Spy Blog has warned against the stupidity of Her Majesty's Revenue and Customs (HMRC) tax inspectors and corporate bureaucrats being granted the same investigative snooping powers under the notorious Regulation of Investigatory Powers Act 2000 as their former Customs colleagues.
- Is SOCA so useless, that HM Revenue & Customs really needs "bugging and phone-tap powers" ?
- HMRC intercept, snooping and surveillance powers commence today
The Guardian has now published some details regarding the unsurprising abuse of these powers, which were not used to investigate tax fraud, but which were instead abused to investigates and to (fail) to find evidence against an internal HMRC whistleblower.
Just as worrying was the fact that HMRC were tipped off as to the identity of the whistleblower by the stupidity of the House of Commons Public Accounts Committee, irrevocably damaging public trust in their ability to properly investigate the powerful Whitehall bureaucracies who waste our money.
Tax officials used intrusive powers to rake through Osita Mba's personal data in attempt to prove he had spoken to the Guardian
guardian.co.uk, Monday 29 April 2013 17.57 BST
Tax officials used intrusive investigative powers meant to catch serious criminals to try to prove that a whistleblower who uncovered a "sweetheart" deal with Goldman Sachs had spoken to the Guardian, it has emerged.
The belongings, emails, internet search records and telephone calls of the HM Revenue and Customs solicitor Osita Mba and the telephone records of his wife, Claudia, were examined by revenue investigators, according to previously undisclosed documents.
What justification was there for trawling through his wife's telephone records ? Were other members of his family and friends also snooped on ?
The powers, which are supposed to be used to combat large-scale criminal tax frauds, were used because the tax inspectors suspected that Mba had been in contact with the Guardian's former investigations editor, David Leigh.
Leigh's telephone numbers and email addresses were cross-referenced with Mba's, but investigators found no evidence of contact, documents show.
Who believes that journalists in the United Kingdom are not snooped on by the tentacles of Government bureaucracy trying to cover up or discourage politically embarrassing stories from appearing in the supposedly "free" press ?
This Communications Data snooping emphasises the need for investigative journalists to have several mobile phone / land line phone numbers and email accounts etc. or other confidential methods available to them, for exclusive contact with whistleblowers or other confidential journalistic sources.
Just relying on one or two well known numbers or addresses puts all of a journalist's other confirmed or developing sources at risk, if a high profile one becomes the target of a "leak investigation".
Using the Public Interest Disclosure Act, Mba wrote to the National Audit Office and two parliamentary committees in confidence in 2011 saying that the head of tax, Dave Hartnett, had "let off" Goldman Sachs from paying at least £10m in interest.
Emails show Mba's identity was disclosed to the revenue in October 2011 by the former clerk of the public accounts committee, who had sought clarification that Mba was their employee.
This is unforgivable. What is the point of granting Parliamentary Privilege to Witnesses who appear before, or submit written Evidence to a Parliamentary Select Committee, if that Committee itself betrays the identity of a whistleblower to his employer, who then attempts to harass and even maliciously prosecute him ?
This undermines public trust in the impartiality and competence of Parliament.
The Guardian are actually being a bit generous here, by seemingly blaming "the former clerk of of the public accounts committee" for the betrayal.
The controversial Chair(woman) of the Committee Margaret Hodge (the rich former Labour Minister) and all of its members collectively should apologise in public for this betrayal of confidence.
The Public Accounts Committee and other Select Committees should establish confidential ,anonymous whistleblower contact methods and procedures, backed up by "contempt of Parliament" sanctions, to protect the identity of witnesses and whistleblowers until they are willing or able to repeat their allegations or evidence in public.
The next day, a member of the HMRC's security staff sought to obtain access to Mba's office cabinet beneath his second-floor desk in Whitehall. "Thanks. Did you manage to get cabinet key number?" he asked a colleague.
The security staff member also received an email containing the solicitor's private email address, his mobile number, his home telephone number and his wife's telephone details.
It is a bit unclear if this happened before the the actual publication of the story ion The Guardian on the 11th October 2011
On 11 October 2011, the Guardian published a story under the headline "Goldman Sachs let off paying £10m interest on failed tax avoidance scheme", written by Leigh.
Publication of the story prompted members of the revenue's criminal investigative unit to take action. One named internal criminal investigator sent an email on 19 October 19 to a colleague saying that the revenue had begun "a review of the suspect's [Mba's] H drive [the hard drive used within HMRC] and email traffic and internet usage", but inquiries had revealed nothing.
He then proposed a "further interrogation of computer material" and an "itemised billing check", and wrote that "consultations with the CPS [Crown Prosecution Service] can proceed".
Using the Regulation of Investigatory Powers Act 2000 (Ripa), HMRC can see websites viewed by taxpayers, where a mobile phone call was made or received, and the date and time of emails, texts and phone calls. According to the revenue website, these powers "can only be used when investigating serious crime". But the documents disclose that applications were granted to investigate Mba using Ripa.
