1

LONDON BOROUGH OF WALTHAM FORESTREGULATION OF INVESTIGATORY

POWERS ACT 2000 (RIPA) PROCEDURES MANUAL

Version History Version Date Description Author

1 15 October 2010 RIPA Procedures manual Robin Levett2 15 November 2010 Amended identity of AOs, SPoC and

SCB membership (pp3-4)Robin Levett

2a 7 December 2010 Identity of DP and amendment to K1 Robin Levett3 18 March 2011 Changes to gatekeepers and SPoC Robin Levett4 17 April 2013 Protection of Freedoms Act 2012 and

updating generallyRobin Levett

5 20 June 2013 OSC recommendations Robin Levett6 9 February 2017 Changes to named officers and Job

Titles and role of Governance BoardKim Travis

7 27th February 2017 Draft Updated Revised Manual Kim Travis8 27th December

2017OSC recommendations finalised Kim Travis

Distribution ListName Job Title Date

Mark Hynes Director of Governance and Law 9 February 2017Gemma Young Head of Internal Audit & Anti-Fraud 9 February 2017Neil Howard CCTV Manager 20 June 2013Jennie Anderson Head of Housing Management 9 February 2017Gareth Jones Head of Enforcement 20 June 2013David Beach Head of Selective Licensing and Regulation 9 February 2017Marc McAuley Investigations Group Manager - Audit 20 June2013Kevin Campbell-Scott

Corporate Anti-Fraud Manager 10th November 2017

Mandy Thompson Head of Neighbourhoods 15th November 2017Stephen Murrant Neighbourhood Area Manager 15th November 2017

Date of Next Review:

Approval and AuthorisationName Job Title Signature Date

Author:-Kim Travis Head of Litigation

and Public Law Team Legal Services

27th December 2017

Authorised By:-Mark Hynes

Director of Governance and Law

27th December 2017

This Procedure manual sets out the Council’s approach to applications for RIPA authorisation

The SRO on RIPA issues is the Owner of this document; as at the date of this revision the SRO’s contact details are.

Mark Hynes Director of Governance and LawLB Waltham ForestWaltham Forest Town Hall, Forest Road

2

London E17 4JF

Tel: (020 8496) 4848Fax: (020 8496) 4255Email: mark.hynes@walthamforest.gov.uk

Page

Defined individuals 3

A Introduction 4

B Policy Statement 7

C Authorised Officer Powers and Responsibilities 8

D Gatekeeper Powers and Responsibilities 9

E General Information on RIPA 10

F The Scope of RIPA 11

G Types of Surveillance 12

H Conduct and Use of a Covert Human Intelligence Source (CHIS)

18

I Confidential information 21

J Authorisation Procedures including Judicial Approval 23

K Working with/through Other Agencies 33

L Acquisition and Disclosure of Communications Data 34

M Records Management 38

N Auditing of Authorisations and Records 40

O Complaints and Copies of Codes of Practice 41

P Summary 42

Appendix 1 RIPA Flow Chart 44Appendix 2 Judicial Approval Flow Chart 45Appendix 3 Forms for judicial approval – application and order 46Appendix 4 Non Regulated Surveillance Log 48

NBThe Regulation of Investigatory Powers Act 2000 (“RIPA”) refers to “Designated Officers or Persons”. For ease of understanding and application within LB Waltham Forest , this Document refers to “Authorising Officers”. Such Officers are only permitted to authorise under RIPA once duly trained.

3

4

Defined individualsTitle Service Name & emailSenior Responsible Officer (“SRO”)

Governance and Law

Mark Hynesmark.hynes@walthamforest.gov.uk

Governance and Law

Mark Hynesmark.hynes@walthamforest.gov.uk

Authorising Officers

Audit, Fraud and Risk

Gemma Younggemma.young@walthamforest.gov.uk

Designated Person

Head of Selective Licensing and Regulation

David Beachdavid.beach@walthamforest.gov.uk

Housing Jennie Anderson jennie.anderson@walthamforest.gov.uk

Neighbourhoods - enforcement

Mandy Thompsonmandy.thompson@walthamforest.gov.ukStephen MurrantStephen.Murrant@walthamforest.gov.uk

Neighbourhoods – Regulatory Services

David Beachdavid.beach@walthamforest.gov.uk

Gatekeepers

Audit Kevin Campbell-ScottKevin.Campbell-Scott@walthamforest.gov.uk>

Single Point of Contact (“SPoC”)

National Anti-Fraud Network

spoc@nafn.scn.gov.uk

RIPA Central Registrar

NeighbourhoodsCommercial Services

Neil HowardNeil.Howard@walthamforest.gov.uk

5

A. Introduction

1. This Procedure Manual sets out the requirements of The Regulation of Investigatory Powers Act 2000 (“RIPA”) and the accompanying Codes of Practice and related regulations and orders. It incorporates the changes to the legislation made by the Protection of Freedoms Act 2012. The Council has a responsibility to ensures that its procedure are continuously reviewed and improved and its procedures in this respect are set out below.

2. The Role of RIPA: a “safe harbour”

The Council is not required by law to obtain RIPA authorisation when undertaking surveillance but authorisation protects the Council from legal liability. The Council’s policy will be to seek authorisation unless there are exceptional circumstances. In such cases, the Council will still undertake a process to assess the impact of the surveillance on third parties, particularly the necessity and proportionality of the activities.

Section 27 of the Act provides that where an authorisation is given and properly complied with, the authority’s surveillance becomes lawful for all purposes and there is no civil liability for any incidental conduct engaged in. There is no legal compulsion to obtain RIPA authorisation for activities within the Act (see section 80); but the safe harbour that RIPA provides against legal challenges especially under articles 6 (fair trial) and 8 (respect for privacy and family life) of the Human Rights Act 1998 makes such authorisation advisable.

3. This guidance does not replace the legislation and Codes of Practice. When considering undertaking or authorising an investigation, officers should refer to the relevant legislation and Codes of Practice.

4. Codes of Practice

When making any decision under RIPA the Council is required to take into account the statutory Codes of Practice. They are intended:

To help investigating authorities to apply consistent standards in deciding whether to authorise techniques under RIPA.

To ensure oversight by elected members in the way RIPA techniques are used (but maintain the strict prohibition on their becoming involved in considering individual authorisations).

The two codes now in force are available on the Home Office website:

Covert Surveillance & Property Interference Code of PracticeCovert Human Intelligence Sources

https://www.gov.uk/government/publications/covert-surveillance-and-covert-human-intelligence-sources-codes-of-practice

6

Acquisition and Disclosure of Communications – https://www.gov.uk/government/publications/code-of-practice-for-the-acquisition-and-disclosure-of-communications-data

In addition to the statutory Codes of Practice, consequent on the coming into force of the Protections of Freedoms Act 2012 the Home Office in October 2012 issued further guidance:

Guidance to Local Authorities in England and Wales on the judicial approval process for RIPA and the crime threshold for directed surveillance https://www.gov.uk/government/publications/changes-to-local-authority-use-of-ripa

The OSC also publishes a Procedures and Guidance booklet on the use of RIPA by public authorities, most recently in 2016 (OSC 2016). It can be found at:

https://osc.independent.gov.uk/osc-procedures-and-guidance/

It has no binding legal authority, and merely expresses the opinions of the OSC, but inspections will be conducted in accordance with its recommendations, and it recommends that all AOs should have a personal copy for reference.

5. Senior Responsible Officer (“SRO”)

It is recommended good practice that within every relevant public authority, a senior officer at Corporate Leadership Team Level, the SRO, should be responsible for:

the integrity of the process in place within the public authority to authorise directed and intrusive surveillance, the conduct of CHIS and interference with property or wireless telegraphy;

compliance with Part II of the RIPA and with the statutory Codes of Practice;

engagement with the Commissioners and Inspectors when they conduct their inspections, and

where necessary, overseeing the implementation of any post-inspection action plans recommended or approved by a Commissioner.

6. The authoritative source on RIPA issues is the Act itself. Any Officer unsure about any aspect of this guidance should in the first instance contact the gatekeeper for his/her service area for advice and assistance; the gatekeeper

7

may in turn consult the SRO or an AO for further advice. Appropriate training and development will be organised and guidance will be provided by or on behalf of the SRO to Authorising Officers, gatekeepers and other relevant senior managers.

7. The RIPA Central Registrar will maintain and check the Central Register of all RIPA authorisations, reviews, renewals, cancellations and rejections. It is the responsibility of all the relevant Authorising Officers to ensure that the RIPA Central Registrar receives a copy of each of the relevant Forms within 5 working days of authorisation, review, renewal, cancellation or rejection.

8. Consideration of the Act and this guidance are important for the effective and efficient operation of the Council’s actions with regard to covert surveillance and Covert Human Intelligence Sources. The Council has therefore included within the Terms of Reference of their Governance Board that the Governance Board approves governance policies and procedures in relation to Covert Surveillance and CCTV and the Board is tasked with keeping this guidance under review annually. The use of RIPA authorisations is a standing item on the Governance Boards’ Agenda and are reported to the Governance Board by the RIPA Central Registar. Authorising Officers should bring any suggestions for continuous improvement of this document to the attention of the SRO for the consideration of Governance Board at the earliest possible opportunity.

