BAILII is celebrating 24 years of free online access to the law! Would you consider making a contribution?
No donation is too small. If every visitor before 31 December gives just £1, it will have a significant impact on BAILII's ability to continue providing free access to the law.
Thank you very much for your support!
[Home] [Databases] [World Law] [Multidatabase Search] [Help] [Feedback] | ||
United Kingdom Investigatory Powers Tribunal |
||
You are here: BAILII >> Databases >> United Kingdom Investigatory Powers Tribunal >> Privacy International v Secretary of State for Foreign and Commonwealth Affairs (Rev 1) [2018] UKIPTrib IPT_15_110_CH (23 July 2018) URL: http://www.bailii.org/uk/cases/UKIPTrib/2018/IPT_15_110_CH.html Cite as: [2018] UKIPTrib IPT_15_110_CH |
[New search] [Printable PDF version] [Help]
Neutral Citation Number: [2018]
UKIPTrib IPT_15_110_CH
No: IPT/15/110/CH
IN THE INVESTIGATORY POWERS TRIBUNAL
P.O. Box 33220
London
SW1H 9ZQ
23rd July 2018
SIR MICHAEL BURTON (PRESIDENT)
THE HON. MR. JUSTICE EDIS
SIR RICHARD MCLAUGHLIN
MR. CHARLES FLINT QC
MS. SUSAN O'BRIEN QC
- - - - - - - - - - - - - - - - - - - - -
Between:
|
PRIVACY INTERNATIONAL |
Claimant |
|
- and - |
|
|
(1) SECRETARY OF STATE FOR FOREIGN AND COMMONWEALTH AFFAIRS (2) SECRETARY OF STATE FOR THE HOME DEPARTMENT (3) GOVERNMENT COMMUNICATIONS HEADQUARTERS (4) SECURITY SERVICE (5) SECRET INTELLIGENCE SERVICE |
Respondents |
- - - - - - - - - - - - - - - - - - - - -
Mr T De La Mare QC, Mr B Jaffey QC and Mr D Cashman (instructed by Bhatt Murphy Solicitors) appeared on behalf of the Claimant
Sir James Eadie QC, Mr A O'Connor QC and Mr R O'Brien (instructed by Government Legal Department) appeared on behalf of the Respondents
Mr J Glasson QC (instructed by Government Legal Department) appeared as Counsel to the Tribunal
Hearing dates: 17, 18 and 19 October 2017, 1 December 2017, 10 January 2018, 26 February 2018 and 12 -13 March 2018.
- - - - - - - - - - - - - - - - - - - - -
JUDGMENT
Sir Michael Burton (President):
1. This is the Judgment of the Tribunal, to which all its members have contributed.
3. There were then the following issues remaining for resolution:-
(i) S.94 of the Telecommunications Act 1984 (“s.94”) relating to the obtaining of BCD, pursuant to directions given under that Act. This issue was expressed as whether there had been unlawful delegation of the statutory powers of the Foreign Secretary under s.94, but it has been expanded so as to include whether the directions given by the Foreign Secretary under s.94 complied with the terms of his statutory duty or were in accordance with the law (“Issue 1”).
(ii) What is the consequence of the finding of unlawfulness we made in the First Judgment in respect of the BCD regime prior to 4 November 2015 (resulting from our finding that there was contravention of Article 8 of the ECHR), now extended to cover the consequences of any conclusion made in respect of Issue 1 (“Issue 2”)? This is largely consequential on our findings on other Issues, and did not of itself require much consideration of evidence.
(iii) Sharing of BCD/BPD. (“Issue 3”) This issue is addressed on the basis of assumptions or hypotheses, a course regularly adopted by this Tribunal, and as further discussed in paragraph 61 below. On the hypothesis that there has been sharing of BCD or BPD, would that be lawful with (a) foreign agencies (at ECHR or EU law) (“Issue 3A”), (b) Law Enforcement Agencies (“LEAs”), such as the Police or HMRC (at ECHR, EU or domestic UK law) (“Issue 3B”), (c) contractors or researchers (called “Industry Partners”) (at ECHR or EU law) (“Issue 3C”).
(iv) Do the steps taken by way of collection, retention or use of BCD or BPD comply with the requirements of proportionality (there is not suggested to be any different test by reference to the ECHR or EU law) (“Issue 4”).
(i) The dedication and hard work of the Claimant’s representatives has been very considerable throughout this exercise, and the Tribunal, the public and indeed the Respondents owe them a debt of gratitude for their patience and perseverance, as well as their considerable and valuable inquisitiveness. It is not irrelevant that this Tribunal is called the Investigatory Powers Tribunal, because, in addition to reaching a number of judicial conclusions, it has been constantly necessary, in this case in particular, for the Tribunal, at the instance of the Claimant, but very often at the instance and with the assistance of the Counsel to the Tribunal, to probe and to consider fresh problems and lacunae.
(ii) Both for those reasons and because the Tribunal itself is anxious to assist in achieving improvements in the ways in which the Agencies carry out their responsibilities, there has been a constant increase in the amount of information made available to the public, always subject to the need to balance such openness against the needs of national security. As we have said before, it is important not to identify as the discovery of a failing what is, in fact, the identification of a welcome improvement.
(iii) We shall consider later the question of oversight, but that, too, is an iterative process, beginning in this case, as we have described in our First Judgment, with two Commissioners dealing with overlapping remits, and both achieving improvements by percipient identification of problems and discussion of solutions.
(iv) After recognising all of this, and recognising, too, the extremely sensitive area with which we are dealing, which inevitably means that those with responsibilities in those areas may be overcautious in what they feel able to say, we record that, on a number of occasions in the evidence before us, statements by those in a position of responsibility at GCHQ have had to be subsequently corrected. In each case such corrections have been made as a result of re-thinking or double-checking by the witness and his team of some of those issues. It is regrettable that mistakes were made to begin with and not identified earlier, and particularly in relation to Issue 1 the corrected errors have been influential in our conclusions (see paragraphs 12-15 and 40 below). We have identified in our accompanying CLOSED Judgment five further serious such errors which had been picked up by the Respondents themselves and corrected. To the extent that these errors were also present in information provided to the Commissioners, this will have meant that the Commissioners were not overseeing GCHQ on the basis of a complete and accurate picture of what it was actually doing. We are satisfied that the giving of the incorrect information constituted a breach of GCHQ’s duty to make disclosure to the Tribunal under s68(6) of RIPA, but the duty is a continuing one and we accept that the breaches have now been remedied.
7. We turn to consideration of the five issues. There is a CLOSED judgment, to which we have provided an open introduction, which is annexed to this Judgment as Appendix 1.
Issue 1: s.94
8. Following the First Judgment, a declaration was made that prior to 4 November 2015 the regime for the collection of bulk communications data (“BCD”) under s.94 Telecommunications Act 1984 did not comply with the law. The further issue now to be decided is whether the directions issued by the Foreign Secretary which required communications service providers (“CSP”) to continue to provide BCD to GCHQ after 4 November 2015 were unlawful, on the grounds that the power of direction had been unlawfully delegated to the Director of GCHQ. In the course of submissions that argument was widened to include the issue whether the directions failed to comply with the requirements of necessity and proportionality or were not in accordance with the law. There is no challenge to the legality of the directions issued under s.94 by the Second Respondent, the Home Secretary, to CSPs requiring production of BCD to the Security Service.
9. S.94, as amended from 25 July 2003, provides as follows:
94.— Directions in the interests of national security etc.
(1) The Secretary of State may, after consultation with a person to whom this section applies, give to that person such directions of a general character as appear to the Secretary of State to be [necessary] in the interests of national security or relations with the government of a country or territory outside the United Kingdom.
(2) If it appears to the Secretary of State to be [necessary] to do so in the interests of national security or relations with the government of a country or territory outside the United Kingdom, he may, after consultation with a person to whom this section applies, give to that person a direction requiring him (according to the circumstances of the case) to do, or not to do, a particular thing specified in the direction.
[(2A) The Secretary of State shall not give a direction under subsection (1) or (2) unless he believes that the conduct required by the direction is proportionate to what is sought to be achieved by that conduct.]
