Interception warrants under the IPA 2016 explained
An overview of the rules on the interception of communications by state agencies in the UK
TL;DR
This newsletter is about the power of UK public authorities to intercept communications under the Investigatory Powers Act 2016. It looks the conduct that can be permitted under an interception warrant, the kind of data that can be obtained and the rules and restrictions that apply to such activity.
Here are the key takeaways:
Interception warrants allow for the interception of communications while in transit, which includes its content and metadata. Interception warrants can be authorised in targeted form or bulk form, both of which are subject to the double lock.
Targeted interception is conducted against specified persons or groups. Bulk interception is conducted against any person or group pertaining to specified operational purposes.
A wide range of public authorities can apply for targeted interception warrants. Only the security and intelligence agencies (GCHQ, MI5 and MI6) can apply for bulk interception warrants.
Interception warrants can be served on telecommunications operators to assist public authorities with their operations. This includes providers of email services, messaging applications and cloud services.
Targeted interception warrants are used to obtain intelligence from a subject the identity of which is already known. Bulk warrants are used to obtain intelligence about developing events or to identify subjects whose identity is not already known.
What are interception warrants?
An interception warrant is a warrant authorising UK public authorities to intercept communications, one of the surveillance powers regulated by the Investigatory Powers Act 2016 (IPA 2016).1
For the purposes of the IPA 2016, "interception" is where a person intercepts a communication in the course of its transmission by means of a telecommunications system. This includes the following activity:2
Modifying or interfering with the system or its operation
Monitoring transmissions made by means of the system
Monitoring transmissions made by wireless telegraphy to or from apparatus that is part of the system
Any of the above acts must have the effect of making any content of the communication available to a person who is not the sender or recipient of the communication.3 Interception warrants authorise public authorities to carry out the interception of communications, either in a targeted or bulk form (more on bulk interception later).
The public authorities that can apply for an interception warrant include:
The security and intelligence agencies (SIAs), which include GCHQ, MI5 and MI6
National Crime Agency
Police of the Metropolis
Police Service of Northern Ireland
Police Service of Scotland
Her Majesty's Revenue and Customs
Defence Intelligence
Interception warrants may be issued on any of the following grounds:4
In the interests of national security
For the purpose of preventing or detecting serious crime, i.e., a criminal offence that involves conduct entailing the use of violence, results in substantial financial gain or is conduct by a large number of persons in pursuit of a common purpose5
In the interests of the economic well-being of the UK so far as those interests are also relevant to the interests of national security
Applications for interception warrants are received by the Secretary of State and subject to the double lock mechanism under the IPA 2016:6
This begins with the public authority applying for the warrant and the Secretary of State receiving the application and considering whether the conduct permitted by the warrant is both necessary for and proportionate to its purpose.
If this is the case, then the warrant application is reviewed by a judicial commissioner (who are persons who have held high judicial office)7 to also consider its necessity and proportionality.
General duties in relation to privacy must also be considered during this warrant authorisation process.8
Warrants can only be approved if both the public authority/Secretary of State and the judicial commissioner consider it to be necessary and proportionate, to ensure compliance with the relevant human rights law.
What data can be obtained under an interception warrant?
Interception warrants can be used to collect both the content and the metadata of a communication. I have covered these elements of electronic communications in a previous post on end-to-end encrypted communications and client-side scanning.
The IPA 2016, there are specific terms used to refer to the data that comprises a communication.
A "communication" means anything comprising speech, music, sounds, visual images, or data of any description.9 A communication includes both content and secondary data.
"Content" means any element of the communication which reveals anything of what might reasonably be considered to be the meaning (if any) of the communication.10 For example, the subject line of an email is considered the content of a communication.11
Metadata is referred to in the IPA 2016 as "secondary data", a term which includes two types of data:
"Systems data", which means any data that identifies or describes anything connected with enabling or facilitating the functioning of a telecommunication system or any telecommunications service provided by means of a telecommunications system.12 Examples of this include information about a software operating system or the period of time a router has been active on a network.13
"Identifying data", which means data that may be used to identify a person, apparatus, system, service or event or the location of any person, event or thing.14 Examples of this include photographic information (the time or location of a photo) or contact 'mailto' addresses within a webpage.15
A targeted interception warrant can be used to collect this data from any of the following:16
A particular person or organisation
A single set of premises
A group of persons who share a common purpose or carry on a particular activity
More than one person, organisation or set or premises if they relate to a single investigation or operation
Can interception warrants be served on companies?
