Recently in CHIS - Covert Human Intelligence Sources Category

Dear Sirs,

Here are some points which need to be considered in the new Covert Human Intelligence Source Code of Practice:

https://www.gov.uk/government/consultations/covert-surveillance

This is 2014 and somehow, yet again, there is no specific mention of *online* CHIS activities in the Code of Practice - this is inexcusable

Online "Legend" building and maintenance

It may be necessary and proportionate for a CHIS or a Relevant Source to create fake online internet service accounts e.g. Google Gmail, Microsoft Live ID, Twitter, Facebook, blog registrations, online discussion forum registrations etc.

A Relevant Source is essentially an undercover police officer etc. holding a public office, rather than acriminal or other informant, defined in The Regulation of Investigatory Powers (Covert Human Intelligence Sources: Relevant Sources) Order 2013

These may be used to help establish a "Legend" (does nobody else find the use of this Soviet era KGB espionage slang by the Home Office questionable ?)

N.B. by doing so, the CHIS or Relevant Source will almost certainly be breaking the legal Terms and Conditions of the online service.

Since newly created social media accounts which participate in discussions or which try to "follow" or "friend" other users, are less trustworthy and more suspicious, a convincing online persona requires a searchable history of online activity for it to be
accepted.

Therefore any such "Legend" building (which may not yet have been allocated to a particular Relevant Source or investigation or operation) could take years and must also be reviewed by a senior responsible officer and the Surveillance Commissioners, with the same audit trails and regularity as other Relevant Sources i.e. regular review at least annually.

Automated social media software

There are plenty of companies willing to sell or create social media software tools and services for "marketing" or for "social media intelligence", the use of which can help in the creation of believable online "Legends", or allow the gathering of online social media details about an individual or group.

Any use of such tools or services must also be clearly authorised and audited as per Relevant Sources.

online CHIS risk of Disruption , Agents Provocateurs & Entrapment

One particular danger is the temptation for a CHIS or Relevant Source to use automated scripts or software to easily create and try to maintain multiple fake online personalities, often with limited artificial intelligence to send and reply to messages, so as to to create "buzz" or "chatter" online about a particular topic or issue.

They are also used to try to to manipulate (up or down) the ranking of certain keywords in web search engine queries.

These are abused by unethical businesses and by criminals to, for example, manipulate the price (up or down) of stocks and shares ("pump and dump" or "boilerhouse" operators) or to try to hide unfavourable or embarrassing press articles or social media commentary (no matter how truthful) from most naive web search engine users, who rarely progress beyond the first page or two of results.

Such software can also be used to "swarm" or "spam" political discussion forums, pushing a particular viewpoint and stifling free debate through "trolling" and "sock puppetry".

Therefore any use of such software must also be carefully authorised like a Relevant Source and audited by the Surveillance Commissioners. There also needs to be a clear Financial audit trail, as there is could be a substantial cost to the public purse.

Any use of such software for the dubious purpose of "disruption" of criminal or terrorist enterprises is also fraught with danger that it will be used to disrupt and cause collateral damage to innocent people e.g. those involved in political or social campaigns, peaceful demonstrations etc.

Although popular in the USA and with repressive dictatorships, such techniques risk creating online Agent Provocateurs and Entrapment, which should be a legal anathema in the UK.

N.B. even a "justifiable" use of such software or techniques will inevitably cause reputational damage to the trustworthiness of the law enforcement agency which uses them, when, not if, this becomes public.

This new CHIS Code of Practice must clearly forbid any use of Agents Provocateurs or Entrapment, whether online or in person.

Annual report of the Chief Surveillance Commissioner to the Prime Minister and to Scottish Ministers for 2010-2011 (.pdf)

The Chief Surveillance Commissioner, the Rt. Hon. Sir Christopher Rose writes:

Chief Surveillance Commissioner

2.4 I was invited to oversee the removal of 'covert' cameras around specific areas of Birmingham. I have confirmed in writing that no cameras installed specifically for covert use were capable of use before the decision to remove them. All camera equipment has been removed and, by the time this report is published, I will have confirmed that all related 'street furniture' has been removed.