(3) A person to whom this section applies shall give effect to any direction given to him by the Secretary of State under this section notwithstanding any other duty imposed on him by or under Part 1 or Chapter 1 of Part 2 of the Communications Act 2003 …
10. At 4 November 2015 a number of directions made by the Foreign Secretary between 29 November 2001 and 16 September 2012 remained in force. On 14 October 2016, following receipt by the Respondents of a draft of the First Judgment, the Foreign Secretary made new directions which were intended to replace the existing directions and comply with a recommendation made by the IOCC that directions should indicate the specific communications data that is required to be disclosed. The Claimant also challenges the legality of those new directions, but only on the grounds of unlawful delegation.
11. There is no dispute that s.94 does not permit the Secretary of State to delegate to the Director of GCHQ the power to make a direction, under the principle established in Carltona v Commissioners of Works [1943] 2 All ER 560. The main issue in argument was whether the process under which directions made by the Foreign Secretary required the provision of communications data “if requested to do so by GCHQ”, but the specific data to be required under those directions was determined by GCHQ, amounted to a substantive transfer of the power conferred by s.94 on the Foreign Secretary personally. However, as the argument developed, it became clear that questions of proportionality and whether the directions were made in accordance with the law also required to be considered.
Evidence
12. The Respondents’ case on the delegation argument initially asserted that it was the Foreign Secretary, not GCHQ, who made the decision as to which communications data was required to be provided by each CSP. That case was based on the 4th open witness statement of the GCHQ witness dated 16 June 2017, which exhibited at GCHQ9 and GCHQ10 redacted forms of direction made by the Foreign Secretary. That evidence was very clear in stating that the role of GCHQ officials in making requests for communications data was “a purely formal one”, as the officials had no discretion as to the categories of data that were to be provided. It was stated that in practice the categories of data to be provided “are and always have been decided by the Foreign Secretary”. The basis for that statement was that, although the datasets to be provided were not specified on the form of direction used prior to 2016, (a) the datasets to be provided were “routinely” set out in the submission to the Foreign Secretary, (b) requests for communications data “were always made immediately following the making of the direction by the Foreign Secretary”, (c) in the event that GCHQ wished to change the datasets the approval of the Foreign Secretary had to be sought, and (d) no selection or alteration of datasets to be provided “has ever been made unilaterally by the Director of GCHQ or any other official”. That evidence formed the basis of the Respondents’ submissions at paragraphs 62 - 68 of the skeleton argument served on 6 October 2017, which were advanced orally at the hearing held on 17 and 18 October 2017.
13. That evidence was supplemented in the 8th witness statement dated 24 November 2017, which exhibited at GCHQ13 redacted copies of the form of “trigger letters” sent by the Director of GCHQ to the CSP. Reference was made to the 4th witness statement as describing the process by which s. 94 directions had been made, without any indication that that evidence might have been inaccurate.
14. On 16 November 2017 the Tribunal requested further details about the process by which s.94 directions were obtained from the Foreign Secretary. On 15 December 2017 the 10th witness statement of the GCHQ witness was served. That statement made a number of substantial corrections to the evidence which had been set out in his 4th witness statement. The witness accepted that in a number of cases the submissions to the Foreign Secretary did not specify the data to be sought from the CSP, the directions were of a general nature and the specific data to be provided were specified by GCHQ in trigger letters or orally. The explanation given for the errors was that the witness had relied on his own knowledge and understanding, and that it was only after the Tribunal had requested further information that further searches had been undertaken to identify the underlying documentation which was then analysed.
15. The Claimant applied for a direction that the GCHQ witness be cross-examined, and that cross-examination took place on 26 February 2018. The explanation of the witness for the errors in his 4th witness statement was that he had not fully read the file of relevant documents but had relied on information from others in GCHQ. That explanation was not entirely consistent with that advanced at paragraph 22 of his 10th witness statement and was surprising, given that the file of all relevant documents had apparently been compiled and made available to the IOCC for the purpose of his review which commenced in October 2015.
16. Following that evidence, the Third Respondent was unable to maintain the general submission that in all or most cases the effect of the direction was that the Foreign Secretary had made a decision specifying the particular communications data which the CSP was required to provide. Instead the argument now put forward is that the Foreign Secretary had power to make a general direction in effect covering all communications data held by the CSP, and to direct that data be provided as requested by GCHQ. That, it is argued, is a direction which does not involve any delegation to GCHQ even in cases where officials decide which sub-sets of data are to be provided under the direction.
17. The Tribunal has received a substantial volume of closed material which evidences the process under which s.94 directions were made by the Foreign Secretary and acted upon by GCHQ. That material includes submissions made by GCHQ, submissions and notes made by officials within the Foreign Office, directions made, letters requesting data sent by GCHQ to communications providers, and periodic reviews submitted to the Foreign Secretary by GCHQ on the scope and operation of the directions. Those documents comprise all directions made by the Foreign Secretary between 1998 and 2016 relating to communications data.
Facts
18. On the issues, the only relevant directions are those which remained in force as at 4 November 2015 (see paragraphs 22-31 below), and the replacement directions made on 14 October 2016 (see paragraph 37 below). All these directions were made under s.94(1) and required the production of communications data relating to communications through networks operated by the CSPs. A number of directions had been made between 23 March 1998 and 15 March 2001 but none of those directions remained in force on 4 November 2015.
19. During the relevant period the procedure for making directions under s.94 varied to some extent, but in general was as follows:
(a) GCHQ officials would discuss with a CSP what communications data could be provided to meet a current intelligence requirement;
(b) A written submission would be made to the Foreign Secretary, describing in general terms the type of communications data to be sought under the direction, the operational need to obtain such data, how the data would be used and (after 2003) the proportionality of using a direction made under s.94 for these purposes, and the grounds for keeping the direction secret; the submissions noted that the Director of GCHQ would be responsible for reviewing every 6 months the continuing need for the data to be supplied under the directions;
(c) The Foreign Secretary would make a direction in general terms which, in most cases, did not contain any limitation on the category of communications covered by the direction, but required production of data relating to all communications through the specified networks operated by the CSP. The standard form of direction set out the generic type of technical data required, but did not set any limits on the class of communications in respect of which that data was to be provided. The direction required the CSP to provide communications data “if requested to do so by [GCHQ]”. In that form the direction would have empowered GCHQ to require the production of any communications data from the networks operated by the CSP, not limited to any categories of communications which may have been described in the submission;
(d) In some, but not all, cases a copy of the direction made by the Secretary of State was sent or shown by GCHQ to the CSP;
(e) In some cases a letter, referred to in the evidence as a trigger letter, was sent by GCHQ to the CSP which specified the categories of communications in respect of which data was required by GCHQ. However in most of the relevant cases such letters cannot be found on the files of GCHQ or the CSP. As was accepted by the GCHQ witness, the likelihood is that in such cases the requirement to provide communications data and the specification of such data was communicated only orally.
20. At paragraph 11 of the 10th GCHQ witness statement it is stated that the standard form of directions contained “a redacted passage which gave more detail of the generic categories of data sought”. That is correct, in that the generic technical type of communications data to be provided was specified, but the directions did not define the categories of communications to which the direction applied. At paragraph 12 of the statement it is stated:
“[CSPs] have only ever been asked to provide communications data in respect of particular datasets relating to GCHQ’s intelligence requirements. Those datasets were not specified on the old form of direction [ie. the directions made before 14 October 2016]”.
21. To the extent that it is possible to do so in an open judgment, the facts relating to the relevant directions (i.e. those remaining in force at 4 November 2015 or made on 14 October 2016) are set out below.
22. On 22 November 2001 a submission was made to the Foreign Secretary seeking a number of directions under s.94(1). The submission was made following the attack on the World Trade Centre in New York on 9 September 2001. The operational case for such directions was clearly explained, concluding that GCHQ’s ability to obtain and analyse communications data was central to its counter-terrorism work. The submission did not set out which particular types of communications were to be targeted. It made clear that GCHQ was seeking a direction in general terms which would potentially permit it to request data of very wide scope, but stated that:
“GCHQ will in practice limit its requests to data that we can be confident is relevant to meeting [JIC] requirements for secret intelligence. GCHQ will consult with the [CSPs] prior to levying any new requirements on them …”
The submission (and most of the submissions referred to below) included a statement that the Director of GCHQ would be responsible for reviewing every 6 months the continuing need for the data supplied under the direction. The directions made on 29 November 2001 were in general form, covering all communications on any network operated by the CSP to which it was addressed. In some cases trigger letters were issued by GCHQ on 17 January 2002, which specified the particular subsets of data required. The trigger letters stated that the requirement under the direction would lapse after 6 months unless the request was further renewed.
