Need to Know: RIPA
Half a million people were snooped on last year, all using the Regulation of Investigatory Powers Act. But what is it?
The government has used the Regulation of Investigatory Powers Act (RIPA) to view communications data on half a million UK citizens, checking out who they're calling and emailing and when.
But what is RIPA, and why does it give government bodies so much power?
What is RIPA?
The preamble to the 2000 Act reads:
"To make provision for and about the interception of communications, the acquisition and disclosure of data relating to communications, the carrying out of surveillance, the use of covert human intelligence sources and the acquisition of the means by which electronic data protected by encryption or passwords may be decrypted or accessed; to provide for commissioners and a tribunal with functions and jurisdiction in relation to those matters, to entries on and interferences with property or with wireless telegraphy and to the carrying out of their functions by the security service, the Secret Intelligence Service and the Government Communications Headquarters."
If that makes any sense to you, you have a future in politics or possibly law.
For the rest of us, it means the act describes how and when government bodies can watch UK citizens. It describes when they can access communications data, follow us around, or listen in to our calls.
This covers photographing people, tapping phone calls, and being followed by police as well as looking at email and call records and intercepting them to read the content. That last one is the only type of surveillance to require a warrant, however.
Who does it apply to?
On the being watched side, if you're in the UK, it applies to you. That simple.
On the other side, there are those allowed to do the watching. When the Act first came into force, just nine bodies had access. In 2003, home secretary David Blunkett extended the powers.
RIPA now gives the power to hundreds of government agencies and departments to get communications data from ISPs, comms providers and postal service, as well as to conduct direct surveillance.
First, there are the obvious ones the police, security services, and central government. But local councils and regulators are also given access. Local authorities requested comms data on some 1,500 people last year.
Other hard-to-believe agencies that can have access to comms data include the Charity Commission, the Food Standards Agency, and the Gambling Commission.
To be clear, intercepts such as tapping phone calls or reading email are only allowed by police or security forces. And they need a warrant first.
But the rest of the agencies can ask an ISP for your address, see when you made a call, or hang around outside your bin to see if you're putting out your rubbish correctly.
Who do they have to apply to for such information?
To receive comms data... no one. There is a commissioner, who puts out a report each year detailing RIPA requests. That report is an amazing accomplishment, in that it manages to be so dense it's difficult to read while still offering little in the way of detail.
That commissioner has checked each approved RIPA body once since the Act came into force, to see if they're going about it correctly. Other than that, there is no oversight.
The Home Office is planning to release a code of conduct, however.
Want to read more background on the latest IT topics? Click here for all the tech cheatsheets in our Need to Know series.
Shining light on new 'cool' cloud technologies and their drawbacks
IONOS Cloud Up! Summit, Cloud Technology Session with Russell BarleyWatch now
Build mobile and web apps faster
Three proven tips to accelerate modern app developmentFree download
Reduce the carbon footprint of IT operations up to 88%
A carbon reduction opportunityFree Download
Comparing serverless and server-based technologies
Determining the total cost of ownershipFree download