Public authorities can request the assistance of telecommunications operators in executing an interception warrant. This includes providers of email services, messaging applications and cloud services.17
A public authority may require assistance by serving a copy of the warrant on the relevant operator,18 of which could be outside of the UK.19 Once served with a warrant, the operator must take all the steps required to give effect to the warrant,20 a duty which is enforceable by civil proceedings.21
However, an operator is not required to take any steps which it is not reasonably practicable for it to take.22 A person who knowingly fails to comply with a warrant served by a public authority is guilty of a criminal offence.23
Telecommunications operators, and persons employed by such operators, who are served with an interception warrant must not make an unauthorised disclosure to another person.24 An “unauthorised disclosure” means any disclosure of matters relating to the warrant, including its existence, its content, or even the steps taken in pursuance of the warrant.25
Non-compliance with this non-disclosure duty is a criminal offence26 unless the disclosure is an expected disclosure.27 An “expected disclosure” essentially means a disclosure made to specified persons for certain purposes, for example a disclosure made to the Intelligence and Security Committee of Parliament for the purposes of facilitating the carrying out of any of the committee's functions.28
An "expected disclosure" can also include statistical information related to warrants received by a telecommunications operators, as permitted by the government.29 This includes the total number of warrants that an operator has provided assistance with.30
It is possible for telecommunications operators to recover the costs of complying with an interception warrant.31 The arrangements for this may provide for payment of a contribution from public authorities subject to terms and conditions determined by the Secretary of State.32
What are the applicable data retention and disclosure safeguards?
In the issuing of a targeted interception warrant, certain arrangements must be put in place by the public authority in relation to material obtained under the warrant.33 Firstly, the following activities must be limited to that which is necessary for the authorised purposes (essentially the grounds on which the warrant has been issued):34
The number of persons to whom any of the material is disclosed or otherwise made available
The extent to which any of the material is disclosed or otherwise made available
The extent to which any of the material is copied
The number of copies that are made
Secondly, there must be arrangements for securing that every copy of the intercepted material made is stored, for as long as it is retained, in a secure manner.35 Thirdly, every copy made of the intercepted material must be destroyed as soon as there are no longer any relevant grounds for its retention.36
What are bulk interception warrants?
Scope of bulk interception warrants
A bulk interception warrant allows for the interception of communications of which are not limited to a specific person, organisation or premises. For example, “the interception of all communications transmitted on a particular route or cable, or carried out by a particular telecommunications operator, could, in principle, be lawfully authorised”.37
Bulk interception warrants can also authorise any conduct which is necessary to undertake to do what is expressly authorised by the warrant.38 This includes the interception of communications not necessarily described in the bulk warrant (collateral interception) if that is required to intercept the communications expressly provided in the warrant.39
Restrictions on bulk interception
Despite their broadness relative to targeted warrants, are some limitations on bulk interception warrants. The first is that the warrant must specify ‘operational purposes’ for which the data obtained under the warrant might be examined.40
The heads of the SIAs must maintain a list of these operational purposes41 and the Secretary of State must be satisfied that the examination of data intercepted is or may be necessary for the specified operational purposes and that each purpose is necessary in relation to the grounds on which a warrant has been issued. Those grounds include in the interests of national security, the prevention or detection of serious crime or in the interests of the economic well-being of the UK so far as those interests are also relevant to the interests of national security.42
Only the SIAs can apply for bulk interception warrants. The Secretary of State may only issue a bulk interception warrant, subject to the double lock,43 where two conditions are met:
The warrant relates to foreign communications,44 defined in the IPA 2016 as communications or secondary data sent or received by individuals who are outside the British Islands.45
The warrant authorises one or more of the following:46
The interception of communications described in the warrant
The obtaining of secondary data from such communications
The selection for examination of intercepted content or secondary data obtained under the warrant
The disclosure of anything obtained under the warrant to its addressee or any person acting on their behalf
Handling of bulk communications
Traditionally, GCHQ has been the main authority carrying out bulk interception.47 In doing so, GCHQ engages in a three-step process:48
Collection. GCHQ selects the internet bearers carrying communications that are most likely to be of intelligence value.