23. When these directions were made on 29 November 2001, s.94 had not been amended to reflect the requirements of the Human Rights Act 2000. S.94 was amended from 25 July 2003 to introduce, inter alia, at s.2A the requirement of proportionality. From 1 April 2003 there was an internal compliance guide produced by GCHQ which set out in very general terms the Human Rights Act considerations which affected the use of s.94 directions.
24. From July 2004 the IOCC was made aware of the use of s.94 directions and was asked for his advice on some issues. However at that time IOCC did not review any of the directions, nor the submissions made to the Foreign Secretary.
25. On 30 October 2006 a submission was made seeking a further direction. The submission did specify, with reasonable clarity, the type of communications which the direction was intended to cover and clearly set out the necessity for the making of the direction. In respect of safeguards, the submission noted that the communications data would be used only for the purposes specified in s.4(2) of the Intelligence Services Act 1994 (“ISA”) and that a compliance document setting out how the data would be handled had been sent to the Foreign Secretary and to the IOCC. A direction was made which, in its particular context, did adequately specify the communications data which was required by GCHQ. The classes of data required by GCHQ were not set out in a trigger letter, but on the evidence the communications data provided were in line with the submission and the direction.
26. On 11 April 2007 a submission was made seeking a further direction. The submission did specify, with reasonable clarity, the type of communications which the direction was intended to cover and clearly set out the necessity for the making of the direction. In respect of safeguards the submission noted that the communications data would be used only for the purposes specified in s.4(2) of ISA and that a compliance document setting out how the data would be handled had been approved by the Foreign Secretary and reviewed by IOCC. All subsequent submissions seeking directions contained similar text in relation to safeguards. A direction was made on 21 April 2007 which, in its particular context, did adequately specify the communications data which was required by GCHQ. The classes of data required by GCHQ were not set out in a trigger letter but were in line with the submission and the direction.
27. On 11 June 2007 a submission was made seeking a direction in respect of specified parts of the networks operated by a CSP. That submission did specify the type of communications which the direction was intended to cover, and clearly set out the necessity for the making of the direction. The direction made on 21 June 2007 was made in general form applying to all communications through the networks operated by the CSP. The requirements made by GCHQ were set out in a trigger letter and were in line with the submission. The letter also stated that the requirement would lapse in 6 months unless renewed by the Director of GCHQ.
28. On 23 December 2009 a submission was made seeking a direction in respect of two discrete sets of data in relation to the networks operated by a CSP. The limitation on the scope of data to be provided had been agreed between the CSP and GCHQ. That submission did specify the type of communications which the direction was intended to cover, and clearly set out the necessity for the making of a direction limited to those classes of data. The direction was made on 6 January 2010 but was in general form applying to all communications through the networks operated by the CSP, notwithstanding the agreement with the CSP as to the limited scope of the data to be required. The requirements made by GCHQ were not set out in a trigger letter but were communicated orally to the CSP.
29. On 20 October 2011 a submission was made seeking a direction replacing some directions which had been made earlier. The submission specified the data to be drawn from the networks operated by the CSP. However the submission sought a general direction, noting that the direction would potentially allow GCHQ to request data relating to all communications through the networks operated by the CSP, but that “in practice requests have always been limited to sub-sets of data judged by GCHQ to be relevant to meeting [JIC] requirements for secret intelligence”. The direction made on 4 November 2011 was unlimited in scope, applying to all the networks operated by the CSP. The requirements made by GCHQ were not set out in a trigger letter.
30. On 4 July 2012 a submission was made seeking a direction. That submission did specify, with reasonable clarity, the type of communications which the direction was intended to cover and clearly set out the necessity for the making of the direction. The direction was made on 14 July 2012 which did adequately specify, in line with the submission, the type of communications which would be covered. The requirements made by GCHQ were not set out in a trigger letter. A further direction was made on 7 November 2012 in respect of another aspect of the networks operated by the same CSP. The submission and direction were in the same form as previously, identifying the particular category of communications data sought. The requirements made by GCHQ were not set out in a trigger letter.
31. On 10 September 2012 a submission was made seeking a general direction and set out in general terms the necessity for the making of the direction. The submission noted the wide scope of the direction sought, but stated that in practice requests had always been limited to sub-sets of data judged relevant to intelligence requirements. The submission noted that the ISCom had recently taken on the role of overseeing the use by GCHQ of data it acquired under the authority of s 94. The direction made on 16 September 2012 was unlimited in scope applying to all the networks operated by the CSP. The requirements made by GCHQ were not set out in a trigger letter.
32. In June 2013 the Foreign Secretary had imposed a requirement to be supplied with six monthly reviews conducted by GCHQ into the use of s.94 directions. On 13 February 2014 the first such review was submitted. At that stage it was in short tabular form which did identify all the directions in force, and provided a general picture of the scope of data being obtained and its utility. By 2015 the reviews were more extensive. Those reviews listed the directions, identified the CSP to which the direction had been given, identified in shorthand the programme or type of data obtained, and gave a general description of the frequency of use and some illustrations of the use to which the data thus obtained had been put. Examples were given of the occasions on which the data had been used to identify subjects of interest, and the benefit that had been derived from such identification. In some cases the reviews resulted in data feeds being removed from the categories of data which were required under a direction. The reviews were in substance an internal audit of the communications data being obtained under the directions, an assessment of the value of the information thus derived and an assessment of the proportionality of continuing to require and use such data. The review also considered the necessity of continuing to treat as secret the making of s.94 directions. The reviews demonstrate the substantial operational benefit derived from data provided under the directions.
33. In his evidence the GCHQ witness stated that from 2012 any variation in data to be sought under a direction was required to be the subject of a submission to the Foreign Secretary. However from the closed documents it is evident that such a practice had commenced in 2010. The effect of these documents is that as at 4 November 2015, notwithstanding the wide scope of some of the directions in force, a procedure was well established under which the Foreign Secretary was, through the six monthly reviews, regularly informed of the scope of the communications data being received from each CSP, and had required any variations in the scope of data requested to be the subject of a submission and approval.
34. It has been noted above that from 2004 the IOCC had been made aware of s.94 directions obtained by GCHQ, and that he had subsequently reviewed the GCHQ compliance documentation which applied safeguards to the handling of, inter alia, data derived from the s.94 directions. After Sir Mark Waller was appointed as ISCom in 2011 he was made aware of the use of s.94 by GCHQ and was responsible for the oversight of use of data thus acquired. By 2014 the ISCom had inspected most of the s.94 directions which were being utilised by GCHQ.
35. In January 2015 the IOCC was asked by the Prime Minister to extend his oversight to include directions given under s.94. In October 2015 the Commissioner commenced a review of the acquisition of bulk communications data under s.94. In July 2016 the review was published. Amongst the findings of the review, at paragraph 8.42, was that the directions made by the Foreign Secretary:
· “were very broad and provided a general description of communications data which was far wider than the requirement actually made of the (CSP), and
· the supporting documentation accompanying the section 94 direction then gave the specific details of the actual data sought including either by description and/or by the technical naming of the data; and
· the supporting documentation containing the specific data requirements has from time to time been modified to amend a data requirement …Each modification has been submitted to the Foreign Secretary for authorisation …”
Amongst the recommendations was that s.94 directions for bulk communications data should indicate the specific communications data required to be disclosed.
36. In cross-examination of the GCHQ witness and in submissions, the Claimant pointed to the apparent discrepancy between the conclusions of the Commissioner set out above and the facts which emerged in the 10th witness statement of the GCHQ witness. Our findings set out above differ in some respects from those conclusions. It was not always the case that there were trigger letters to the CSP which specified the data actually required by GCHQ under the direction. Nor is it clear on the evidence that in all cases the direction made by the Foreign Secretary was either served on or made available to the CSP. Prior to 2010 there was no requirement that any variation in the data to be provided under a direction be approved by the Foreign Secretary [Review para 8.42]. The 10th statement of the GCHQ witness is not clear on this point, but his oral evidence that in some cases a requirement was communicated only orally would suggest that in those cases the direction was neither served on nor shown to the CSP.
