Covert surveillance and property interference: code of practice

A code of practice covering the authorisation of covert human intelligence sources in accordance with the Regulation of Investigatory Powers (Scotland) Act 2000.

3. General rules on authorisations


3.1. An authorisation under RIP(S)A will, providing the statutory tests are met, provide a lawful basis for a public authority to carry out covert surveillance activity that is likely to result in the obtaining of private information about a person. Similarly, an authorisation under Part III of the 1997 Act will provide lawful authority for constables or PIRC staff officers to enter on, or interfere with, property or wireless telegraphy.

3.2. Responsibility for granting authorisations varies depending on the nature of the operation and the public authority involved. The relevant public authorities and authorising officers are detailed in the 2010 Order.

Necessity and proportionality

3.3. RIP(S)A and the 1997 Act stipulate that the person granting an authorisation or warrant for directed or intrusive surveillance, or interference with property, must believe that the activities to be authorised are necessary on one or more statutory grounds.[22]

3.4. If the activities are deemed necessary on one or more of the statutory grounds, the person granting the authorisation must also believe that they are proportionate to what is sought to be achieved by carrying them out. This involves balancing the seriousness of the intrusion into the privacy of the subject of the operation (or any other person who may be affected) against the need for the activity in investigative and operational terms.

3.5. The authorisation will not be proportionate if it is excessive in the overall circumstances of the case. Each action authorised should bring an expected benefit to the investigation or operation and should not be disproportionate or arbitrary. The fact that a suspected offence may be serious will not alone render intrusive actions proportionate. Similarly, an offence may be so minor that any deployment of covert techniques would be disproportionate. No activity should be considered proportionate if the information which is sought could reasonably be obtained by other less intrusive means.

3.6. The following elements of proportionality should therefore be considered:

  • balancing the size and scope of the proposed activity against the gravity and extent of the perceived crime or offence;
  • explaining how and why the methods to be adopted will cause the least possible intrusion on the subject and others;
  • considering whether the activity is an appropriate use of the legislation and a reasonable way, having considered all reasonable alternatives, of obtaining the necessary result;
  • evidencing, as far as reasonably practicable, what other methods had been considered and why they were not implemented.

3.7. It is important therefore that all those involved in undertaking directed or intrusive surveillance activities or interference with property under RIP(S)A or the 1997 Act are fully aware of the extent and limits of the authorisation in question.

Example 1: An individual is suspected of carrying out a series of criminal damage offences at a local shop, after a dispute with the owner. It is suggested that a period of directed surveillance should be conducted against him to record his movements and activities for the purposes of preventing or detecting crime. Although these are legitimate grounds on which directed surveillance may be conducted, it is unlikely that the resulting interference with privacy will be proportionate in the circumstances of the particular case. In particular, the obtaining of private information on the individual's daily routine is unlikely to be necessary or proportionate in order to investigate the activity of concern. Instead, other less intrusive means are likely to be available, such as overt observation of the location in question until such time as a crime may be committed.

Example 2: An individual is suspected of claiming a false address in order to abuse a school admission system operated by his local education authority. The local authority considers it necessary to investigate the individual for the purpose of preventing or detecting crime. Although these could be legitimate grounds for seeking a directed surveillance authorisation, if the individual's actions were capable of constituting a crime, such surveillance is unlikely to be necessary or proportionate to investigate the activity. Instead, it is likely that other less intrusive, and overt, means (such as unscheduled visits to the address in question) could be explored to obtain the required information.

Example 3: An individual is suspected of a relatively minor offence, such as littering, leaving waste out for collection a day early, or permitting dog-fouling in a public place without clearing up afterwards. It is suggested that covert surveillance should be conducted against her to record her movements and activities for the purposes of preventing or detecting crime, or preventing disorder. Although these could be legitimate grounds for seeking a directed surveillance authorisation, if the individual's actions were capable of constituting an offence or disorder, strong consideration should be given to the question of proportionality in the circumstances of this particular case and the nature of the surveillance to be conducted. In particular, the obtaining of private information on the individual's daily routine is unlikely to be necessary or proportionate in order to investigate the activity of concern. Instead, other less intrusive means are likely to be available, such as general observation of the location in question until such time as a crime may be committed. In addition, it is likely that such offences can be tackled using overt techniques.

