Overview
After a warrant has been issued, the requested bulk SIGINT measure must be authorized or – as the case may be in different jurisdictions – approved by a review body that assesses the necessity and proportionality. Differences exist across nations as regards the moment when the independent judicial review process comes into play. In some countries, the competent minister or other members of the executive authorize warrants. In the United Kingdom, for example, the authorization of warrants is the privilege of the executive. Ministerial authorization, then, has to be approved by independent Judicial Commissioners. By contrast, in the German legal framework, warrants are authorized by bodies such as the G10 Commission or the Independent Control Council (for future foreign-foreign intelligence collection).
The independent ex-ante authorization/approval of data collection is a crucial safeguard against the misuse and abuse of bulk surveillance powers. The legitimacy of surveillance practice depends on the control of executive conduct from the outside. Enacting the control mechanism prior to implementation is crucial, because this can both deter and prevent certain actions from being taken. Independent authorization/approval also contains an important learning element, because the competent bodies can improve their controls, draw lessons from past mistakes, and then declare more assertively that certain measures are not required, or that no sufficient proof was presented.
Across many democracies, a dual system of authorization/approval has emerged that combines a judicial and an executive control function. A judicial oversight body – ideally a court – is best suited to administer a competent legal review of a bulk surveillance application.
Relevant Aspects
The complexity and confidentiality of the subject matter require that the authorization body must be sufficiently qualified (e.g., a specialized court for SIGINT operations) and have the necessary powers and resources to conduct the authorization (e.g., access to all relevant information). A fundamental requirement for an authorization/approval body is its independence. Further relevant aspects include:
- – Who is involved in the authorization process
- – When the review takes place
- – How the authorization takes place
- – Whether the law foresees an appeal procedure
- – Whether or not warrants also account for metadata and “secondary data”
- – Whether or not the authorization takes other (ongoing) surveillance measures into account when assessing a new warrant
- – How the authorization decision is documented
Independent authorization becomes an even more powerful democratic safeguard if the procedure is fully transparent and when the review officials are endowed with a robust mandate and enough discretion to authorize or approve warrants with conditions. Ideally, the legal framework stipulates a mandatory declassification review that aims to publish as much information as possible, for example about critical legal interpretations.
Adversarial proceedings are an essential feature of effective independent approval/authorization. Equally, explicit standards for proportionality assessments for authorizing or approving bulk SIGINT warrants in actual practice, such as an Advisory Notice of the British Investigatory Powers Commissioner’s Office (IPCO) combined with its subsequent outreach to civil society and other experts, are promising examples of good practices. Further oversight body involvement should now be considered when it comes to the authorization to share intelligence.