9. Local Authorities have powers and responsibilities under RIPA to access communications data by virtue of the Regulation of Investigatory Powers (Communications Data) Order 2003 (“the 2003 Order”). Requests for access to and disclosure of such data may only be made through a designated officer (in accordance with RIPA and the 2003 Order) who is also a Home Office accredited Single Point of Contact (“SPoC”). The Council has decided to use the SPoC services provided by the National Anti-Fraud Network.

10. The SPoC is the designated Contact Officer for the receipt of and dissemination of guidance on the acquisition of Communications data from the Home Office. Officers must follow the Acquisition and Disclosure of Communications Data Code of Practice (linked above at para 4).

11. If you are any doubt on RIPA, this document or the related legislative provisions or you have been asked to advise another officer and you are not certain about the correct position, please contact the SRO at the earliest possible opportunity.

8

B. Policy Statement

1. The Council has adopted a Policy on the application of the Regulation of Investigatory Powers Act 2000 ("RIPA") within the Council to which reference should be made. This Policy is kept under review by the Council’s Governance Board which is Chaired by the SRO and an annual report taken to Audit and Governance Committee. Any recommendations for amendments will be taken to Cabinet as and when appropriate.

2. The Council takes its counter fraud and enforcement roles seriously and will use all lawful powers available to it to detect fraud and enforce policies and legislation. In exercising surveillance powers, however, the Council understands it must consider and take into account the legal rights of others. Before undertaking covert surveillance the applicant must be satisfied that the need for surveillance is both necessary and proportionate. Not all surveillance needs to be of a covert nature, but if it is appropriate, this manual must be followed. In that regard, the SRO is duly authorised by the Chief Executive to keep this document up to date and to amend, delete, add or substitute relevant provisions as necessary.

3. For administration and operational effectiveness, the SRO is authorised by the Chief Executive to add, substitute, or revoke the authorisation of Officers authorised for the purpose of RIPA.

4. Under procedures established by the Council, Authorising Officers are empowered and required to:

a. authorise investigations pursuant to the Regulation of Investigatory Powers Act 2000 in accordance with policy and procedures approved for the purpose

b. ensure the proper recording of authorisations to investigate. In particular to ensure that authorisations are made in a format approved for the purposes of the Act.

c. ensure the proper review and monitoring of authorised investigations at appropriate intervals and as may be directed by the Act.

5. All officers considering making RIPA applications should check to ensure that they are using the up to date forms which can be found on the Home Office Website

6. Officers must use a fresh form from the website on each and every occasion in order to ensure that the correct form is being used and are not to simply edit previous forms.

9

C. Authorised Officer Powers and Responsibilities

1. Authorising Officers are listed in the “Defined Individuals” list at the head of this document; any added or substituted by the SRO will be added to that list.

2. The SRO will ensure that all Authorising Officers are made aware of and receive copies of this document.

3. AOs duly designated by the SRO are permitted to authorise: use of directed surveillance the use or conduct of CHIS the acquisition and use of Communications Datain accordance with the provisions of the Act and applicable Codes of Practice.

AOs other than the Chief Executive or in his absence the Acting Chief Executive are not permitted to authorise any operations where it is likely that knowledge of confidential information will be acquired; nor are they permitted to authorise the use or conduct of a juvenile or vulnerable individual as a CHIS. The (Acting) Chief Executive will normally seek the advice of the SRO before giving such approval.

4. It will be the responsibility of Authorising Officers through designated gatekeepers to ensure that relevant members of staff are also made fully aware of and suitably trained as “Applicants” in connection with this document, so as to avoid common mistakes appearing on Forms for RIPA authorisations.

5. Authorising Officers will, in particular, ensure that staff who report to them follow this document and do not undertake or carry out any form of surveillance without first obtaining the relevant authorisations in compliance with this document.

6. Authorising Officers must also pay particular attention to Health and Safety issues that may be raised by any proposed surveillance activity. Under no circumstances, should an Authorising Officer approve any RIPA form unless, and until s/he is satisfied the health and safety of Council employees/agents are suitably addressed and/or risks minimised, so far as is possible, and proportionate to the surveillance being proposed. If an Authorising Officer is in any doubt, s/he should obtain prior guidance from his/her Chief Officer, the Council’s Health & Safety Officer and/or the SRO.

7. Authorising Officers must also ensure that copies of any completed Forms sent to the RIPA Central Registrar (or any other relevant authority) are sent either electronically or in sealed envelopes, marked "Strictly Private and Confidential". If sent electronically, they must nevertheless still be signed. Password protection should be introduced for all completed RIPA forms being sent electronically. Whatever the method of transmission, the recipient will acknowledge receipt within 5 working days.

10

D. Gatekeeper Powers and Responsibilities

1. Gatekeepers are listed in the “Defined Individuals” list at the head of this document; any that are added or substituted by the SRO will be added to that list.

2. The SRO will ensure that all gatekeepers are made fully aware of and receive copies of this document.

3. The gatekeeper’s role is to: act as first point of advice and assistance for applicants and other officers in consideration of the necessity for and appropriateness of seeking RIPA authorisation for operations contemplated by an investigating officer scrutinise duly completed applications for RIPA authorisation to ensure that all necessary information has been provided and that the applicant has given proper consideration to the issues of:

o the purpose of the action – ie the specific offence to be detected or prevented, or the specific instance of public disorder intended to be prevented

o the necessity of the action for the end intended to be achievedo the proportionality of the action to that endo any relevant health and safety issues, in particular ensuring that all

appropriate risk assessments have been carried out and accompany the application

following scrutiny and provision of any missing information etc, pass the duly completed RIPA application forms to an appropriate AO for consideration where relevant record and refer to the SRO the reasons why an application for RIPA authorisation is not considered necessary so it can be reviewed by the Governance Board as part of its oversight role of the use of RIPA in the Council. on behalf of AOs to train and disseminate best practice to the officers in their service area

4. Gatekeepers must also ensure that copies of any completed Forms sent to the AO or to the RIPA Central Registrar (or any other relevant authority) are sent either electronically or in sealed envelopes, marked "Strictly Private and Confidential". If sent electronically, they must nevertheless still be signed. Password protection should be introduced for all completed RIPA forms being sent electronically. Whatever the method of transmission, the recipient will acknowledge receipt within 5 working days.

11

E. General Information on RIPA

1. The Human Rights Act 1998 (which brought much of the European Convention on Human Rights and Fundamental Freedoms 1950 into UK domestic law) requires the Council, and organisations working on its behalf, pursuant to Article 8 of the European Convention, to respect the private and family life of citizens, their home and their correspondence.

2. The European Convention did not, however, make this an absolute right, but a qualified right. Accordingly, in certain circumstances, the Council may interfere in the citizen’s rights mentioned above, if such interference is:-

a. in accordance with the law

b. necessary (as defined in this document); and

c. proportionate (as defined in this document).

3. The Regulation of Investigatory Powers Act 2000 (“RIPA”) provides a statutory mechanism for authorising covert surveillance and the use of a “covert human intelligence source (CHIS)”. It seeks to ensure that any interference with an individual’s right under Article 8 of the European Convention is necessary and proportionate. In authorising investigations under RIPA the AO is therefore required to strike a balance between the public interest and the human rights of individuals.

4. Operations carried out both by directly employed Council staff and by external agencies on behalf of the Council are covered by RIPA. All work carried out by agencies on the Council’s behalf must be properly authorised by one of the Council’s designated Authorising Officers.

5. If the correct procedures are not followed where RIPA can be used, evidence may be disallowed by the courts, a complaint of maladministration could be made to the Local Government Ombudsman, a civil claim for breach of Article 8 may be brought against the Council and/or the Council could be ordered to pay compensation. Such action will of course, damage the reputation of the Council. It is essential, therefore, that all involved with RIPA comply with this document and any further guidance that may be issued, from time to time, by or on behalf of the SRO.

6. Flowcharts of the procedures to be followed appear at Appendix 1 and Appendix 2.

12

F. The Scope of RIPA

1. RIPA does:

require prior authorisation of directed surveillance prohibit the Council from carrying out intrusive surveillance require authorisation of the conduct and use of a CHIS require safeguards for the conduct and use of a CHIS

2. RIPA does NOT:

make unlawful, conduct which is otherwise lawful prejudice or disapply any existing powers available to the Council to obtain

information by any means not involving conduct that may be authorised under this Act. For example, it does not affect the Council’s current powers to obtain information from the Land Registry as to the ownership of a property.

3. If an Authorising Officer or any Applicant is in any doubt, s/he should seek advice from the SRO via the SRO before any directed surveillance and/or CHIS is authorised, renewed, cancelled or rejected.

4. Part II of RIPA provides a statutory framework under which covert surveillance activity can be authorised and conducted compatibly with Article 8. However, where such surveillance would not be likely to result in the obtaining of any private information about a person, no interference with Article 8 rights should occur and an authorisation under the RIPA is therefore not appropriate.

5. Similarly, an authorisation under the RIPA is not required if a public authority has another clear legal basis for conducting covert surveillance likely to result in the obtaining of private information about a person which satisfies the requirements of Article 8.

6. Following the Protection of Freedoms Act 2012, brought into force on 1 November 2012, authorisation under RIPA is only available where the activity sought to be authorised is for the purpose of the prevention or detection of crime; and Directed Surveillance is limited (with exceptions identified elsewhere) to crimes carrying a maximum sentence of at least 6 months imprisonment.

