4. General rules on authorisations
4.1. An authorisation under RIP(S)A will, providing the statutory tests are met, provide a lawful basis for a public authority to carry out covert surveillance activity that is likely to result in the obtaining of private information about a person. Similarly, an authorisation under Part III of the 1997 Act will provide lawful authority for constables or PIRC staff officers to enter on, or interfere with, property or wireless telegraphy.
4.2. Responsibility for granting authorisations under RIP(S)A varies depending on the nature of the operation and the public authority involved. The relevant public authorities and authorising officers are detailed in the 2010 Order and the 2016 Order.
4.3. The statutory purposes for which covert surveillance or property interference authorisations may be issued reflect the functions of the agency carrying out the surveillance or property interference. Operations must be conducted in accordance with the statutory or other functions of the relevant public authority.
Necessity and proportionality
4.4. RIP(S)A and the 1997 Act stipulates that the person granting an authorisation or warrant for directed or intrusive surveillance, or interference with property, must believe that the activities to be authorised are necessary on one or more statutory grounds. 
4.5. If the activities are deemed necessary on one or more of the statutory grounds, the person granting the authorisation must also believe that they are proportionate to what is sought to be achieved by carrying them out. This involves balancing the seriousness of the intrusion into the privacy of the subject of the operation (or any other person who may be affected) against the need for the activity in investigative and operational terms.
4.6. The authorisation will not be proportionate if it is excessive in the overall circumstances of the case. Each action authorised should bring an expected benefit to the investigation or operation and should not be disproportionate or arbitrary. The fact that a suspected offence may be serious will not alone render intrusive actions proportionate. Similarly, an offence may be so minor that any deployment of covert techniques would be disproportionate. No activity should be considered proportionate if the information which is sought could reasonably be obtained by other less intrusive means.
4.7. The following elements of proportionality should therefore be considered:
- balancing the size and scope of the proposed activity against the gravity and extent of the perceived crime or offence;
- explaining how and why the methods to be adopted will cause the least possible intrusion on the subject and others;
- considering whether the activity is an appropriate use of the legislation and a reasonable way, having considered all reasonable alternatives, of obtaining the necessary result;
- evidencing, as far as reasonably practicable, what other methods had been considered and why they were not implemented.
4.8. It is important therefore that all those involved in undertaking directed or intrusive surveillance activities or interference with property under RIP(S)A or the 1997 Act are fully aware of the extent and limits of the authorisation in question.
Example 1: An individual is suspected of carrying out a series of criminal damage offences at a local shop, after a dispute with the owner. It is suggested that a period of directed surveillance should be conducted against him to record his movements and activities for the purposes of preventing or detecting crime. Although these are legitimate grounds on which directed surveillance may be conducted, it is unlikely that the resulting interference with privacy will be proportionate in the circumstances of the particular case. In particular, the obtaining of private information on the individual’s daily routine is unlikely to be necessary or proportionate in order to investigate the activity of concern. Instead, other less intrusive means are likely to be available, such as overt observation of the location in question until such time as a crime may be committed.
Example 2: An individual is suspected of claiming a false address in order to abuse a school admission system operated by his local education authority. The local authority considers it necessary to investigate the individual for the purpose of preventing or detecting crime. Although these could be legitimate grounds for seeking a directed surveillance authorisation, if the individual’s actions were capable of constituting a crime, such surveillance is unlikely to be necessary or proportionate to investigate the activity. Instead, it is likely that other less intrusive, and overt, means (such as unscheduled visits to the address in question) could be explored to obtain the required information.
Example 3: An individual is suspected of a relatively minor offence, such as littering, leaving waste out for collection a day early, or permitting dog-fouling in a public place without clearing up afterwards. It is suggested that covert surveillance should be conducted against her to record her movements and activities for the purposes of preventing or detecting crime, or preventing disorder. Although these could be legitimate grounds for seeking a directed surveillance authorisation, if the individual’s actions were capable of constituting an offence or disorder, strong consideration should be given to the question of proportionality in the circumstances of this particular case and the nature of the surveillance to be conducted. In particular, the obtaining of private information on the individual’s daily routine is unlikely to be necessary or proportionate in order to investigate the activity of concern. Instead, other less intrusive means are likely to be available, such as general observation of the location in question until such time as a crime may be committed. In addition, it is likely that such offences can be tackled using overt techniques.
4.9. Before authorising applications for directed or intrusive surveillance or property interference, the authorising officer should also take into account the risk of obtaining private information about persons who are not subjects of the surveillance or property interference activity (collateral intrusion).