37. As a consequence of the recommendation of the IOCC, it was decided that all extant s.94 directions should be replaced. On 14 October 2016 new directions were made by the Foreign Secretary which replaced all former directions made under s94 (1). The new directions were, as recommended by the Commissioner, more specific as to the categories of communications data required by the Director of GCHQ.
38. On 25 and 26 April 2017 IOCCO on behalf of the Commissioner carried out an inspection at GCHQ of the arrangements in place for the acquisition of bulk communications data under s.94 and its use. The inspection findings were summarised as follows:
“GCHQ emerged very well from this first inspection by IOCCO regarding the acquisition of bulk communications data. It was clear that the standards highlighted in review report of section 94 directions had been maintained. The inspectors were satisfied that GCHQ is acquiring bulk communications data lawfully within the permissible parameters of the Telecommunications Act 1984 and for the correct statutory purpose.
A high standard of applications are produced for submission to the Foreign Secretary. GCHQ has taken full account of the recommendations in the IOCCO review report and integrated them into their processes.”
Further findings relevant to these issues were:
(at page 4) “The submissions to the Foreign Secretary were highly detailed, made explicit why the acquisition of BCD was required in the interests of national security, and the intelligence requirement or gap they were seeking to address. The submissions provided extensive detail as to how the BCD would address the operational requirement, the expected value of the intelligence to derive from the BCD, and why there was no appropriate or suitable alternative to the proposed conduct under the section 94 direction.”
(at page 5) “GCHQ undertakes reviews every 6 months as to whether the acquisition of BCD remains necessary and proportionate. The reviews are conducted in three parts:
· an audit of all current Directions;
· a quantitative assessment of the contribution to GCHQ operations of the data provided under these directions;
· a qualitative check on the value from data sources for which traceability to GCHQ outcomes is more difficult.”
39. It should be noted that those findings related only to directions issued on or after 14 October 2016. They are consistent with our findings in respect of those directions.
40. The 4th open witness statement of the GCHQ witness had not given an accurate picture of the process under which the directions prior to 14 October 2016 had been made and implemented. As the files of all s.94 directions made by the Foreign Secretary had apparently been collated and made available to the IOCC in 2015 it is surprising that those files were not carefully examined before the 4th witness statement was made. It is also difficult to see how any detailed review of a number of the submissions and directions made between 2001 and 2012 could have missed the point that there were several submissions which explicitly reserved to GCHQ the discretion as to what data would be sought from the CSP, and in only a small number of cases was there any evidence of trigger letters on the files.
Legal Issues
41. The text of s.94, as amended from 25 July 2003, is set out at paragraph 9 above. The directions made on 29 November 2001, some of which were still in force on 4 November 2015, preceded the coming into force of the amendments made by the Communications Act 2003. In those cases s.94 had not required the Foreign Secretary, when making the direction, to make a judgment as to whether it complied with the principle of proportionality.
42. The issue of delegation depends on the proper construction of s.94 and the factual analysis of the purpose and effect of the directions made by the Foreign Secretary. It is accepted by the Respondents that the Secretary of State had no power to delegate to the Director of GCHQ the power conferred by s.94(1). In Wade & Forsyth on Administrative Law 11th Ed at page 260, in discussing the maxim delegatus non potest delegare, the author states:
“The vital question in most cases is whether the statutory discretion remains in the hands of the proper authority, or whether some other person purports to exercise it.”
The issue is thus whether there was in substance a transfer from the Foreign Secretary to GCHQ of the effective power to impose a requirement on the CSP. The fact that in form the standard direction required the provision of communications data “if requested by GCHQ” would not in itself constitute delegation, provided that GCHQ requested only those classes of communications data which the Secretary of State had himself decided should be provided. In effect that phrase has the meaning that data should be supplied as and when requested, and is dealing only with the mechanics of provision of the data.
43. The revised argument put by the Respondents at the hearing on 12 and 13 March 2018 is that the Secretary of State had power to give a general direction to the CSP requiring it to provide information as requested by GCHQ. The core of the argument was set out at paragraph 6 and 8 of the skeleton argument dated 8 March 2018 as follows:
“The Secretary of State could, without unlawful delegation, direct the CSP to provide a category of data with subsets of that data being in effect called off from time to time by GCHQ. The fact that the mechanism for operating the data provision involved decision making by GCHQ does not entail unlawful delegation by the Secretary of State. The provision of the subset and this mechanism was authorised by the Foreign Secretary; and the production of the data in this way was the subject of the direction made by the Foreign Secretary to the CSP. The authorisation of the greater (all categories of data referred to in the direction) encompassed authorisation of the lesser (eg sub-sets of it from time to time called off by GCHQ). … The Secretary of State in issuing a direction in this form has evidently concluded that it is necessary in the interests of national security for the breadth of the categories of data referred to in it to be provided.”
44. The principal difficulty with that argument is the factual point that in most cases the submissions made to the Foreign Secretary do not support the proposition that it could be necessary in the interests of national security, let alone proportionate, to require the CSP to make available to GCHQ the entirety of the communications data generated by its networks. To the contrary, in most cases where a general direction was made it had been made clear in the submission that there was only an operational requirement for the provision of data in respect of certain classes of communication, albeit that the data to be required in the future might vary in line with intelligence requirements. Where, in some submissions, the reason for making a general direction was addressed, the only reason advanced was to provide flexibility for GCHQ to select whatever subsets of data it might consider necessary. There was no suggestion in such written submissions that it was indeed necessary in the interests of national security for all communications data held by the CSP to be made available to GCHQ. Those submissions expressly noted that it would be GCHQ, not the Foreign Secretary, which would determine the scope of the sub-sets of data required to be provided by the CSP.
45. It is necessary to note the parallel provisions of sub-sections 94 (1) and 94 (2). The argument of the Respondents would lead to the conclusion that the “directions of a general character” made by the Foreign Secretary empowered GCHQ to impose a requirement on the CSP to do “a particular thing”, i.e. to provide the communications data as specified by GCHQ, not as specified by the Foreign Secretary. The Respondents’ argument now recognises that, in most cases, GCHQ officials made the decision as to which subsets of data were to be provided. It is no answer to the delegation argument to state that the Foreign Secretary had, through a general direction, authorised GCHQ to decide which data should be required to be provided by the CSP. Both general and particular requirements are, under s.94, to be imposed only by personal direction of the Foreign Secretary.
46. In answering the question whether the substance of the power to make a direction has been delegated to GCHQ it is necessary to take account of the way in which the general directions made by the Foreign Secretary were used in practice. Officials decided, in discussion with the CSP, what types of data the CSP could provide to meet a current intelligence requirement. The CSP would then be informed that the Foreign Secretary had made a general direction, but the effect of that direction would depend entirely on the datasets which GCHQ selected for provision. Where there was a letter to the CSP it was generally stated that the requirement would expire after 6 months, unless renewed by GCHQ, and that was in line with the submissions which had been made to the Foreign Secretary. The power exercised by GCHQ was thus a substantive power to determine the content and duration of the requirement to be imposed under the direction.
47. For those reasons we conclude that in cases in which the submission had sought a direction in order to enable GCHQ to obtain data relating to particular classes of communication (whether or not the submission specified those classes), but the Foreign Secretary made a general direction which applied to all communications through the networks operated by the CSP (“targeted requirement/general direction cases”), there had been an unlawful delegation of the power conferred by s.94(1). However, as noted above (at paragraphs 32 and 33), the Foreign Secretary had from 2010 imposed a requirement that any variation in the scope of data to be provided under a direction required his approval, and from 2014 the Foreign Secretary was supplied with regular 6 monthly reviews setting out in detail the scope and justification for the data being provided under s.94 directions. So by 4 November 2015 there was in substance no delegation of power from the Foreign Secretary to GCHQ. The effect of the requirements imposed from 2014 onwards was that it was the Foreign Secretary, not GCHQ, who decided the scope of the continuing requirements to be imposed on a CSP under s.94(1).
48. The directions made on 14 October 2016 did, as recommended in the review conducted by the IOCC, specify the scope of the data requirement imposed on the CSP. The Claimant submits that there was delegation in these cases, but only on the ground that the form of the directions continued to include the words “if requested to do so by GCHQ”. That is a point of formalism, not substance, because the closed documents make clear that the scope and effect of the directions were determined by the Foreign Secretary. The letters of request, accompanied by the direction, sent by GCHQ to each CSP (a redacted example of which is at GCHQ 13) were fully in line with the submission on the basis of which the Foreign Secretary had made the direction. Those directions, as confirmed by IOCCO in its review, properly specified the datasets which the CSPs are required to provide. Under those directions there was no impermissible delegation to GCHQ officials.