13

G. Types of Surveillance

1. “Surveillance” includes:-

monitoring, observing, listening to persons, watching or following their movements, listening to their conversations and other such activities or communications

including such activities carried out by or with the assistance of appropriate surveillance device(s)

recording anything mentioned above in the course of authorised surveillance

Surveillance can be overt or covert.

2. Overt Surveillance

Most of the surveillance carried out by the Council will be done overtly. In many cases, Officers will be behaving in the same way as a normal member of the public, and/or will be going about Council business openly.

3. Similarly, surveillance will be overt if the subject has been informed it will happen (eg where an entertainment licence is issued subject to conditions, and the licensee is told that Officers may visit without notice or identifying themselves to the owner/proprietor to check that the conditions are being met).

4. Where the intention of covert recording of suspected noise nuisance is “only to record excessive noise levels from adjoining premises and the recording device is calibrated to record only excessive noise levels…the perpetrator would normally be regarded as having forfeited any claim to privacy and an authorisation may not be necessary”. Officers should note however the use of the words “may not” does not mean this will apply in all cases and express consideration must be given to this issue when deciding whether or not to make an application.

5. Covert Surveillance

Covert Surveillance is surveillance carried out in a manner calculated to ensure that the person subject to the surveillance is unaware of it taking place. (Section 26(9)(a) of RIPA)

6. RIPA regulates two types of covert surveillance, (Directed Surveillance and Intrusive Surveillance) and the use of Covert Human Intelligence Sources (CHIS).

7. Directed Surveillance

Directed Surveillance is surveillance which:-

14

is covert but is not intrusive surveillance (see definition below - the Council MUST NOT carry out any intrusive surveillance);

is undertaken for the purpose of a specific investigation or operation

is likely to obtain private information about an individual (whether or not that person is specifically targeted for purposes of an investigation).

is not carried out as an immediate response to events*

* A response to events is immediate where it is not reasonably practicable in point of time to obtain prior authorisation under the Act; for example an officer spotting someone apparently flytipping and concealing himself to allow continued observation to confirm his suspicions and to identify the person(s) involved;

8. Private information (Section 26(10) of RIPA)

Private information includes any information relating to a person’s private or family life. Private information should be taken generally to include any aspect of a person’s private or personal relationship with others, including family and professional or business relationships. Council Officers should be particularly alert to the likelihood of private information being acquired during the course of a test purchase exercise, e.g. there is a heightened possibility of this occurring during surveillance involving small corner shops. Business and professional information may comprise private information. The requirement is dependent upon the likelihood (which may include a remote possibility) of private information of a business or professional nature being acquired, which likelihood would be reduced in the case of a large branch of a national supermarket chain. Where such information is acquired by means of covert surveillance of a person having a reasonable expectation of privacy, a directed surveillance authorisation is appropriate.

Example: A Surveillance officer intends to record a specific person providing their name and telephone number to a shop assistant, in order to confirm their identity, as part of a criminal investigation. Although the person has disclosed these details in a public place, there is nevertheless a reasonable expectation that the details are not being recorded separately for another purpose. A directed surveillance authorisation should therefore be sought. (Note that if the shop assistant is aware of the surveillance and has agreed to take part, a CHIS authorisation should also be considered).

9. The fact that covert surveillance occurs in a public place or on business premises does not mean that it cannot result in the obtaining of private information about a person. Private life considerations are particularly likely to arise if several surveillance records are to be analysed together in order to establish, for example, a pattern of behaviour. Prolonged surveillance targeted on an individual will undoubtedly result in the obtaining of private

15

information about him/her and others that s/he comes into contact, or associates, with.

10. A drive-past observation of an address would not normally require authorisation; repeated such observations which would permit a picture to be built of the associates of the occupants of the address, or of the occupant’s own movements, would require authorisation.

11. The general observation duties of many law enforcement officers and other public authorities do not require authorisation under RIPA, whether covert or overt. Such general observation duties frequently form part of the statutory functions of public authorities against breaches of law and order, as opposed to the pre-planned surveillance of a specific person or group of people. Wherever these activities are unlikely to result in the obtaining of private information about a person no directed surveillance authorisation is required or indeed available.

Example : Local authority officers monitoring a car boot sale where it is suspected that counterfeit goods are being sold. Again this is part of the general duties of public authorities and the likelihood of obtaining private information about any person is negligible.

12. Similarly, although overt town centre CCTV cameras do not normally require authorisation, if a camera is tasked for a specific purpose, involving surveillance of a particular person or group, or if several cameras are used to follow a person or group, then not only is private information for which there is an expectation of privacy likely to be obtained, but the purpose will usually not be apparent to the subject and hence will be covert, engaging RIPA. There may be an exception here if the targeted surveillance is an immediate response to events e.g. flytipping

13. The way a person runs his/her business may also reveal information about his

or her private life and the private lives of others.

14. The use of a device for the purpose of providing information about the location of any private vehicle is not considered to be intrusive surveillance.

Such use may, however, be authorised as directed surveillance, where the recording and subsequent use of the information would amount to the covert monitoring of the movements of the occupant(s) of that vehicle. A property interference authorisation may also be required for the covert installation or deployment of the device – the Council however has no powers to carry out surveillance involving covert property interference.

15. Specific situations not requiring directed surveillance authorisation

The following specific activities also constitute neither directed nor intrusive surveillance and therefore an authorisation under the RIPA cannot be granted:

16

The use of a recording device by a covert human intelligence source who has been properly tasked to record any information which is disclosed in his presence;

The use of apparatus outside any residential or other premises exclusively for the purpose of detecting the installation or use of a television receiver within those premises.

16. Intrusive Surveillance

This is surveillance which:-

is covert;

relates to residential premises and private vehicles; and

involves the presence of a person or a surveillance device in the premises or in the vehicle. Surveillance equipment mounted outside the premises or vehicle may also be intrusive, if the device consistently provides information of the same quality and detail as might be expected if they were in the premises/vehicle.

17. This form of surveillance can be carried out only by police and other law enforcement agencies. Council Officers must not carry out intrusive surveillance.

18. Examples of different types of Surveillance

Type of Surveillance

Examples

Overt - therefore not requiring RIPA authorisation

Envirocrime officer on patrol

Signed Town Centre CCTV cameras (in normal use)

Recording noise coming from outside the premises after the occupier has been warned that this will occur if the noise persists (or possibly even without such warning, where the recording apparatus is appropriately calibrated)

Test purchases carried out by an officer where the officer behaves no differently from a normal member of the public may not be considered to be surveillance

Covert but not requiring prior authorisation

CCTV cameras providing general traffic, crime or public safety information

17

Directed – examples which must be RIPA authorised

Officers following an individual or individuals over a period of time to establish whether s/he is working when claiming benefit

Test purchases where the purchaser has a hidden camera or other recording device to record information which might include information about the private life of a shop-owner (including illegal activity in running the business)

Positioning cameras in neighbouring premises with the intention of filming and carrying out direct surveillance of individuals

Covert Human Intelligence Source (CHIS)

Using a juvenile to form a relationship with those suspected of selling unlawfully to those underage in order to obtain information

Actively engaging any member of the public who has made a report to carry out surveillance and report back to the Council activities being carried out by individuals

Actively engaging any employee of the Council who has made a report about another employee to carry out surveillance and report back to the Council activies being carried out by that employee

Intrusive Planting a listening or other device (bug) in a person’s home or in their private vehicle involves trespass upon property

Open and Covert Internet Source

Surveillance of open source social media such as Facebook; Instagram; Twitter etc

Creation of Fake Social Media Accounts in order to undertake surveillance

19. Internet InvestigationsThe use of the internet as an investigative method is now becoming routine. There can be significant benefits arising from the use of open source research in the delivery of a range of Council functions. However, just because the information being obtained is from the internet staff must still consider all the normal rules and guidance applicable to any type of enquiry conducted within a criminal investigation, such as, the Data Protection Act (DPA), Criminal Procedures Investigations Act (CPIA) and RIPA. In the Surveillance Codes of Practice issued December 2014 there is now a section dealing with these types of enquiries. Therefore the paragraph titled Online Covert Activity at section 2.29 has been replicated and should be taken into

18

consideration should staff wish to carry out internet open source enquiries, particularly where Social Networking Sites are involved.

“2.29 The use of the internet may be required to gather information prior to and/or during an operation, which may amount to directed surveillance. Whenever a public authority intends to use the internet as part of an investigation, they must first consider whether the proposed activity is likely to interfere with a person’s Article 8 rights, including the effect of any collateral intrusion. Any activity likely to interfere with an individual’s Article 8 rights should only be used when necessary and proportionate to meet the objectives of a specific case. Where it is considered that private information is likely to be obtained, an authorisation (combined or separate) must be sought as set out elsewhere in this code. Where an investigator may need to communicate covertly online, for example, contacting individuals using social media websites, a CHIS authorisation should be considered.”

If staff wish to conduct internet enquiries, particularly Social Networking Sites they must consider the intrusion issues on the subject of the enquiries and other innocent people (collateral intrusion) and when obtaining the evidence this must be stored in line with the Data Protection Act. Staff should consider if they are likely to obtain private information as if that is the case they are likely to require authorisation under the RIPA legislation.

