Written evidence from Dr Paul F Scott (CHIS0001)




  1. I am a Senior Lecturer in Law at the University of Glasgow. I teach constitutional law and for several years now I have researched and written widely on issues of national security law from a constitutional perspective.


Is a statutory power to authorise criminal conduct by CHIS justified?


  1. Any answer to that question necessarily reflects an understanding of the specific work done by CHIS and the specific threats they are used to combat, of a sort which I do not possess. Nevertheless, from a constitutional perspective, the statutory power is sorely needed.


  1. The judgment of the Investigatory Powers Tribunal in the ‘third direction’ case demonstrates the real inadequacies of existing law and practice in this area. The government simultaneously insists – and the IPT has accepted – that an authorisation under MI5’s Guidelines has no legal effect, but that the policy which governs those authorisations has an adequate legal basis.


  1. Both claims are contestable. The first relies on a distinction between the de jure and de facto effect of an authorisation that is potentially misleading. The second finds in the Security Service Act 1989 a power that no reader of that statute could ever have identified. As things stand, therefore, the legality of that policy must be seriously doubted and if such authorisations are to be given – whether by MI5 or any other body – they require a far stronger statutory basis of the sort which the Bill provides, as well as greater clarity about the legal effect of an authorisation.


  1. The situation is exacerbated by the fact that we learn with the publication of the Bill that a number of other public authorities provide equivalent authorisation. The Bill’s Explanatory Notes state that the activity to which the Bill relates ‘is currently authorised using a variety of legal bases’ with some public authorities ‘rely[ing] on a combination of express, implied and common law powers.’[1] This is grossly inadequate and should not be allowed to continue after the enactment of the Bill. Creating a system for the grant of formal legal authorisations should therefore go hand in hand with the abolition of all systems by which these informal authorisations are currently granted.


Is the Bill sufficiently clear as to who can be authorised to carry out criminal conduct and in what circumstances? Has the Bill struck the right balance in this regard?


  1. No. The Bill seems to be formulated so as to provide immunity both to the CHIS him or herself and to the CHIS’s ‘handler’ within the relevant organisation: this appears to be the implication of the language of ‘in relation to’ in the new section 29B(8) of RIPA 2000. Nevertheless, the effect of the form of words found in that subsection – which is key to the effect of a criminal conduct authorisation – is unclear and it should, if possible, be clarified. In particular, how far beyond the specific individual who ‘handles’ the CHIS might the immunity an authorisation creates extend?


Is the threshold test for making criminal conduct authorisations adequate to prevent human rights violations? Does the Bill contain sufficient protections for human rights?


  1. I will take these questions together. Litigation in the domain of national security often focuses on the quality of the legal norm and the adequacy of the oversight mechanisms which exist in relation to acts which interfere with the rights of individuals. In this regard, the mechanisms which exist in the Bill are probably sufficient, though the case could be strengthened by giving the Investigatory Powers Commissioner a role such as that he already plays in the grant of many warrants – the so-called ‘double-lock’ – in the grant of criminal conduct authorisations. Alternatively, the double-lock cold be implemented in respect of only some subset of such authorisations which arrived at a particular threshold.


  1. The question of ECHR compatibility therefore arises on more familiar ground: first that of proportionality and secondly that of attribution. As regards the former, the courts would be unlikely to find that the interferences with individual rights authorised were disproportionate were the point ever to be litigated, courts being typically deferential to the executive in the context of national security and analogous matters.


  1. The government, however, seeks to close off the matter at an earlier stage. It suggests in the ECHR memorandum associated with the Bill that ‘there would not be State responsibility under the Convention for conduct where the intention is to disrupt and prevent that conduct, or more serious conduct, rather than acquiesce in or otherwise give official approval for such conduct, and/or where the conduct would take place in any event.’[2] Both of these claims are deeply suspect.