49. Under s.94 (2A):
“The Secretary of State shall not give a direction under subsection (1) or (2) unless he believes that the conduct required by the direction is proportionate to what is sought to be achieved by that conduct.”
In the case of general directions made after subsection 2A came in to force on 25 July 2003, the Foreign Secretary was thus required to consider whether the conduct required by the direction, that is the provision to GCHQ of all or any of the communications data held by the CSP, was proportionate to the necessity to meet an intelligence requirement in the interests of national security. In those targeted requirement/general direction cases in which the submission sought only a direction under which GCHQ could obtain particular classes of communications which were of current intelligence interest but the direction made was of general scope, applying to all communications through the specified networks operated by the CSP, the direction went further than was required to achieve the legitimate and necessary aim of securing access to the communications data which GCHQ actually required. In those cases where such a general direction was made after 25 July 2003, it did not comply with the requirements of subsection 2A.
50. The Claimant puts its argument primarily on the impermissibility of delegation to GCHQ, an argument which Mr. De La Mare QC at one stage described as a technical point. But the wide scope of the directions made by the Foreign Secretary raises a more substantial point as to whether such directions, which fail to define the categories of communications to which they apply, could, even if lawfully made under s.94, be treated as “in accordance with the law” under Article 8. In the Claimants’ reply argument dated 13 October 2017 at paragraphs 10 & 11 the point was made that it would not be permissible for GCHQ to exercise the scope of discretion purportedly conferred under the standard form general directions, so those directions were not in accordance with the law.
51. In the First Judgment at paragraph 62 we stated that in considering whether measures are compatible with Article 8 as being in accordance with the law:
“There must not be an unfettered discretion for executive action. There must be controls on the arbitrariness of that action. We must be satisfied that there exist adequate and effective guarantees against abuse.”
In those targeted requirement/general direction cases referred to at paragraph 47 above the general form of direction did not comply with that test. The scope of any requirements which could be made by GCHQ under the directions was limited only by reference to the networks identified in the direction, not by any limitation on the categories of communications in respect of which data could be obtained. The scope of the data to be obtained is not specified in the direction, but in practice was communicated to the CSP only through a trigger letter or an oral requirement from GCHQ. In theory the agency could have used the general form of such directions to impose on the CSP a requirement to produce communications data which extended beyond the scope of any data requirement which had been sanctioned by Foreign Secretary, a point which was expressly acknowledged in some of the submissions made. Sub-sections 3 (2) and 4 (2) (a) of the ISA would have prevented GCHQ from requiring the provision of data otherwise than in the interests of national security (or for other statutory purposes) but provided the data was required for such purposes the general directions gave GCHQ unfettered discretion as to the requirements to be imposed upon a CSP. In form a general direction was a carte blanche. In practice it was not treated as such, and there is no evidence that GCHQ ever sought to obtain communications data which fell outside the scope of data which had been sought in the submission to the Foreign Secretary. After about 2010 any variation in the scope of data sought under a general direction was the subject of a submission to and approval by the Foreign Secretary. Since the practice of requiring 6 monthly reviews was instituted in 2013 and full oversight by the IOCC commenced in 2015, any arbitrary use of the directions would have been most unlikely to have escaped scrutiny. In general it appears that from at least 2014 onwards great care was taken to ensure that the Foreign Secretary was made aware of and approved the scope of the requirements being imposed on CSPs.
52. But the existence of those controls is not an answer to the point of principle that the form of general directions employed, if otherwise valid under the provisions of s.94, did purport to give unfettered discretion to the agency as to the type of communications which should be treated as covered by the direction. The lack of legal control on the discretion of the agency is compounded in those cases where the specific requirement was not communicated in writing to the CSP. The CSP would not be in any position to question the scope of the requirement communicated, because the CSP would have no knowledge of the limited basis upon which the direction had been made, and on the face of the general direction (if provided) the CSP was required to produce any data which GCHQ requested. In those targeted requirement/general direction cases referred to at paragraph 47 above, the form of the general direction made by the Foreign Secretary did not comply with the requirement under Article 8 that measures taken by the state should be in accordance with the law.
53. For those reasons we conclude that most of the relevant directions made between 29 November 2001 and 7 November 2012 were not lawfully made under s.94. In the closed judgment we list the relevant directions which remained in force on 4 November 2015 and set out in summary form our reasons for determining whether or not each of those directions complied with the legal principles set out above. Applying Rule 6 of the Investigatory Powers Tribunal Rules we conclude that it would be contrary to the interests of national security to identify either the identities of the CSPs in respect of which directions were made, or the number of such directions in force at any particular time. In each case disclosure of such information might risk giving indications as to the coverage of directions issued. In accordance with the guidance given by the Court of Appeal in R v Secretary of State for Foreign and Commonwealth Affairs ex p Sarkandi [2015] EWCA Civ 867 at paragraph 26, as much information as can properly be disclosed is set out in this open judgment.
54. It is important to note that, although some of the directions were in our judgment not lawfully made under s.94, on our review of the closed documents we are clear that the actions taken by GCHQ to obtain BCD under the general directions made by the Foreign Secretary were limited to the classes of communications data which had been sought in the submissions, and were clearly necessary in the interests of national security, and proportionate. The 6 monthly review reports prepared by GCHQ from 2014 onwards carefully reviewed the scope, operational need and proportionality of the actual requirements imposed in order to acquire BCD. On the closed evidence, the operational intelligence need for the data requested, and the proportionality of using s.94 as the only practical means of obtaining such data, is very clearly established. The broad scope of the general directions did not in practice lead to the provision of any BCD which could not lawfully have been required under s.94, within the limits prescribed by Article 8.
55. It was entirely understandable that in the aftermath of the 9/11 attack on New York the directions made in November 2001 should have been drafted broadly so as to allow GCHQ to vary the data it sought as intelligence requirements rapidly developed. But the scope of those directions should have been reviewed after s.94 was amended in 2003. By 4 November 2015 adequate and effective arrangements were in place (as set out at paragraph 33 above) to ensure that the acquisition of BCD by GCHQ was regularly monitored and reported, and any variations in the extent of data collected required to be approved by the Foreign Secretary. So in practice by 2014 it was the Foreign Secretary who determined the scope of data collection permitted under all directions which remained in force. In addition, from October 2015 the acquisition of BCD under s.94 directions was subject to oversight by the IOCC. The fact that after extensive disclosure of documents, to the parties in open evidence and to the Tribunal only in closed evidence, and detailed submissions, we have concluded that some of the directions were not, when made, lawful, does not indicate that oversight by IOCC after 4 November 2015 was ineffective. To the contrary, the core recommendation made by the Commissioner in his careful review published in July 2016 was that the directions made by the Foreign Secretary should not be in general form but should specify the communications data to which they were intended to apply. That is substantially the same point that underlies our own decision on the legality of some of the s.94 directions made by the Foreign Secretary.
56. The Claimant argues at paragraphs 61 and 62 of its skeleton argument dated 22 September 2017, that in the light of the change in the evidence from GCHQ the submissions made by the Respondents to the Tribunal at the hearing held in July 2016 were materially misleading. We are not persuaded that those general statements that the s.94 directions had been made by the Secretary of State were misleading. However it does follow from the conclusions reached above that the submissions made in the Respondents’ Skeleton argument dated 6 October 2017 at paragraphs 62 to 68, in asserting that the selection of data had been the decision of the Secretary of State, cannot be supported. Those submissions were based on the 4th witness statement of the GCHQ witness which was materially inaccurate.
57. On the basis of the evidence reviewed above we are satisfied that the acquisition of bulk communications data under lawful directions made under s.94 by the Foreign Secretary on 14 October 2016 was and remains necessary and proportionate.
Issue 2: Consequences
(i) The effect of our conclusions on Issue 1 is that a number of directions made by the Foreign Secretary were not lawfully made, but that in substance and effect from about 2014 there was no unlawful delegation of power, nor was there a disproportionate use of such directions. For the reasons set out at paragraphs 54 and 57 above, the evidence is that the communications data obtained by GCHQ under such directions was within the proper scope of s.94(1) and the acquisition was both necessary and proportionate.