The following control measures must be complied with:

(a) If there is an intention to undertake covert open source research, the number of profiles to be used must be reasonably limited. Such profiles permit the passive viewing of material but there must be no interaction with subjects of interest;

(b) The SRO will hold a central register of such profiles. Anyone creating a profile be it overt or covert must notify the SRO of the following details:

Name of profile; Who uses the profile;

Purpose (e.g. safeguarding; council tax support entitlement; research of sellers on facebook etc)

(c) If a surveillance authorisation is utilised for open source, this should only be done where the applicant has provided a proper plan for what they are going to do using what profile;

(d) Those undertaking open source research must keep a record of what they are looking for and at, why and what information they have obtained;

(e) The above requirements will be audited regularly.

The creation of fake profiles and befriending of individuals must also be considered as potential manipulation of the ‘relationship’ created. This could also amount to the deployment of a CHIS, which requires prior authorisation

19

by the Court to make it lawful. An example would be where officers create fake profiles to investigate someone suspected of selling counterfeit goods.

20

H. Conduct and Use of a Covert Human Intelligence Source (CHIS)

Who is a CHIS?

1. Someone who establishes or maintains a personal or other relationship with another person, whether or not that person is the object of the investigation, for the covert purpose of using the relationship to obtain information.

2. RIPA does not normally apply in circumstances where members of the public volunteer information to the Council as part of their normal civic duties, or contact numbers set up to receive information.

3. An important exception exists where a source establishes or maintains the existence of a relationship to covertly provide information or access information to information about an individual on a repeated basis, thus becoming a CHIS. In such cases LBWF owes a duty of care. On this becoming apparent the potential for possible reprisals and the existence of the duty of care must be considered; any such situation must be referred for legal advice before acting upon the information.

What must be authorised?

4. The conduct or use of a CHIS require prior authorisation.

Conduct of a CHIS = Establishing or maintaining a personal or other relationship with a person for the covert purpose of (or which is incidental to) obtaining and passing on information.

Use of a CHIS = Actions inducing, asking or assisting a person to act as a CHIS and the decision to use a CHIS in the first place.

5. The Council can use a CHIS if, and only if, the RIPA procedures in this document are followed.

Role of Handler and Controller and maintenance of Source Records

6. There is a statutory requirement under Section 29(5) of RIPA that the authorising officer may not grant an authorisation for the conduct or use of a covert human intelligence source unless they believe that arrangements exist that: there will be at all times a person who has day-to-day responsibility for

dealing with the source on behalf of the authority and for the source’s security and welfare (Handler)

there will at all times be another person who will have general oversight of the use made of the source (Controller)

there will at all times be a person who will have responsibility for maintaining a record of the use made of the source

In some cases, the activities of the source will be for the benefit of more than one authority. Where that is the case the records relating to the source must be kept by one of the authorities.

21

When authorising a CHIS it is necessary to appoint and clearly define who will fulfil the roles of ‘Handler’ and ‘Controller’ and adhere to maintenance of Source Records. The Regulation of Investigatory Powers (Source Records) Regulations 2000 (Statutory Instrument No: 2725/2000) specify that the following records are maintained:

(a) the identity of the source;(b) the identity, where known, used by the source;(c) any relevant investigating authority other than the authority maintaining the records;(d) the means by which the source is referred to within each relevant investigating authority;(e) any other significant information connected with the security and welfare of the source;(f) any confirmation made by the person granting or renewing an authorisation for the conductor use of a source that the information in paragraph (d) has been considered and that any identified risks to the security and welfare of the source have where appropriate been properly explained to and understood by the source;(g) the date when, and the circumstances in which, the source was recruited;(h) the identities of the persons who, in relation to the source, are discharging or have discharged the functions of Handler, Controller and person responsible for the maintaining a record of the use of the source (i) the periods during which those persons have discharged those responsibilities;(j) the tasks given to the source and the demands made of him in relation to his activities as a source;(k) all contacts or communications between the source and a person acting on behalf of any relevant investigating authority;(l) the information obtained by each relevant investigating authority by the conduct or use of the source;(m) any dissemination by that authority of information obtained in that way; and(n) in the case of a source who is not an undercover operative, every payment, benefit or reward and every offer of a payment, benefit or reward that is made or provided by or on behalf of any relevant investigating authority in respect of the source’s activities for the benefit of that or any other relevant investigating authority.

For directed surveillance not involving the installation of devices, it is sufficient for the officer in charge of the surveillance team to see these documents and then to brief the team accordingly while taking care to repeat precisely the form of words used by the Authorising Officer. In the case of CHIS, the handler should not proceed until the authorisation has been seen. In each case there should be acknowledgement in writing (with date and time) that the authorisation has been seen.

22

Use of Juvenile Sources

7. Special safeguards apply to the use or conduct of juvenile sources (ie under 18 year olds):

A child under 16 years of age cannot be authorised to give information against his or her parents.

Only the Chief Executive or in his absence the Acting Chief Executive are authorised by the Council to authorise the use of Juvenile Sources. The (Acting) Chief Executive will normally seek the advice of the SRO before giving such approval

Use of Vulnerable Individuals

8. A Vulnerable Individual is a person who is or may be in need of community care services by reason of mental or other disability, age or illness and who is or may be unable to take care of himself or herself, or unable to protect himself or herself against significant harm or exploitation.

A Vulnerable Individual will only be authorised to act as a source in the most exceptional of circumstances. Only the Chief Executive or in his absence of the Acting Chief Executive are authorised by the Council to authorise the use of Vulnerable Individuals. The (Acting) Chief Executive will normally seek the advice of the SRO before giving such approval

Test Purchases

9. Carrying out test purchases will not normally make the purchaser a CHIS. This is because they will not generally require the purchaser to establish a relationship with the supplier with the covert purpose of obtaining information and, therefore, the purchaser will not normally be a CHIS. For example, authorisation would not normally be required for test purchases carried out in the ordinary course of business (eg walking into a shop and purchasing a product over the counter).

10. By contrast, the following are likely to be require authorisation:

developing a relationship with the shop assistant to obtain information about the seller’s suppliers of an illegal product (eg illegally imported products), will require authorisation as a CHIS. It should be borne in mind that the development of a relationship with the shop assistant can also include an obviously underage test purchaser persuading him/her to sell for example alcohol to him/her. This should be dealt with in the test purchaser’s briefing.

Using mobile hidden recording devices or CCTV cameras to record what is going on in the shop (as directed surveillance)

23

A combined authorisation can be given for a CHIS and also a directed surveillance.

11. Where a juvenile is used for test purchases requiring directed surveillance authorisation, appropriate risk assessments must accompany the application.

Anti-social behaviour activities (eg noise, violence, race etc)

12. IMPORTANT NOTE : RIPA authorisation is no longer available where the object is to investigate anti social behaviour that is not criminal behaviour. The behaviour investigated must both be criminal, and pass the serious crime threshold (see above), to be authorised.

13. Persons who complain about anti-social behaviour who are asked to keep a diary will not normally be a CHIS, as they are not required to establish or maintain a relationship for a covert purpose. Recording the level of noise (eg the decibel level) will not normally capture private information and, therefore, does not require authorisation.

14. Recording sound (with a DAT recorder) on private premises could constitute intrusive surveillance (and therefore not authorisable within RIPA for the Council), unless either it is done overtly or (possibly) the recorder is calibrated only to record excessive noise levels as opposed to the content of the noise. It will be possible to record sound if the noisemaker is warned that this will occur if the level of noise continues, and this is recommended. Placing a stationary or mobile video camera outside a building or in a building to record anti-social behaviour outside on residential estates will require prior authorisation.

24

I. Confidential information

1. RIPA does not provide any special protection for ‘confidential information’ although the Police Act 1997 makes special provision for certain categories of confidential information. Particular care should nevertheless be taken where the subject of the investigation or operation might reasonably expect a high degree of privacy, or where confidential information is involved. Confidential information consists of matters subject to legal privilege, personal information, constituent information or journalistic material. So, for example, extra care should be taken where, through the use of surveillance or a CHIS, it is likely that knowledge will be acquired of communications between a minister of religion and an individual relating to the latter’s spiritual welfare, or wherever matters of medical or journalistic confidentiality or legal privilege may be involved. Whilst this is likely to be rare, authorisations likely to result in the acquisition of knowledge of matters subject to legal privilege, confidential personal information or confidential journalistic material require (other than in urgent cases) the approval of the Chief Executive or in his absence of the Acting Chief Executive. The (Acting) Chief Executive will normally seek the advice of the SRO before giving such approval..

2. Regard should be had to particular proportionality issues such surveillance raises. The application should include, in addition to the reasons why it is considered necessary for the surveillance to take place, an assessment of how likely it is that information subject to legal privilege will be acquired. In addition, the application should clearly state whether the purpose (or one of the purposes) of the surveillance is to obtain legally privileged information.

3. In those cases where legally privileged information has been acquired and retained, the matter should be reported to the authorising officer by means of a review and to the relevant Commissioner or Inspector during his next inspection (at which the material should be made available if requested).

4. Where there is any doubt as to the handling and dissemination of information which may be subject to legal privilege, advice should be sought from the SRO before any dissemination of the material takes place.

5. Similar consideration must also be given to authorisations that involve personal information, constituent information and journalistic material. Where such material has been acquired and retained, the matter should be reported to the relevant Commissioner or Inspector during his next inspection and the material be made available to him if requested.

