There has been much discussion in the media and elsewhere about the use and misuse of the powers granted to many public authorities under the Regulation of Investigatory Powers Act 2000 and associated legislation. Stories about snooping on people for trying to get their children into a particular school or letting their dogs foul the street may make the front page, but they are not necessarily representative of how the powers are used in general. Sure, they should lead to questions about the implementation and effectiveness of the necessity and proportionality tests that are a mandatory part of the legislation, but there may be greater things to concern ourselves with when law enforcement and the intelligence community wish to grow and extend the use of data retention, monitoring and surveillance. This talk will give an overview of many years of practical experience and interactions with the public authorities authorised to seek access to information under RIPA, Part I, Chapters I and II.

1. Gareth Niblett, BCS ISSG Legal Day, 22nd January 2010

2. I am not a lawyer, but I know enough to want to
cover myself…
Any information provided is simply my view, which
comes from many years experience with RIPA and
related areas, from the original draft Bill through to
being being responsible for lawful intercept, data
retention and disclosure for voice & data services.
It may differ from the views and experience of
others. A lot of information has been left out.
Figures are from many sources, may be out of date,
rounded, deliberately imprecise, or simply wrong.

3.  Part I, Chapter I
 Intelligence Agencies, with NTAC as central focus
 Part I, Chapter II
 Around 650 Public Authorities
 Largest contingent is Police & Intelligence
▪ 80 Forces, Law Enforcement & Intelligence Agencies
▪ From Avon & Somerset to Wiltshire;
▪ SOCA, CEOP, PeCU, SO15, SFO, HMRC, RAF, MoD
▪ Police SPoCs – 600 (500 Internet trained)
▪ ABC SPoCs – 20

4.  Part I, Chapter I
 Raw voice or data in real‐time
 Part I, Chapter II
Have Want Amount
Phone Number Name & Address 80%
Address Name & Number
IP / Email Address Name, Address & Number
20%
Name & Address / Number Itemised Billing
Name & Address / Number Miscellaneous
 Split 80 / 20 – Telephony vs Internet

5.  Part I, Chapter I
▪ Interests of National Security
▪ Prevention or detection of serious crime
▪ Safeguard the economic wellbeing of the UK

6.  Part I, Chapter II
RIPA Purpose Amount
22(2)a Interests of National Security 40%
22(2)b Preventing / Detecting Crime 50%
22(2)c Interests of UK Economy <1%
22(2)d Interests of Public Safety <1%
22(2)e Protecting Public Health <1%
22(2)f Assessing or Collecting Tax 7%
22(2)g Preventing Death or Injury 2%
22(2)h Order by Secretary of State <1%

7.  Part I, Chapter I
 Warrant signed by Home Secretary, or designate,
is served on a Communications Service Provider
(CSP); advance notice & feasibility check usual.
▪ Can utilise a standing capability or require recipient to
co‐operate in deploying intercept in a timely fashion.
 Part I, Chapter II
 A RIPA Notice authorised by a Designated Person
is sent by an Accredited Single Point of Contact
(SPoC) to the CSP; except for Grade 1 (verbal).

8.  Part I, Chapter II
80%
70%
60%
50%
40%
30%
20%
10%
0%
Grade 1
Grade 2
Grade 3

9.  Part I, Chapter II

10.  Intelligence use of RIPA

11.  Part I, Chapter II

12.  Questions welcome, either now or later.
 More of me:
▪ Blog – www.infosecmaven.org
▪ Twitter – www.twitter.com/INFOSEC_Maven
▪ LinkedIn – uk.linkedin.com/in/garethniblett
▪ If you want direct contact details, please ask…