(ii) We bear in mind the potential effect on third parties, the CSPs, who had no reason to believe that the directions, compliance with which was being required, were other than lawful.
(iii) For the reasons set out in paragraph 53 we are not able to identify in open which directions were lawful and which unlawful, and hence, even if otherwise minded to do so, we would not be in a positon to quash some and not others.
Issue 3A: Sharing with Foreign Agencies.
62. There has subsequently been more detailed disclosure as to the safeguards applicable in the event of any sharing taking place, which were set out in a detailed appendix to the Respondents’ skeleton for the October hearing, and which we append to this Judgment as Appendix 2. In paragraph 9 of the second amended witness statement of the GCHQ witness, he clearly set out the following; -
“Whilst we can neither confirm nor deny whether the SIA have agreed to share or in fact do share BPD/BCD with either foreign liaison partners or LEA, were we to do so we would
· Follow the principles and approach set out in our respective handling arrangements and policy/guidance
· Take into account the nature of the BPD/BCD that was due to be disclosed
· Take into account the nature/remit of the body to which we were considering disclosing the BPD/BCD
· Take into account the approach taken by any other SIAs who may have shared bulk data and have regard to any protocols/understandings that the other agencies may have used/followed.
· Depending on the individual circumstances seek assurances that the BPD/BCD in question would be handled in accordance with RIPA safeguards i.e. that it would be disclosed, copied, distributed and retained only to the minimum extent necessary for the purpose of RIPA (in the interest of National Security, for the purpose of preventing or detecting Serious Crime or for the purpose of safeguarding the economic well-being of the UK).
· If relevant to the particular circumstances, seek assurances that its use was in accordance with the UK’s international obligations.
· Any data shared with the organisation would be shared on the basis that it must not be shared beyond the recipient organisation unless explicitly agreed in advance or approved through the Action-on process. Action-on is a process which is used by each of the Agencies.”
(i) the existence of adequate safeguards against abuse by the Executive.
(ii) sufficient disclosure of the capability to share, and of such safeguards, for the purposes of the test of foreseeability. We are satisfied that the disclosure of the Handling Arrangements in November 2015 was a sufficient disclosure for the purposes of the test of foreseeability, which does not require, in the field of national security, the disclosure of any greater detail.
(iii) the existence of sufficient oversight arrangements.
(i) as to whether it is necessary and proportionate to supply BCD and/or BPD in whole or in part to such Agency.
(ii) as to whether in relation to such sharing, the relevant Agency can be satisfied that, as far as possible, the arrangements which ensure the security of BCD and/or BPD in their custody can be replicated in the hands of the recipient. This would be achieved in relation to those recipients who have been regularly trusted in the past. In any given case, and certainly in relation to those recipients where such are not, or are no longer, in that category, then due diligence, or what SIS called an “information gathering exercise”, would be carried out at the time.
(iii) by ensuring so far as possible that there is control over what is supplied and therefore that sanctions can be applied in the event of non-compliance, and we considered the existence, operation and effectiveness of what is called the “Action-on policy”, referred to in paragraphs 31 and 71 of Appendix 2.
68. Our attention has been drawn to the following guidance:-
(i) in MK v. France Application 19522/09 ECtHR 18 July 2013 at paragraph 41, the Court appears to have taken the view that the test in considering the viability of a safeguard – or, in our case, of supervision - was whether it was “practical and effective” rather than “theoretical and illusory”.
(ii) In R (Catt) v. ACPO [2015] AC 690 at para.33, there was discussion about a system of safeguards within the context of the ECHR, which suggested that a system could be satisfactory even though it was not proof against mistakes, from which the parties before us drew a conclusion that what was critical was that there was no ‘systemic’ failure.
(iii) In Zakharov v. Russia [2016] 63 EHRR 17 at para.302, the Grand Chamber, addressing the need for adequate and effective guarantees against arbitrariness considered compliance with “the requirements of independence, powers and competence which are sufficient to exercise an effective and continuous control, public scrutiny and effectiveness in practice.”
69. We would suggest the following approach:-
(i) The fact that errors occur in the handling of data does not necessarily establish that safeguards or oversight were not effective; no oversight can be expected to prevent any errors occurring.
(ii) The mere fact that errors are reported, or are detected by internal or external audit, may be evidence that the oversight system is working, not that it is defective.
(iii) There is a duty on the Agencies (now statutory in the IPA 2016 at s.235) to report to the Commissioner anything that is material for the Commissioner to know in order to perform his oversight function properly; if there has been a failure to report a material use of data, of which the Commissioner might not be aware, such as disclosure of data to Industry Partners, then that is to be treated as a failure - in that respect - to ensure proper safeguards and oversight.
(iv) A Commissioner has a considerable margin of appreciation as to what resources he needs to perform his functions correctly, and there are no grounds for criticism of his decisions as to how he applies those resources; it is not the function of the Tribunal to audit the performance of a Commissioner’s functions; the fact that a new Commissioner might take a different view on an issue does not establish that there were not adequate and effective arrangements before.
(v) The question may well be capable of being resolved by reference to whether there has been a systemic failure in oversight arrangements, not whether in particular respects the performance of the Agencies can be criticised.
Issue 3B:- Sharing with LEAs.
73. There is no admission by the Respondents that any BCDs or BPDs are provided to, or shared with, LEAs. There is however no challenge to the supply to LEAs of the product of information derived lawfully by the Agencies. If there were such sharing of BCDs, or BPDs, then there would be the same safeguards as appear in the Appendix to this Judgment. The Claimant submits that supply by the Agencies to the LEAs of BCDs and BPDs, if that occurred, would be a breach of the Padfield principle [1968] AC 997, because there would be an evasion of the restrictions on acquisition of information by the LEAs imposed by the provisions of RIPA. However, the Respondents submit that it would be lawful for GCHQ to provide data obtained by means of s.94 directions to LEAs, on the basis that those other LEAs required the data for the purposes of combatting serious crime. GCHQ obtains data pursuant to s.94 in the interests of national security, which is one of its statutory purposes as listed at s.3(2) of ISA. The Respondents then rely upon s.19 of the Counterterrorism Act 2008 (“CTA”):-
“(2) Information obtained by any of the Intelligence Services in connection with the exercise of any of its functions may be used by that Service in connection with the exercise of any of its other functions.
…..
.(5) Information obtained by GCHQ for the purpose of any functions may be disclosed by it -
(a) for the purpose of the proper discharge of its functions or
(b) for the purpose of any criminal proceedings.”
“that there are arrangements for securing that no information is obtained by GCHQ except so far as necessary for the proper discharge of its functions, and that no information is disclosed by it except so far as necessary for that purpose or for the purpose of any criminal proceedings.”
77. That resolves the issues relating to domestic law and the impact of the ECHR. It may be, however, that if there is sharing of BCD obtained under a s.94 Direction with LEAs for the purposes of the investigation of serious crime, the issue so far as EU law is concerned would need to be reconsidered after the outcome of this Tribunal’s Reference to the CJEU. The Respondents have set out in paragraph 61.2 of their Skeleton Argument dated 6 October 2017 why they contend that any such sharing would fall outside the scope of the EU Treaty and of the e-Privacy Directive. Referring inter alia to paragraph 48 of our Second Judgment, they state that such sharing would not amount to an activity of any provider of electronic communications services, and so (even if falling within the EU Treaty) would be excluded from the scope of the e-Privacy Directive, and that the CJEU’s decision in Opinion 1/15 (ECLI:EU:C:2017:59) should not lead to a different decision. That may remain for consideration after the outcome of the Reference.
Issue 3C: Sharing with Industry Partners
82. Sir Mark Waller has confirmed that he was unaware of any industry sharing of BPD. There is no good reason why he was not briefed about the remote access arrangements to BPD so that he could consider whether they were justified and robust. This is a failure of oversight, not caused by Sir Mark, but by GCHQ. The process of oversight requires co-operation between the overseer and the overseen, and it is the judgment of the Tribunal that setting up an arrangement which enables an external contractor to access remotely data held by GCHQ is a step of sufficient importance to require justification on each occasion when it happens. It is also important enough to require oversight, if the Commissioner thinks it necessary. That means that it must be communicated to the Commissioner. The very limited extent of the arrangement may have meant that the Commissioner would not have scrutinised it further, but he ought to have been able to decide that for himself.