6. Confidential personal information is information held in confidence relating to the physical or mental health or spiritual counselling of a person (whether living or dead) who can be identified from it. Such information, which can include both oral and written communications, is held in confidence if it is held subject to an express or implied undertaking to hold it in confidence or it is subject to a restriction on disclosure or an obligation of confidentiality contained in legislation. Examples include consultations between a health

25

professional and a patient, or information from a patient’s medical records. Officers should also appreciate that processing such information si subject to the requirements of the Data Protection Act 1998

7. Where there is any doubt as to the handling and dissemination of confidential information, advice should be sought from the SRO before any further dissemination of the material takes place.

26

J. Authorisation Procedures including Judicial Approval

IMPORTANT NOTE: From 2 November 2012, a magistrate’s approval is required for all RIPA authorisations.

1. Directed surveillance and the use of a CHIS can only be lawfully carried out if properly authorised, and in strict accordance with the terms of the authorisation. Exceeding the authorisation is likely to lead to exclusion of resultant evidence in any subsequent criminal proceedings. Appendix 1 provides a flow chart of the process from an application’s consideration to the recording of information. Appendix 2 provides current precedent forms of application and order for judicial approval of authorisations and renewals. The Home Office website should always be checked for up to date forms.

2. Judicial approval is required for all RIPA authorisations. It is not required for the mandated internal reviews prior to expiry, nor for cancellations. It is required for any renewal on expiry of the period of validity of the authorisation granted following full reconsideration pursuant to paragraph 20 below. No authorisation is valid until Judicial Approval has been obtained.

Authorising Officers

3. Authorisations can only be given by AOs.

4. Authorisations under RIPA are separate from delegated authority to act under the Council’s Scheme of Delegation. RIPA authorisations are for specific investigations only, and must be renewed or cancelled once the specific surveillance is complete or about to expire. The authorisations do not lapse with time!

Training Records

5. Appropriate guidance or training will be given or approved by or on behalf of the SRO to all Authorising Officers. All those individuals who have undergone training should ensure that they maintain records of their training.

Application Forms

6. Only the currently approved RIPA forms (listed below) available from the Home Office Website must be used. Before submitting an application to the AO, a URN must be requested from the Central RIPA Registrar and inserted in the appropriate box on the form.

7. Directed Surveillance

Application for Authority for Directed SurveillanceReview of Directed Surveillance AuthorityRenewal of Directed Surveillance AuthorityCancellation of Directed Surveillance

27

In order to evidence that appropriate consideration has been given to the question of whether surveillance is overt or covert a Non-Regulated Surveillance Log will be used to record the rationale for decisions which are likely to be contentious. See Appendix 4. Copies of Non-Regulated Surveillance Logs should be sent to the SRO, electronically, within 5 working days of such a decision being made; the original must be kept on the investigation file.

8. CHIS

Application for Authority for Conduct and Use of a CHISReview of use of a CHISRenewal of use of a CHISCancellation of Conduct and Use of a CHISSource Record of a CHIS

9. Judicial Approval

Application for judicial approval for authorisation to obtain or disclose communications data, to use a covert human intelligence source or to conduct directed surveillanceOrder made on an application for judicial approval for authorisation to obtain or disclose communications data, to use a covert human intelligence source or to conduct directed surveillance

Grounds for Authorisation

10. Directed Surveillance or the Conduct and Use of the CHIS can only be authorised by the Council where an Authorising Officer believes that the authorisation is necessary for the purpose of preventing or detecting crime.

11. “The serious crime threshold” must also now be met for directed surveillance. The crime sought to be prevented or detected must either carry a maximum sentence of at least 6 months; or be an offence contrary to:

section 146 of the Licensing Act 2003(2) (sale of alcohol to children); section 147 of the Licensing Act 2003 (allowing the sale of alcohol to

children); section 147A of the Licensing Act 2003(3) (persistently selling alcohol to

children); section 7 of the Children and Young Persons Act 1933(4) (sale of

tobacco, etc, to persons under eighteen)

12. Employee Surveillance

The wide definition of directed surveillance was previously thought to cover most covert surveillance activities including surveillance of employees and service providers. However the decision of the Investigatory Powers Tribunal in the case of C v The Police and the Secretary of State for the Home

28

Department (14th November 2006, No: IPT/03/32/H), means that RIPA authorities have to distinguish very carefully the purpose of the surveillance between those related to functions common to all public authorities (such as employing staff) and those related to its regulatory functions.

Implications for Local Authorities

Local authorities can only carry out directed surveillance for crime prevention or detection. Even where surveillance is being carried out for crime prevention or detection purposes, the issue is; is it for a core function linked to one of the authority’s regulatory functions? For local authorities, this would include, amongst others, trading standards, environmental health and licensing. If it is not being done for one of these purposes it will not be authorisable within RIPA.

Employee surveillance by local authorities directed to obtaining evidence of, say, theft from the local authority may well be authorisable despite the fact that is at first sight the function of the police to prosecute for that offence; employee surveillance seeking evidence of non-criminal misconduct by the individual concerned would not be authorisable.

Where the employee surveillance cannot be authorised, it does not mean that it can be done with impunity. The protection of RIPA will not be available and there is therefore a greater risk of a human rights challenge. This risk can be reduced by making an assessment of the impact of surveillance on a person’s privacy and applying the necessity and proportionality tests. Further, ensuring compliance with the Data Protection Act 1998 (DPA), which applies to all surveillance, since personal data is often gathered about the target. Part 3 of the DPA Employment Practices Code covers employee surveillance and provides guidance on the practice and procedures to be adopted. Compliance with the Code will go a long way towards showing that such surveillance is human rights compliant. The code can be found on the Information Commissioner’s website at www.ico.gov.uk

The Action to be Authorised

13. A full description of the proposed surveillance operation must be provided on the form. Plans should be used wherever possible, and annexed to the form, particularly where camera surveillance is authorised. The form should also record the type of camera to be used (where appropriate), since its specification should be taken into account when the risk of collateral intrusion is considered.

Authorisations for Directed Surveillance

An authorisation is required for covert surveillance undertaken:

For a specific investigation or operation; and Where the surveillance is likely to result in obtaining private information

about any person (whether or not they are the subject of the surveillance).

29

All cases must be assessed individually. No “blanket” authorisations or policies will be agreed.

Applications for authorisation must ensure that the appropriate level of information is entered on forms and that it is correct. Applicants need to concentrate on:

Proposed Activity – specific details are required. Terminology such as “Keep observations on” is insufficient – the application (and hence the authorisation) should be in form such as “Activity will take the form of static observations of 8 Forest Road from a vehicle parked approximately 50 yards away. Two operatives, X and Y, will be involved. Observations will take place between the hours of xx and yy using zzz equipment. X will keep the observation log”.

Necessity and proportionality – the Authorising Officer must form a view that the authorised surveillance is proportionate to what is sought to be achieved by carrying it out, and that the action is necessary for one of the purposes defined in section 28(3) RIP Act.

Collateral Intrusion – Collateral intrusion means whether non-targeted individuals privacy will be intruded upon, e.g. where those going to and from a premises are filmed. If it is not known what is to take place how can the risk of collateral intrusion be properly gauged? It is insufficient to say something like “minimal”. There must be a plan to minimise collateral intrusion if possible.

The use of standardised phrases is not acceptable.

Authorising officers must write down, in their own words, what they are authorising, not just sign off what is requested. They must adequately detail what is being authorised. Authorisations should be signed, dated and also record the time they were granted.

Directed surveillance is conducted where the observation is for the purpose of gathering private information to produce a detailed picture of a person’s life, activities and associations. It is necessary to look at “private information” in its widest sense and at the likelihood of obtaining private information about others, not just the intent or not to obtain private information.

An authorisation is NOT required for covert surveillance carried out as an immediate response to events or circumstances which could not be foreseen. However, if this surveillance continues for a substantial period of time, or is recommenced after some time has elapsed, an authorisation may be required and should be sought as soon as reasonably practicable; note that Judicial Approval will still be required.

Assessing the Application Form

30

14. Before an AO authorises an action, s/he must:-

a. Be mindful of this manual, the training received and any other advice or guidance issued, from time to time, by the SRO;

b. Recognise that s/he should not be responsible for authorising investigations or operations in which they are directly involved, although it is recognised that this may sometimes be unavoidable, or where it is necessary to act urgently. Where an AO authorises such an investigation or operation the SRO should be advised so that the central record of authorisations can be highlighted to reflect this and the attention of a Commissioner or Inspector can be drawn to it during the next inspection.

c. Subject to this, satisfy him/herself that the RIPA authorisation is:-

i. in accordance with the law;ii. for a defined purpose – in particular, the offence for the

potential prosecution for which the evidence is being gathered should be clearly set out;

ii. necessary in the circumstances of the particular case on the grounds mentioned in paragraph 8 above; and

iii. proportionate to what it seeks to achieve.

NecessityFor interference with an individual’s rights under “Article 8” to be necessary, the action must be for the purposes of preventing and detecting crime or for preventing disorder. The action must be necessary to secure best evidence and it must be demonstrable that less intrusive action would not adequately serve the same purpose.