Filtering. The traffic obtained from the bearers are then filtered selecting communications of potential intelligence value while others are discarded.
Selection. The retained communications are then searched using selectors such as email addresses or telephone numbers.
If the examination of data obtained under a bulk warrant involves criteria to identify an individual known to be in the British Islands, then a targeted examination warrant must be sought.49 A senior official of an SIA may authorise for their communications to be examined using the existing criteria without such a warrant for up to five working days,50 a time period that allows a targeted examination warrant to be sought "without losing coverage of intelligence targets."51
The safeguards required for the retention and disclosure of material in relation to targeted interception warrants also apply to bulk warrants.52 However, additional examination safeguards must also be place, of which must ensure that:53
The selection of any of the intercepted material for examination is carried out only for the specified purposes, of which are the operational purposes specified in the bulk warrant
The selection of any of the intercepted material for examination is necessary and proportionate in all the circumstances
The selection of any of the of the intercepted material meets the selection conditions, of which essentially ensure that the examination of communications relating to an individual known to be in the British Islands does not take place without a targeted examination warrant
Serving bulk interception warrants
Like with targeted interception warrants, it is possible for a bulk interception warrant to be served on telecommunications operators to assist GCHQ in its operations.54 The communications under a bulk warrant may, for example, include “communications links operated by [a] telecommunications operator, which run through the physical cables that carry internet traffic”.55
Accordingly, the assistance of such an operator may be required by GCHQ. The provisions on the serving of bulk warrants, and the duties to be followed by operators served with such warrants, are the same as those for targeted interception warrants.56
What is the operational case for interception warrants?
Interception is used to obtain intelligence and identify individuals or groups that pose a threat to the UK.57 Targeted interception is “primarily an investigative tool that is used once a particular subject for interception has been identified”.
Contrastingly, bulk interception allows public authorities to “answer questions about developing incidents as they occur and identify the individuals involved”.58 For example, GCHQ analysts have used "communications data under bulk interception warrants to search for potential new phones used by individuals known to be involved in plotting terrorist acts in the UK.”59
Accordingly, interception “has been of value in target discovery but also in target development, the triaging of leads and as a basis for disruptive action”.60 Its utility extends to counterterrorism, cyber defence, organised crime and the support of military operations.61
Investigatory Powers Commissioner’s Office, Approval of Warrants Advisory Note 1/2018, para. 19.
Home Office, The Interception of Communications Code of Practice (2022), para. 2.6-2.7.
Home Office, The Interception of Communications Code of Practice (2022), para. 2.19.
Home Office, The Interception of Communications Code of Practice (2022), para. 2.20.
The IPA has a broad definition of telecommunications operator, which can be found in s.261(10) and is also elaborated on the in The Interception of Communications Code of Practice (2022), at para. 2.4.
The Investigatory Powers Act 2016, s.59(2)(b).
The Investigatory Powers Act 2016, s.58(4)(d).
The Investigatory Powers Act 2016, s.58(8)(a).
Investigatory Powers (Disclosure of Statistical Information) Regulations 2018, SI 2018/349, reg 4.
The Investigatory Powers Act 2016, s.53(6)(a).
Home Office, The Interception of Communications Code of Practice (2022), para. 6.8.
The Investigatory Powers Act 2016, s.138(1)(b)(i), 2(a) and 2(b).
David Anderson QC, Report of the Bulk Powers Review (Cm 9326, 2016), paras. 5.1 and 5.8.
David Anderson QC, Report of the Bulk Powers Review (Cm 9326, 2016), paras. 2.15-2.17.
Home Office, The Interception of Communications Code of Practice (2022), para. 4.5.
Home Office, The Interception of Communications Code of Practice (2022), para. 6.7.
David Anderson QC, Report of the Bulk Powers Review (Cm 9326, 2016), para. 5.3.
David Anderson QC, Report of the Bulk Powers Review (Cm 9326, 2016), para. 5.4.
David Anderson QC, Report of the Bulk Powers Review (Cm 9326, 2016), Annex 8 Case Studies - Bulk Interception, Case study A8/1.
David Anderson QC, Report of the Bulk Powers Review (Cm 9326, 2016), para. 5.54(b).
David Anderson QC, Report of the Bulk Powers Review (Cm 9326, 2016), para. 5.54(a).