OCR of the Document

View the Document >>

Secretary of State, United Kingdom, The Investigatory Powers (Technical Capability) Regulations, 2017. Unclassified.

Draft Regulations laid before Parliament under section 267 3 i of the Investigatory Powers Act 2016 for approval by resolution of each House of Parliament DRAFT S TAT U T O R Y INSTRUMENTS 2017 No INVESTIGATORY POWERS The Investigatory Powers Technical Capability Regulations 2017 Made - - Coming into force - - - - The Secretary of State in exercise of the powers conferred by section 253 3 and 5 of the Investigatory Powers Act 2016 a makes the following Regulations In accordance with section 253 4 of that Act the Secretary of State considers that the obligations in the Schedules to these Regulations are obligations that are reasonable to impose on those relevant operators b to whom the obligations apply for the purpose of securing that it is and remains practicable to impose requirements on those relevant operators to provide assistance in relation to relevant authorisations c and that it is and remains practicable for those relevant operators to comply with those requirements In accordance with section 253 6 of the Investigatory Powers Act 2016 before making these Regulations the Secretary of State has consulted the Technical Advisory Board persons appearing to the Secretary of State to be likely to be subject to the obligations specified in these Regulations and those representing such persons and persons with statutory functions in relation to persons appearing to the Secretary of State to be likely to be subject to the obligations specified in these Regulations In accordance with section 267 3 i of the Investigatory Powers Act 2016 a draft of this instrument was laid before Parliament and approved by resolution of each House of Parliament Citation and commencement 1 These Regulations may be cited as the Investigatory Powers Technical Capability Regulations 2017 and come into force on Interpretation 2 In these Regulations-- a b c 2016 c 25 Relevant operator is defined in section 253 3 of the Act Relevant authorisation is defined in section 253 3 of the Act the Act means the Investigatory Powers Act 2016 relevant postal operator means a postal operator or a person who is proposing to become a postal operator a relevant telecommunications operator means a telecommunications operator or a person who is proposing to become a telecommunications operator b but does not include a person who provides or who is proposing to provide a telecommunications service only in relation to the provision by that person of banking insurance investment or other financial services Applicable obligations 3 -- The Schedules to these Regulations specify applicable obligations for the purposes of section 253 of the Act 4 Schedule 1 specifies obligations in relation to warrants issued under Part 2 or Chapter 1 of Part 6 of the Act 5 Schedule 2 specifies obligations in relation to authorisations granted under Part 3 of the Act and warrants issued under Chapter 2 of Part 6 of the Act 6 Schedule 3 specifies obligations in relation to warrants issued under Part 5 or Chapter 3 of Part 6 of the Act Relevant operators 7 -- Subject to paragraph 3 the obligations in Part 1 of Schedules 1 and 2 and in Schedule 3 may be imposed on a relevant telecommunications operator 8 The obligations in Part 2 of Schedules 1 and 2 may be imposed on a relevant postal operator 9 The obligations in Part 1 of Schedule 1 and in Schedule 3 may not be imposed on a relevant telecommunications operator who does not provide and does not intend to provide a telecommunications service to more than 10 000 persons Home Office Name Date Minister of State a b Postal operator is defined in section 262 6 of the Act Telecommunications operator is defined in section 261 10 of the Act 2 SCHEDULE 1 Regulation 3 2 Obligations in relation to warrants under Part 2 or Chapter 1 of Part 6 of the Act Part 1 Relevant telecommunications operators 1 To provide and maintain the capability to carry out the interception of communications or the obtaining of secondary data and disclose anything obtained under the warrant to the person to whom the warrant was addressed or any person acting on that person's behalf within one working day or such longer period as may be specified in the technical capability notice of the telecommunications operator being informed that the warrant has been issued 2 To provide modify test develop or maintain any apparatus systems or other facilities or services necessary to provide and maintain the capability described in paragraph 1 3 To provide and maintain the capability to ensure the interception in their entirety of all communications and the obtaining in their entirety of all secondary data authorised or required by the warrant 4 To provide and maintain the capability to ensure where practicable the transmission of communications and secondary data in near real time to a hand-over point as agreed with the person to whom the warrant is addressed 5 To provide and maintain the capability to disclose where practicable only the communications the interception of which or the secondary data the obtaining of which is authorised or required by the warrant 6 To provide and maintain the capability to disclose intercepted communications and secondary data in such a way that the communications and the secondary data can be unambiguously correlated 7 To ensure that any hand-over interface complies with any industry standard or other requirement specified in the technical capability notice 8 To provide and maintain the capability to disclose where practicable the content of communications or secondary data in an intelligible form and to remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data or to permit the person to whom the warrant is addressed to remove such electronic protection 9 To provide and maintain the capability to simultaneously intercept or obtain secondary data from communications relating to up to 1 in 10 000 of the persons to whom the telecommunications operator provides the telecommunications service to which the communications relate 10 To ensure that any apparatus systems or other facilities or services necessary to carry out the interception of communications or obtaining of secondary data are at least as reliable as any telecommunication system by means of which the communication that is intercepted or the communication from which secondary data is obtained is transmitted 11 To ensure that the capability to