Ex-GCHQ head calls for a revise of RIPA to regulate social media intelligence

At the end of April the think-tank Demos issued #intelligence, a report that was co-written by Sir David Omand, who was the director of the UK Government Communications Headquarters (GCHQ) between 1996 and 1997.

The report stresses the value of ‘SOCMINT’, intelligence gathered from social media, as a ‘decisive’ source of information that contributes to public safety. At the same time it stresses that the gathering and use of ‘socmint’ by the state needs to based on a ‘publicly argued and sound legal footing’ – which is currently not the case. In that context the report calls for an overhaul of the UK’s Regulation of Investigatory Powers Act from 2000, which regulates police and intelligence agencies’ access to online data.

“An interdepartmental review must review what types of SOCMINT might fall under RIPA 2000 parts I and II, and the relevant degrees and type of authorisation required. Existing mechanisms of oversight for all intelligence and policing work, including the Parliamentary Intelligence and Security Committee and the independent police commissioners, need to determine how SOCMINT should relate to their current procedures and operations.”

Public vs private
The report also emphasised the distinction between information made openly available on social media sites by users, and that which is protected by privacy barriers such as a password. The report states that only the latter information amounts to ‘intrusive’ or ‘surveillance’ SOCMINT.

Open source, ‘non-intrusive’ SOCMINT information would not be used to identify individuals, or as a means of criminal investigation, but would only be used to crowdsource information through Twitter or Facebook in order to gain for instance ‘situational awareness’ in the event of public disorder. If criminal or ‘possible criminal’ activity is found using non-intrusive socmint, state-specific powers should be used to identify individuals and access private information. Access to the latter require a warrant issued by a minister or a judge if the authorities wish to access it.

Six key principles
The report follows a huge public outcry over a preview of the UK government’s CCDP plans for wider state access to email and digital communications. The report proposes six principles that seem to be inspired by the Europan Court of Human Rights proportionality test, on which the use of SOCMINT by the state – including the Communications Capabilities Development Programme – should be based on.

Principle 1: there must be sufficient, sustainable cause
Principle 2: there must be integrity of motive
Principle 3: the methods used must be proportionate and necessary
Principle 4: there must be right authority, validated by external oversight
Principle 5: recourse to secret intelligence must be a last resort if more open sources can be used
Principle 6: there must be reasonable prospect of success

The report further calls on the UK Government to publish a green paper subject to public consultation about how it plans to use and manage social media analysis in the public interest, including for the purposes of public security.