4.10. Measures should be taken, wherever practicable, to avoid or minimise unnecessary intrusion into the privacy of those who are not the intended subjects of the surveillance or property interference activity. Where such collateral intrusion is unavoidable, the activities may still be authorised, provided this intrusion is considered proportionate to what is sought to be achieved. The same proportionality tests apply to the likelihood of collateral intrusion as to intrusion into the privacy of the intended subject of the surveillance or property interference.
4.11. All applications should therefore include an assessment of the risk of collateral intrusion and details of any measures taken to limit this, to enable the authorising officer fully to consider the proportionality of the proposed actions.
4.12. In order to give proper consideration to collateral intrusion, an authorising officer should be given full information regarding the potential scope of the anticipated surveillance or property interference, including the likelihood that any equipment or software deployed may cause intrusion on persons other than the subject(s) of the surveillance or property interference. If an automated system such as an online search engine is used to obtain the information, the authorising officer should be made aware of its potential extent and limitations. Material which is not necessary or proportionate to the aims for the operation should be discarded or securely retained separately where it may be required for future evidential purposes. The authorising officer should ensure appropriate safeguards for the handling, retention or destruction of such material in accordance with chapter 8 of this code.
4.13. Where a public authority intends to use surveillance tools for testing or training purposes, and to the extent that deployment of those tools in an operational setting is unavoidable, this should be treated as a specific operation for the purposes of the 1997 Act or RIP(S)A including full consideration of the proportionality of any collateral intrusion.
4.14. Where it is proposed to conduct surveillance activity or property interference specifically against individuals who are not suspected of direct or culpable involvement in the overall matter being investigated, interference with the privacy or property of such individuals should not be considered as collateral intrusion but rather as intended intrusion. Any such surveillance or property interference activity should be carefully considered against the necessity and proportionality criteria as described above (paragraphs 3.4 - 3.7).
Example: A law enforcement agency seeks to conduct a covert surveillance operation to establish the whereabouts of N in the interests of preventing a serious crime. It is proposed to conduct directed surveillance against P, who is an associate of N but who is not assessed to be involved in the crime, in order to establish the location of N. In this situation, P will be the subject of the directed surveillance authorisation and the authorising officer should consider the necessity and proportionality of conducting directed surveillance against P, bearing in mind the availability of any other less intrusive means to identify N’s whereabouts. It may be the case that directed surveillance of P will also result in obtaining information about P’s family, which in this instance would represent collateral intrusion also to be considered by the authorising officer.
4.15. Where a public authority intends to access a social media or other online account to which they have been given access with the consent of the owner, the authority will still need to consider whether the account(s) may contain information about others who have not given their consent. If there is a likelihood of obtaining private information about others, the need for a directed surveillance authorisation should be considered, particularly (though not exclusively) where it is intended to monitor the account going forward.
Example: If an individual provides the Police Service with passwords and log-in details for their personal social networking accounts in order to provide evidence of threats made against them, this would not normally require a directed surveillance authorisation. If the Police Service then decided to monitor the accounts for the purposes of obtaining further evidence of criminal activity by the author of the threats, they should consider applying for a directed surveillance authorisation. This is because the Police Service would be acting with the intention to monitor an individual who has not consented to and may not be aware of the surveillance, in circumstances where private information is likely to be obtained. The Police Service will also need to consider the extent of the collateral intrusion into the privacy of others who may comment on or post information onto the accounts under surveillance.
Combined authorisations 
4.16. A single authorisation may combine:
- any number of authorisations under RIP(S)A  ;
- an authorisation under RIP(S)A and an authorisation under Part III of the 1997 Act.
4.17. For example, a single authorisation may combine authorisations for directed and intrusive surveillance. However, the provisions applicable for each of the authorisations must be considered separately by the appropriate authorising officer. Thus, a police superintendent could authorise the directed surveillance element but the intrusive surveillance element would need the separate authorisation of the chief constable of the Police Service (or a senior officer designated by the chief constable) and the approval of a Judicial Commissioner, unless the case is urgent.
4.18. The above considerations do not preclude public authorities from obtaining separate authorisations.
Combinations involving warrants under the Investigatory Powers Act 2016
4.19. Where an authorisation under RIP(S)A or the 1997 Act is combined with a warrant under the IPA, the authorisation processes in the IPA will apply. In some cases this will necessitate a higher authorisation process than would otherwise be required for individual applications. Where two warrants or authorisations are combined that would otherwise be issued by different authorities (for example, a property interference authorisation issued by the Police Service and an interception warrant issued by the Scottish Ministers), the warrant will always be issued by the higher authority level. Where one of the warrants or authorisations within a combined warrant is cancelled, the whole warrant ceases to have effect. For example, if conduct required for an operation was authorised by a combined property interference and interception warrant and interception was no longer necessary and proportionate, the whole warrant must be cancelled and a new property interference authorisation sought to cover the property interference that remains necessary and proportionate. Such combined warrants may also be applied for on an urgent basis.