Collateral intrusion

3.8. Before authorising applications for directed or intrusive surveillance, the authorising officer should also take into account the risk of obtaining private information about persons who are not subjects of the surveillance or property interference activity (collateral intrusion).

3.9. Measures should be taken, wherever practicable, to avoid or minimise unnecessary intrusion into the privacy of those who are not the intended subjects of the surveillance activity. Where such collateral intrusion is unavoidable, the activities may still be authorised, provided this intrusion is considered proportionate to what is sought to be achieved. The same proportionality tests apply to the likelihood of collateral intrusion as to intrusion into the privacy of the intended subject of the surveillance.

3.10. All applications should therefore include an assessment of the risk of collateral intrusion and details of any measures taken to limit this, to enable the authorising officer fully to consider the proportionality of the proposed actions.

3.11. Where it is proposed to conduct surveillance activity or property interference specifically against individuals who are not suspected of direct or culpable involvement in the overall matter being investigated, interference with the privacy or property of such individuals should not be considered as collateral intrusion but rather as intended intrusion. Any such surveillance or property interference activity should be carefully considered against the necessity and proportionality criteria as described above (paragraphs 3.3-3.7).

Example: A law enforcement agency seeks to conduct a covert surveillance operation to establish the whereabouts of N in the interests of preventing a serious crime. It is proposed to conduct directed surveillance against P, who is an associate of N but who is not assessed to be involved in the crime, in order to establish the location of N. In this situation, P will be the subject of the directed surveillance authorisation and the authorising officer should consider the necessity and proportionality of conducting directed surveillance against P, bearing in mind the availability of any other less intrusive means to identify N's whereabouts. It may be the case that directed surveillance of P will also result in obtaining information about P's family, which in this instance would represent collateral intrusion also to be considered by the authorising officer.

Combined authorisations

3.12. A single authorisation may combine:

  • any number of authorisations under RIP(S)A;[23]
  • an authorisation under RIP(S)A and an authorisation under Part III of the 1997 Act;

3.13. For example, a single authorisation may combine authorisations for directed and intrusive surveillance. However, the provisions applicable for each of the authorisations must be considered separately by the appropriate authorising officer. Thus, a police superintendent could authorise the directed surveillance element but the intrusive surveillance element would need the separate authorisation of the chief constable of the Police Service (or a senior officer designated by the chief constable) and the approval of a Surveillance Commissioner, unless the case is urgent.

3.14. The above considerations do not preclude public authorities from obtaining separate authorisations

Collaborative working

3.15. Any person granting or applying for an authorisation will also need to be aware of particular sensitivities in the local community where the surveillance is taking place and of any similar activities being undertaken by other public authorities which could impact on the deployment of surveillance. It is therefore recommended that where an authorising officer from a public authority considers that conflicts might arise they should consult the authorising officer within the police area in which the investigation or operation is to take place.

3.16. In cases where one public authority is acting on behalf of another, the tasking authority should normally obtain or provide the authorisation under RIP(S)A. For example, where surveillance is carried out by the Police Service on behalf of a local authority, authorisations would usually be sought by the local authority and granted by the appropriate authorising officer within that authority. Where the operational support of other authorities (in this example, the Police Service) is foreseen, this should be specified in the authorisation. Failure to do so does not mean that other authorisations may not subsequently be used to assist the investigation.

3.17. Where possible, public authorities should seek to avoid duplication of authorisations as part of a single investigation or operation. For example, where two authorities are conducting directed or intrusive surveillance as part of a joint operation, only one authorisation is required. Duplication of authorisations does not affect the lawfulness of the activities to be conducted, but may create an unnecessary administrative burden on authorities.

3.18. Where an individual or a non-governmental organisation is acting under direction of a public authority then they are acting as an agent of that public authority and any activities they conduct which meet RIP(S)A definitions of directed or intrusive surveillance or the 1997 Act definition of property interference should be considered for authorisation under those Acts.

3.19. Police Service applications for directed or intrusive surveillance and property interference must only be made by a constable of the Police Service .

3.20. Authorisations for intrusive surveillance relating to residential premises, and authorisations for property interference, may only authorise conduct where the premises or property in question are in Scotland.

