Councils across Scotland are failing to implement surveillance laws properly, according to inspection reports obtained by The Ferret.
The Office of the Surveillance Commissioner (OSC) inspects Scottish councils to check whether council officials are acting within the law when they conduct surveillance activities.
The inspection reports are not routinely made public, but The Ferret used Freedom of Information laws to obtain more than 180 pages of recent reports and correspondence that councils have had with the Office of the Surveillance Commissioner.
These source materials are published in a fully searchable database today on our website.
The failings revealed by the documents have left civil liberties campaigners “astonished,” that council officials apparently “still don’t get the basics.”
Meanwhile politicians have expressed fears that a “dangerously lax attitude” may be developing in some councils where staff can use social networks to gather information about local residents.
In Argyl and Bute, the OSC inspection report for the council, described as “troublesome reading” by the Chief Inspector, shows that the council failed to address a number of “imperative” recommendations made three years earlier in 2012.
It found council officers were using “blanket authorisations” and stock phrases in directed surveillance paperwork linked to council attempts to tackle illegal alcohol sales. The problematic authorisations covered “multiple premises without a clear supporting intelligence case to evidence necessity.”
Inspectors also found that the council had no policy guidance on how officers could use social networking sites to catch law breakers, and that officers were using out of date documentation.
At time of publication the council had not responded to requests for comment.
In Moray, another inspection report said there were “a number of outstanding issues that required attention.”
Inspectors found that council managers responsible for authorising surveillance activities were not “sufficiently detached” from the Trading Standards officers involved in carrying out investigations, and that some “urgent” surveillance activities undertaken by the council were not documented properly.
Concerns were also expressed over the safety of Moray council officers going undercover to gather evidence of illegal tobacco sales. They found that important records, such as risk assessments were incomplete, and that some surveillance records did not show which senior officer held overall responsibility – both are legal requirements.
In a short email response to this story, a Moray council spokesperson said a report on its surveillance activities had recently been considered by councillors.
In the report officials say OSC recommendations were “being implemented.”
In Scotland’s smallest local authority, Clackmannanshire, inspectors found that the council was unclear which public body had responsibility for surveillance activities carried out using CCTV cameras in Alloa town centre.
Although the number of times the council used official surveillance powers was small, inspectors noted again that workers had not been provided with a policy on the use of social networking sites, and that “even open source material if accessed repeatedly in order to build up a profile, or lifestyle, of a subject might benefit from an authorisation for directed surveillance.”
Also like Argyll and Bute Council the OSC inspector noted that two out of five recommendations from the previous inspection undertaken three years before needed to be “repeated and amplified,” as they had not been properly addressed.
In response to the criticisms in the OSC report a spokesperson for Clackmannanshire Council said it was now reviewing its policies.
They said: “Clackmannanshire Council is the data owner for CCTV images and has guidance in place on the procedures to be followed where an operation includes CCTV surveillance. This guidance is in the process of being reviewed to determine whether it is adequate and to reinforce it if necessary in light of advice received from the OSC.
“Clackmannanshire Council has a Social Networking Policy in place which gives guidance to staff on the use of social networking sites.
“Following the OSC inspection and advice an updated draft of the Council RIP(S)A Policy for Authorising Covert Surveillance Operations has been prepared which includes specific guidance about the use of social networking sites in relation to RIP(S)A. This will be rolled out to all staff once finalised.”
Surveillance from behind a desk
There is some evidence that local authorities are increasingly turning to the internet in order to catch criminals. This is, according to the OSC, mainly because criminals are themselves moving online.
For example, records obtained by The Ferret show that every surveillance authorisation at East Renfrewshire council since 2015 has been for “monitoring” Facebook profiles or pages.
But even where Scottish local authorities have adopted formal policies on surveillance activities using social networking sites, they haven’t always got it right.
Emails obtained by The Ferret show that East Lothian officials contacted the OSC Inspectors for guidance after the council found itself at the centre of a media storm linked to a new policy governing how its officers should use social networking sites.
The OSC response described a media statement put out by East Lothian officers to explain the new policy as “erroneous” and went on to request, in an email it describes as “not for direct release to the media”, that it is consulted before the authority publishes any further press statements on the issue.
Media Manager at East Lothian Council, Jill Mackay, said that the “erroneous” statement previously put out by the council was meant to re-assure the public about how the council would use powers that allow officers to set-up fake social media profiles and monitor online activity.
She added: “East Lothian Council take their responsibilities seriously and has sought to both provide appropriate training and guidance to staff and also to ensure a high level of transparency by making the public are aware of how we undertake this type of activity.”
Despite the failings identified by inspectors, our research also confirmed that no Scottish council staff involved in surveillance work have been disciplined in the last three years.
Daniel Nesbitt, research director of civil liberties campaign group Big Brother Watch said: “It’s astonishing that after all this time councils are still misusing their surveillance powers.”
“How councils still don’t get the basics, like knowing who is in charge of their CCTV or that staff should be properly trained before using surveillance powers is frankly baffling.
He added: “Far from learning their lessons many councils now seem intent on extending their reach into social media.
“Just because technology means councils can do something it doesn’t mean they should. If officials want to conduct surveillance using social media they have to prove why it is necessary and how it can be done without harming privacy. If they can’t they shouldn’t be doing it. Keeping us safe should not mean snooping on us.”
Counterfeit goods, noisy neighbours and dog poo probes
Whilst more councils may be undertaking online surveillance, research by The Ferret shows that the overall number of formal surveillance authorisations has decreased significantly across Scotland over the last three years.
In 2013/14 Scottish councils undertook 152 investigations that required a Directed Surveillance Authority. By 2015/16, this had fallen by more than a third to just 98.
Surveillance authorisations were commonly used by councils to investigate claims of anti-social behaviour, like noisy neighbours, and the sale of illegal tobacco, alcohol or counterfeit goods.
Both Midlothian and South Ayrshire council admitted to using their snooping powers to catch dog owners who don’t clear up after their pets.
The research also shows that a small number of councils, such as Dundee, Edinburgh, Aberdeen and Midlothian are responsible for a significant proportion of the investigations undertaken. Five local authorities have not used their powers at all in the last three years.
Commenting on the OSC inspector findings, Green MSP John Finnie, said: “When addressing surveillance and privacy, there is an understandable tendency to focus on the police and the intelligence services. However, local authorities also carry out investigations into individuals as part of their responsibility for services like Trading Standards, licensing, benefit payments and child protection.”
“These can represent just as serious a threat to privacy as a police investigation, and demand that the rules put in place to protect our human rights are taken just as seriously. It is deeply worrying that in several local authorities, this does not appear to be the case.
“The litany of absent or out-of-date policies, bypassing of procedure, lack of training and failure to act on the Surveillance Commissioners’ orders to improve uncovered by The Ferret suggests some local authorities have a dangerously lax attitude to their responsibility to protect human rights.
“The growth of social media as a route for surveillance and investigation exacerbates this problem.
“Social media surveillance can be conducted so easily by any council employee from behind their desk. Without a robust culture of respect for rights and regulations, and the provision of appropriate training, the risk of council employees breaching citizens’ privacy without even realising the seriousness of what they are doing is significant.
“I will be watching councils’ reaction to these revelations with interest. All local authorities must show us that their investigation policies robustly defend human rights and are transparent, up to date, properly implemented, and fully supported with adequate training.”