This sounds just like the RIPA powers available to a Local Council, but that is not the full picture.
HMRC tax inspectors and bureaucratic managers actually have the full RIPA snooping powers which were available to HM Customs & Excise before they were borged into this combined monster department. These are the same RIPA powers available to the Police or the intelligence agencies, including Interception of electronic or postal communications and the use of Directed or Intrusive surveillance and of Confidential Human Intelligence Sources (under cover agents or informers).
On 21 October 2011, tax officials applied for an itemised billing request to check an old mobile of Mba's, documents show.
One document read: "David Leigh, who was given HMRC material discussing a named tax payers tax affairs advised a senior employee of HMRC that he had been given access to that material on the 4th or 5th October 2011 and in it he quoted extracts from an HMRC minute of 8/12/2010. He was clearly given information which if provided by an HMRC employee was in contravention of CRCA [Commissioners for Revenue and Customs Act 2005]."
Why did the HMRC investigators not get internal legal advice before starting their snooping ?
The Commissioners for Revenue and Customs Act 2005 section 20 Public interest disclosure clearly applies in this case.e.g.section
1) (c) the Commissioners are satisfied that it is in the public interest.
Ten days later, another investigator sent a document, entitled leakupdate4, to colleagues showing they had failed to identify any illegal activity through IT checks, emails, intranet and internet usage and checks from Mba's office telephone.
Investigators also circulated Leigh's office and mobile number among staff so that they could be cross-referenced with Mba's numbers.
A memo sent in December 2011 said the revenue had checked Leigh's details but found no evidence of contact with Mba.
Even the most dim witted of these investigators must have known that David Leigh was not a tax dodging organised criminal, but a leading investigative journalist for The Guardian newspaper.
Presumably the intention was to try to uncover any other whistleblower sources who might be tipping off the Guardian to other, as yet unrevealed HMRC scandals and cock ups.
Leigh, who retired from the Guardian last month, said: "The revenue's decision to use these powers to try and find a link with a journalist when the disclosure was so obviously in the public interest was heavy-handed and foolish, and shows the level of paranoia over their tax deals."
Did these HMRC investigators actually access the tax records of David Leigh himself, in order to obtain his personal details and to see if there was any leverage available to HMRC to use against him ?
Mba was suspended from work, as the Guardian revealed on December 8 2011, when public accounts committee members warned revenue officials not to harass or bully him.
If the Public Accounts Committee had kept his identity secret in the first place, how could HMRC have harassed or bullied him ?
However, the organisation continued to receive and detail his telephone records, documents show. The criminal inquiry was finally abandoned on 11 January 2012.
Why did the snooping continue after the warning from the Public Accounts Committee ?
What is the name of the HMRC official who signed off on the proportionality of this RIPA Communications Data request ?
Has this official ever been involved with cases dealing with Goldman Sachs ?
Has this, presumably senior official, ever received hospitality from Goldman Sachs ?
Were any Interception warrants applied for and were they granted or refused ?
N.B. getting details about even the existence of such warrants in a specific case is very hard, as the notorious RIPA legislation imposes a penalty of up to 2 years in prison for revealing details of such interception warrants
Mba, who trained as a barrister in Nigeria and completed his master's degree at Oxford, worked in the personal tax litigation team that dealt with the Goldman Sachs tax issue.
He told the National Audit Office and two parliamentary committees the bank's settlement had been agreed with a handshake by Hartnett, the permanent secretary for tax at HMRC.
Mba believed the deal could be illegal, and told auditors he was making the disclosure under whistleblowing legislation. His evidence led to Hartnett's being accused of lying to parliament over his role in the Goldman Sachs deal, which he denied. He admitted, however, that his organisation had made a mistake by approving the deal.
Mba later returned to work in a different HMRC office. In June 2012, Mba filed a claim under the Public Interest Disclosure Act in the central London employment tribunal. In November 2012, HMRC ordered Mba to return to work in a different team.
In 2011, HMRC was authorised under Ripa to view 14,381 items of "communications data" on taxpayers while investigating tax evasion, compared with 11,513 items in 2010, according to figures released under the Freedom of Information Act.
The employment tribunal claim continues and is expected to be heard in the autumn. HMRC declined to comment when contacted on Monday.
The Public Accounts Committee has published: HC 1531 Public Accounts Committee Further written evidence from Osita MBA
The Open Rights Group Digital Surveillance report recommends:
2. Judicial oversight of requests for intrusive communications data, in particular for all traffic data requests.
6. Provide stringent penalties for misuse of either powers or data.
7. Individuals should be notified by default of a decision authorising the request for their communications data.
Currently only the hard to prove common law offence of Misconduct in Public Office (which does, however, carry a theoretical penalty of imprisonment for life) is available to punish and discourage excessive use of snooping powers with regard to Communications Data by "overzealous" or malicious officials.
It would take an unheard of vote in Parliament to sanction members of a Select Committee or their staff, for betraying the identity of a whistleblower through incompetence or malice.