83. It is clear from the confidential annexes to Sir Mark Waller’s Reports for 2015 and 2016 that he carried out oversight of BPD across the three agencies.
a. In 2015 he scrutinised in detail BPDs across the three agencies. This represented a reasonable sample. He approves of the way in which MI5 and SIS deal with this material. In respect of BPD at GCHQ he explains the controlled way in which only a minority of GCHQ staff have access to BPD. He does not say that he is aware that anyone other than GCHQ staff has any access at all. He identified inadequacies in paperwork at GCHQ which caused him to express “deep concern” in one respect. He was also informed during an inspection that a BPD had been shared with the other agencies without prior authorisation in breach of the handling arrangements. He concluded
“I welcomed that GCHQ raised this error and acknowledged the urgent nature of the situation, however the Handling Arrangements are clear and must be followed even in urgent situations.”
b. Sir Mark was certainly aware of the use of contractors by the UKIC. In the 2015 Confidential Annex, Sir Mark identified breaches by a contractor in relation to MI5 protective monitoring measures, not related to BPD. There was also one such breach by a contractor in relation to BPD which he took “very seriously and wanted to know what action would [be taken] in relation to [the] employee.” He also reviewed the protective monitoring of the BPDs held by SIS and GCHQ. In relation to GCHQ he noted that in the first half of the year some investigations were triggered by the system. They revealed that all the searches concerned had a legitimate business reason and were both necessary and proportionate. The 2016 Confidential Annex also revealed a serious breach at MI5 by a user and a relative minor breach by a contractor. He recommended that MI5 should make it clear to all seconded staff and contactors working there that they are subject to MI5 rules of conduct. He was informed that a member of staff at GCHQ had tried to leave the building with a Top Secret document. He was arrested and “other material” was found when his home was searched. No charges were brought.
c. Sir Mark was aware specifically that GCHQ used external contractors on its sites. This was not connected with BPD, but means that it would not be true to say that he did not appreciate that this practice occurred. His suggestion that he did not know about industry sharing is to be read with this in mind. He did not know that industry partners had direct access offsite to BPD.
d. The potential risk arising from permitting external contractors to have privileged user rights as explained by Dr. Hosein is not mentioned in any of Sir Mark’s reports and it is not known whether he was aware of this.
84. The Tribunal considers that some bulk datasets have a commercial and, perhaps, political potential value. This means that access to them by those who may have the interests of their employer (a commercial concern) at heart, when there may be a conflict between those interests and the national interest in the proper functioning of GCHQ, should be the subject of the most careful safeguards and oversight. It is clear from the evidence of the GCHQ witness that the general rule is that data is not transferred to such external bodies, nor do they have remote access to it. However, the exceptions identified above, isolated as they appear to be on the evidence, demonstrate in our judgment an inadequate appreciation of the risks involved to the privacy rights of those whose data has been harvested and stored. We do not consider that this represents a systemic failure such as to render either that harvesting or storage, or the oversight of it, unlawful. We do consider that it is for GCHQ to escalate the significance of this activity to an appropriate level of priority, and for IPCO to consider how it should be overseen in future.
85. As far as the use of external contractors at UKIC premises is concerned, the Tribunal accepts that this is not “sharing” in the sense used in setting the parameters of this claim. Whether it is right that it poses no extra risk as against using directly employed staff is a matter which needs to be kept under review in the light of experience. No doubt the management of the risk depends on the vetting, protective monitoring measures, active supervision and on the oversight of the effectiveness of those factors. It also depends upon measures being in place to ensure that staff and contractors all operate in ways which infringe privacy rights to the smallest extent possible. Thus contractors, and directly employed staff, should only have access to the operational data which they need in order to fulfil the task in hand. We are told by the GCHQ witness that this is the method of operation at GCHQ. We do not consider that the approach to the use of contractors on site as explained by him renders the use and acquisition of BCD/BPD unlawful.
Issue 4: Proportionality
87. The issue of proportionality is, of course, entirely different from, and supplementary to, the question of necessity. As the Claimant has emphasised and accepted, there is no doubt that the use of BCD and BPD is of great value in the protection of national security, and the Anderson report has so confirmed and reiterated, with considerable examples of crucial value, to which we have also referred in our earlier Judgments. But although that will obviously weigh in the balance, it does not wholly resolve the separate issue of proportionality. Both parties accept that the legal position is well addressed by Lords Reed and Toulson, giving the Judgment of the Supreme Court in R (Lumsdon) v The Legal Services Board [2016] AC 697 at para.105, namely that the question is “whether a less intrusive measure could have been used without unacceptably compromising the objective”, in this case of protecting national security. It is not simply whether a less intrusive measure could be adopted, but whether the legitimate aim of protecting national security could be equally achieved by less intrusive measures.
“ensure that there is a Technology Advisory Panel to provide [him], the Secretary of State and the Scottish Ministers about -
(a) the impact of changing technology on the exercise of investigatory powers whose exercise is subject to review by [him],
(b) the availability and development of techniques to use such powers while minimising interference with privacy.”
93. We have noted above that in relation to the recent correspondence from IPCO there does not seem to have been a thorough analysis of the records that had previously been kept by the two separate Commissioners, a difficult problem in itself as we have commented in paragraph 6 (iii) above, at least until the personal involvement of Sir Adrian Fulford in his clarification letter of 28 November 2017. However, the criticisms that are made are not criticisms that appear to us to suggest any serious systemic failure in relation to the approach of the Agencies to proportionality. Such understandable criticisms as have been made by the Claimant as, for example, that MI5 appeared to operate their searches on the basis of a default of sweeping all the data rather than seeking to introduce some alternative mechanism, have been addressed and explained in open and closed by the Respondents, and such criticisms may yet be accommodated. From what we have seen and heard in closed evidence, we accept that the Respondents are required to, and do, consider on each occasion whether there are less intrusive means of obtaining the information which can be derived from these databases quickly enough to serve the investigative and operational aims of the exercise. This remains in a state of development, and continuing discussion with the Commissioner. We have been reassured about how the databases are used, bearing in mind in particular, as we do, the wide margin of appreciation allowed to the Respondent in assessing its pressing social needs and achieving its legitimate aims of protecting national security (Leander v. Sweden [1987] 9 EHRR 433 and Lumsdon at para.64). We are satisfied that consideration of proportionality is inbuilt into the Agencies’ systems, and that there is regular consideration, at both the stage of acquisition and of access, of whether there are any practical alternative measures that could be taken.
Issue 5: Setting Aside the First Judgment
(i) So far as concerned the BPD regime, during the period of Sir Mark Waller’s supervision, independent oversight had been and continued to be adequate, but that for other reasons it failed to comply with the ECHR principles until March 2015.
(ii) So far as concerned the BCD regime, supervision by the IOCC was adequate only after July 2015, but that the regime remained non-compliant with ECHR principles prior to its avowal in November 2015.
99. Sir Mark Waller was tasked to conduct statutory oversight of BPD across the three agencies in March 2015, although he had been conducting extra-statutory oversight of BPD as from December 2010 in his bi-annual visits. Sir Anthony May was tasked to oversee BCD on an extra-statutory basis in February 2015. This is before the start of the relevant period (November 2015). Sir Stanley Burnton took up the job of IOCC on 4 November 2015 and produced a report on s.94 authorisations within 7 months. Sir Mark’s report on 2015 was published in July 2016, but that is an annual report summarising his ongoing work during the whole year.
100. Sir Stanley Burnton identified the difference in scope between the submissions made by GCHQ to the Foreign Secretary and the authorisations he or she then granted and made a recommendation which resulted in new and lawful authorisations being granted in October 2016, less than a year after he was first appointed. The recommendations he made were substantially accepted by the Home Secretary in her letter of 17 January 2017.
101. Sir Stanley Burnton’s inspectors then attended GCHQ in April 2017 and prepared a report on the s.94 authorisations, as we have explained above.
102. It follows from the above that there was a system of oversight by independent Commissioners in place throughout the relevant period, and the Commissioners had been specifically tasked to consider the use of bulk datasets.
