It was revealed this week that the Met police used a RIPA request to access the telephone records of The Sun's Political Editor, Tom Newton Dunn.
The request was made to identify police whistleblowers who contacted Newton Dunn over the Plebgate scandal. According to the Guardian, Newton Dunn had made a statement to police at the time but refused to reveal his sources. Journalistic privilege, protected by the Police and Criminal Evidence Act, was circumvented by the use of RIPA, which meant that authorisation to access his records came from the police not a warrant. Newton Dunn was not even aware that his records had been accessed until the Met published their report into the Plebgate affair on Monday.
The case should hopefully end any discussion about whether or not metadata reveals anything personal about us. In this case, Newton Dunn's incoming and outcoming calls and information about when and where they were received, were accessed in order to identify a whistleblower.
Rightly, there has been media outrage at what is seen as a blatant attack on journalists' right to protect their sources. The General Secretary of the NUJ, Michelle Stanistreet, said: "If whistleblowers believe that material they pass to journalists can be accessed in this way – without even the journalists and newspaper knowing about it - they will understandably think twice about making that call." The lawyer and journalist David Allen Green has warned that the revelations mean, "no political or crime journalist in the UK should use their mobiles or many internet-based apps for contacts with their sources".
Newton Dunn's case is just one of many - last year there were over half a million RIPA requests. These have mostly been made by police forces but also by a large number of other public authorities, including Royal Mail, the Department of Work and Pensions and local authorities. How many of these requests were used to tackle serious crime? How many, like the Newton Dunn request, were an abuse of power? Would as many requests be made if judicial authorisation (which ORG is calling for) were required?
When the government rushed through the Data Retention and Investigatory Powers Act (DRIP) this summer, it said that it would reduce the number of public authorities that could request communications data. However, it also increased RIPA's reach by extending the definition of “telecommunications service” to include webmail services. So the next time the police issue a RIPA request for a journalist's records, they might be able to get data about emails sent through services such as Gmail or Yahoo.
In these troubled times, the government’s insistence that it needs our communications data to fight terrorism resonates with many. When DRIP was announced, Newton Dunn himself wrote in The Sun, that the new powers would allow "enshackled MI5 and cops to probe the internet for terror plots' giving them, 'crucial access to plotters' mobile phone records". But this latest abuse of RIPA shows how blanket data retention can threaten the very civil liberties and freedom that the government aims to protect.