Cyber Security: Investigatory Powers Act 2016 (IPA) The Investigatory Powers Act 2016, governs the use of surveillance technologies by public bodies such as the police, the intelligence services and local authorities. It updates a previous law, the Regulation of Investigatory Powers Act 2000 (which was often referred to as RIPA). Like RIPA, the Investigatory Powers Act (IPA) ensures intrusive powers are subject to strict safeguards. These covert surveillance powers include intercepting communications, using bugs, covert CCTV and undercover agents. The use of IPA is overseen by the Interception of Communications Commissioner, together with additional judicial commissioners who will be appointed to oversee different aspects of the law. The Investigatory Powers Tribunal, which comprises independent senior lawyers and members of the judiciary, can hear complaints relating to the exercise of powers under the Act. IPA allows certain public bodies to access communications records from communication providers, such as telephone companies and internet service providers, when necessary and proportionate to do so for a specific investigation. These records may include the names, addresses and telephone numbers of individuals, the time and duration of calls, the source and destination of emails and the location of mobile devices. The IPA extended the record collection powers of RIPA to include a requirement that communications companies retain up to 12 months of data on websites (but not specific webpages) visited by customers. More intrusive techniques are subject to higher levels of authorisation. Another section of IPA stipulates that the interception of the contents of a communications (such as telephone calls, emails and the details of specific webpages visited) must be authorised under a warrant issued by the Secretary of State. These include “equipment interference” warrants, which would authorize police and intelligence officials to change the operation of targeted computer systems to enable data collection or other surveillance activities, effectively ‘hacking’ these systems to support investigations. |
|