Law and Criminology: Ability to Conduct an Investigation - Research Paper Example

 Law and Criminology: Ability to Conduct an Investigation Introduction: In the complex legal world every day is a new beginning. The world order shifts from time to time which becomes a challenge for the investigating agencies to be updated and prepared to face it. Technological advancement brings about new opportunities along with those new threats, with new legislative requirement. The Applicability of the Various Acts and their Impact: The data protection act 1998 came into force with the sole purpose of protecting the fundamental rights and freedom of natural persons. The issues of privacy gain ground after the Data Protection Committee expressed its concern about the collection and compilation of centralized data by the Government. It gave rise to threats regarding the enormous power of the government and the consequences if such data falls in wrong hands. So it became certain that there should be some independent agency, which can monitor and restrict the extent to which such information is accumulated. The result of such apprehension a committee was formed which laid down new rules to the extent data can be collected and utilized, Leigh- Pollitt, P and Mullock, J (2001). The data protection act 1998 was framed which specified the limits up to which data can be collected and used, the new amended act has included CCTV footage and data information stored manually within its ambit and also implementation is stringent so much so that security personnel are also covered within the ambit of this law. This law is derived from the community law of European Union and the basis of it is the protection of fundamental rights and freedom of the people. The important aspect of the law is the right to privacy in regards to personal data collection and usage. Any person using any data must register the reason of such usage and the reason of transfer of data to a third person. Even law enforcing agencies have to ensure that proper steps are followed regarding the data usage and done under the supervision of Information Commissioners, Leigh- Pollitt, P and Mullock, J (2001). To comply with the new 1998 Act there are three things that must be done: Maintain the Eight Data Protection Principals to ensure compliance with fair processing codes. Uphold the rights of the data subjects (these rights are now explicitly identified, including the right to object to direct marketing) Ensure compliance with notification (data protection registration) If all three are not complied with an offence is committed. The Eight Principals are: 1. The data must be acquired legally and fairly Legally means with the consent of the person involved (there is no distinct definition in the act but it will probably comprise the person’s free consent and informed decision to provide the data) Legally it can be in the shape of an agreed contract (taking services through the organization); to comply with the law; to protect the person’s vital interest (i.e. life or death); part of a criminal investigation; legitimate interests of the data controller with the rights of the subject. 2. Data can only be obtained for Specific and Lawful Purposes The Data Controller when registering with the commission should opt for the wide range of purposes. 3. Data should be Adequate, Directly relevant and Not Excessive 4. Data should be accurate and Up-to-Date 5. Data should only be kept for the duration of the purpose for which it is held If a data is collected for a definite purpose or event the data should only be kept until the end of that purpose is finished. However if you maintain a VIP list or lists for invitations to the events/lectures of an organization, providing you have consent this should be safe. 6. Data may be held if the rights of the subject are protected in doing so. 7. The data must be Secure Applies to both manual and computer data. 8. Data cannot be transferred outside the European Economic Area unless that area has similar data protection standard. Transfers elsewhere are therefore problematic. It may be acceptable if a suitable contract was in place guaranteeing that the provisions of the Act will be upheld in all its aspects, Sorrell (2000). Sensitive Data If it is required to hold sensitive data, there is a need to have subject’s express consent to do that. Even issuing a form, which solicits sensitive data, will require specific permission to hold it. However if the sensitive data in it is investigative it is required to prove that such has been freely and deliberately made investigative. Sensitive data includes: a)Race/ethnicity, b)Political beliefs, c)Religious beliefs, d)Trade union memberships, e)Physical/mental condition, f)Sexuality, Criminality. Sensitive data does not include such things as: age, sex, and financial information. However an exemption exists for charitable and voluntary organizations other than that it would be unable to function due to the Act. Any registered charity, which is already in active communication with the supporter/member, and where they uphold its member’s rights, may continue, Sorrell (2000). In order to be legal and fair the Fair Processing Code must be followed by notifying the subject with the identity of the data controller, the purpose for which data is held, any other specifics about the data, Sorrell (2000). Under the 1998 Act Notification is done for the 26 purposes in regards to data being held. The Data Controller determines how and why data is used and compliance regarding this is strict, Sorrell (2000). So as to ensure that the processing of personal data is open and transparent, the Act establishes a system of notification whereby all organizations engaged in dealing of personal information are required to