Covert Human Intelligence Sources: Use and Conduct Authorisation Process factsheet (accessible version)
Updated 11 January 2021
CHIS Background
All Covert Human Intelligence Sources (CHIS) are authorised under Section 29 of the Regulation of Investigatory Powers Act 2000 (RIPA). This lays out why it is necessary and proportionate for a person to maintain or create a relationship for a covert purpose. The authorisation describes the purpose of the CHIS operation, and what benefit to the public is expected; it balances the size and scope of the CHIS activity with the gravity of the perceived harm, explains how the methods used will cause the least possible intrusion, and what others have been considered. A Criminal Conduct Authorisation cannot be granted without an underlying use and conduct authorisation being in place.
Who is involved running CHIS?
RIPA mandates minimum roles and standards:
- the ‘Handler’: day-to-day responsibility for dealing with the CHIS, and critically, for CHIS security and welfare
- the ‘Controller’: general oversight of the use made of the CHIS. Generally called the ‘Controller’
- the ‘Authorising Officer’ (AO): responsible for granting CHIS authorisations under RIPA
The CHIS Code of Practice says no AO can authorise themselves. All roles must be performed by different people. No single officer could grant an inappropriate authorisation without others being aware. Other non-statutory CHIS roles are ubiquitous – it is common to have two handlers, operational security advisors, legal advisors and subject matter experts (for example, behavioural psychologists) involved in CHIS cases.
What information must be collected?
RIPA mandates CHIS record keeping standards
The details are provided in Statutory Instrument 2000 No. 2725, and can all be inspected by the Investigatory Powers Commissioner’s Office (IPCO). It covers:
- source identity; when and how recruited
- information on source security and welfare; confirmation that security and welfare risks have been properly explained to, and understood by, the source
- identities of handling team, and the tasks given
- all contacts with the source, details of information acquired, and any dissemination of that information
- details of payment, benefit or reward made to the source, or any offer of payment, benefit or reward
The CHIS Code of Practice has a dedicated section on the safety and welfare of CHIS (September 2020, Revised Draft, 7.15-7.17). It mandates use of risk assessments, and obliges handlers to escalate any concerns they may have about the safety of the CHIS, their personal circumstances, or the validity of the risk assessment. The handlers’ duty of care is clear.
Training and Structures
Every authority:
- trains to shared legal standards contained in RIPA, the CHIS Code of Practice, and Statutory Instruments
- all run aptitude screening for applicants, who then undertake rigorous pass/fail training assessments before qualification to perform an agent handling role
- has dedicated agent handling teams and management structures. Within policing, for instance, Dedicated Source Units (DSU) perform this function; within the intelligence agencies there are specialist agent handling sections. This ensures that the agent handler is not part of the investigative team, as recommended by the CHIS Code of Practice
- appoints a Senior Responsible Officer to oversee CHIS compliance and performance, including that all Authorising Officers (AO) are of ‘an appropriate standard’. This is irrespective of how frequently the AO performs that function. This is subject to review and recommendation by the Investigatory Powers Commissioner