intercept communications or obtain secondary data may be audited so that it is possible to confirm that the communications that are intercepted or from which secondary data is obtained are those described in the warrant and that the integrity of the communications and data is assured 12 To comply with the obligations imposed by a technical capability notice in such a manner that the risk of any unauthorised persons becoming aware of any matter referred to in section 3 57 4 of the Act is minimised in particular by ensuring that apparatus systems or other facilities or services as well as procedures and policies are developed and maintained in accordance with security standards specified in the notice and any guidance issued by the Secretary of State 13 In order that the capability to intercept communications and obtain secondary data may be maintained to put in place and to maintain arrangements agreed with the Secretary of State to notify the Secretary of State within a reasonable time of-- a proposed changes to telecommunications services or telecommunication systems to which obligations imposed by a technical capability notice relate b proposed changes to existing telecommunications services of a description specified in the notice and c the development of new telecommunications services 14 To consider the obligations and requirements imposed by any technical capability notice when designing or developing new telecommunications services or telecommunication systems Part 2 Relevant postal operators 15 To provide and maintain the capability to carry out the interception of or the obtaining of secondary data from communications transmitted by means of a postal service and to disclose anything obtained under the warrant to the person to whom the warrant is addressed or any person acting on that person's behalf within one working day or such longer period as may be specified in the technical capability notice of the postal operator being informed that the warrant has been issued 16 To provide and maintain the capability to disclose secondary data in a form specified in the technical capability notice 17 To provide and maintain the capability to open copy and reseal any postal item 18 To comply with the obligations and requirements imposed by a technical capability notice in such a manner that the risk of any unauthorised persons becoming aware of any of the matters referred to in section 57 4 of the Act is minimised in particular by ensuring that apparatus systems or other facilities or services as well as procedures and policies are developed and maintained in accordance with agreed security standards and any guidance issued by the Secretary of State 4 SCHEDULE 2 Regulation 3 3 Obligations in relation to authorisations granted under Part 3 of the Act and warrants issued under Chapter 2 of Part 6 of the Act Part 1 Relevant telecommunications operators 1 To provide and maintain the capability to obtain and disclose communications data without undue delay and within a period specified in the technical capability notice or agreed between the telecommunications operator and the Secretary of State following the telecommunications operator being informed that obtaining or disclosing the communications data has been authorised under the Act 2 To provide modify test develop or maintain any apparatus systems or other facilities or services necessary to provide and maintain the capability described in paragraph 1 3 To ensure that any apparatus systems or other facilities or services necessary to obtain and disclose communications data are of a reliability specified in the notice or agreed between the operator and the Secretary of State 4 To provide and maintain the capability to ensure the obtaining and disclosure in their entirety of all communications data to which the authorisation or warrant relates 5 To ensure the transmission of the communications data to a hand-over point in accordance with levels of service specified in the notice or agreed between the telecommunications operator and the Secretary of State 6 To provide and maintain the capability to disclose communications data in such a way that it is clear to which request or requirement to disclose communications data the data relates 7 To ensure that any hand-over interface complies with any industry standard or other requirement specified in the technical capability notice 8 To provide and maintain the capability to disclose where practicable only the communications data the obtaining of which is authorised by the authorisation or warrant 9 To provide and maintain the capability to disclose where practicable communications data in an intelligible form and to remove any electronic protection applied by or on behalf of the telecommunications operator to the data or to permit a person authorised to obtain the communications data or the person to whom the warrant was addressed to remove such electronic protection 10 To install and maintain any apparatus provided to the operator by or on behalf of the Secretary of State for the purpose of enabling the operator to obtain or disclose communications data including by providing and maintaining any apparatus systems or other facilities or services necessary to install and maintain any apparatus so provided 11 To ensure that the capability to obtain and disclose communications data may be audited so that it is possible to confirm that the obtained communications data are those described in the authorisation or warrant which authorised the obtaining of the communications data and that the integrity of the data is assured 12 To comply with the obligations imposed by a technical capability notice in such a manner that the risk of any unauthorised persons becoming aware of the obtaining of communications data or any matter referred to in sections 82 1 a or 174 1 of the Act is minimised in particular by ensuring that apparatus systems or other facilities or services as well as procedures and 5 policies are developed and maintained in accordance with agreed security standards and any guidance issued by the Secretary of State 13 In order that the capability to obtain communications data may be retained to put in place and to maintain arrangements agreed with the Secretary of State to notify the Secretary of State within a reasonable time of-- 14 proposed changes to existing telecommunications services or telecommunication systems to which obligations imposed by a technical capability notice relate 15 proposed changes to existing telecommunications