The Investigatory Powers Act 2016: practical tips in 20 minutes for - - PowerPoint PPT Presentation

the investigatory powers act 2016 practical tips in 20
SMART_READER_LITE
LIVE PREVIEW

The Investigatory Powers Act 2016: practical tips in 20 minutes for - - PowerPoint PPT Presentation

Aug 29, 2023 322 likes •733 views

The Investigatory Powers Act 2016: practical tips in 20 minutes for UKNOF39 Neil Brown neil@decodedlegal.com | https:/ /decodedlegal.com Im a lawyer Telecoms / tech background 12 years experience in this area https:/ /decodedlegal.com

slide-1
SLIDE 1

Neil Brown

neil@decodedlegal.com | https:/ /decodedlegal.com

The Investigatory Powers Act 2016: practical tips in 20 minutes for UKNOF39

slide-2
SLIDE 2

I’m a lawyer

Telecoms / tech background 12 years experience in this area https:/ /decodedlegal.com decodedsbwzj4nhq.onion

slide-3
SLIDE 3

What I’ll cover

Where we are now Handling demands Your policy / disclosures

slide-4
SLIDE 4

Where we are now

slide-5
SLIDE 5

Investigatory Powers Act 2016

Passed in November 2016 On the statute book, but not yet fully in force

slide-6
SLIDE 6

Part 1 Privacy Part 2

Interception

Part 3

Obtaining CD

Part 4

Retaining CD

Part 5

Equipment interference

slide-7
SLIDE 7

Part 6 Bulk Part 7

Bulk personal data sets

Part 8

Oversight

Part 9

Miscellaneous

Schedules

10 schedules

slide-8
SLIDE 8

Not much is in force

Basic data retention framework Payments Oversight body The rest is yet to come

slide-9
SLIDE 9

Amendments coming?

Independent approval of CD acquisition coming soon? Would not affect you, as would happen before you got a notice

slide-10
SLIDE 10

The framework today

Interception Part 1 Ch 1 RIPA / s48 WTA 2006

Obtaining CD Part 1 Ch 2 RIPA and many others Retaining CD Part 4 IPA Removing electronic protection Part 3 RIPA National security s94 Telecoms Act Equipment interference A mix

slide-11
SLIDE 11

When the IPA is in force

Interception Part 2 IPA

Obtaining CD Part 3 IPA and some others Retaining CD Part 4 IPA Removing electronic protection Part 3 RIPA National security Part 9 Chapter 1 IPA Equipment interference Part 5 IPA *and others*

slide-12
SLIDE 12

Some definitions

Interception Data retention CD disclosure / acquisition Equipment interference

slide-13
SLIDE 13

Some definitions

Technical capability notice National security notice

slide-14
SLIDE 14

Handling demands

slide-15
SLIDE 15

Is it a voluntary notice?

Some notices look formal but are actually requests e.g. s29(3) DPA 1998

slide-16
SLIDE 16

If it is a mandatory demand, what is it?

slide-17
SLIDE 17

Strategic notices

Probably not, unless you have

  • ne already

Prior consultation Have a chat with a lawyer?

slide-18
SLIDE 18

Tactical notices

You might get prior warning More likely for interception Probably not for CD acquisition

slide-19
SLIDE 19

Step 1: verify sender

slide-20
SLIDE 20

Step 2: validate it

What legislation? What is it requiring? Can it be served on you? Cannot “look behind” it

slide-21
SLIDE 21

Step 3: can you fulfil it?

Statutory duty to assist Potential for injunction if you do not Interception: criminal offence

slide-22
SLIDE 22

Step 3: can you fulfil it?

It’s not an unlimited duty “reasonably practicable” Case-by-case determination

slide-23
SLIDE 23

Step 4: ask about cost recovery

Perfectly reasonable Ask the requesting authority Especially if expensive Chapter 22, CD Code of Practice

slide-24
SLIDE 24

Step 5: keep records

Paras 24.10 - 24.11

slide-25
SLIDE 25

24.10: record of the notice

slide-26
SLIDE 26

24.11: record of the data

“keep sufficient records to be able to provide confirmation of the exact communications data that has been disclosed in the event of later challenge in court”

slide-27
SLIDE 27

Step 6: witness statements and going to court

Witness statements: rare Usually Scotland (IME) E&W tend to write their own Court: rarer still

slide-28
SLIDE 28

Setting your own policy

slide-29
SLIDE 29

Disclosing notices, warrant canaries etc.

slide-30
SLIDE 30

Notifying individuals

CJEU: “necessary” Para 121, C-203/15 (Tele2) (That’s a case law reference, in case you care for such things!)

slide-31
SLIDE 31

A requesting authority must …

“notify the persons affected … as soon as that notification is no longer liable to jeopardise the investigations being undertaken by those authorities.”

slide-32
SLIDE 32

Why?

“necessary to enable the persons affected to exercise, inter alia, their right to a legal remedy … where their rights have been infringed”

slide-33
SLIDE 33

However…

… and it’s a big “however”…

slide-34
SLIDE 34

“Duty not to make unauthorised disclosures”

Interception warrant: offence, unless excepted (s57) CD acquisition: offence, unless “reasonable excuse” (s82)

slide-35
SLIDE 35

“Duty not to make unauthorised disclosures”

Retention notice: enforceable via injunction (s95) TCN/NSN: enforceable via injunction (s255)

slide-36
SLIDE 36

Official Secrets Act(s)

You’d also want to check these

slide-37
SLIDE 37

“Warrant canaries”

IMHO, a risky proposition If you fail to remove, fraud?

slide-38
SLIDE 38

What I’ve covered

Where we are now Handling demands Your policy / disclosures

slide-39
SLIDE 39

Questions?

neil@decodedlegal.com 6E88 8278 FC2F 5394 9CA8 F4D7 209B C807 4272 8155 @decodedlegal.com @neil_neilzone

slide-40
SLIDE 40

Neil Brown

neil@decodedlegal.com | https:/ /decodedlegal.com