The Investigatory Powers (Technical Capability) Regulations 2018

Regulation 3(2)

SCHEDULE 1Obligations in relation to warrants under Part 2 or Chapter 1 of Part 6 of the Act

PART 1Relevant telecommunications operators

1.—(1) To provide and maintain the capability to carry out the interception of communications or the obtaining of secondary data and disclose anything obtained under a warrant to the person to whom the warrant was addressed, or any person acting on that person’s behalf, within one working day, or such longer period as may be specified in the technical capability notice, of the service of a copy of the warrant.

(1) “Within one working day”, in relation to the service of a copy of a warrant, means within a period of 24 hours, not including any time that is not part of a working day.

2.  To provide, modify, test, develop or maintain any apparatus, systems or other facilities or services necessary to provide and maintain the capability described in paragraph 1.

3.  To provide and maintain the capability to ensure the interception, in their entirety, of all communications and the obtaining, in their entirety, of all secondary data authorised or required by a warrant.

4.  To provide and maintain the capability to ensure, where reasonably practicable, the transmission of communications and secondary data, as near to in real time as is reasonably practicable, to a hand-over point as agreed with the person to whom a warrant is addressed.

5.  To provide and maintain the capability to disclose, where reasonably practicable, only the communications the interception of which, or the secondary data the obtaining of which, is authorised or required by a warrant.

6.  To provide and maintain the capability to disclose intercepted communications and secondary data in such a way that communications and secondary data obtained from those communications can be unambiguously correlated.

7.  To ensure that any hand-over interface complies with any appropriate industry standard, or other requirement, specified in the technical capability notice.

8.  To provide and maintain the capability to—

(a)disclose the content of communications or secondary data in an intelligible form where reasonably practicable;

(b)remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data where reasonably practicable, or

(c)to permit the person to whom a warrant is addressed to remove such electronic protection.

9.  To provide and maintain the capability to simultaneously intercept, or obtain secondary data from, communications relating to a number of the persons to whom the telecommunications operator provides the telecommunications service to which the communications relate which is equal to—

(a)1 in 10,000 of the persons in the United Kingdom to whom the telecommunications operator provides that service, or

(b)such smaller number as is specified in the notice.

10.  To ensure that any apparatus, systems or other facilities or services necessary to carry out the interception of communications or obtaining of secondary data are at least as reliable as any telecommunication system by means of which the communication that is intercepted, or the communication from which secondary data is obtained, is transmitted.

11.  To ensure that the capability to intercept communications or obtain secondary data may be audited so that—

(a)it is possible to confirm that the communications that are intercepted, or from which secondary data is obtained, are those described in a warrant, and

(b)the integrity of the communications and data is assured so far as reasonably practicable.

12.—(1) To comply with the other obligations imposed by a technical capability notice in such a manner that the risk of any unauthorised persons becoming aware of any matter within section 57(4) of the Act is minimised, in particular by ensuring that apparatus, systems or other facilities or services, as well as procedures and policies, are developed and maintained in accordance with security standards or guidance specified in the notice.

(2) For the purpose of this paragraph, a person is an unauthorised person in relation to a matter within section 57(4) of the Act if, were the matter disclosed to that person by a person to whom section 57 applies, that disclosure would be an unauthorised disclosure.

13.  In order that the capability to intercept communications and obtain secondary data may be maintained, to put in place and to maintain arrangements, agreed with the Secretary of State, to notify the Secretary of State, within a reasonable time, of—

(a)proposed changes to telecommunications services or telecommunication systems to which obligations imposed by a technical capability notice relate;

(b)proposed changes, to existing telecommunications services or telecommunication systems, of a description specified in the notice, and

(c)the development of new telecommunications services or telecommunication systems.

PART 2Relevant postal operators

14.—(1) To provide and maintain the capability to carry out the interception of, or the obtaining of secondary data from, communications transmitted by means of a postal service and to disclose anything obtained under a warrant to the person to whom the warrant is addressed or any person acting on that person’s behalf within one working day, or such longer period as may be specified in the technical capability notice, of the service of a copy of the warrant.

(2) “Within one working day”, in relation to the service of a copy of a warrant, means within a period of 24 hours, not including any time that is not part of a working day.

15.  To provide and maintain the capability to open, copy and reseal any postal item.

16.—(1) To comply with the other obligations imposed by a technical capability notice in such a manner that the risk of any unauthorised persons becoming aware of any matter within section 57(4) of the Act is minimised, in particular by ensuring that apparatus, systems or other facilities or services, as well as procedures and policies, are developed and maintained in accordance with security standards or guidance specified in the notice.

(2) For the purpose of this paragraph, a person is an unauthorised person in relation to a matter within section 57(4) of the Act if, were the matter disclosed to that person by a person to whom section 57 applies, that disclosure would be an unauthorised disclosure.