It's perfectly legal for the police to slurp up the phone records of any entity they take a dislike to, without any external oversight whatsoever, for the purpose of punishing whistleblowers. If you didn't realise this was possible, you've not been paying attention for the last decade.

Earlier this week the Metropolitan Police published their report into Operation Alice, the police codename given to the investigation into the Plebgate affair. Andrew Mitchell MP, then a serving Cabinet minister, was accused by police constables guarding No.10 Downing Street of calling them “fucking plebs”. The Sun newspaper wrote a front-page story about this, which kicked off a media circus.

Despite being forced to resign from his Cabinet post, Mitchell has denied calling the police “fucking plebs” throughout and the dispute has become the subject of a number of court cases.

One constable involved in the affair, Keith Wallis, was jailed for a year after lying to his MP about witnessing the alleged insult, presenting himself as a neutral passer-by rather than a colleague of the aggrieved constable, while four other police officers were sacked for misconduct by the Met for talking to the press about the exchange.

So far, so plain, you might think. But until the Operation Alice report was published, nobody knew exactly what evidence led to the four constables being sacked for misconduct, beyond a muted mention by the BBC that “officers found text messages and a phone call were exchanged” between one of the sacked constables and The Sun newspaper.

The report (viewable here, 3.2MB PDF, 57 pages) made it clear exactly how the Met got its hands on that data at paragraph 5.120:

The telecommunications data in respect of Tom Newton Dunn [the Sun's political editor] was applied for and evidenced.

The scope of the information that the police were getting their hands on is shown slightly earlier in the report at paragraph 5.85, which refers to one of the (now sacked) constables' phone metadata:

On 20th September 2012, PC Glanville had extensive contact with Tom Newton Dunn by text and voice call between 12:45pm and 10:32pm. Tom Newton Dunn called PC Glanville at 6:26pm in a call that lasted for 557 seconds. PC Glanville then called PC Weatherley at 6:44pm for 575 seconds and then Tom Newton Dunn made a second call to PC Glanville at 6:54pm which lasted for 296 seconds. PC Weatherley then sent PC Glanville a Multi Media Message (MMS) at 7:01pm. The contact between Tom Newton Dunn and PC Glanville after 7:01pm is by a series of text messages.

So here we have a police force which is explicitly engaged in a hunt to seek out whistleblowers: the very first term of reference for Operation Alice was to “identify the source of the information to The Sun and The Telegraph Newspapers”. The Met used its powers to harvest the telephone metadata of people who communicated with the suspects of an internal enquiry conveniently disguised as a criminal investigation, purely so vengeful senior employees, presumably fearful for their pensions, could punish individuals who embarrassed them.

No warrant or external oversight of any kind is required for the police to do this. In fact, if they played their cards right, there is no legal means to even make them answer to a court for this gross abuse of their powers.

How to go shopping for personal data, plod-style

One such unregulated method for the police to get their hands on your comms data is for them to politely ask your telco to hand them a data dump. Your telco can quite legally do this in response to a simple verbal question. No court warrant is needed, no external oversight is required by law, your consent certainly isn't required … and the best thing is that in handing over sensitive personal data about you, neither your phone provider nor the police break any laws.

Section 29 of the Data Protection Act 1998 states that personal data processed for the “prevention or detection of crime” is exempt from all legal protections conferred under that Act. All Dibble would need to do is tell their target's mobile operator “we think this person might have committed a crime” and bingo, they're bulletproof. What could be better than a system that offers such sweeping protections to people hunting down and punishing whistleblowers?

Financial Times blogger David Allen Green says the Met probably resorted to a RIPA request, as Press Gazette confirmed via the Met themselves.

A police mouthpiece told the journalism industry's trade mag: “RIPA was the most appropriate and lawful means of obtaining this data that was essential to progressing a criminal investigation into allegations of corruption, specifically that police officers were conspiring to bring down a Cabinet Minister.”

Section 21 of the Regulation of Investigatory Powers Act gives carte blanche to anyone who fancies slurping up “communications data”, or metadata, as Reg readers would know it. Subsection 3 of that even grants them immunity from civil lawsuits should they – heaven forfend – fall foul of any laws intended to prevent abuse of such data while they rifle through the lists of whomever you communicated with, and discover when and where you did it.

Marking their own homework

Green goes on to point out that the police can use a RIPA request “with a senior 'authorisation' from a police officer in the same force”. That is, a police officer gives permission for another police officer to go and trawl through your comms metadata, for example in the hope they can find something incriminating with which to sack whistleblowers. No conflict of interest there, of course.

The point here is that although the Met Police's actions in hunting down the Plebgate whistleblowers were wrong on almost every level, they've seemingly broken no law in doing so. Regardless of the rights or wrongs of what the whistleblowers themselves said to the Sun or the Telegraph, we absolutely must fight anyone who seeks to stop public sector employees from talking about wrongs in the workplace.

Whether they're targeting journalists or innocent members of the public, the police cannot be allowed to slurp comms data willy-nilly without proper independent oversight. Centuries ago the principle was established that the police must seek permission from a judge to get a search warrant; we should not have made the mistake of circumventing that protection in the 21st Century just because the information the police want is stored on a computer and not a bit of paper.

Accountability? Hahahahahahahaha...

Press Gazette's editor, Dominic Ponsford, has done some sterling work trying to find someone, anyone, who will take responsibility for this terrifying abuse of power by the police. He got an automated rejection from the Office of the Surveillance Commissioner, who said “We will not look at any request unless it comes directly from the Senior Responsible Officer of a public authority, RIPA Coordinators, or from the CAB (or equivalent) of a law enforcement agency”, while the Met bluntly told him it was “not prepared to discuss” how many times it has used RIPA to sidestep the legal protections for journalistic material in the Police and Criminal Evidence Act.

These public sector employees (we once called them public servants, but that era's long gone now) know full well that they're untouchable. We urgently need legal reform to RIPA and the Data Protection Act to bring them back to heel. If they're confident enough to abuse their powers while targeting journalists – people with a professional interest drawing public attention to abuses of power, no less – who knows how many of the half-a-million RIPA requests made last year targeted innocent citizens caught up in the State's surveillance dragnet? ®