Finding Proportionality in Surveillance Laws – Guest post by Andrew Murray

The United Kingdom Parliament is currently in the pre-legislative scrutiny phase of a new Investigatory Powers Bill, which aims to “consolidate existing legislation and ensure the powers in the Bill are fit for the digital age”. It is fair to sat this Bill is controversial with strong views being expressed by both critics and supporters of the Bill. Against this backdrop it is important to cut through the rhetoric and get to the heart of the Bill and to examine what it will do and what it will mean in terms of the legal framework for British citizens, and indeed for those overseas.

The Investigatory Powers Bill

Much of the Bill’s activity is to formalise and restate pre-existing surveillance powers. One of the key criticisms of the extant powers of the security and law enforcement services is that the law lacks clarity. Indeed it was this lack of clarity which led the Investigatory Powers Tribunal to rule in the landmark case of Liberty v GCHQ that the regulations which covered GCHQ’s access to emails and phone records intercepted by the US National Security Agency breached Articles 8 and 10 of the European Convention on Human Rights. Following a number of strong critiques of the law including numerous legal challenges the Government received three reports into the current law: the report of the Intelligence and Security Committee of Parliament, “Privacy and Security: A modern and transparent legal framework”; the report of the Independent Reviewer of Terrorism Legislation. “A Question of Trust”; and the report of the Royal United Services Institute: “A Democratic Licence to Operate”. All three reported deficiencies in the law’s transparency.

As a result the Bill restates much of the existing law in a way which should be more transparent and which, in theory, should allow for greater democratic and legal oversight of the powers of the security and law enforcement services. In essence the Bill is split into sections: interception, retention, equipment interference and oversight, with each of the three substantive powers split again into targeted and bulk. What this means in practice is the authorisation of three broad types of activity (each of which have sub-types); the authorisation to intercept data between sender and receiver, the authorisation to retain data such as communications data and internet connection records (more below) for possible processing later and authorisation to interfere with (in colloquial terms “hack”) systems and devices. For each of these there is a split between targeted activity, this is required when dealing with communications which are sent and received by individuals who are inside the British Islands (domestic communications) and bulk activity which is permissible where either the sender or receiver (or both) of the communications are located outside the British Islands.

Two of the more controversial aspects of the Bill are the oversight provisions and the introduction of a new form of retained data, so called “internet connection records.”


The retention of internet connection records are an entirely new power found in the Bill. It is an extension to the extant, but currently legally uncertain data retention powers found in the Data Retention and Investigatory Powers Act 2014 (DRIPA). This new power is thus controversial on two bases: (1) it fails to meet the proportionality principle on the basis it fails to comply with the EU Charter on Fundamental Rights; (2) even if the current law is proportionate an extension of powers is almost certainly disproportionate. With regard to the first of these the current law, as contained in DRIPA, is subject to an ongoing legal challenge brought by MPs David Davis and Tom Watson supported by Liberty. The case, Secretary of State for the Home Department v David Davis MP and others [2015] EWCA Civ 1185, has recently been referred by the Court of Appeal to the Court of Justice of the European Union where the court asks the CJEU to rule on whether the ground-breaking case of Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources & Others, the case which ruled that European data retention laws were incompatible with Articles 7 & 8 of the EU Charter, also binds national legislators in the making of domestic data retention laws. Thus the current status of domestic data retention laws is unclear, yet at the time that this case remains under review the Bill seeks to extend the powers of the state to order the retention of data from simple, yet still very invasive power to retain all traffic data on our communications to also cover internet connections records, described in the guide to the Bill as “a record of the internet services a specific device has connected to, such as a website or instant messaging application.” This would be data such as which banking services we use, which rail company or airline we tend to favour and which may reveal much about us including gender, ethnicity, religious beliefs, medical conditions and much more. University of East Anglia law lecturer Paul Bernal has written upon this issue very eloquently in his blog. As he notes despite the Home Office’s best attempts to paint these as akin to itemised phone records, they are much more invasive of personal privacy and they are also clearly likely to be more invasive than the mere retention of communications records, a practice ruled illegal under EU Law in Digital Rights Ireland, and which at domestic law is currently under review. It is difficult to see how this new provision could be seen to be proportionate.

