There has been much discussion in the media and elsewhere about the use and misuse of the powers granted to many public authorities under the Regulation of Investigatory Powers Act 2000 and associated legislation.
Stories about snooping on people for trying to get their children into a particular school or letting their dogs foul the street may make the front page, but they are not necessarily representative of how the powers are used in general.
Sure, they should lead to questions about the implementation and effectiveness of the necessity and proportionality tests that are a mandatory part of the legislation, but there may be greater things to concern ourselves with when law enforcement and the intelligence community wish to grow and extend the use of data retention, monitoring and surveillance.
This talk will give an overview of many years of practical experience and interactions with the public authorities authorised to seek access to information under RIPA, Part I, Chapters I and II.
3. Part I, Chapter I
Intelligence Agencies, with NTAC as central focus
Part I, Chapter II
Around 650 Public Authorities
Largest contingent is Police & Intelligence
▪ 80 Forces, Law Enforcement & Intelligence Agencies
▪ From Avon & Somerset to Wiltshire;
▪ SOCA, CEOP, PeCU, SO15, SFO, HMRC, RAF, MoD
▪ Police SPoCs – 600 (500 Internet trained)
▪ ABC SPoCs – 20
4. Part I, Chapter I
Raw voice or data in real‐time
Part I, Chapter II
Have Want Amount
Phone Number Name & Address 80%
Address Name & Number
IP / Email Address Name, Address & Number
20%
Name & Address / Number Itemised Billing
Name & Address / Number Miscellaneous
Split 80 / 20 – Telephony vs Internet
5. Part I, Chapter I
▪ Interests of National Security
▪ Prevention or detection of serious crime
▪ Safeguard the economic wellbeing of the UK
6. Part I, Chapter II
RIPA Purpose Amount
22(2)a Interests of National Security 40%
22(2)b Preventing / Detecting Crime 50%
22(2)c Interests of UK Economy <1%
22(2)d Interests of Public Safety <1%
22(2)e Protecting Public Health <1%
22(2)f Assessing or Collecting Tax 7%
22(2)g Preventing Death or Injury 2%
22(2)h Order by Secretary of State <1%
7. Part I, Chapter I
Warrant signed by Home Secretary, or designate,
is served on a Communications Service Provider
(CSP); advance notice & feasibility check usual.
▪ Can utilise a standing capability or require recipient to
co‐operate in deploying intercept in a timely fashion.
Part I, Chapter II
A RIPA Notice authorised by a Designated Person
is sent by an Accredited Single Point of Contact
(SPoC) to the CSP; except for Grade 1 (verbal).
12. Questions welcome, either now or later.
More of me:
▪ Blog – www.infosecmaven.org
▪ Twitter – www.twitter.com/INFOSEC_Maven
▪ LinkedIn – uk.linkedin.com/in/garethniblett
▪ If you want direct contact details, please ask…