ProportionalityIn considering proportionality officers should:

balance the size and scope of the proposed activity against the gravity and extent of the perceived crime or offence;

explain how and why the methods to be adopted will cause the least possible intrusion on the subject and others;

consider whether the activity is an appropriate use of the legislation and a reasonable way, having considered all reasonable alternatives, of obtaining the necessary result;

evidence, as far as reasonably practicable, what other methods had been considered and why they were not implemented

In determining whether the proposed surveillance is necessary the AO must establish in his own mind that there is a clear need in the investigation for the use of covert surveillance and that the information that is sought by the use of covert surveillance cannot be obtained through any other means. An explanation of why the Authorising Officer

31

considers the authorisation to be necessary must be clearly addressed in giving his reasons for granting the authorisation.

d. In assessing whether or not the proposed surveillance is proportionate, consider the seriousness of the matter giving rise to the proposed surveillance and the importance of taking action in respect of it; the implications of not gathering information about the matter; the effects of the proposed surveillance on the subject of the surveillance and on other persons; compare such effects against the seriousness of the matter and the implications of not taking action; indicating what, if any, other action instead of that proposed, might be taken; and confirming whether the action proposed is likely to be the most effective and the least intrusive means of obtaining the required information. The least intrusive method will be considered proportionate by the Courts.

e. Take into account the risk of intrusion into the privacy of persons other than the specified subject of the surveillance (Collateral Intrusion). Measures must be taken wherever practicable to avoid or minimise (so far as is possible) collateral intrusion and such intrusion and the measures which it is practicable to take to avoid or minimise it, may be an aspect of determining proportionality. It may be that if significant collateral intrusion cannot be avoided, no directed surveillance is proportionate.

f. Set a date for review of the authorisation and review on only that date. Please ensure that the authorisation is reviewed regularly ie at least every 4 weeks. Particular attention is drawn to the need to review authorisations frequently where the surveillance or property interference involves a high level of intrusion into private life or significant collateral intrusion, or confidential information is likely to be obtained.

Where a directed surveillance authorisation provides for the surveillance of unidentified individuals whose identity is later established, the terms of the authorisation should be refined at a review to include the identity of these individuals. It would be appropriate to convene such a review specifically for this purpose. This process will not require a fresh authorisation, providing the scope of the original authorisation envisaged surveillance of such individuals. Such changes must be highlighted at the next renewal if the authorisation is to be renewed.

Example: A directed surveillance authorisation is obtained by the police to authorise surveillance of “X and his associates ”for the purposes of investigating their suspected involvement in a crime. X is seen meeting with A in a café and it is assessed that subsequent surveillance of A will assist the investigation. Surveillance of A may continue (he is an associate of X) but the directed surveillance authorisation should be amended at a review to include “X and his associates, including A.”

32

g. Ensure that a copy of the RIPA Forms (and any review/cancellation of the same) is forwarded to the Central RIPA Registrar, within 5 working days of the relevant authorisation, review, renewal, cancellation or rejection, making sure that they are sent either electronically or in sealed envelopes, marked “Strictly Private and Confidential”. Arrangements should be made to introduce password protection.

Additional Safeguards when Authorising a CHIS

15. When authorising the conduct or use of a CHIS, the AO must also:-

a. be satisfied that the conduct and/or use of the CHIS is proportionate to what is sought to be achieved;

b. be satisfied that appropriate arrangements are in place for the management and oversight of the CHIS and this must address health and safety issues through a risk assessment;

c. consider the likely degree of intrusion upon the privacy of all those potentially affected;

d. consider any adverse impact on community confidence that may result from the use or conduct of the CHIS or the information obtained; and

e. ensure that an appropriately trained handler, supervisor and record keeper have been appointed.

f. ensure records contain necessary particulars as required by the Regulation of Investigatory Powers Act (Source Records) Regulations 2000 (SI 2000/2725) and are not available except on a need to know basis.

Urgent Authorisations

16. With the advent of the requirement for judicial approval of local authority RIPA authorisations and renewals (as to the procedure for which see below) on the coming into force of the Protection of Freedoms Act 2012 on 1 November 2012, local authorities ceased to be able to give urgent authorisation otherwise than in accordance with the normal written procedure. Arrangements can however be made for judicial approval out of hours of written authorisations should this, exceptionally, be required.

Duration

17. The Form must be reviewed within the time stated and cancelled once it is no longer needed. The “authorisation” to carry out/conduct the surveillance lasts for a maximum of 3 months (from Judicial Approval) for Directed Surveillance, and 12 months (from Judicial Approval) for a CHIS. However, whether the surveillance is carried out/conducted or not, in the relevant

33

period, does not mean the “authorisation” is “spent”. In other words, the Forms do not expire! The forms have to be reviewed and/or cancelled (once they are no longer required).

18. Once the action authorised has been carried out the applicant should inform the AO who will then review the authorisation and other than in exceptional circumstances cancel the authorisation. The AO will in any event cancel the authorisation on the review date if the applicant has not by that date reported to the AO on the implementation of the authorisation granted.

19. The Applicant must keep under review the offences to which the investigation is directed. If it becomes clear at any time that the offences involved have changed such that they may not meet the serious crime threshold, the Applicant should take no further action pursuant to the authorisation and immediately report this to the AO with a view to possible cancellation.

20. Authorisations can be renewed in writing when the maximum period has expired. The Authorising Officer must consider the matter afresh, including taking into account the benefits of the surveillance to date, and any collateral intrusion that has occurred. The renewal will begin on the day when judicial approval is given.

Judicial Approval

21. Judicial Approval is a pre-requisite for the validity of any RIPA authorisation and any renewal of such an authorisation. It is not required for internal reviews (carried out at the interval set under 14f above) or cancellation.

22. The procedure for Judicial Approval is additional and not a replacement for authorisation by the AO. The AO, when granting authority, must ensure that his/her reasoning and the steps authorised will be clear to the JP considering the subsequent application for approval.

23. Once the AO has considered and given a RIPA authorisation, it is the responsibility of the investigating officer to obtain judicial approval. Reference should be made to the Guidance on the Home Office website from time to time; a flowchart of the current procedure appears at Appendix 2 below, and a version current at the date of preparation of this manual of the necessary forms of application and order at Appendix 3. The current procedure follows.

24. The investigating officer must first complete the required section of the judicial application/order form. The brief summary of the circumstances of the case set out on the judicial application form is supplementary to and does not replace the need to supply a copy of the complete original RIPA authorisation as well.

25. It will then be necessary within Office hours to arrange with Her Majesty’s Courts & Tribunals Service (HMCTS) administration at the magistrates’ court

34

to arrange a hearing. The hearing will be in private and heard by a single JP.

26. Officers who may present the application at these proceedings will need to be formally designated by the Council under section 223 of the Local Government Act 1972 to appear, be sworn in and present evidence or provide information as required by the JP. If in doubt as to whether you are able to present the application seek advice from the SRO; the SRO as Director of Governance & Law has authority to make such designations.

27. Upon attending the hearing, the officer must present to the JP the partially completed judicial application/order form, the RIPA application/authorisation form, together with any supporting documents setting out the case, and the original application/authorisation form.

28. The original RIPA application/authorisation should be shown to the JP but will be retained so that it is available for inspection by the Commissioners’ offices and in the event of any legal challenge or investigations by the Investigatory Powers Tribunal (IPT).

29. The JP will read and consider the RIPA application/ authorisation and the judicial application/order form. S/he may have questions to clarify points or require additional reassurance on particular matters. These questions are supplementary to the content of the application form. However the forms and supporting papers must by themselves make the case. It is not sufficient for the officer to provide oral evidence where this is not reflected or supported in the papers provided.

30. The JP will consider whether s/he is satisfied that at the time the authorisation was granted or renewed, there were reasonable grounds for believing that the authorisation was necessary and proportionate. S/he will also consider whether there continues to be reasonable grounds. In addition s/he must be satisfied that the person who granted the authorisation or gave the notice was an appropriate designated person within the local authority and the authorisation was made in accordance with any applicable legal restrictions, for example that the crime threshold for directed surveillance has been met.

31. The JP may decide to:

Approve the Grant or renewal of an authorisation The grant or renewal of the RIPA authorisation will then take effect and the officer may proceed to use the technique in that particular case.

Refuse to approve the grant or renewal of an authorisation The RIPA authorisation will not take effect and the officer may not use the technique in that case.

Where an application has been refused the investigating officer must report this to his gatekeeper with an explanation of the reasons for that refusal. If

35

more information was required by the JP to determine whether the application/authorisation has met the tests, and this is the reason for refusal the officer should consider with the gatekeeper (who may consult the SRO) whether to reapply; for example, if there was information to support the application which was available to the local authority, but not included in the papers provided at the hearing.

For a technical error the form may be remedied without going through the internal authorisation process again. The officer may then wish to reapply for judicial approval once those steps have been taken.

Refuse to approve the grant or renewal and quash the authorisation or notice If s/he feels that the authorisation is fundamentally flawed, the JP may decide not only to refuse to approve the authorisation (or renewal) but also to quash the original authorisation. However the court must not exercise its power to quash the application/authorisation unless the applicant has had at least 2 business days from the date of the refusal in which to make representations. If this is the case the officer must immediately inform the SRO via the SRO who will consider whether to make any representations; the alternative is to make a fresh application to the AO taking account of the reasons given by the JP for quashing.

32. Whatever the decision the JP will record their decision on the order section of the judicial application/order form. The court administration will retain a copy of the local authority RIPA application and authorisation form and the judicial application/order form. The officer will retain the original application/authorisation and a copy of the judicial application/order form.

33. If approved by the JP, the date of the approval becomes the commencement date and the three months duration will commence on this date. The officer is now allowed to undertake the authorised activity.

