Security Experts:

Connect with us

Hi, what are you looking for?


Tracking & Law Enforcement

UK Supreme Court Overturns Ultimate Authority of Investigatory Powers Tribunal

The UK Supreme Court has delivered a ruling that ensures that intelligence agency surveillance action can be challenged in the courts, and is subject to the rule of law.

The UK Supreme Court has delivered a ruling that ensures that intelligence agency surveillance action can be challenged in the courts, and is subject to the rule of law.

The status quo for western democracies is the trias politica model — the separation of national governance into three branches: executive, legislative and judiciary. This model is used by the United States, the European Union, and the United Kingdom. In all three cases, there is a natural impetus for the executive to attempt to assume all power.

In recent months, the assumption of overriding authority by the UK executive (basically, the Prime Minister, but supported by Cabinet member appointees) has been challenged by the legislature over Brexit — Parliament has simply refused to accept the wishes of the Prime Minister. This is almost revolutionary.

Today, the UK executive has suffered another set-back — this time from the judiciary. Over the last few years, the UK government has implemented ‘national security’ laws that many other countries might consider draconian. It has been able to do this because, traditionally, the legislature rubber-stamps the legislation presented by the executive. 

Among these laws is the Regulation of Investigatory Powers Act (“RIPA”) 2000. Where RIPA 2000 differs from other legislation is that its enforcement has no judicial oversight. The government established a separate independent oversight organization, the Investigatory Powers Tribunal (IPT). This organization is not part of the judiciary and, according to the law, its decisions could not be challenged within the courts. The law states (section 67.8), “…decisions of the Tribunal (including decisions as to whether they have jurisdiction) shall not be subject to appeal or be liable to be questioned in any court.”

It became clear after Snowden’s leaks in 2013 that certain intelligence agencies, including GCHQ, were involved in mass surveillance exercises. The intelligence agencies have always insisted that they only work within their national laws. In the UK, that law is RIPA 2000. Privacy International challenged the intelligence agencies’ mass ‘hacking’ practices with the IPT.

In 2016, the UK government said that a single general warrant issued by a government Minister would allow the intelligence agencies to surveil or hack any computer within an entire city. If that city was defined as Greater London it would cover nearly 9 million people on one warrant without judicial oversight. This wouldn’t require reasonable grounds for suspicion. The IPT agreed with the government, and declared that the intelligence agencies’ behavior had been legal.

Privacy International (PI) challenged this interpretation in the High Court. The government argued that even if the IPT got it completely wrong, or acted unfairly, the courts had no power to intervene and correct any mistake. And in 2017, the High Court agreed — but PI took it to the Supreme Court. This not a question over whether the IPT was right or wrong, but whether it could be challenged in the court. It is an issue that strikes at the very heart of trias politica — whether one branch of the governance mechanism can exclude the involvement of another from the process of governance.

Today the Supreme Court has ruled, and the answer is No — the executive cannot exclude the judiciary from interpreting the laws passed by the legislature. In the judgment (PDF), Lord Carnwath wrote, “The legal issue decided by the IPT is not only one of general public importance, but also has possible implications for legal rights and remedies going beyond the scope of the IPT’s remit. Consistent application of the rule of law requires such an issue to be susceptible in appropriate cases to review by ordinary courts.”

He added, “…the judicial review jurisdiction of the High Court is not excluded by section 67(8). Although that is the limit of the issue before the court, it will be clear from what I have said about the significance of the substantive legal issue, that this is a case where, if judicial review is available, permission should be granted.”

Although this ruling stems from a PI challenge to the legality of certain intelligence agency surveillance actions, it is not in any way a ruling on the legality or lack of it. It is, in fact, of much greater constitutional import — it asserts the ultimate authority of the judiciary in interpreting the law. It isn’t the end of PI’s action against GCHQ — it is more like the beginning. 

“Today’s ruling,” said Caroline Wilson Palow, PI’s general counsel, “paves the way for Privacy International’s challenge to the UK Government’s use of bulk computer hacking warrants. Our challenge has been delayed for years by the Government’s persistent attempt to protect the IPT’s decisions from scrutiny. We are heartened that our case will now go forward.”

Simon Creighton, of Bhatt Murphy Solicitors, added, “Privacy International’s tenacity in pursuing this case has provided an important check on the argument that security concerns should be allowed to override the rule of law. Secretive national security tribunals are no exception. The Supreme Court was concerned that no tribunal, however eminent its judges, should be able to develop its own “local law”. Today’s decision welcomes the IPT back from its legal island into the mainstream of British law.” 

It means, whether intelligence agencies’ historical mass surveillance is ultimately declared legal or illegal, future surveillance in the UK can now be exposed to the judicial spotlight.

Related: EU Demands Answers from Britain on Spying Scandal 

Related: Britain Has Secret Middle East Web Surveillance Base

Related: Britain Operating Spy Post from Berlin Embassy

Related: Britain’s GCHQ Hacked Belgian Telco

Related: Britain’s GCHQ Listening Post in Tune with NSA

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Expert Insights

Related Content


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe


Google Project Zero has disclosed the details of three Samsung phone vulnerabilities that have been exploited by a spyware vendor since when they still...


A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...