notify the Information Commissioner's Office (ICO) (unless they are exempt under the Act) and to provide details of the type of data processing being undertaken. This information is then published in the register of data controllers and is available for investigative inspection. Failure to notify is a criminal offence under the Act (DPA 1998, section 47). The objective of the system is that the concerned authorities are able to find out the source of processing personal information and the purpose. The system is designed to ensure that individuals are able to determine whether information relating to them is being held by another individual, government agency, or private organization, Sorrell (2000). The areas, which pose specific problems, are proxy consent and covert research. Proxy consent means that the person giving the consent has the authority to do so on behalf of that individual.  Generally the guidance given to those faced with requests to access information about a data is that any person who lacks capacity will refuse to provide that unless the person acting can show either an instrument executed about the competence, such as an enduring power of attorney which has now been activated, or has the authority of the Court of protection.  It would be suggested that the equivalent safeguards should apply to the proxy.  As noted above in relation to anonymous information there may be a different view where the data collected are wholly anonymous but it seems the researcher will have access to the nominative data, Jay (2004). Covert research is justified where the exemption relating to the investigation of crime would apply but the cases where this will apply are not specifically stated. The beginning of the DPA is that individuals must be told of the usage of data about them, generally when the controller first acquires the data.  There are a number of instances, which allow the data collector not to give notice in advance, e.g. when the notice would involve disproportionate effort and or where the information collected is to be revealed to a third party the notice may be held back until the information is dissipated, Jay (2004). It is to be remembered that where sensitive data are involved there is no alternative for consent in order to use data and hence the consent has to be obtained before the processing takes place. Clearly this becomes quite complex, where the primary purpose is the prevention of crime and therefore the collection is legally undercover. The DPA allows the data controller to freedom from provisions in respect to notice to the individual in cases where there would be a problem for the purposes of the prevention or detection of crime or apprehension or prosecution of offenders, Jay (2004).  When investigating an Internet crime, U.K. law enforcement personnel (LEP) must comply with laws, which regulate both access to communications data and the preservation of privacy rights. U.K. LEP can intercept unlawful communications or search stored data to find evidence of crime. There are broad rules regarding such interception and search. Strict privacy laws have retrained Internet Service Providers from retaining the user transmission data crucial to LEP investigations. However with the help of new European Union legislation U.K. have been allowed to enforce data retention obligations on ISPs to help in criminal investigations. The legal structure for ISP data retention is provided by the following acts: The Regulation of Investigatory Powers Act 2000 (RIPA) and the Anti-Terrorism, Crime and Security Act 2001(ATCSA). The provisions of both Acts shall comply with the elaborate privacy obligations encrypted in Article 8 of the European Convention on Human Rights (ECHR), enforced in the U.K. as the Human Rights Act 1998 (HRA). Retention of data must also be in league with E.U. data protection obligations incorporated into U.K. law by the Data Protection Act 1998 (DPA), Hansen (2003). Access to communications data in the U.K. is governed by RIPA, also widely known as the snooping bill. RIPA creates a law of tort of unlawful interception, under which it is a breach of law if any unauthorized person intercepts communications traveling over any investigative or private telecommunications system, Hansen (2003). According to section 5(3) of the Act, the Secretary of State can issue a warrant only if the surveillance proposed is necessary: (a) in the interests of national security; (b) for the purpose of preventing or detecting serious crime; (c) for the purpose of safeguarding the economic well-being of the United Kingdom; or (d) for the purpose, in circumstances appearing to the Secretary of State to be equivalent to those in which he would issue a warrant by virtue of paragraph (b), of giving effect to the provisions of any international mutual assistance agreement, www.Parliament.uk(2009). Authorities can intercept communications over the Internet only if they can obtain the consent of at least one of the parties involved in such communication. Under the definitions contained in IPA, any Internet-connected PC could be seen as a part of the investigative telecommunications system, so any one using an internet can become or has the potential of becoming a spy so any person with whom you are communicating could authorize LEP to track their exchanges. RIPA puts up certain process as protection to prevent authorities from unreasonably exercise and application of search and interception privileges. It is mandatory to obtain warrants before interceptions or searches can be carried out, and such intrusions are limited to the minimum amount necessary to achieve their authorized purpose. Under section 12, the Secretary of State can require ISPs to maintain technical measures, which are sufficient to allow