See Spy Blog: Project Champion Review - CCTV and ANPR mass surveillance ghettos in Birmingham

2.5 Towards the end of the year, significant media reporting relating to the activity of an undercover officer authorised to conduct activity against domestic extremism resulted in a number of investigations by Her Majesty's Chief Inspector of Constabulary, SOCA and the IPCC. At the time of this report's preparation these investigations continue. I am monitoring all investigations to ensure consistent and accurate interpretation of legislation. I am reassured by the involvement and publication of the terms of reference of an objective External Reference Group in relation to HMCIC's investigation.

Will any of the senior Police officers and bureaucrats and politicians, who were responsible for the various undercover police spies and agent provocateurs
who have been caught infiltrating the various "environmental" protest groups ever be named and shamed or punished ?

What are their links to the state and private sector powerful vested interests ?

OSC guidance

3.4 I explained in paragraphs 3.6 to 3.8 of my last report that my Commissioners from time to time publish guidance; the latest was published in September 2010. If I continue to find that this document is not readily available to those who need it, or is not promoted by national associations, I may make it publicly available on my website. I have resisted this temptation so far because:

3.4.1 my small office does not have the capacity to answer the inevitable influx of requests for clarification that this would invite;

Surveillance is big business, affecting millions of people in the UK.

The taxpaying public has a right to demand the publication of this document and for clarifications to be answered promptly and fully.

3.4.2 law enforcement agencies in particular are concerned that tactics might be unnecessarily revealed;

3.4.3 it is not a comprehensive document which covers every eventuality and it might be misconstrued or misused; and

That sounds like bureaucratic backside covering.

Publish the guidance anyway.

How can it be misconstrued and misused any more than the Acts of Parliament
and the Codes of Practice upon which it is based ?

If these are not crystal clear then they must be amended.

3.4.4 it is not my remit to provide free legal advice, though I proffer guidance to public authorities which I have a responsibility to review, in order to raise standards and promote consistency.

Public Authorities should make this guidance available to everybody. Why should it be kept secret ?

Time for a Freedom of Information Act request to , say, the Metropolitan Police Service , for a copy of this Guidance.

Why are the RIPA Commissioners still excluded from the list of Public Bodies, even though they absolutely meet and exceed the conditions for such a listing under the FOIA section Schedule 1 ?

3.8 The procedural changes proposed in the Protection of Freedoms Bill involving magistrates in the authorisation process for local authorities and a higher threshold for authorised covert activity will not reduce the frequency or nature of my inspections even if the number of authorisations is reduced. My inspections will continue to focus on the training, knowledge and competence of local authority officials involved in the identification of activity which may be covert and which, if it is, should be authorised under the legislation in a clear and principled way.

So there is not going to be any reduction in Surveillance by public authorities as a result of the proposed Protection of Freedoms Bill ?

3.10 I have commented in previous reports that there appears to be an over-reliance on the capacity of the OSC to examine authorisations. I remain concerned that my limited capacity is misappreciated. Public authorities, particularly law enforcement agencies, should not be lulled into a false sense of confidence if at trial lawyers do not scrutinise relevant documents. Lack of challenge does not imply compliant authorisation. I mentioned last year (paragraph 5.19) that there is an expectation of authorisation. I add this year that authorisations should be of a quality to withstand examination at trial however rarely such scrutiny may occur.

Is this an oblique, soviet style hint, that there are some illegal cases involving authorisations which will not stand up to proper scrutiny ?

3.11 I have considered carefully, but resisted, a few requests to increase the duration between inspections. My inspection capability is limited. The sample of documents which can be examined is small and the inspection can only be regarded as a 'snapshot in time'; it is not an indicator of trends. Often key personnel change in the period between inspections. I recognise the inconvenience of an inspection (especially for law enforcement agencies) but less frequent inspections would not provide the effective oversight which Parliament requires of me.

Which snooping organisations are moaning about the current, totally inadequate level of inspections ?