4.20. Where warrants of different durations are combined, the shortest duration applies.
4.21. The requirements that must be met before a warrant can be issued apply to each part of a combined warrant. So, for example, where a combined warrant includes a property interference warrant, all the requirements that would have to be met for a property interference warrant to be issued should be met by the combined warrant.
4.22. The duties imposed by section 2 of the IPA (having regard to privacy) apply to combined warrants as appropriate. The considerations that apply when deciding whether to issue, renew, cancel or modify a warrant under the IPA will apply when such a warrant forms part of a combined warrant. So the property interference or surveillance element of a combined warrant cannot be issued without having regard to privacy in accordance with section 2 of the IPA.
4.23. In seeking the assistance of a third party to give effect to a warrant it is possible to serve only the relevant part of a combined warrant. For example, if a combined warrant included a targeted equipment interference warrant and an authorisation for directed surveillance, and the target equipment interference required the assistance of a third party, it is possible to serve just the part of the warrant that relates to the targeted equipment interference warrant on that third party.
4.24. Paragraph 20 of Schedule 8 to the IPA provides that various rules regarding warrants apply separately to the relevant part of a combined warrant. The duty of operators to give effect to a warrant applies separately in relation to each part of a combined warrant. So, for example, section 128 of the IPA (duty of operators to assist with implementation) would apply to the targeted equipment interference part of a combined warrant but only to that part.
4.25. Similarly, safeguards also apply to individual parts of a combined warrant. For instance, where a combined targeted equipment interference and intrusive surveillance authorisation has been issued, the safeguards that apply to a targeted equipment interference warrant apply to the part of the combined warrant that is a targeted equipment interference warrant. Section 132 (duty not to make unauthorised disclosures) and 134 (the offence of making unauthorised disclosures) of the IPA apply to the targeted equipment interference part of a combined warrant.
4.26. The exclusion of matters from legal proceedings (section 56 of the IPA) continues to apply to an interception warrant that is part of a combined warrant. However, when a property interference or surveillance warrant is combined with an interception warrant the material derived from property interference or surveillance may still in principle be used in legal proceedings if required. However, if material derived from property interference or surveillance authorised by a combined warrant reveals the existence of an interception warrant the material is excluded from use in legal proceedings according to section 56 of the IPA.
4.27. Should the exclusion from legal proceedings mean that there may be difficulties in disclosing any material obtained under a combined warrant that included an interception warrant, public authorities may wish to consider the possibility of seeking individual warrants instead.
Collaborat i ve working
4.28. Any person granting or applying for an authorisation will also need to be aware of particular sensitivities in the local community where the surveillance is taking place and of any similar activities being undertaken by other public authorities which could impact on the deployment of surveillance. It is therefore recommended that where an authorising officer from a public authority considers that conflicts might arise they should consult the authorising officer within the police area in which the investigation or operation is to take place.
4.29. In cases where one public authority is acting on behalf of another, the tasking authority should normally obtain or provide the authorisation under RIP(S)A. For example, where surveillance is carried out by the Police Service on behalf of a local authority, authorisations would usually be sought by the local authority and granted by the appropriate authorising officer within that authority. Where the operational support of other authorities (in this example, the Police Service) is foreseen, this should be specified in the authorisation. Failure to do so does not mean that other authorisations may not subsequently be used to assist the investigation.
4.30. Where possible, public authorities should seek to avoid duplication of authorisations as part of a single investigation or operation. For example, where two authorities are conducting directed or intrusive surveillance as part of a joint operation, only one authorisation is required. Duplication of authorisations does not affect the lawfulness of the activities to be conducted, but may create an unnecessary administrative burden on authorities.
4.31. In some circumstances it may be appropriate or necessary for a public authority to work with third parties who are not themselves a public authority (such as an individual company or non-governmental organisation) to assist with an investigation or piece of research. Where that third party is acting in partnership with or under the direction of a public authority, then they are acting as an agent of that authority and any activities that third party conducts which meet RIP(S)A definitions of directed or intrusive surveillance or the 1997 Act definition of property interference should be considered for authorisation under those Acts by the public authority on whose behalf the activity is being undertaken. Similarly, a surveillance authorisation should also be considered where the public authority is aware that a third party is independently conducting surveillance and the public authority intends to make use of any suitable material obtained by the third party for the public authority’s own investigative purposes.
4.32. Police Service applications for directed or intrusive surveillance and property interference must only be made by a constable of the Police Service.