34. The original application and the copy of the judicial application/order form should be forwarded to the Central RIPA Registrar and a copy retained by the officer and if necessary by the Authorising Officer.

35. A JP’s decision can only be challenged on a point of law by judicial

review. The Officer should report the decision to the AO. The SRO will decide whether such a claim should be made.

36

K. Working With/Through Other Agencies

1. When some other agency has been instructed on behalf of the Council to undertake any action under RIPA, this Guidance Manual must be used (as per normal procedure) and the agency advised or kept informed, as necessary, of the various requirements. They must be made aware explicitly what they are authorised to do.

2. When some other agency (eg Police, Customs & Excise, Inland Revenue etc):-

a. wish to use the Council’s resources (eg CCTV surveillance systems), that agency must use its own RIPA procedures and, before any Officer agrees to allow the Council’s resources to be used for the other agency’s purposes, s/he must obtain relevant extracts from the authorising authority’s RIPA authorisation which are sufficient to enable him/her to ascertain exactly what has been authorised and for what purpose so that the authority is not inadvertently exceeded;

b. wish to use the Council’s premises for their own RIPA action, the Officer should, normally, co-operate with the same, unless there are security or other good operational or managerial reasons as to why the Council’s premises should not be used for the agency’s activities. Suitable insurance or other appropriate indemnities may be sought, if necessary, from the other agency for the Council’s co-operation in the agency’s RIPA operation. In such cases, however, the Council’s own RIPA forms should not be used as the Council is only “assisting” and is not “involved” in the RIPA activity of the external agency.

3. If the Police or other Agency wish to use Council resources for general surveillance, as opposed to specific RIPA operations, an appropriate letter requesting the proposed use, extent of remit, duration, who will be undertaking the general surveillance and the purpose of it must be obtained from the Police or other Agency before any Council resources are made available for the proposed use.

4. If in doubt, please consult with the SRO at the earliest opportunity.

37

L. Acquisition and Disclosure of Communications Data

Designated Persons or Authorising Officers

1. Designated Persons (DPs) are defined within RIPA and the 2010 Order and for the purposes of this Policy and Procedure document include the AOs. DPs may grant an authorisation under s22(3) of the Act allowing an Officer of the Authority to collect or retrieve communications data. An authorisation is granted by the DP but must be administered by the NAFN “SPoC” (a Single Point of Contact). Under Section 22(4) of RIPA a notice can be given to a Communications Service Provider requiring them to collect or retrieve the data and produce it to the Council. The notice is given by the DP, but must be served by a SPoC.

2. All applications for Acquisition of Communications Data will be submitted via the NAFN SPoC procedure to the LBWF DP/AO.

Authorisations

3. A DP may grant an authorisation under Section 22(3) of RIPA to other Officers holding offices, ranks or positions in the Council as defined in the 2003 Order, to engage in any conduct to which Chapter II of RIPA applies.

4. Chapter II applies to

a any conduct in relation to a postal service or telecommunication system for obtaining communications data, other than conduct consisting in the interception of communications in the course of their transmission by means of such a service or system; and

b the disclosure to any person of communications data.

Communications Data

5. Communications Data means any of the following:-

(a) any traffic data comprised in or attached to a communication (whether by the sender or otherwise) for the purposes of any postal service or telecommunications system by means of which it is being or may be transmitted;

(b) any information which includes none of the contents of a communication (apart from any information falling within paragraph (a)) and is about the use made by any person:-

(i) of any postal service or telecommunications service; or

(ii) in connection with the provision to or use by any person of any telecommunications service, of any part of a telecommunication system;

38

(c) any information not falling within paragraph (a) or (b) that is held or obtained, in relation to persons to whom he provides the service, by a person providing a postal service or telecommunications service.

6. Only Communications Data falling within (b) and (c) above may be authorised or required to be obtained by means of an authorisation given, or notice made on behalf of the Council under Sections 22(3) and (4) of RIPA. This means that the Council is never entitled to acquire details of the content of any communication for which authorisation may be given, or traffic data.

Grounds for Authorisations and Notices

7. A DP may only grant an authorisation or give a notice as above where s/he believes that it is necessary for the purpose of preventing or detecting crime.

Notices

8. Where it appears to a DP that a postal or telecommunications operator is or may be in possession of, or be capable of obtaining, any communications data, s/he may, by notice to the postal or telecommunications operator, require the operator:-

a if the operator is not already in possession of the data, to obtain the data; and

b in any case, to disclose all of the data in his possession or subsequently obtained by him.

Proportionality

9. A DP must not grant an authorisation or give a notice unless he believes that obtaining the data in question by the conduct authorised or required by the authorisation or notice is proportionate to what is sought to be achieved by so obtaining the data.

Form and Duration of Authorisations and Notices

10. An authorisation under Section 22(3) of RIPA:-

a must be granted in writing or (if not in writing) in a manner that produces a record of its having been granted;

b must describe the conduct to which Chapter II of RIPA applies that is authorised and the communications data in relation to which it is authorised;

c must specify the matters falling within section 22(2) of RIPA by reference to which it is granted; and

39

d must specify the office, rank or position held by the person granting the authorisation.

11. A notice under Section 22(4) of RIPA requiring communications data to be disclosed or to be obtained and disclosed:-

a must be given in writing or (if not in writing) must be given in a manner that produces a record of its having been given;

b must describe the communications data to be obtained or disclosed under the notice;

c must specify the matters falling within section 22(2) of RIPA by reference to which the notice is given;

d must specify the office, rank or position held by the person giving it; and

e must specify the manner in which any disclosure required by the notice is to be made.

12. A notice must not require the disclosure of data to any person other than:-

a the person giving the notice; or

b such other person as may be specified in or otherwise identified by, or in accordance with, the provisions of the notice;

but the provisions of the notice shall not specify or otherwise identify a person for the purposes of paragraph (b) unless he holds an office, rank or position with the same relevant public authority as the person giving the notice.

13. An authorisation or notice:-

a must not authorise or require any data to be obtained after the end of the period of one month beginning with the date on which the authorisation is granted or the notice given; and

b in the case of a notice, must not authorise or require any disclosure after the end of that period of any data not in the possession of, or obtained by, the postal or telecommunications operator at a time during that period.

14. An authorisation or notice may be renewed at any time before the end of the period of one month applying to that authorisation or notice.

15. A renewal of an authorisation or of a notice must be by the grant or giving, in accordance with this section, of a further authorisation or notice.

40

16. Paragraph 12 will have effect in relation to a renewed authorisation or renewal notice as if the period of one month mentioned in that paragraph did not begin until the end of the period of one month applicable to the authorisation or notice that is current at the time of the renewal.

17. Where a Designated Person who has given a notice is satisfied:-

(a) that it is no longer necessary on the relevant grounds falling within section 22(2) of RIPA for the requirements of the notice to be complied with, or

(b) that the conduct required by the notice is no longer proportionate to what is sought to be achieved by obtaining communications data to which the notice relates,

s/he must cancel the notice.

18. The following Communications Data Forms must be used:-

Application for Communications DataApplication for Communications Data - SPoC Rejection FormSPoC Log SheetSPoC Officers ReportDesignated Person’s Consideration Form - Application for CommunicationsDataNotice under Section 22(4) of RIPACancellation of Notice under Section 22(4) of RIPA - ApplicantCancellation of Notice under Section 22(4) of RIPA - SPoC

41

M. Records Management

1. General

The Council must keep a detailed record of all authorisations, renewals, cancellations and rejections in each department and a Central Register of all Authorisation Forms will be maintained by the Central RIPA Registrar and monitored by the SRO.

2. Records maintained on investigation file

The following documents should be retained on the investigation file. Management systems developed within each service should be developed to monitor the status of each RIPA-authorised investigation and ensure that appropriate information is given on completion of authorised investigations and/or on or before review dates as appropriate:-

a copy of the Forms together with any supplementary documentation and notification of the approval given by the Authorising Officer;

a record of the period over which the surveillance has taken place;

the frequency of reviews prescribed by the Authorised Officer;

a record of the result of each review of the authorisation;

a copy of any renewal of an authorisation, together with the supporting documentation submitted when the renewal was requested;

the date and time when any instruction was given by the Authorised Officer;

the Unique Reference Number for the authorisation (URN).

3. Product from Directed Surveillance

Material obtained as a result of surveillance activities eg photographs; video film; surveillance log; officers notes, should be recorded on the file and identified by the URN allocated. The investigating officer should retain the original record and product documentation on the case or investigation file. All Officers should ensure that the integrity, security and confidentiality of this material is maintained. Such material should be retained for a period of three years. When it is destroyed, this fact should be recorded on the original record and be signed by the relevant Officer. If any product documentation is sent to the Central RIPA Registrar for storage such material should be logged in and out using the log in book provided.

Any product sent to the Central RIPA Registrar must be stored in a locked filing cabinet.

42

4. Records of Use of and Product from a CHIS

Similarly, records of the use and of the materials provided by a CHIS should be maintained by the investigating officer for a period of three years.

5. Central Record maintained by the Central RIPA Registrar

AO must forward details of each Form (whether granted or refused) (either electronically, but still signed, or in sealed envelopes, marked “Strictly Private and Confidential”) to the Central RIPA Registrar for retention on the Central Record, within 5 working days of the authorisation, review, renewal, cancellation or rejection.

6. The Council will retain records for a period of at least five years from the ending of an authorisation (see Code of Practice Section 8.4).