"the effective oversight which Parliament requires of me."

is a misnomer - it does not actually represent properly transparent and effective oversight, which the public has a right to demand.

3.12 I have still not been given the power to inspect local authorities in Northern Ireland. I am concerned that these authorities have never been inspected.

That is a scandal which should have been rectified years ago.

3.14 I invited representation from the Association of Chief Police Officers Automated Number Plate Reading Working Group to one of the meetings in order better to understand its concerns regarding specific guidance on that topic. It is my intention to provide further guidance, if necessary, before this report is published.

Automated Number Plate Reading (ANPR) is a whole area of mass surveillance which the current and previous Surveillance Commissioner have ineffectively criticised.

No doubt the Chief Surveillance Commissioner will not actually investigate any actual or potential abuses of ANPR, only issue secret Guidance to the snoopers as per paragraph 3.4 above. He may even abrogate this responsibility and leave it to the new RIPA style Surveillance Camera Commissioner, proposed in the Protection of Freedoms Bill, to deal with.

OSC website

3.18 I have not had the capacity to improve my website. The Cabinet Office has recently decided that all government related websites, including those of Non Departmental Public Bodies such as mine, will migrate to a corporate process. It is essential that I remain independent and be seen to be independent.

At least the OSC actually has a website, unlike the other two RIPA Commissioners.

Neither the Chief Surveillance Commissioner nor the other two RIPA Commissioners
will ever be "seen to be independent" whilst they reports only to Ministers rather than to Parliament and the public directly. and whilst they weasel out of compliance with the Freedom of Information Act.

3.25 In order to achieve a reduced budget for the financial year 2011 - 2012 I have reluctantly reduced my capacity by one Inspector and the Secretary post and downgraded a further post. My capacity has always been limited and I wrote to the Home Secretary to explain the impact of reducing my budget by £140K. I recognise the severity of the country's financial situation but a reduction of nine percent has serious operational repercussions in a tiny organisation. I am only able to work within this tight limit by reducing inspectorate and secretarial staff.

How about the Home Office reducing the amount of Surveillance it funds by 10 per cent ?

4.2 Statistics for directed surveillance and the use of CHIS have been supplied by all law enforcement agencies. I am pleased to report that all other public authorities have responded to my request for this statistical information, so this year's figures are again based on a one hundred per cent return.

4.3 It is important that these statistics are not misconstrued. Reports relating to local authority use of covert surveillance have been misleading and often inaccurate. I have identified no systemic attempts to misuse legislation. There are, occasionally and inevitably, misjudgments but these are rarely the result of abuse of power.

[...]

Misjudgments about proportionality etc. in the exercise of such powerful and dangerous legislation are an abuse of power, the only question is whether such inevitable human lapses within an inhuman system of surveillance bureaucracy, should be punished or not.

Given the secrecy which surrounds such surveillance, there is no effective system of public apology and financial compensation for the victims of such misjudgments - the Courts are only available to the rich and are useless for the protection of privacy.

The Surveillance Commissioner should "name and shame" the culprits in this Report, which is his only sanction, pathetically weak though that is.

Section 49 - encryption

4.11 During the period to which this report relates, NTAC granted 26 approvals from 30 applications. Permission was not sought in eight cases after NTAC approval. From the remainder, 17 had permission granted by a Circuit Judge, of which 12 have so far been served. Four were complied with and two were not; the remainder were still being processed. Five people were charged with an offence, of whom it was decided not to prosecute two. So far there has been one conviction with other cases still to be decided.

4.12 The conviction related to the possession of indecent images of children. Other offences include: domestic extremism, insider dealing, fraud, evasion of excise duty, drug trafficking and drug possession with intent to supply.

Not the complete absence of the words "terrorism" or "national security".

NTAC = National technical Assistance Centre, which has lurked somewhere under the GCHQ empire since 2006.

4.13 These statistics are provided by NTAC which is able to be accurate regarding the number of approvals it has granted. But it is reliant on those processing notices to keep it informed regarding progress. It appears that there has been delay in serving some notices after approval has been granted (hence the difference between the number approved and the number served). Notices, once approved, should be served without delay.

