View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Security services need permission to access communications data, High Court rules

The ruling will limit the way security agencies can access the personal data of citizens.

By Sophia Waterfield

Security services will need independent authorisation to obtain citizens’ personal communications data from telecoms providers, the High Court ruled today. The Investigatory Powers Act (IPA), dubbed the ‘snoopers’ charter’ by critics, had previously allowed agencies such as MI5 and MI6 to access to communications and personal information as part of their investigations without a court order.

Human rights organisation Liberty, which brought the case, described it as a “landmark victory” in stopping government bodies spying on UK citizens.

Snoopers' Chart unlawful in High Court ruling. An image of the Royal Courts of Justice.
The UK High Court has ruled that interception warrants need to be independently authorised. (Photo by CHUNYIP WONG/iStock)

“The Court has agreed that it’s too easy for the security services to get their hands on our data,” said Megan Goulding, a lawyer representing Liberty. “From now on, when investigating crime, MI5, MI6 and GCHQ will have to obtain independent authorisation before being able to access our communications data,”

The IPA 2016 was signed into law in November 2016 and aimed to bring together the powers already available to law enforcement and security and intelligence agencies to obtain communications and the data relating to it. It has been surrounded by controversy, with human rights organisations saying that it allows security services to do mass surveillance on citizens with limited oversight.

Since its royal assent, 10 non-government organisations have raised legal opposition to various aspects of the legislation, and Liberty is currently involved in an action at the Court of Appeal where it is attempting to challenge a 2019 ruling that some of the bulk surveillance provisions in the bill should be allowed.

What is the ‘snoopers charter’?

The IPA 2016 gives security and intelligence agencies access to bulk data which they can obtain from telecoms providers. This can include telephone records, text messages, location history and internet browsing history.

According to the government’s documentation on the law, this access is to help agencies investigate known, high-priority threats as well as identify emerging threats from individuals not known to them. It is also said to help establish links between known subjects of interest in complex investigations.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Liberty believes that the powers within the IPA 2016 are too broad and the safeguards around bulk powers fail to protect citizens’ rights to privacy and freedom of expression. This includes protecting the rights of journalists and their sources.

It has called on the government to introduce proper safeguards into the IPA: “We all want to have control over our personal information, and to have a government that respects our rights to privacy and freedom of expression,” the organisation said.

What does the IPA judgement mean for security services?

The High Court has ruled that it is unlawful for the security services to obtain individuals’ communications data from telecom providers without having prior independent authorisation and demonstrating their need for the data is necessary and proportionate.

Currently, interception warrants and bulk warrants are authorised by the Home Secretary or Home Office minister of state, but the new ruling would mean a court order would need to be obtained before security services carry out investigations under the IPA 2016. This requirement already applies to the police.

It comes at a time when the government is reportedly looking to introduce a national service to allow departments to search for and obtain internet connection records from communications firms. A procurement notice was published last month inviting tech firms to bid to provide support with the migration of IT systems for the project – as well as the development of a tool allowing authorities to search for information and filter results. Trials involving two internet service providers are said to have already taken place.

Tech Monitor has contacted the Home Office to ask for a response to today’s ruling.

Read more: The UK government must take police facial recognition seriously

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.