LEPs to catch, hold of communications and other data passing through their systems. If necessary, specific instructions can be issued by the Secretary to each ISP to enhance level of interception capability to the scope of their operations. Section 24 provides that that ISPs are compensated for the costs they incur in establishing the interception capabilities required under RIPA. Even with the costly interception capabilities imposed on ISPs, RIPA's provisions are unlikely to be effective in combating Internet crime. This is because any criminal seeking to escape can simply choose to access the Internet through an ISP with less than 10,000 U.K. customers; such small-scale ISPs are not required to maintain interception or monitoring capabilities. This exemption is intended to minimize the financial and regulatory burden on small organizations, which in turn allows small ISPs to serve as safe-havens for Internet criminals, Hansen (2003). U.K. Privacy Obligations ISPs are under a legal obligation to ensure that user data is not processed or accessed in an improper manner. European Union legal requirements regarding privacy and data protection are encrypted in the European Convention on Human Rights. Article 8 of the ECHR establishes a right to privacy in domestic life and correspondence, as well as a general prohibition on the interception of communications. Other important rights that must be upheld include the right to a fair trial, a presumption of innocence, and the right to liberty and security, Hansen (2003). Police investigations are done keeping in mind the privacy of victims, witnesses and suspects. Such investigations involve the use of policing tactics or techniques, which, if made investigative, would cause hindrance of crime detection and prevention of the police force. It is a common fact that the release of information concerning current investigations may be contradictory to any subsequent court proceedings, www.Parliament.uk (2009). For these reasons, the police will, in most cases, seek to apply for exemption to prevent the release of information concerning investigations when requested under the Freedom of Information Act. There may be in some cases very important and genuine investigative interest for such disclosure of facts and figures. But such importance and significance should be overriding the aspect of common curiosity or interest but is very important from investigative point of view. In order to ensure that these investigative interest issues are fully considered, all applications for information concerning investigations will be considered on a case-by-case basis in accordance with the requirements of the Act, www.Parliament.uk (2009). The Human Rights Act of 1998 (HRA) incorporates the ECHR provisions into the human rights law of Great Britain. Section 4 of the HRA prohibits any legislation in contravention with the provisions of the ECHR. Under HRA there is a right to legal proceedings to those seeking to enforce its provisions. Accordingly, the HRA provides grounds upon which the validity of RIPA's interception requirements to a specific investigation can be challenged. RIPA will face legal hurdles regarding searches or interceptions of targeted communications data. Any justifiable connection between data located on different computers could be the reason for a subject to search under section 20. Such wide search powers are can be open to concern. Because of the advanced interception technology both the source and the content of Internet communications can be capture, Hansen (2003). For ISPs, providing confidential personal information about their users may be a breach of obligations not only under E.U. and U.K. privacy law, but data protection law as well. ISPs granting access to information beyond the extent required by LEP may be in breach of data protection law. These laws regulate rights of individuals regarding how their information can be used. Directives are given for the protection of individuals with regard to the processing of personal data; it gives individuals a great deal of control over their data’s processing and movement. The Directive requires every States to protect the fundamental rights and freedoms of individuals, in particular their right to privacy with respect to the processing of personal data. Individuals must give their consent before an ISP or other third party can process their data and they have the right to object to processing except where prohibited by law. Access to user data in the absence of consent is allowed only in very limited situations set forth in Article 13. Article 13 of the Directive allows States to enact legislations to obtain user data without consent in case access to such data is necessary for investigative security or to assist in criminal investigations. There is strict liability for breach of a user's right to data privacy and it rests with the ISP as the data controller, unless legally exempted under Article 13 provide a defense to the breach. Directive addressing the processing of personal data and the protection of privacy in the telecommunications sector requires ISPs to ensure confidentiality and prohibit storage or interception of communications except under the same limited exceptions contained in Article 13. The Directive contains prohibitions on the retention of data and it is a hindrance to fight internet crimes. Article 6 requires ISPs to erase traffic and billing data upon the termination of user communications unless the data is kept for the purpose of billing a subscriber. Data retained for billing purposes may only be kept until the end of the billing period, Hansen (2003). Human Right Act 1998, a number of articles provide the following rights: Article 2: The right to life; Article 3: The prohibition on