Delays by the legalistic surveillance bureaucracy ? Who could have imagined that, apart from, say Franz Kafka.

Legislation

5.4 At the time of writing, the Protection of Freedoms Bill is at the Committee stage.

[...]

it is not apparent why local authorities should be treated differently from other public authorities

Agreed

[...]

The higher threshold in the proposed legislation will reduce the number of cases in which local authorities have the protection of RIPA when conducting covert surveillance; it will not prevent the use of those tactics in cases where the threshold is not reached but where it may be necessary and proportionate to obtain evidence covertly and there will be no RIPA audit trail. Part I of RIPA makes unauthorised interception unlawful. In contrast, Part II makes authorised surveillance lawful but does not make unauthorised surveillance unlawful.

[...]

Why should the minority users of RIPA surveillance powers i.e. Local Authorities have to be authorised by Magistrates, when the vast bulk of request by the Police and Intelligence Agencies and other Government Departments e.g. DWP, HMRC etc. will
continue to be self authorised ? They should all have independent judicial warrant oversight of every application, before (or in emergencies, immediately after) the privacy intrusion happens, not just a RIPA Commissioner audit of a sample of requests every year or two.

5.11 We have evidence that some public authorities are purchasing highly intrusive technical capability without properly considering the legislative implications of its use. For instance, a single digital camera is capable of coverage equivalent to or greater than a larger number of analogue cameras; but the reduction in the number of cameras does not reduce privacy concerns. We have seen noise monitoring equipment that is capable of 'permanent' monitoring even though it has not been activated to store a recording in an easily interpreted form and I am not convinced that data is irretrievable. For this reason, my Commissioners have provided guidance that authorising officers should avoid accepting loose terminology and understand the capability of the equipment. Corporately, public authorities should ensure that equipment which is more capable than can be justified should not easily be procured.

Vaguely hoping that the purchasing of intrusive technology will somehow not happen is foolish - e.g. digital cameras are cheaper than analogue ones these days.

There should be detailed consideration of the technological capabilities being used or potentially abused, by those who supposedly, independently, scrutinise the proportionality of each application for covert surveillance.

The Rt. Hon. Sir Christopher Rose makes this interesting legal point regarding Covert Human Intelligence Sources (CHIS):

Availability of powers

5.15 Many public authorities which are not law enforcement agencies prefer not to use CHIS. Their reasoning usually reflects a laudable desire to use less intrusive methods or a belief that they are ill-prepared to manage them compliantly. The desire is good practice and the belief is often accurate. However, the ease with which statutory criteria are met is often misjudged; a person, irrespective of motive, may be a CHIS if he uses a personal or other relationship to pass information to a public authority in a manner that is covert in relation to the person to whom the information refers. This may not be of significant concern if the reporting is occasional or when the information attracts no action or when it has been volunteered. It should be a concern if the individual reports information on which action is likely to be taken or if the information is likely to be retained for later analysis. Public authorities may not ignore this because they do not wish to use CHIS. In many cases, public authorities wish to retain the power but make no effort to prepare properly for the eventuality. In other cases, the public authority has decided that it no longer requires the capability, without recognising that it is dealing with persons who should be authorised as a CHIS. I have no power to insist on proper training or retention of powers. I can only draw the risk to the attention of the relevant authority. But I take this opportunity to remind public authorities that the threshold set by Parliament is low and that there is significant risk in reliance on a person within the statutory definition of a CHIS who is not authorised.

• Presumably this also applies to Whistleblower websites and Confidential Tip Off phone lines for reporting of terrorism or crime or benefit fraud etc. e.g. see this previous Spy Blog article: Web censorship - anonymity / security issues with reporting.direct.gov.uk and the Counter Terrorism Internet Referral Unit - UPDATED 01May11

• Does telephoning 999 to call the Police to an immediate crime in progress fall within the "low"" Covert Human Intelligence Source threshold ?

• Will the Surveillance Commissioners actually inspect any of the back office systems behind the public facing Websites or Phone Lines, to ensure that they are properly protecting the anonymity and security of whistleblowers, tipsters, "snouts" or other CHIS ?