7. The Central RIPA Registrar will maintain a spreadsheet summarising RIPA authorisations granted and rejected and including such information as may be required from time to time

8. Security of the Central Record: The Central Record is held in a locked filing cabinet. The following officers have sole access to the central record:

The Chief Executive The Head of Internal Audit & Anti-Fraud The SRO and SRO on his behalf The RIPA Central Registrar.

43

N. Auditing of Authorisations and Records

1. The SRO will arrange an annual audit. The following should fall within the scope of the audit:-

ApplicationsAuthorisationsRisk AssessmentsReviews and RenewalsCancellationsRecords of Product of Directed SurveillanceSource Records

2. The audit should seek to establish compliance with the following:-

The Regulation of Investigatory Powers Act 2000Statutory Instruments made under the ActThe Code of Practice on Covert SurveillanceThe Code of Practice on Covert Human Intelligence SourcesThe Code of Practice on Acquisition and Disclosure of Communications DataThis Manual Office of Surveillance Commissioners Procedures and GuidanceGuidance material issued by The Home Office

3. The audit will be reported to the SRO, who will be responsible for the agreement and implementation of any recommendations.

4. Audits of services that may undertake covert surveillance may include the audit of RIPA compliance where that area of the service is covered by the audit. Any recommendations will be reported to the Executive/Strategic Director and the SRO.

5. Members need to have an overview of the surveillance activities being undertaken on behalf of the Council, to be informed of the result of such activities and the nature of any resulting actions. This overview will be facilitated by reports being presented by the SRO. Such reports will detail the level of surveillance actively being undertaken on behalf of the authority. The SRO will also report in broad terms, on the outcomes of such operations, in terms of the success of related prosecutions or staff disciplinary action. No sensitive personal data will be shared.

6. Directed Surveillance, Covert Human Intelligence Sources, enforcement activities of the authority which fall within the remit of the Regulation of Investigatory Powers Act 2000 are subject to monitoring and oversight by the Office of The Surveillance Commissioner. Communications data activities are monitored by the Interception of Communications Commissioners Office.

44

O. Complaints and Copies of Codes of Practice

1. Complaints about the Council’s actions under RIPA should be submitted in writing to the SRO.

2. Information on the Investigatory Powers Tribunal will be provided as part of the response to any RIPA complaint, including the provision of copies of the Tribunal’s complaint form and information leaflet, or by contacting the SRO as indicated above. An Investigatory Powers Tribunal (IPT) established under section 65 of RIPA investigates complaints made by people who are concerned that public authorities have deployed covert investigatory techniques against them unlawfully. There is no domestic right of appeal against IPT decisions, although individuals may seek appeal to the European Court of Human Rights. The IPT’s website is at: http://www.ipt-uk.com/.

3. Copies of the Codes of Practice on Covert Surveillance and Covert Human Intelligence Sources will be made available to the public by request to the Senior Responsible Officer, Governance & Law, LB Waltham Forest, Waltham Forest Town Hall, Forest Road, London E17 4JF (email: mark.hynes@walthamforest.gov.uk). Access can also be provided, on request, to the Regulation of Investigatory Powers Act 2000 and related legislation and regulations.

45

P. Summary

1. Where there is an interference with the right to respect for private life and family guaranteed under Article 8 of the European Convention on Human Rights and where there is no other source or lawful authority for the interference, or if it is held not to be necessary or proportionate to the circumstances, the consequences of not obtaining or following the correct authorisation procedure set out in RIPA and this document, may be that the action will be held to be unlawful by the Courts pursuant to Section 6 of the Human Rights Act 1998 and the evidence obtained excluded from any prosecution.

2. Obtaining an authorisation under RIPA and following this document, should ensure that the action is carried out in accordance with the law and subject to stringent safeguards against abuse of anyone’s human rights.

3. AOs will be suitably trained and they must exercise their independent judgment every time they are asked to authorise an action. They must never sign or rubber stamp application(s) without thinking about their personal and the Council’s responsibilities.

4. Any boxes not needed on the Form(s) must be clearly marked as being “NOT APPLICABLE”, “N/A” or a line put through the same. Great care must also be taken to ensure accurate information is used and is inserted in the correct boxes. Reasons for any refusal of an application must also be kept on the form and the form retained for future audits.

5. Particular care must be taken when considering and confirming whether the proposed surveillance is proportionate to what it seeks to achieve. The explanation must be full and complete. Please refer to paragraph 2 of Section E (General Information on RIPA) and paragraph 14d in Section I(Authorisation Procedures) for further guidance.

6. AO, in giving approval, must state on the form, in detail, why s/he considers the proposed action to be necessary and proportionate.

7. Care must also be taken to ensure that a full description of the surveillance operation is given on the authorisation form. Appropriate plans, should be used, particularly where camera surveillance is proposed. Any such authorisation should also specify the type of camera for which authorisation is given.

8. Investigating and Authorising Officers should note that the expiry date (date for cancellation) for an authorisation for three months commencing eg on 1 March is 31 May and not 1 June.

9. Authorised activities, and therefore authorisations, should be reviewed at least every 4 weeks.

46

10. All authorisations and renewals require Judicial Approval

11. For further advice and assistance on RIPA, please contact the SRO. Details are provided on the front of this document.

47

APPENDIX 1 - RIPA FLOW CHART

Requesting Officer (“The Applicant”) must: Read the RIPA Manual and be aware of any other guidance issued by/on behalf of the

SRO. Consider whether directed surveillance and/or a CHIS is required Assess whether authorisation will be in accordance with the law Assess whether authorisation is necessary for an approved purpose under RIPA and

whether it could be done overtly Consider whether surveillance will be proportionate; if a less intrusive option is available

and practical, use that option! If authorisation is approved - review regularly

If unsure, discuss with your gatekeeper before applying; if it is decided that no authorisation is required, complete “Non-regulated surveillance log” (App 2)

If authorisation is necessary and proportionate, obtain a URN from the Central RIPA Registrar and prepare and submit an application to the gatekeeper; s/he will consider the application to ensure that all relevant information is provided and issues considered and pass it to the AO

AO must: Consider in detail whether all options have been duly considered, including this

Manual and any other guidance issued by the SRO Consider whether surveillance is considered by him/her to be necessary and

proportionate Authorise only if an overt or less intrusive option is not practicable Set an appropriate review date (can be up to 3 months after authorisation date) and

conduct the review

If an internal authorisation is given, and on any renewal, the Applicant must: Seek judicial approval of the authorisation in accordance with the Home Office

Guidance; a flow-chart of that procedure appears as Appendix 2, and a form of application and order as Appendix 3

The Applicant must:REVIEW REGULARLY(complete Review Form) and submit to Authorising Officer on date set

The Applicant must:If operation is no longer necessary (eg it has been completed) or proportionate, complete CANCELLATION FORM and submit to AO

AO must:if surveillance is still necessary and proportionate: Review authorisation Set an appropriate further review

dateIf no Review Form has been submitted – CANCEL the authorisation

AO must:Cancel authorisation when it is no longer necessary or proportionate.

ESSENTIAL

Send all Authorised (and any rejected) Forms, Review, Renewals and Cancellations to the Central RIPA Registrar within 5 working days of the relevant event.

48

Appendix 2 – Judicial Approval flow chart

49

Appendix 3

Application for judicial approval for authorisation to obtain or disclose communications data, to use a covert human intelligence source or to conduct directed surveillance. Regulation of Investigatory Powers Act 2000 sections 23A, 23B, 32A, 32B.

Local authority:

Local authority department:

Offence under investigation:

Address of premises or identity of subject:

Covert technique requested: (tick one and specify details)

Communications DataCovert Human Intelligence SourceDirected Surveillance

Summary of details:

Note: this application should be read in conjunction with the attached RIPA authorisation/RIPA application or notice.

Investigating Officer:Authorising Officer/Designated Person:Officer(s) appearing before JP:

Address of applicant department:

Contact telephone number:Contact email address (optional):Local authority reference:

50

Number of pages:

Order made on an application for judicial approval for authorisation to obtain or disclose communications data, to use a covert human intelligence source or to conduct directed surveillance. Regulation of Investigatory Powers Act 2000 sections 23A, 23B, 32A, 32B.

Magistrates’ court:

Having considered the application, I (tick one):

am satisfied that there are reasonable grounds for believing that the requirements of the Act were satisfied and remain satisfied, and that the relevant conditions are satisfied and I therefore approve the grant or renewal of the authorisation/notice.

refuse to approve the grant or renewal of the authorisation/notice.

refuse to approve the grant or renewal and quash the authorisation/notice.

Notes:

Reasons:

Signed:

Date:

Time:

Full name:

Address of magistrates’ court:

51

Appendix 4PART II OF THE REGULATION OF INVESTIGATORY

POWERS ACT (RIPA) 2000NON-REGULATED SURVEILLANCE LOG

Public Authority(including full address)

Service:Name of decision maker: Position:Proposed Operation including details of Location, Equipment and Personnel:

Date Operation to StartDate Operation to End:Date and Signature of Decision Maker:

Decision makers comments:

Reasons why RIPA authorisation not considered necessary:

Line Manager :Views on proposed action:

Date action agreed:Signature of Line Manager:

NB: If in doubt, ask the gatekeeper BEFORE any directed surveillance and/or CHIS is authorised, renewed, cancelled or rejected.