The Covert Human Intelligence Sources (Criminal Conduct) Act 2021 (the Act) received royal assent on 1 March 2021 but is yet to come into force. It will enable criminal conduct by a covert human intelligence source (a CHIS) in the course of covert intelligence gathering to be authorised (a Criminal Conduct Authorisation or CCA) by a range of UK government authorities.

The Act now expressly grants powers to make CCAs to a significant number of government authorities beyond the intelligence services including the police, HMRC, the SFO, the FCA, the NCA and the CMA.

This marks a departure from the traditional scope of government authorities’ statutory powers in surveillance investigations.

The Act will amend the Regulation of Investigatory Powers Act 2000 (RIPA), which consolidates and governs (along with the Investigatory Powers Act 2016) surveillance powers. RIPA already empowers certain government bodies to authorise the use of covert human intelligence sources. However the section inserted into RIPA by the Act now expressly allows certain government authorities to authorise criminal conduct in the course of, or otherwise in connection with, the conduct of covert human intelligence sources. Such conduct will be lawful for all purposes, which amounts to an immunity from prosecution and significantly restricts the likelihood of successful civil claims.

Previously, criminal conduct by CHISes was approved by certain government authorities under non-statutory policies. These policies did not confer immunity. Representations would have needed to be made to the prosecuting authority that the prosecution was not in the public interest. The existence of MI5’s policy was revealed in 2018 and subject to legal challenge, but was ultimately upheld as lawful by the Investigatory Powers Tribunal in 2019.

A CCA may only be granted where the authority believes that the authorisation is:

  • necessary to protect national security or economic interest or to prevent or detect crime or to prevent disorder;
  • proportionate to the aim sought to be achieved; and
  • in line with any additional requirements imposed by the Secretary of State at a later date.

In assessing proportionality, the authority must consider whether the criminal conduct being authorised aims to prevent more serious criminal conduct and whether there are no other reasonable or practicable means by which the same outcome can be achieved. CCAs are not otherwise subject to many meaningful safeguards. Each criminal conduct authorisation must also be notified to a judicial commissioner. However, that commissioner will not have the power to quash the authorisation – doing so will require an application for judicial review or, in the case of intelligence services, to the Investigatory Powers Tribunal.

Lastly, it is not clear how these government authorities intend to utilise these new powers. The use of CCAs may appear unlikely in financial crime investigations by the SFO, FCA, NCA, CMA or HMRC but they are now available. The use of CCAs goes far beyond the current roles of the vast majority of these authorities’ employees. Many of these employees might not be prepared to accept such responsibility, and would require extensive training to ensure that these powers are wielded safely.

The authors would like to thank Maria Zeber, trainee, for her contribution to this blog post.