We will have plenty of criticism of the Home Office's reluctant
Review of counter-terrorism and security powers,hopefully sometime this weekend.

Here is a copy of the

Review of counter-terrorism and security powers - findings and recommendations (PDF file - 428kb)

for those of you who do not want to give the Home Office website (and the US owned , commercial Sitestat OnClick web tracking / snooping system which they employ) your IP address and web browser details etc.

As always, the Chief Surveillance Commissioner tends to reveal a little more than either the Interception of Communications Commissioner or the Intelligence Services Commissioner ever do in their Annual reports.

Annual report of the Chief Surveillance Commissioner to the Prime Minister and to Scottish Ministers for 2009-2010 (.pdf)

Unlike the other two RIPA Commissioners, Sir Christopher Rose does actually have something to report about RIPA Part II:

CHIS = Covert Human Intelligence Sources
i.e. spies , undercover agents, paid informers, unpaid informers etc.

CHIS

4.8 There were 5,320 CHIS recruited by law enforcement agencies during the year; 4,495 were cancelled (including some who were recruited during the previous year) ; and 3,767 were in place at the end of March 2010. The figures for the previous year which were 4,278, 4,202 and 3,722 indicate a slight increase in usage.

4.9 During the current reporting year other public authorities recruited 229 CHIS of whom 182 were cancelled during the year with 90 in place on 31 March 2010.

During the previous year 234 were recruited, 153 cancelled and 106 were in place at the end of the year. Again just over half of CHIS usage was by government departments. The light use of RIPA/RIP(S)A powers by local authorities is even more pronounced in relation to CHIS recruitment. 97% recruited five or fewer and 86% did not use CHIS.

There are some criticisms of CHIS management and tradecraft:

5.9 There are too many occasions when inspections reveal poor tradecraft in managing CHIS. Infrequent physical meetings and reliance on communication by text messages are rarely adequate. There have also been instances where law enforcement officers have pretended to be the CHIS when communicating with his associates online, without properly providing the CHIS with an alibi. It seems to me that this is an unsafe practice.

The protection of CHIS is one of the main reasons cited for the vast amount of secrecy and lack of freedom of information and transparency in the Police and Intelligence Agencies etc.

Such amateurism in the handling of CHIS should be punished by removal of those responsible from any positions of power or authority involving CHIS - they could literally get people killed through such incompetence.

Encryption Keys and RIPA Part III

At last a few details about RIPA Part III:

NTAC = National Technical; Assistance Centre, now run by GCHQ, politically controlled by the Foreign Secretary.

Section 49 - encryption

4.10 During the period reported on, NTAC granted 38 approvals. Of these, 22 had permission granted by a Circuit Judge, of which 17 have so far been served. Six were complied with and seven were not complied with, the remainder were still being processed. Of the seven that were not complied with, five people were charged with an offence, one was not charged and the other is still being processed. So far there has been one conviction with other cases still to be decided.

4.11 The conviction related to the possession of indecent images of children and this offence is the main reason why section 49 notices are served. Other offences include: insider dealing, illegal broadcasting, theft, evasion of excise duty and aggravated burglary. It is of note that only one notice was served in relation to terrorism offences.

These statistics further aggravate the injustice to someone who does not fall into any of these categories see the previous Spy Blog article: "JFL" provides some more details about his imprisonment for refusing to divulge his cryptographic keys under a RIPA Part III section 49 notice

4.12 These statistics are provided by NTAC which is able to be accurate regarding the number of approvals it has granted. But it is reliant on those processing notices to keep it informed regarding progress. It appears that there has been delay in serving some notices after approval has been granted (hence the difference between the number approved and the number served) . Notices, once approved, should be served without delay. If delays continue, I will require an explanation.

Sir Christopher does not seem to have delved into whether or not the de-crypted plaintext or the cryptographic keys were actually stored securely, ideally also using strong encryption or not, once they had been seized as evidence through the section 49 orders.