torture, degrading and inhuman treatment or punishment; Article 4: The prohibition on slavery and servitude; Article 5: The right to liberty and security of person; Article 6: The right to a fair trial in criminal and civil proceedings; Article 7: The prohibition on retrospective criminal offences; Article 8: The right to privacy, family life, and correspondence; Article 9: Freedom of thought, conscience and religion; Article 10: Freedom of expression; Article 11: Freedom of assembly and association; Article 12: The right to marry; Article 13: The right to an effective remedy; Article 14: The prohibition on discrimination Signatories to the Human Rights convention may not: (1) violate the right to life of their citizens, subject them to torture, inhuman or degrading treatment, or press them into enforced labor. These rights are absolute, and cannot be interfered with by an investigative body, The Human Rights Act (1998). (2) Deprive them of their liberty without due process and compensation, deprive them of access to justice or a fair trial or introduce laws that impose retrospective criminal liability for acts that were committed previously when such was not an offence. These are special rights. They are negotiable (can be set aside), but only in certain situations, i.e. times of war or investigative emergency. Otherwise, they are unqualified, and cannot be balanced against other public interests, The Human Rights Act (1998). (3) Infringe individual’s rights to privacy, freedom of religion, expression, association and assembly, and the right to marry and found a family, without proper justification. These rights are known as qualified rights, but the justification for their interference is tightly controlled, The Human Rights Act (1998). (5) The rights guaranteed by the Convention must be guaranteed to each individual, irrespective of sex, race and a range of other grounds, The Human Rights Act (1998). After the enactment of Human Rights Act it becomes law and provides litigants liberties against infringement of these rights against investigative authority including investigating agencies. There may be other grounds of infringement proceedings for established torts, such as negligence, breach of confidence or false imprisonment. Individuals can invoke Convention rights as a basis for legal actions in criminal proceedings e.g. actions for breach of contract. Even if there is no existing actionable case, an individual may bring litigation against a investigative authority on the basis of a Convention ground alone, such as the right to privacy under Article 8. Convention rights find place in judicial review proceedings. There can be a claim on the ground of illegality e.g. the non-compliance of an act, or piece of legislation. It is not necessary for applicants to satisfy the court that a disputed decision was irrational that no rational investigative authority could have taken it (Associated Provincial Picture Houses, Limited v Wednesbury Corporation). In order to prove the point it is necessary that an applicant is personally affected by the action or decision of a investigative authority, it is sufficient simply to point to a breach of a Convention right which in the court’s view has been infringed without lawful justification. Subject of an action under the Act Primary legislation, secondary legislation, and the common law can be made the, in addition to decisions and actions of investigative authorities. The court cannot set aside a law if it cannot interpret it however it can issue a declaration that the relevant statutory provision is incompatible with the rights set out in the Convention. This can lead to action by legislatures to find a solution for the problem. There are limitations to that power. Secondary legislation may be protected from challenge if the primary legislation under which it was made prevents the removal of the incompatibility and the court cannot as a result interpret the subordinate legislation in a way that is consistent with Convention rights. An example would be regulations made under an act, where the act itself is incompatible with HRA. In that case the subordinate legislation continues to be valid and enforceable until Parliament amends the primary statute. It is also unlawful for all investigative authorities to act in a way, which is against the rights in the Convention, The Human Rights Act (1998). By virtue of this act the public authority is barred from doing anything, which is in contravention to the provisions or conventions laid down in the Human Rights Act 1998. Police officers are included in the term of public authority as their work includes public duties and police officers are individually responsible for their acts and any contravention is punishable under the law. Six principles can be applied to reach to the conclusion of compliance with Human Rights: Legality - Is the action legal i.e. complies with statute, regulations, case law and is it available to a member of the public. Proportionality - That action taken were proportionate to the threat or problem it sought to prevent. Relevance/ Necessity - That the police action was strictly relevant to the particular threat/ problem. Subsidiary - The police action was the least force / intrusive action available. Equality Of Arms - That the defendant has the same information and access to information as the police/ prosecution. Remedy - Is there an independent public remedy available to the citizen. Against these above guidelines the action of police officers are to be guided as weather it contravenes any provisions of Human rights Act, Policing Our Communities (2003). The Private Security Industry Act 2001 was legislated to counter the vast number of dubious private security agencies infiltrated by security men