8. "RIPA, obscure since its inception, has been
patched up so many times as to make it
incomprehensible to all but a tiny band of initiates"
"comprehensive and
comprehensible"
Page 8
14. New or not new?
● Explicit powers re-enacted
● Semi-explicit powers (scale of use
hidden) now made explicit
● Opaque powers now made explicit
● Opaque powers still (arguably)
opaque
Interception
(targeted)
Comms Data
Acquisition
(bulk)
Equipment
interference
(targeted,
thematic)
Encryption
removal
Interception
(bulk)
Interception
(thematic)
Equipment
interference
(bulk)
Interception
(related
communications
data)
Page 14
15. New and extended
Authorisation and oversight – new safeguards
● Judicial Commissioner approval of most warrants and notices
• Except targeted communications data acquisition
- But Watson.
Extended mandatory data retention powers
● Extended to all kinds of communications data
• including Internet Connection Records (site level browsing histories)
● Extended to all kinds of communication (background, IoT)
● Extended to include generation and obtaining data for
retention
● Abolition of 'processed within UK' limitation
● Extended to include private telecommunications operators
Page 15
16. New and extended
Content-derived metadata
● Interception, equipment interference, BPD warrants.
• Targeted, thematic, bulk
● New power to extract some information from content and
treat as metadata
Page 16
17. New and extended
Technical capability notices
● Permanent technical capability to assist with warrants and
communications data acquisition notices
● Extended from interception (RIPA) to most powers (IPAct)
● Extended to include private telecommunications operators
• Subject to any limitations in regulations
Draft regulations
● No minimum threshold for communications data acquisition
● Black boxes (communications data acquisition)
● Hacking back door
● End to end encryption?
Page 17
18. New and extended
New non-disclosure obligations on warrant/notice
recipients
● Criminal (targeted and bulk)
• Interception warrants (59(1), 156(2))
• Equipment interference warrants (134(1), 197)
• Bulk communications data acquisition warrants (174(1))
• Targeted communications data acquisition notices (82(1))
● Civil
• Data retention notices (95(2))
● Indeterminate
• Technical capability notices (255(8))
• National security notices (255(8))
Page 18
20. Timetable
● Data retention partially in force 30 December 2016
• Existing notices continue for max 6 mths
● The rest of the Act?
• New oversight regime
• New warrantry procedures
• ‘Some time … timetable in due course’
Page 20
21. Graham Smith
graham.smith@twobirds.com
@cyberleagle
Bird & Bird is an international legal practice comprising Bird & Bird LLP and its affiliated and associated businesses.
Bird & Bird LLP is a limited liability partnership, registered in England and Wales with registered number OC340318 and is authorised and regulated by the
Solicitors Regulation Authority. Its registered office and principal place of business is at 15 Fetter Lane, London EC4A 1JP. A list of members of Bird & Bird LLP and
of any non-members who are designated as partners, and of their respective professional qualifications, is open to inspection at that address.
twobirds.com
Thank you