Unless and until the public is reassured about that, then there will be lots of non-cooperation from businesses which risk massive "collateral damage" to their core business systems, as a result of police investigations involving only part of their computer infrastructure, or a few employees or customers.

There is nothing specific about Automatic Number Plate Recognition (ANPR), but there is a section on CCTV:

Closed Circuit TeleVision - CCTV

CCTV

5.22 My Chief Inspector has met the Interim CCTV Regulator and, as a member of the Independent Advisors Group, he will represent me in the development of the National CCTV Strategy.

How things have changed. Previously the Surveillance Commissioners took no interest in overt or covert CCTV spy cameras.

5.23 I am pleased by the proliferation of protocols between local authorities and police forces. In particular, I am satisfied that there is a wider acceptance of the need for authorisations to be shown to those responsible for using cameras covertly. But I am concerned at the number of inspections reporting the ability of some police forces to control, remotely, cameras owned, solely by or in partnership with, a local council. Sometimes control can be taken without the knowledge of the council CCTV Control Room or the guarantee that an appropriate authorisation exists. Equally, there is no guarantee that the person remotely operating the camera is appropriately qualified to conduct such an operation. Protocols should clarify the procedures to be followed when control is taken by others outside the CCTV Control Room and ensure that suitable safeguards are in place to prevent misuse.

Report of the Intelligence Services Commissioner for 2009 (.pdf), by the Rt,Hon. Sir Peter Gibson

Just like all the previous Intelligence Services Commissioner reports, the lack of public detail makes a mockery of the whole RIPA oversight process - it takes 16 pages to say almost nothing at all.

Yet again, there has been no call for Sir Peter to oversee any RIPA Part III encryption key or plaintext orders. This appears to have been left to the Chief Surveillance Commissioner.

Part III of RIPA

34. As I have noted above, Part III of RIPA came into force on 1 October 2007. However, no notification of any directions to require disclosure in respect of protected electronic information has been given to me in 2009 and there has been no exercise or performance of powers and duties under Part III for me to review.

The Intelligence Services Commissioner has gone through the motions with the Identity Scheme Commissioner Sir Joseph Pilling, bearing in mind the scrapping of the scheme which is still in progress.

11. On 16 November 2009 the Identity Minister, Meg Hillier, signed the Commencement Order allowing the Identity and Passport Service to begin issuing identity cards to members of the public living or working in Greater Manchester with effect from 30 November 2009 though it should be noted that identity cards were also made available to Home Office/Identity and Passport Service civil servants as well as airside workers in Manchester and London City Airport for a few weeks beforehand. On 10 December 2009 I had a useful meeting with Sir Joseph Pilling, the Identity Commissioner, in which we discussed our respective areas of responsibility under the ICA. I informed him that I did not envisage that I would need to obtain information about the acquisition, storage and use of data in the National Identity Register by organisations other than the intelligence services. At the time of writing this Report I am not aware of any acquisition, storage and use made by the intelligence services pursuant to the ICA of information recorded in the National Identity Register and in view of the intended repeal of the ICA it is unlikely that there will be any such acquisition, storage or use

Obliviously he has a good professional working contacts with the Intelligence agencies, but does that automatically taint him as the chairman of the Inquiry looking into allegations of complicity in torture of foreign terrorist suspects by MI5 or MI6 etc, appointed by PM David Cameron ?

He is already looking at:

Guidance on detention and interviewing of detainees by intelligence officers and military personnel

39. On 18 March 2009 the Prime Minister made a statement to Parliament about the detention and interviewing of detainees by intelligence officers and military personnel and announced my agreement to his request that the Intelligence Services Commissioner should monitor compliance by the intelligence agencies with the consolidated guidance on the standards to be followed during the detention and interviewing of detainees. My role in monitoring compliance will not commence until the consolidated guidance has been published. Such publication has not yet occurred,

The Report contains exactly the same words as the Interception of Communications Commissioner regarding the Investigatory Tribunal. A public agency broke the law, but will not be published for doing so. Why can they not at least be named and shamed in public ? There cannot be any "national security" grounds for not doing so.

