of 31 December 2016 for the RIPA amendments made by DRIPA. The pros and cons of Section 8(4) warrants will be hotly contested. Among the possibilities that we can anticipate being advocated may be:
-
Abolish all suspicionless bulk capture of
communications.
-
Limit selection and examination under a Section 8(4)
warrant to communications of pre-existing suspects.
-
Maintain the status quo.
-
Enact more extensive powers.
There will of course be debate around broader overarching issues such as
whether it is any longer appropriate to treat communications data as deserving
less privacy protection than content.
RIPA is notoriously difficult to understand. The convoluted selection and examination provisions of Section 16 are among the most difficult to untangle. Whatever the eventual policy outcomes of the forthcoming debates, any new legislation should be
clear, accessible and reflect the purposes for which it is enacted.
The discussion above highlights some specific issues that are likely to have to be considered should Section 8(4) survive in any recognisable form.
Before commenting on these, one fundamental issue that will be relevant to any interception regime is hidden legal interpretations.
Before commenting on these, one fundamental issue that will be relevant to any interception regime is hidden legal interpretations.
Hidden Legal Interpretations
Legal interpretations are critical to the operation of RIPA. An obvious example is the interpretation of ‘external communications’. Others mentioned in this article include overlap of selection and examination, what constitutes an agency’s knowledge of someone’s whereabouts and whether it is bound to make enquiries, the relevance and extent of the various statutory purposes said to be embodied in the legislation, the significance of ‘for the time being’ in section 16(2) and the legal effect (if any) of overlapping warrants. There have been other examples, such as extra-territoriality.
The agencies conduct their activities on the basis of legal interpretations of the legislation which generally remain hidden from view. It took the extraordinary event of the Snowden disclosures for the government to reveal, in the resulting IPT proceedings, its particular (and widely criticised) interpretation of external communications.
It would be a significant step forward if the Interception Commissioner (or any future equivalent oversight body) were to be charged with publishing legal interpretations on the basis of which the agencies operate under interception legislation.
Turning to specific issues around Section 8(4):
Incidental awareness
Turning to specific issues around Section 8(4):
Incidental awareness
Section 16(2) is structured as if selection and examination
are separate phases. Yet if that were so, analysts would be able to examine and
use material of which they became incidentally aware as a result of a permitted
search, but which they could not legitimately have targeted directly.
If while reading a communication selected by means of a
permissible factor an analyst becomes interested in its sender or recipient,
and that person is known to be within the British Isles, does that amount to selection?
Does Section 16 then prohibit further examination without a modification to the
warrant? This ought to be the case, and may be supported by para 105 of the IPT
judgment, but is less than clear on the face of the statute.
This kind of issue may be covered in internal
intelligence agency guidance documents. It
ought to be specifically and clearly addressed in legislation. It also may bear on the use of overlapping Section 8(1) warrants.
Internal/external
communications
Warrants to intercept external communications go back to Section 4 of the Official Secrets Act 1920, which used the same
definition of external communications as does Section 8(4). However the distinction now has limited significance in the overall
scheme of Section 8(4) warrants. It is also curious that Parliament should have
knowingly hung Section 8(4) on the slender thread of something largely
unascertainable.
That is not to say that the distinction has no constraining effect on the initial interception stage. For
instance, could a Secretary of State sign a Section 8(4) warrant to tap a domestic
cable carrying 99% internal communications if his primary purpose and object was
genuinely to capture some of the 1% external communications?
The Secretary of State would have to consider whether the
warrant was necessary and proportionate, including in particular whether the
information thought necessary to obtain under the warrant could reasonably be
obtained by other means (Section 5(4)). Such considerations, and the requirement to certify a description of intercepted material considered necessary to be examined, ought to drive a Secretary of
State towards directing Section 8(4) warrants at cables that are most likely to
contain the highest proportion of external communications. That approach is borne out by Charles Farr’s
witness statement in the IPT proceedings (para 154):
“Thus, when conducting
interception under a section 8(4) warrant, knowledge of the way in which
communications are routed over the internet is combined with regular surveys of
internet traffic to identify those bearers that are most likely to contain
external communications that will meet the descriptions of material certified
by the Secretary of State under section 8(4)(b)(i) of RIPA. While this approach
may lead to the interception of some communications that are not external,
section 8(4) operations are conducted in a way that keeps this to the minimum necessary
to achieve the objective of intercepting wanted external communications.”
While broad considerations of necessity and proportionality give some comfort, they are not the most concrete of
protections. If Section 8(4) were to
survive in anything like its current form, consideration might be given to, for
instance, explicitly restricting it to international cables.
If it remained an avowed purpose of a Section 8(4) replacement to focus on interception of external communications, then consideration could be given to extending that beyond the capture stage. The
agency could be required (to the extent feasible) to sift out and discard internal
communications after capture. It could be required to cease examining a
communication that it realised was internal. If a selection/examination distinction based on a person's location within or outside the British Islands were to be retained, then the scope for examining communications of people within the British Islands would bear reconsideration .
Knowledge of location
of a person
The prohibited Section 16(2) selection factors refer to an
individual ‘known’ to be within the British Isles. The agency is therefore on the face of it
free to search for the communications of someone whose whereabouts are unknown,
or if it suspects but does not know that the individual is within the British
Isles (IPT judgment, [104] - [105]).
‘Known’ presumably means known to the agency. Does that mean known to the particular
analyst responsible for setting the selector, known to a group of analysts, or
include anything in the records and archives of the agency?
Does it include information within the intercept material
itself? One would assume not, since the agency could never safely set a name selector
to search the pool of intercept material if it was deemed to know everything
within it.
However there is a relevant difference between
content and related communications data captured under a Section 8(4)
warrant. The section 16(2) restrictions
do not apply to the related communications data.
The government argued before the IPT that this was justified
by the use of related communications data in order to determine whether someone
was for the time being within the British Isles. This was necessary in order
for the safeguard in Section 16(2)(a) to work properly:
“In other words, an important
reason why the Intelligence Services need access to related communications data
under the s.8(4) Regime is precisely so as to ensure that the s. 16 safeguard
works properly and, insofar as possible, factors are not used at the selection
that are - albeit not to the knowledge of the Intelligence Services -
“referable to an individual who is ... for the time being in the British
Islands”.” [112]
The government submitted that this was plainly the express,
and sensible, purpose of Parliament.
The government argument seems implicitly to posit some duty on the agency to enquire into the location of a selection target, albeit that is not spelt out in Section 16.
The government argument seems implicitly to posit some duty on the agency to enquire into the location of a selection target, albeit that is not spelt out in Section 16.
The IPT accepted that the different treatment of
communications data
“is justified and proportionate
by virtue of the use of that communications data for the purpose of identifying
the individuals whose intercepted material is to be protected by reference to
s.16(2)(a).”[114]
The IPT rejected the NGOs’ argument that use of
communications data for this purpose could be addressed by an exception in the
legislation, saying that it was an “impossibly complicated or convoluted course”.
That issue could be revisited in any reform of RIPA.
[Updated 2 Jan 2015 15.30 with additional reference to certificates; and 23.30 to substitute British Islands for British Isles (thanks to @RichGreenhill for pointing that out; and 3 Jan 2015 15:11 to add reference to RIP Bill debate on S16(3)/overlapping warrants.); and 8 February 2015 to add reference to further IPT judgment; and 10 June 2015 to add references to Sections 8(5) and 5(6).]