whose background was highly questionable and suspicious. It was alleged by various agencies that this industry of private security has been over taken by illegal activities for the purpose of drug trade and other subversive agenda. Other than that it was pointed out that though there were double number of people manned security industry still there was no proper mechanism to control it or any agency to certify its authority. It was for this purpose to raise the standard and bring regulations through self-regulatory mechanisms, to prevent criminals from carrying out their ulterior objectives in the shadow of this industry and also to guide the public about the standard of security agency that they are hiring. The Security Industry Authority is entrusted to license individuals and approve security agencies, to keep in close watch the operation of private security industry and it adheres to the law in force, to keep a control on the people working there, make periodical inspections, set standard for its smooth functioning, and provide guidance to improve. Any operations carried on without license by any person or organization is a criminal offence and will be dealt with accordingly. The SIA is required to set the standard criteria for granting license and any previous criminal record of a person does not mean automatic disqualification or refusal and will conform to the Rehabilitation of Offenders Act 1974. Standards are also set for the security agencies and their performance level. It is an offence if any security agency functions without a license or employs any person not having a license, contravenes any condition of license, obstructs inspection of SIA, fails to comply with the directions of SIA or makes a false statement. The Private Security Industry Act 2001 is a very important legislation and every person concerned with security has to be well versed with its provisions and act in adherence to those clauses in order to serve the purpose of a smooth and efficient flow of administration and justice to the society, The Private Security Industry Act (2001). Conclusion: To counter the ever changing threat perception, new enactments are necessary or at least new legislations. The investigators are required to make themselves updated with the ever changing laws and put forward a face which is cooperative and trustworthy to the society. The aim is to bring peace and harmony that will strengthen the foundation of democracy and human civilization world over. Reference: Associated Provincial Picture Houses, Limited v Wednesbury Corporation [1948] 1 KB 223 Crime reduction 2004 Information Sharing: Questions and Answers viewed on 14th November 2009 http://www.crimereduction.homeoffice.gov.uk/infosharing13.htm Data Protection Law, Act 1998, United Kingdom DPP Defends Human Rights Act At Annual Lecture 2009 14th November 2009 http://www.cps.gov.uk/news/press_releases/149_09/ European Human Rights Convention viewed on 14th November 2009 http://www.hri.org/docs/ECHR50.html Freedom of Information Act, 2000, United Kingdom Gearty, C. A. 2006 Can human rights survive? Cambridge New York Hansen, R 2003 Data Preservation: An Effective Approach to Combating Internet Crime in the U.K. Cyberlaw Seminar, Spring Semester, University of Iowa College of Law viewed on 14th November 2009 http://www.uiowa.edu/~cyberlaw/cls03/rhfinfin.html Human Right Act 1998, Introduction – Data Protection, Freedom of Information and Human Rights, viewed on 14th November 2009 http://www.charity-commission.gov.uk Jay, R 2004 New Ethical Challenges in Socio-legal Research The Impact of The Data Protection Act 1998 On Socio-Legal Research SLSA Conference University viewed on 14th November 2009 http://74.125.153.132/search?q=cache:426QtqIlt28J:www.kent.ac.uk/nslsa/images/slsadownloads/onedayconferences/rosemary%2520jay%2520slsa%2520paper.doc+the+effects+that+the+Data+Protection+act+1998,+on+an+investigation&cd=5&hl=en&ct=clnk&gl=in Leigh- Pollitt, P and Mullock, J 2001 The Data Protection Act Explained, London: The Stationary Office Policing Our Communities 2003 Human Rights Act Warwickshire police viewed on 14th November2009http://www.warwickshire.police.uk/Diversity/Policingourcommunities/HumanRightsActfolder Pounder, C 2005 Data protection case goes to the House of Lords OUT-LAW News, viewed on 14th November 2009 http://www.out-law.com/page-5820 Private Security Legislation 2009 The Private Security Industry Act 2001, viewed on 14th November 2009 http://sia.homeoffice.gov.uk/home/about_sia/legislation/psia.htm Rizvi, S.M 2007 Data Privacy & Right to Information: The Phenomenon of Strategic Control & Conflicting Interests Indian Institute of Information Technology, Allahabad, India viewed on 14th November 2009 http://www.iceg.net/2007/books/2/17_288_2.pdf Sorrell, J 2000 Data Protection Act 1998 viewed on 14th November 2009 http://www.sorrell.co.uk/Data%20Protection%20Act%201998.pdf \\Neo\Users\janice\City\Data Protection Act 1998.doc Page 2 Steyn, 2006 "Democracy, the Rule of Law and the Role of Judges", Attlee Foundation Lecture, viewed on 14th November 2009 http://www.opsi.gov.uk/acts/acts2000/ukpga_20000023_en_1. Surveillance: Citizens and the State - Constitution Committee Contents Chapter 4: LegalRegulationandSafeguards viewedon14thNovember2009 http://www.publications.parliament.uk/pa/ld200809/ldselect/ldconst/18/1806.htm The Human Rights Act 1998: Interim Guidance 2006 viewed on 14th November 2009 http://www.hse.gov.uk/foi/internalops/fod/om/2001/117.pdf FOD Legal & Enforcement Warren, S. and Brandeis, L. (1890), "The Right to Privacy", Harvard Law Review, 4(1), pp193-220 viewed on 14th November 2009 www.Parliament.uk 2009 viewed on 14th November 2009 http://www.publications.parliament.uk/pa/ld200809/ldselect/ldconst/18/1806.htm - n63 Read More