The second key battleground over the Bill is likely to be the oversight procedure for the issuance of warrants. The three reports were split as to whether Ministers or judges should issue warrants. The Intelligence and Security Committee felt the power should remain with Ministers, as “Ministers are able to take into account the wider context of each warrant application and the risks involved, whereas judges can only decide whether a warrant application is legally compliant”. The Independent Reviewer of Terrorism Legislation recommended that “Specific interception warrants, combined warrants, bulk interception warrants and bulk communications data warrants should be issued and renewed only on the authority of a Judicial Commissioner”, however he recommended that the Secretary of State should be allowed to issue a national security certificate where the application related to “the interests of the defence and/or foreign policy of the UK” and in such cases the “Judicial Commissioner in determining whether to issue the warrant should be able to depart from that certificate only on the basis of the principles applicable in judicial review”, this is sometimes called a “double lock” provision. Finally the RUSI report recommended something very similar to the Independent Reviewer with warrants for a purpose relating to the detection or prevention of serious and organised crime “always being authorised by a judicial commissioner” while warrants for purposes relating to national security (including counter-terrorism, support to military operations, diplomacy and foreign policy) and economic well-being, the warrant should be authorised by the secretary of state subject to judicial review by a judicial commissioner. The provisions of the Bill though are quite different. Despite the recommendations of both the Independent Reviewer of Terrorism Legislation and RUSI that warrants in relation to serious crime be issued by a Judicial Commissioner they will continue to be issued by the Secretary of State or by Scottish Ministers. All forms of warrant, including national security warrants, will however be subject to review by Judicial Commissioners under cl.19 of the Bill. There remains however a further complication. While the RUSI and Independent Reviewer of Terrorism Legislation reports suggested that only in relation to national security warrants the Judicial Commissioner should apply “principles applicable in judicial review”, by cl.19 all warrants will be restricted to this narrow set of principles, essentially illegality, fairness, and irrationality and proportionality.

There have been a number of critiques of the way the double lock system has been set up with among others David Davis MP (one of the DRIPA challengers) and the Shadow Home Secretary being highly critical. Again the question of proportionality of the legislation is questionable. In terms of domestic intercept warrants, which Davis in his comment notes “should not be a political decision”, it is questionable whether the role of the Secretary of State is complaint with the spirit, if not the law of Article 8 ECHR, as well as Article 6’s “independent and impartial” requirement. One must ask is it proportionate, or even relevant, to involve a minster of cabinet rank, a political decision-maker, in a decision as to whether a warrant should be issued to intercept communications in an organised crime case. One of the many benefits of our legal systems in the United Kingdom is that judges are appointed and not elected, allowing them to remain apart from the political process. To retain a role for a political office holder in warrants such as these, and against the recommendations of the RUSI and Independent Reviewer of Terrorism Legislation reports appears disproportionate.


Andrew Murray is Professor of Law at London School of Economics. He is the author of Information Technology Law: The Law and Society. He is a leading expert in Information Technology Law and Regulation and has written many articles on aspects of the interface between information technology and the legal framework including surveillance and data protection laws.

3 thoughts on “Finding Proportionality in Surveillance Laws – Guest post by Andrew Murray

  1. Quote: “Indeed it was this lack of clarity which led the Investigatory Powers Tribunal to rule in the landmark case of Liberty v GCHQ that the regulations which covered GCHQ’s access to emails and phone records intercepted by the US National Security Agency breached Articles 8 and 10 of the European Convention on Human Rights.”

    I find it not a little crazy that UK laws are being amended when the UK government have given free and unlimited access to the US to do what they like with our data.

    Quote: Finding Proportionality in Surveillance Laws

    According to the Wiki the definition of Proportionality (law): “Proportionality is a general principle in law which covers several special (although related) concepts. The concept of proportionality is used as a criterion of fairness and justice in statutory interpretation processes, especially in constitutional law, as a logical method intended to assist in discerning the correct balance between the restriction imposed by a corrective measure and the severity of the nature of the prohibited act. Within criminal law, it is used to convey the idea that the punishment of an offender should fit the crime. Under international humanitarian law governing the legal use of force in an armed conflict, proportionality and distinction are important factors in assessing military necessity.”

    “the severity of the nature of the prohibited act” is spying on everyone and this is unlikely to be amended and even if it was, the US will continue to collect our data. And so I can only assume that Proportionality is a strawman:
    Wiki again: “A straw man is a common form of argument and is an informal fallacy based on giving the impression of refuting an opponent’s argument, while actually refuting an argument which was not advanced by that opponent.””David Cameron has confirmed that he would be prepared to withdraw from the European convention on human rights if a series of proposed changes to Britain’s human rights laws are rejected by Strasbourg.”… “the US National Security Agency breached Articles 8 and 10 of the European Convention on Human Rights.”?

    The original excuse for blanket surveillance was to catch terrorists, but it has now become increasingly clear that it fails to do so. I suspect that it is equally unsuccessful in catching criminals. The plain fact is, that we are being lied-to on an industrial scale


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s