103. The original basis for the application is set out in the Claimant’s Application for Reconsideration of the October 2016 Judgment dated 10 November 2017, but it has been supplemented, and to an extent overtaken, by what has occurred since, during the course of what we have referred to above as the iterative nature of the applications and hearings before us. The grounds appear to us now to fall into four categories:-
(i) The s.94 Directions:
(ii) Sharing with industry partners:
(iii) The IS Comm’s method of oversight:
(iv) Criticisms of the oversight by the previous Commissioners which can be spelt out of the recent correspondence with IPCO.
There are two other matters raised by the Claimant’s Solicitors in their letter to the Tribunal dated 18 April 2018, subsequent to the last hearing, which the Tribunal has taken into account, relating to the 2015 and 2016 Confidential Reports of IS Comm.
104. Before considering whether there is ground for reopening the decision that the Tribunal made as to adequacy of oversight, we have decided to consider carefully the approach in paragraphs 68 and 69 above with regard to what is required in order to amount to adequate oversight, so far as we can form a view on the evidence before us.
105. If we were persuaded to reopen the Judgment, we would need to reconsider all of the earlier evidence as to supervision which we considered in detail before giving our First Judgment, together with any other admissible evidence, and in considering the new evidence we must look at it in the context of the old.
Section 94.
106. The issue for this purpose is whether Sir Stanley Burnton, the then IOCC, failed in his oversight when carrying out his July 2016 Review of the s.94 directions. He concluded in his July 2016 review, as we have discussed in relation to Issue 1, that the s.94 directions were inadequate, on much the same basis as we have concluded that they did not comply with the terms of s.94, although that was not his remit, and he recommended the steps which led to the new October 2016 direction. We have endeavoured to find out, with IPCO’s help, a not altogether straightforward task for IPCO given the passage of time and the high classification of the documents, precisely what documents were supplied to the IOCC’s team in 2015-16, on the basis of which the conclusions in the July 2016 Review were arrived at. Mr de la Mare QC submits that there is effectively a Morton’s fork: either the IOCC’s team was not shown all the documents, whereas the GCHQ witness’s evidence is as to his belief that they were, or the IOCC’s team was shown all the documents and reached an inadequate conclusion. However, after our full reconsideration of the documents, we have concluded that, although the GCHQ witness did not give a clear description of what documents were shown to Sir Stanley, in fact it does appear that all relevant documents were made available to him, and that he reached conclusions with which we agree. We do not consider there is a Morton’s fork. Given that Sir Stanley Burnton’s conclusion was correct, and was complied with, and that we have concluded that, once the directions were sought and granted in their new form, the system became lawful as from October 2016, we do not conclude that there was any inadequacy of supervision by reference to the July 2016 Review.
Industry Partners
107. As we have set out in paragraphs 80 to 85 above, whereas it is apparent that the Commissioners knew of the use of contractors in-house, they did not know precisely how many such contractors were so employed, or in what positions. Although the use of such in-house contractors did raise a risk, the absence of such precise knowledge does not in our judgment detract from the adequacy of their oversight, which in this regard was in place and, so far as checking conduct by contractors as well as employees, was plainly exercised. What is however significant is that the Commissioners did not know about sharing with industry partners by GCHQ, as described in paragraphs 79 and 82 above. This is an area which has fallen under the microscope of this Tribunal because of the reservation of the issue of sharing generally in our First Judgment, but it plainly forms a minimal part of the operation of BPD/BCD, and an even more miniscule part of the work of the Agencies subject to the Commissioners’ oversight. This is a failing in the operation of oversight, and in the duty of GCHQ to bring it to the Commissioners’ attention. However, given the totality of the work done both by the Commissioners and by the Agencies, we do not conclude that this amounts to or illustrates a systemic failure.
IS Comm
108. The Claimant has criticised IS Comm for not having a team of Inspectors, as did Sir Stanley Burnton, or obtaining independent technical advice. This does not seem to us in any event strictly to be fresh evidence, because much of the basis for the Claimant’s criticism arose from what Sir Mark Waller himself said to Parliament in March 2014 and December 2015. But there is no doubt that he did carry out supervision, with diligence and regularity, and it can be seen by simply reading his reports how detailed he was in his consideration, and how many detailed and technical points he explored with the Agencies. His aim, as he explained it to Parliament, was to make sure that he had personal oversight, which was not delegated to others, and it is plain that he frequently required and received regular explanations. Another Commissioner might have taken a different view as to the appropriateness of technical assistance, but the perceptive nature of his comments in his reports, and the fact that he often required changes and improvements, show that he had, and was able to have, a hands-on approach, and we refer to paragraph 69 (iv) above.
109. In our judgment the fact that the new supervision regime now has the benefit of a team of experts, as a result of the statutory provision under the new Act, may be an improvement, though it is not yet tested, but it does not, in our judgment, evidence prior inadequacy. Such criticism seems to have arisen as a result of what was said in the IPCO correspondence, but it is in any event met and addressed, and in our judgment rightly, by Sir Adrian Fulford’s letter dated 28 November 2017 to which we have referred in paragraph 70 above; he includes numerous extracts from Sir Mark’s reports, refers to the numerous technical briefings from the Agencies given to him, and makes the statement in relation to the approach by predecessor organisations, plainly including Sir Mark Waller, which we have there set out. In any event this argument, if there was any substance to it, could have been made to us prior to our First Judgment, in reference to Sir Mark’s own statements, many months earlier.
IPCO correspondence
110. It is in that context that we approach the other matters drawn by the Claimant from the earlier IPCO correspondence. Responses to them were put before us in evidence from the Agencies by way of correction or amplification, and we are in no position to resolve those issues, such as they are, certainly in the confine of an application to set aside our fully reasoned Judgment. Reference was made by the Claimant, as referred to in paragraph 93 above, to ‘amber warnings’ given by IPCO in the course of an inspection of GCHQ in April 2017, which were said to be intended to lead to a “development [which] will enhance the oversight given by the Commissioner”. Such criticisms do not in our judgment undermine, but rather exemplify, the nature and adequacy of ongoing oversight. There is a dispute about whether search terms were only made available on request, as opposed to being supplied without request, as they were apparently from June 2017 onwards. In a draft September 2017 IPCO report (to which we have already made reference) “GCHQ demonstrated that they had considered the necessity and proportionality of any sharing that might take place … however it was felt that GCHQ fell short of providing IPCO complete assurance of their compliance in some areas”.
111. We have no doubt that, just as the previous Commissioners pointed out errors by the Agencies, and just as the Agencies themselves produced some incorrect evidence to us, to which we have referred above, there have been continuing mistakes and lacunae, some of which have been picked up, but some of which no doubt have not been picked up over the period of years. We however remain of the view that there is no basis for reconsideration of the conclusions we reached as to adequacy of oversight in our First Judgment. There is and has been a genuine determination both on the part of the Commissioners and the Agencies themselves to get things right. As we said at the outset of this Judgment, the very involvement of this Tribunal, which has in this case been stimulated and prompted by the diligence and hard work of the Claimant, contributes towards an ever increasing improvement in the safeguards without, it is to be hoped, endangering the vital work which the Respondents are carrying out. The reopening of a judgment is in any event a matter of discretion, and it is significant that the oversight regime has now been replaced by an entirely new system.
112. We dismiss the application to set aside the conclusions in our First Judgment in relation to the Commissioners.
Outcome
113. We conclude as follows:-
Issue 1 and 2:
We unanimously conclude that those Directions by the Foreign Secretary identified in the CLOSED schedule were not in accordance with the law, but we make no further order.
Issue 3A:
By a majority we conclude that the regime in respect of sharing of BCD/BPD with foreign agencies complies with Article 8 ECHR.
Issue 3B:
We unanimously conclude that the regime in respect of sharing BCD/BPD with law enforcement agencies complies with Article 8 ECHR and UK domestic law.
Issue 3C:
We unanimously conclude that the regime in respect of sharing BCD/BPD with industry partners complies with Article 8 ECHR.
Further, in relation to GCHQ’s avowed sharing of BCD/BPD with industry partners, we unanimously conclude that such sharing was compatible with Article 8 ECHR.
Issue 4:
We unanimously conclude that the steps taken by way of collection, retention and use of BCD or BPD by the Respondents comply with the requirements of proportionality pursuant to Article 8 ECHR and EU law.
Issue 5:
We unanimously conclude that, save in the respect consequent upon our conclusion in relation to issues 1 and 2, the application to set aside the conclusions in our First Judgment is dismissed.
_________