  1. The former matter speaks to justification, not attribution, and is of no relevance as regards interferences with Convention rights that do not admit of justified interference. In the second, the interference consists not in the fact that conduct takes place but the fact that the legal liability that would otherwise arise as a result of that conduct is negated by the existence of a criminal conduct authorisation. To suggest the state bears no responsibility because the conduct may have taken place even without an authorisation is wholly unconvincing, while the reliance on this line of argument suggests a lack of confidence in the ability to win the legal argument at the stage of justification.


Are there types of offences that should never be authorised? Should there be a statutory limit on the types of offences that can be authorised under a criminal conduct authorisation?


  1. The underlying logic appears to be that if certain offences cannot be authorised then those offences will, for example, be used by terrorist groups in order to test the bona fides of individuals suspected of being informants.[3] Accepting that claim for the sake of argument, it is useful to consider what follows from it. It would seem, for example, to mean that whenever a CHIS is recruited from – or deployed into – a terrorist group or similar, it will be necessary for the applicable authorisations to have an effectively unlimited scope. This makes the question of specification key – how will the conduct permitted be identified within it?


  1. The draft CHIS Code of Practice published with the Bill states that an authorisation ‘should be tightly bound, with clear parameters set out for the CHIS to ensure they are clear on what criminal conduct they are being authorised to participate in.[4] It is unclear how this requirement sits together with the idea that if an authorisation does not include serious crimes, then the commission of serious crimes will be used to test the status of a suspected informer.


Is the range of public authorities who will be able to make criminal conduct authorisations appropriate?


  1. No. If the government believes it is necessary for each of these bodies to have the power to grant authorisations it should be explicit about whether those bodies already possess non-binding ‘powers’ to authorise the commission of crimes and provide more detail as to how, and how often, those powers are used. In the absence of such an account, there is no reason to accept that all of those bodies require the powers the Bill would give them. A more detailed justification, specifically addressing the position of each of the bodies that the Bill would permit to grant justifications, should be provided.


Particularly in light of the secret nature of criminal conduct authorisations, is oversight by the Investigatory Powers Commissioner an adequate safeguard against abuse? What other safeguards might be appropriate?


  1. The Investigatory Powers Commissioner does valuable work in the domain of national security law. That role should be buttressed by the introduction of a ‘double-lock’ in the grant of some or all criminal conduct authorisations and by introducing more specific reporting requirements around criminal conduct authorisations than the Bill currently contains. See also the next point.
  2. In the national security domain the government has frequently made concessions relating to the inclusion within legislation of a requirement that the provisions and their operation be reviewed periodically by an independent figure. The lesson of the Justice and Security Act 2013 is however salutary: no reviewer has yet been appointed notwithstanding that the period to be reviewed ended in summer 2018. If provision is made for a periodic review, it should be formulated so as to counter this tactic.


Should the Bill also provide for compensation for the victims of authorised criminal conduct and cover how they will be treated by the state?


  1. This question raises a prior issue. Will those who are the victims of criminal acts authorised under the powers contained in the Bill be told that this is the case? Or will they simply be told that a decision has been taken that it is not in the public interest to prosecute the offence in question? The logic of the government’s position is such that it will likely consider it impossible in many if not all cases to inform the victim of a crime that a criminal conduct authorisation is in place, but it is not clear what, if anything, will be done instead. The difficulty is compounded by the fact that a criminal conduct authorisation will also provide immunity in private law, and it is unclear how the existence of an authorisation might be disguised in the context of civil litigation.





[1] Covert Human Intelligence Sources (Criminal Conduct) Bill - Explanatory Notes, 58/1, [16].

[2] Home Office, Covert Human Intelligence Sources (Criminal Conduct) Bill - European Convention on Human Rights Memorandum, [14].

[3] We do not believe, however, that it is appropriate to draw up a list of specific crimes that may be authorised or prohibited. To do so would place in the hands of criminals, terrorists and hostile states a means of identifying our agents and sources, creating a potential checklist for suspected CHIS to be tested against.HC Deb, 5 October 2020, col 658 (James Brokenshire MP).

[4] Home Office, Covert Human Intelligence Sources: Draft Revised Code of Practice (September 2020), [6.14].