A SCANDAL-HIT Police Scotland unit is under further pressure after the single force confirmed it had committed 13 breaches of spying laws.

The Counter Corruption Unit (CCU), already in the public eye over illegal snooping on journalists’ sources, has been involved in authorising its own spying applications – a violation of the rules.

Police forces can use the Regulation of Investigatory Powers Act (RIPA) to obtain “communications data” during investigations, which can include details of phone records, emails and texts.

Since March last year, forces that want to use their spying powers to get to the bottom of media leaks have to obtain judicial approval.

The Sunday Herald revealed that the CCU breached this requirement in April by trying to establish if serving and former officers had leaked information to a newspaper about the original investigation into the murder of sex worker Emma Caldwell.

The Herald:

Picture: The Sunday Herald's original story

RIPA rules were also changed last year to strengthen the checks and balances inside organisations that make snooping applications.

Before any public authority can request communications data, a “designated person” considers the application and judges if it is necessary and proportionate.

This new code of practice makes clear that these individuals “must be independent from operations and investigations when granting authorisations or giving notices related to those operations”. The change stops departments or divisions in public bodies marking their own homework.

The surveillance watchdog that oversees compliance added that a designated person should be “far enough removed from the applicant’s line management chain which will normally mean they are not within the same department or unit”.

This newspaper asked Police Scotland how many times RIPA applications since March 2015, as part of CCU investigations, had been handled by a “designated person” who worked in the unit.

Police Scotland initially refused to say but released the figures last week after an appeal was lodged with the Scottish Information Commissioner.

The force stated: “Thirteen of the Counter Corruption Unit applications for communications data were handled by a designated person who worked in the CCU at the time the application was submitted.”

Two of the 13 breaches related to the journalist source row. Police Scotland added that, following a review by the Interception of Communications Commissioner’s Office (IOCCO), “internal structures and processes were reviewed and adjusted to ensure the independence of Designated Persons in respect of CCU investigations”.

A policing source said the force’s handling of RIPA applications was generally excellent, but that the CCU was the one bit of the service that had let the force down.

Her Majesty’s Inspectorate of Constabulary in Scotland (HMICS) was tasked with reviewing the CCU in the wake of the journalist spying scandal and is expected to issue its report within weeks. HMICS is reportedly considering winding up the CCU, which has endured severe reputational damage since the illegal snooping scandal became public.

Calum Steele, General Secretary of the Scottish Police Federation, said:

"Sadly this admission comes as no surprise to the SPF. It more than vindicates our longstanding concern that the CCU appears to be a department within the PSoS that largely acted with impunity and with scant regard for the rules of fairness or proportionality."

Alison McInnes, a Liberal Democrat candidate for Holyrood, said: “These reports are further evidence of the apparent institutional disregard for rules that are designed to ensure monitoring operations are legal and necessary.

“We all want our police to have the tools they need to keep us safe but there are rightly safeguards in place to protect our civil liberties. Despite the Scottish Parliament taking evidence for months on the police spying scandal, there are still many unanswered questions surrounding the activities of the CCU.”

John Finnie, a former police officer who is standing for the Scottish Greens at Holyrood, said: “Rules to protect citizens’ privacy are in place for a very good reason.

“During a recent evidence session at the Justice Committee, the new chief constable agreed with the view that police should be “frontline defenders of human rights” so let’s ensure the new regime follows all the rules regarding surveillance in all its various guises.”

A Police Scotland spokesperson said: “During the 2015 IOCCO inspection of Police Scotland, IOCCO identified that there was non-compliance with the code of practice (CoP) in respect of the independence of designated persons in applications submitted by the CCU, the total of which was 13.

"This figure includes two applications which related to determine the source of journalistic information. Police Scotland immediately launched an internal enquiry and implemented a number of comprehensive measures to ensure compliance with the CoP.

“The non-compliance occurred following the changes to the CoP on March 25, 2015 and ceased when it was identified. Police Scotland recognises it did not meet the standards expected, however, and has worked with IOCCO to improve working practices and prevent any recurrence."

A spokesperson for the IOCCO said: "During the June 2015 inspection of Police Scotland, IOCCO inspectors identified that the CCU had not in all instances complied with the independence requirements in Paragraph 3.12 of the Code of Practice. A recommendation was made for Police Scotland to take action to ensure that designated persons are only responsible for approving communications data requests in cases where they are independent of the investigation or operation."