4.33. Authorisations for intrusive surveillance relating to residential premises, and authorisations for property interference, may only authorise conduct where the premises or property in question are in Scotland.
4.34. Regular reviews of all authorisations should be undertaken to assess the need for the surveillance or property interference activity to continue. The results of a review should be retained for at least three years. Particular attention is drawn to the need to review authorisations frequently where the surveillance or property interference involves a high level of intrusion into private life or significant collateral intrusion, or confidential information is likely to be obtained.
4.35. In each case the frequency of reviews should be considered at the outset by the authorising officer. This should be as frequently as is considered necessary and practicable.
4.36. The authorising officer is usually best placed to assess whether the authorisation should continue or whether the criteria on which he or she based the original decision to grant an authorisation have changed sufficiently to cause the authorisation to be revoked. Support staff can do the necessary research and prepare the review process but the actual review is the responsibility of the original authorising officer and should, as a matter of good practice, be conducted by them or, failing that, by an officer who would be entitled to grant a new authorisation in the same terms.
4.37. Any proposed or unforeseen changes to the nature or extent of the activity that may result in further or greater intrusion into the private life of any person should also be brought to the attention of the authorising officer by means of a review. The authorising officer should consider whether the proposed changes are proportionate (bearing in mind any extra intended intrusion into privacy or collateral intrusion), before approving or rejecting them. Any such changes must be highlighted at the next renewal if the authorisation is to be renewed.
4.38. Where a directed or intrusive surveillance authorisation provides for the surveillance of unidentified individuals whose identity is later established, the terms of the authorisation should be refined at a review to include the identity of these individuals. It would be appropriate to convene such a review specifically for this purpose. This process will not require a fresh authorisation, providing the scope of the original authorisation envisaged surveillance of such individuals. Such changes must be highlighted at the next renewal if the authorisation is to be renewed.
Example: A directed surveillance authorisation is obtained by the Police Service to authorise surveillance of “X and his associates” for the purposes of investigating their suspected involvement in a crime. X is seen meeting with A in a café and it is assessed that subsequent surveillance of A will assist the investigation. Surveillance of A may continue (he is an associate of X) but the directed surveillance authorisation should be amended at a review to include “X and his associates, including A”.
4.39. During a review, the authorising officer who granted or last renewed the authorisation may amend specific aspects of the authorisation, for example, to cease directed surveillance against one of a number of named subjects or to discontinue the use of a particular tactic.
General best practices
4.40. The following guidelines should be considered as best working practices by all public authorities with regard to all applications for authorisations covered by this code:
- applications should avoid any repetition of information;
- information contained in applications should be limited to that required by the relevant legislation  ;
- the case for the authorisation should be presented in the application in a fair and balanced way. In particular, all reasonable efforts should be made to take account of information which supports or weakens the case for the authorisation;
- where authorisations are granted orally under urgency procedures (see Chapters 5, 6 and 7 on authorisation procedures), a record detailing the actions authorised and the reasons why the urgency procedures were used should be recorded by the applicant and authorising officer as a priority. There is then no requirement subsequently to submit a full written application;
- an application should not require the sanction of any person in a public authority other than the authorising officer;
- where it is foreseen that other agencies will be involved in carrying out the surveillance, these agencies should be detailed in the application;
- authorisations should not generally be sought for activities already authorised following an application by the same or a different public authority.
4.41. Furthermore, it is considered good practice that within every relevant public authority, a senior responsible officer  should be responsible for:
- the integrity of the process in place within the public authority to authorise directed and intrusive surveillance and interference with property or wireless telegraphy;
- compliance with RIP(S)A, Part III of the 1997 Act and with this code;
- engagement with the IPC and Inspectors when they conduct their inspections, and
- where necessary, overseeing the implementation of any post-inspection action plans recommended or approved by a Judicial Commissioner.
4.42. Within local authorities, the senior responsible officer should be a member of the corporate leadership team and should be responsible for ensuring that all authorising officers are of an appropriate standard in light of any recommendations in the inspection reports prepared by the IPC. Where an inspection report highlights concerns about the standards of authorising officers, this individual will be responsible for ensuring the concerns are addressed.
4.43. In addition, elected members of a local authority should review the authority’s use of RIP(S)A and set the policy at least once a year. They should also consider internal reports on use of RIP(S)A on at least a quarterly basis to ensure that it is being used consistently with the local authority’s policy and that the policy remains fit for purpose. They should not, however, be involved in making decisions on specific authorisations. In regard to the matters mentioned in this paragraph, local authorities may wish to consider ensuring that their elected members have undergone sufficient training in order to fulfil these requirements.