Reviewing authorisations

3.21. Regular reviews of all authorisations should be undertaken to assess the need for the surveillance or property interference activity to continue. The results of a review should be retained for at least three years (see Chapter 8). Particular attention is drawn to the need to review authorisations frequently where the surveillance or property interference involves a high level of intrusion into private life or significant collateral intrusion, or confidential information is likely to be obtained.

3.22. In each case the frequency of reviews should be considered at the outset by the authorising officer. This should be as frequently as is considered necessary and practicable.

3.23. The authorising officer is usually best placed to assess whether the authorisation should continue or whether the criteria on which he based the original decision to grant an authorisation have changed sufficiently to cause the authorisation to be revoked. Support staff can do the necessary research and prepare the review process but the actual review is the responsibility of the original authorising officer and should, as a matter of good practice, be conducted by them or, failing that, by an officer who would be entitled to grant a new authorisation in the same terms.

3.24. Any proposed or unforeseen changes to the nature or extent of the surveillance operation that may result in further or greater intrusion into the private life of any person should also be brought to the attention of the authorising officer by means of a review. The authorising officer should consider whether the proposed changes are proportionate (bearing in mind any extra intended intrusion into privacy or collateral intrusion), before approving or rejecting them. Any such changes must be highlighted at the next renewal if the authorisation is to be renewed.

3.25. Where a directed or intrusive surveillance authorisation provides for the surveillance of unidentified individuals whose identity is later established, the terms of the authorisation should be refined at a review to include the identity of these individuals. It would be appropriate to convene such a review specifically for this purpose. This process will not require a fresh authorisation, providing the scope of the original authorisation envisaged surveillance of such individuals. Such changes must be highlighted at the next renewal if the authorisation is to be renewed.

Example: A directed surveillance authorisation is obtained by the Police Service to authorise surveillance of "X and his associates" for the purposes of investigating their suspected involvement in a crime. X is seen meeting with A in a café and it is assessed that subsequent surveillance of A will assist the investigation. Surveillance of A may continue (he is an associate of X) but the directed surveillance authorisation should be amended at a review to include "X and his associates, including A".

General best practices

3.26. The following guidelines should be considered as best working practices by all public authorities with regard to all applications for authorisations covered by this code:

  • applications should avoid any repetition of information;
  • information contained in applications should be limited to that required by the relevant legislation[24];
  • where authorisations are granted orally under urgency procedures (see Chapters 5, 6 and 7 on authorisation procedures), a record detailing the actions authorised and the reasons why the urgency procedures were used should be recorded by the applicant and authorising officer as a priority. There is then no requirement subsequently to submit a full written application;
  • an application should not require the sanction of any person in a public authority other than the authorising officer;
  • where it is foreseen that other agencies will be involved in carrying out the surveillance, these agencies should be detailed in the application;
  • authorisations should not generally be sought for activities already authorised following an application by the same or a different public authority.

3.27. Furthermore, it is considered good practice that within every relevant public authority, a senior responsible officer[25] should be responsible for:

  • the integrity of the process in place within the public authority to authorise directed and intrusive surveillance and interference with property or wireless telegraphy;
  • compliance with RIP(S)A, Part III of the 1997 Act and with this code;
  • engagement with the Surveillance Commissioners and Inspectors when they conduct their inspections, and
  • where necessary, overseeing the implementation of any post-inspection action plans recommended or approved by a Surveillance Commissioner.

3.28. Within local authorities, the senior responsible officer should be a member of the corporate leadership team and should be responsible for ensuring that all authorising officers are of an appropriate standard in light of any recommendations in the inspection reports prepared by the Office of the Surveillance Commissioner. Where an inspection report highlights concerns about the standards of authorising officers, this individual will be responsible for ensuring the concerns are addressed.

3.29. In addition, elected members of a local authority should review the authority's use of RIP(S)A and set the policy at least once a year. They should also consider internal reports on use of RIP(S)A on at least a quarterly basis to ensure that it is being used consistently with the local authority's policy and that the policy remains fit for purpose. They should not, however, be involved in making decisions on specific authorisations. In regard to the matters mentioned in this paragraph, local authorities may wish to consider ensuring that their elected members have undergone sufficient training in order to fulfil these requirements.


Email: Graeme Waugh

Back to top