One Parliamentary Bill which did just complete its passage through Parliament without the wretched "wash up" process was the largely symbolic Bribery Act 2010

We criticised this Bill when it first appeared for its flawed attempt to correct the stupid Anti Terrorism Crime and Security Act 200 Part 12 Bribery and Corruption sections 108 to 110. , which made it a criminal offence for the intelligence agencies or for the military to ever bribe any foreign officials either for spy recruitment purposes or to help in the escape of military personnel trapped behind enemy lines etc.

Presumably the intelligence agencies and the military have simply been ignoring that stupid law ever since.

See: Bribery Bill 2009 clause 12 - some Secret Intelligence Service MI6 or Security Service MI5 exemptions, but why should Local Authority Trading Standards etc. ever be allowed to bribe anyone ?

13 Defence for certain bribery offences etc.

(1) It is a defence for a person charged with a relevant bribery offence to prove that the person's conduct was necessary for--

(a) the proper exercise of any function of an intelligence service, or
(b) the proper exercise of any function of the armed forces when engaged on active service.

(2) The head of each intelligence service must ensure that the service has in place arrangements designed to ensure that any conduct of a member of the service which would otherwise be a relevant bribery offence is necessary for a purpose falling within subsection (1)(a).

(3) The Defence Council must ensure that the armed forces have in place arrangements designed to ensure that any conduct of--

(a) a member of the armed forces who is engaged on active service, or
(b) a civilian subject to service discipline when working in support of any person falling within paragraph (a),

which would otherwise be a relevant bribery offence is necessary for a purpose falling within subsection (1)(b).

(4) The arrangements which are in place by virtue of subsection (2) or (3) must be arrangements which the Secretary of State considers to be satisfactory.

(5) For the purposes of this section, the circumstances in which a person's conduct is necessary for a purpose falling within subsection (1)(a) or (b) are to be treated as including any circumstances in which the person's conduct--

(a) would otherwise be an offence under section 2, and
(b) involves conduct by another person which, but for subsection (1)(a) or (b), would be an offence under section 1.

(6) In this section--

"active service" means service in--

(a) an action or operation against an enemy,
(b) an operation outside the British Islands for the protection of life or property, or
(c) the military occupation of a foreign country or territory,

"armed forces" means Her Majesty's forces (within the meaning of the Armed Forces Act 2006),

"civilian subject to service discipline" and "enemy" have the same meaning as in the Act of 2006,

Even we noticed that the original text of the Bill did not specify the Armed Forces Act 2006

"GCHQ" has the meaning given by section 3(3) of the Intelligence Services Act 1994,

"head" means--

(a) in relation to the Security Service, the Director General of the Security Service,
(b) in relation to the Secret Intelligence Service, the Chief of the Secret Intelligence Service, and
(c) in relation to GCHQ, the Director of GCHQ,

"intelligence service" means the Security Service, the Secret Intelligence Service or GCHQ,

"relevant bribery offence" means--

(a) an offence under section 1 which would not also be an offence under section 6,
(b) an offence under section 2,
(c) an offence committed by aiding, abetting, counselling or procuring the commission of an offence falling within paragraph (a) or (b),
(d) an offence of attempting or conspiring to commit, or of inciting the commission of, an offence falling within paragraph (a) or (b), or
(e) an offence under Part 2 of the Serious Crime Act 2007 (encouraging or assisting crime) in relation to an offence falling within paragraph (a) or (b).

Compared with the original text of the Bill when it was introduced, there is an improvement, with the removal of the huge attempted exemption

(a) the prevention, detection or investigation by, or on behalf of, a law enforcement agency of serious crime,

and

"law enforcement agency" means a public authority acting in pursuance of a duty of a public nature under the law of any part of the United Kingdom to prevent, detect or investigate crime,

which would have allowed the Serious Organised Crime Agency, any Police force, or HM Customs and Excise or the UK Border Agency or even Local Authority Trading Standards officials or even for private sector sub contractors working on behalf of Whitehall or Local Government departments investigating alleged fraud etc. to bribe officials in the UK or the rest of the world, without any scrutiny.