services of a description specified in the notice and 16 the development of new telecommunications services 17 To consider the obligations imposed by any technical capability notice when designing or developing new telecommunications services or telecommunication systems Part 2 Relevant postal operators 18 To provide and maintain the capability to ensure that communications data in relation to communications transmitted by means of a postal service can be disclosed to a person authorised to obtain it 19 Where in the course of their normal business the postal operator keeps records of who sent which item to provide and maintain the capability to ensure that communications data in relation to postal items sent by identified persons can be disclosed to a person authorised to obtain the data 20 To comply with the obligations imposed by a technical capability notice in such a manner that the risk of any unauthorised persons becoming aware of the obtaining of communications data or any matter referred to in section 82 1 a of the Act is minimised in particular by ensuring that apparatus systems or other facilities or services as well as procedures and policies are developed and maintained in accordance with security standards specified in the notice and any guidance issued by the Secretary of State 6 SCHEDULE 3 Regulation 3 4 Obligations in relation to warrants issued under Part 5 or Chapter 3 of Part 6 of the Act 1 To provide and maintain the capability for interference with equipment to be carried out for the purpose of obtaining communications equipment data or any other information within such period as may be specified in the technical capability notice of the telecommunications operator being informed that the conduct has been authorised by a warrant 2 To provide and maintain the capability to ensure the obtaining of any communications equipment data or other information which is authorised by a warrant and to disclose anything obtained under a warrant within such a period as may be specified in the technical capability notice 3 To provide and maintain the capability to enable the transmission to the person to whom the warrant is addressed of any data required to secure equipment interference 4 To provide modify test develop or maintain any apparatus systems or other facilities or services necessary to provide and maintain the capabilities described in paragraphs 1 to 3 5 To provide and maintain the capability to disclose where practicable only the communications equipment data and other information the obtaining of which is authorised by the warrant 6 To provide and maintain the capability to disclose where practicable the communications equipment data and other information in an intelligible form to standards specified in the notice and to remove electronic protection applied by or on behalf of the telecommunications operator to those communications equipment data or other information or to permit the person to whom the warrant is addressed to remove such electronic protection 7 To provide and maintain the capability to disclose the communications equipment data and other information in such a way that they can be unambiguously correlated 8 To ensure that any hand-over interface complies with any industry standard or other requirement specified in the technical capability notice 9 To ensure that the capability to interfere with equipment may be audited so that it is possible to confirm that the communications equipment data or other information obtained are those to which the warrant relates and that the integrity of the communications equipment data or other information is assured 10 To comply with the obligations imposed by a technical capability notice in such a manner that the risk of any unauthorised persons becoming aware of any matter referred to in section 132 4 of the Act is minimised in particular by ensuring that apparatus systems or other facilities or services as well as procedures and policies are developed and maintained in accordance with security standards specified in the notice and any guidance issued by the Secretary of State 11 In order that the ability to interfere with equipment may be maintained to put in place and to maintain arrangements agreed with the Secretary of State to notify the Secretary of State within a reasonable time of-- 12 proposed changes to telecommunications services or telecommunication systems to which obligations imposed by a technical capability notice relate 13 proposed changes to existing telecommunications services of a description specified in the notice and 14 the development of new telecommunications services 7 15 To consider the obligations imposed by any technical capability notice when designing or developing new telecommunications services and telecommunication systems 8 EXPLANATORY NOTE This note is not part of the Regulations These Regulations set out the obligations which may be contained in a technical capability notice given by the Secretary of State under section 253 of the Investigatory Powers Act 2016 c 25 A technical capability notice imposes obligations on a telecommunications operator or postal operator in order to ensure that the operator has the capability to provide assistance in relation to interception warrants equipment interference warrants or warrants or authorisations for the obtaining of communications data Regulation 3 introduces the obligations which may be imposed by a technical capability notice Schedule 1 sets out obligations in relation to bulk and targeted interception warrants Schedule 2 sets out obligations in relation to authorisations for the targeted acquisition of communications data or warrants for the bulk acquisition of communications data and Schedule 3 sets out obligations in relation to bulk or targeted equipment interference warrants Regulation 4 provides that certain obligations may be imposed on postal operators and certain obligations on telecommunications operators No obligations may be imposed on a telecommunications operator which provides a telecommunications service only in relation to providing banking insurance investment or other financial services Further obligations in relation to interception or equipment interference warrants may not be imposed on a telecommunications operator with fewer than 10 000 customers 9                     National Security Archive    Suite 701  Gelman Library  The George Washington University    2130 H Street  NW  Washington  D C  20037    Phone  202 994‐7000  Fax  202 994‐7005  nsarchiv@gwu edu