The Government’s powers make orders relating to information about communications have now moved from the Regulation of Investigatory Powers Act 2000 to the Investigatory Powers Act 2016. The associated Code of Practice provides useful information on the process for issuing three types of notice in particular: Communications Data Requests, Technical Capabilities Orders and Data Retention […]
Tag: Regulation of Investigatory Powers Act
This Act was passed in 2000 to ensure that various law enforcement powers were lawful under the Human Rights Act 1998. Mainly of relevance here for access to communications data and interception. After legal challenges, it was replaced in 2016 by the Investigatory Powers Act, which legitimises a wider range of powers… Go figure!
[UPDATE: I’ve added links to the Codes of Practice that authorities will use when preparing each of the orders] Under the current Regulation of Investigatory Powers Act 2000 (RIPA), organisations that operate their own private computer networks may receive three different orders relating to those systems. Any organisation that receives an order is, subject to […]
The amount of information stored in encrypted form is steadily increasing, supported by recommendations from the Information Commissioner and others. When deciding to adopt encryption, it’s worth planning for what might happen if the police or other authorities need to access it in the course of their duties. Normally the existing access rules under section […]
Interception definition and mailboxes
If you look up “interception” in most dictionaries you’ll find that it happens before an action has completed: in sport a pass can no longer be “intercepted” once it reaches a teammate. In a legal dictionary, however, that turns out not to be true. According to section 2(2) of the Regulation of Investigatory Powers Act […]
The EU has finally adopted a new Directive on attacks against information systems, first proposed in 2010. The Directive will require Member States, within two years, to ensure they meet its requirements on Activities that must be considered crimes; Effective sentences for those convicted of the crimes (including higher maximum sentences for aggravating circumstances such […]
I was asked recently how I saw current legal developments in Europe affecting the work of incident response teams, so here’s a summary of my thoughts. Understanding Data Protection law has always been a problem for incident response. Some of the information needed to detect and resolve incidents is personal data but laws are unclear […]
The Joint Committee on the Draft Communications Bill has published its report, concluding that while there is “a case for legislation which will provide the law enforcement agencies with some further access to communications data” the current proposal needs “substantial re-writing”. The Committee address three of the four concerns raised in our Janet evidence. They […]
I’ve made a Janet submission to the joint Parliamentary Committee considering the draft Communications Data Bill. It’s actually quite hard to predict what the effect of the Bill would be, as the Bill creates extremely wide powers for both the Home Secretary and Law Enforcement and the impact will depend on how those powers are […]
Shiny New Legislation
I was recently struck by just how new most of the legislation creating duties for operators of electronic communications network is. Compared to the Computer Misuse Act, which has only had one amendment since 1990, these laws seem to be changing a lot faster: Data Retention (EC Directive) Regulations 2009 – with a significant update […]
Home Office RIPA consultation
The Home Office have concluded that a couple of aspects of the Regulation of Investigatory Powers Act 2000 need to be fixed in order to comply with European law, and are doing a rapid consultation on the changes. Unfortunately although the consultation document is clear about what the problems are it doesn’t give a clear […]