None of these public bodies should ever be allowed to bribe anyone, ever. To be fair to them, most of them would never wish to have such a power granted or imposed on them either.

Similarly GCHQ does not need the power to bribe people with impunity, but, for no good reason, this Act lumps them in with MI5 the Security Service and MI6 the Secret Intelligence Service, who may well do so.

Surely any conceivable scenario involving bribery of say, foreign Government telecommunications monopoly or company officials, which GCHQ might have an interest in, could be handled by MI6 the Secret Intelligence Service or by by Active Service Military personnel in the field ?

GCHQ should not have and should not seek to have, any of their personnel involved in the recruitment of Covert Human Intelligence Sources, the recruitment and proper handling of which must surely apply to any attempts to bribe foreign officials. This should be left to MI6 the Secret Intelligence Service or, in limited counter-intelligence operations, to MI5 the Security Service.

There is no independent scrutiny of the "arrangements" which the heads of the intelligence agencies or the Defence Council have to put in place according to the clause above.

There are no penalties for officials of those agencies or the armed forces, if they contravene such "arrangements".

Presumably these unspecified "arrangements" will involve some more bureaucratic form filling and blanket rubber stamp self authorisations, which will be kept secret from the public and Parliament, under the claim of "national security" exemptions to the Freedom of Information Act etc.

There is no mechanism for independent investigation of individual cases of alleged bribery involving people hiding behind "national security" secrecy.

There is not even any duty imposed on Ministers to report to Parliament and the public how much public money has been spent on bribes in total each year.
.

Another bit of proposed legislation, which will hopefully be lost due to the forthcoming General Election, is the flawed Bribery Bill 2009

For some reason it has been introduced by Jack Straw's Ministry of (In)Justice in the House of Lords.

Note that there are no provisions to strengthen the legislation against corrupt lobbying by Members of the House of Commons or of the House of Lords or of senior Whitehall Sir Humphreys.
.
Incredibly, it appears that this Labour Government still intends to make it illegal for, say the Secret Intelligence Service MI6 to bribe a Foreign Government official for information or influence, even where this serves the United Kingdom's national security interests.

Conversely, they are giving any "law enforcement agency", an unfathomable exemption from bribery offences, "for the prevention or detection" of Serious Crime. This includes Local Authority Trading Standards or Environmental Health departments, who are notorious for their lack of expertise and training, when it comes to "simple" Regulation of Investigatory Powers Act use of Covert Human Intelligence Sources.

What conceivable excuse have these "law enforcement agencies", including the Police or HM Revenue and Customs, got for bribing anyone whatsoever ?

The Home Office has published its summary of the responses to the public consultation Regulation of Investigatory Powers Act 2000: Consolidating orders and codes of practice (1.7Mb .pdf) which ran from April to July.

The Regulation of Investigatory Powers Act 2000: consolidating orders and codes of practice - responses to the consultation (269Kb .pdf) says that:

The 222 respondents comprised:

• 104 local authorities;
• 9 local authority associations;
• 10 law enforcement bodies;
• 9 other public authorities;
• 6 legal reform or scrutiny bodies;
• 5 communications service providers;
• 3 training organisations;
• 2 housing agencies;
• 2 oversight commissioners (the Chief Surveillance Commissioner and the Interception of Communications Commissioner);
• 68 members of the public (of whom 27 had experience of working with RIPA); and
• 4 other NGOs with interests in the prosecution of offenders, waste management, computing and children's rights.

Spy Blog raised the following issues in response to this public consultation, with little success:

1) Mandatory use of strong Encryption should be explicit in the Regulations and Codes of Practice

2) Automatic Number Plate Recognition data needs to be brought within the RIPA framework

3) Sub-division of "Communications Data" to now include a separate Location Based Services data category

4) All Local Authorities should have their Intrusive Surveillance and Covert Human Intelligence Source powers removed. Access to Subscriber Details should continue, but no LA access to Location Based Services data.

5) The abuse of Children as Covert Human Intelligence Sources