1. The Investigatory Powers Tribunal — A Kangaroo Court by Design
The Investigatory Powers Tribunal (IPT) is, on paper, the sole judicial body in the United Kingdom with jurisdiction to hear complaints against MI5, MI6, GCHQ, the police's use of intrusive surveillance powers, the NCA's covert capabilities, and a long list of other public authorities operating under RIPA 2000 and the Investigatory Powers Act 2016.
In practice, the IPT is structured so that almost every meaningful protection a complainant might expect from an ordinary court has been stripped out.
Structural problems with the IPT
- Closed Material Procedure (CMP): Hearings can be held in secret. The complainant and their lawyer can be excluded from the room while the state presents its case. A "Special Advocate" — a security-cleared barrister who cannot communicate with the complainant after seeing closed material — is appointed to "represent" them.
- "Neither Confirm Nor Deny" (NCND): The agencies are entitled to refuse to admit whether the complainant has been surveilled at all. A complainant whose phone has been bugged for ten years can be told only that the IPT has "found no determination in your favour" — wording which means either "you weren't surveilled" or "you were surveilled but lawfully" and the complainant is not permitted to know which.
- Almost no right of appeal: Until 2018 the IPT's decisions were entirely unappealable. Since 2018 a limited right of appeal exists, but only on points of law and only with permission. Findings of fact — the most important findings in a surveillance case — remain effectively final.
- Judges chosen from the same pool as security-cleared judiciary: Members are senior judges who are also vetted to handle the most sensitive state material. There is no jury and no public scrutiny of the panel's reasoning where the reasoning touches operational matters.
- Disclosure can be denied entirely: Unlike a criminal court, there is no enforceable right to documentary disclosure. The agencies submit "gists" or summaries when they choose to.
- Civil legal aid is restricted for IPT cases, making representation difficult for ordinary citizens who are not backed by Liberty, Privacy International or Big Brother Watch.
~10
Findings in favour of complainants since 2000 (out of thousands)
0
Public hearings of operational MI5/GCHQ conduct in most years
2018
Year limited appeal right was finally introduced
NCND
Default agency response — "neither confirm nor deny"
The European Court of Human Rights in Big Brother Watch v United Kingdom (Grand Chamber, 2021) found the United Kingdom's bulk interception regime in breach of Articles 8 and 10 of the Convention — a finding the IPT itself had refused to make. The IPT cleared the regime. Strasbourg later contradicted it. There is no clearer demonstration that the IPT is incapable of holding the UK state to the standards the UK has signed up to.
A tribunal in which the defendant chooses what the claimant sees, the claimant cannot be told whether they were the victim, the lawyer for the claimant cannot speak to their client about the case, and the findings of fact cannot be appealed — is not a court. It is a managed disposal.
2. The Other "Independent" Complaints Bodies — Same Pattern
The IPT is the most extreme example, but the same architecture repeats across the UK's oversight ecosystem.
Independent Office for Police Conduct (IOPC)
- Investigates fewer than 1% of complaints itself — the rest are referred back to the police force complained against
- Cannot compel disciplinary outcomes; can only "recommend" them
- Routinely staffed by former police officers and former Home Office personnel
- Average investigation length exceeds two years; complainants are typically not party to the evidence gathered
Investigatory Powers Commissioner's Office (IPCO)
- Reviews surveillance warrants after they have been issued and acted on, on a sampling basis
- Reports annually to the Prime Minister — i.e. to the political authority that authorised the conduct being reviewed
- No power to award compensation, no power to compel public disclosure of misuse
Intelligence and Security Committee of Parliament (ISC)
- Members nominated by the Prime Minister
- Reports redacted by the Cabinet Office before publication
- Has no investigative powers over operational matters and cannot summon witnesses with the force of a court
Professional Standards Departments (PSD) inside police forces and the NCA
- Sit inside the same organisational hierarchy as the officers they investigate
- Disciplinary findings are routinely overturned on appeal or settled with negotiated resignations that preserve pensions
- Whistleblowers within these departments — see Police Scotland and the David Smith / Christopher Dougherty case — are themselves frequently the subject of retaliation
3. Case Study — The Paul Chowles 50-Bitcoin Theft
If the UK's oversight architecture worked, Paul Chowles — a mid-ranking National Crime Agency operational officer — would have been detected by the NCA, charged by the NCA, and removed by the NCA. None of that happened. Every internal control that should have triggered failed. He was caught only because Thomas White raised the alarm from prison and a separate regional police force (Merseyside Police) conducted the blockchain analysis the NCA itself had failed to run.
The NCA's Detection Failure — What Should Have Caught This
Every layer that should have flagged this — did not.
✗
Asset reconciliation. Seized cryptocurrency should be reconciled against case records periodically. 50 of 97 seized Bitcoin disappearing — leaving the wallet approximately half-empty compared to documented holdings — was not detected through any NCA asset management process.
✗
Blockchain monitoring. The NCA is a sophisticated agency with access to blockchain analytics tools. The movement of 50 Bitcoin from a wallet under NCA custody, processed through a known mixing service (Bitcoin Fog), was apparently not monitored against NCA-held wallet addresses.
✗
Financial intelligence. 279 transactions converting cryptocurrency to cash through debit cards, totalling over £109,000, over five years — made by a mid-ranking NCA officer — produced no suspicious activity report, no lifestyle flag, and no professional standards inquiry.
✗
Wallet access auditing. Access to seized cryptocurrency private keys should be logged, attributed, and reviewed. If such logs existed, they were not used to detect the unauthorised transfer Chowles made.
✗
Post-conviction review. Following Thomas White's conviction in 2019, a standard review of the seized assets associated with his case — checking that they remained intact — apparently did not occur, or did not detect the missing Bitcoin.
Five independent controls. Five years. Zero detections. The agency tasked with policing organised financial crime in the UK could not — or would not — police the wallet sitting on its own evidence shelf.
Cover-up or negligence?
There is no public mechanism for distinguishing the two. The NCA's internal review of the Chowles case has not been published. The Independent Office for Police Conduct does not have automatic jurisdiction over the NCA. The Intelligence and Security Committee does not oversee NCA operational conduct. The IPT does not entertain complaints about misappropriation of seized assets. There is, in effect, no UK body whose remit covers the question: "Why did the NCA fail to detect five years of theft from its own custody?"
4. Pattern — The UK Has Built An Accountability-Free Zone
What the UK actually offers
- Tribunals where the state controls disclosure
- Complaints bodies staffed by ex-officers of the agency complained against
- Commissioners reporting to the politicians who authorised the conduct
- NCND as a default rather than an exception
- Appeal rights so narrow they are functionally absent
- Legal aid restrictions that make complaint financially impossible
What an honest system would look like
- Open hearings as the default; CMP as a rare exception requiring judicial sign-off case-by-case
- Independent inspectorate with subpoena power over MI5/GCHQ/NCA records
- Statutory right to be notified of historic surveillance after a reasonable period
- Full appellate review of fact and law to the Court of Appeal and Supreme Court
- Civil legal aid available without means cap for surveillance and abuse-of-power claims
- Mandatory public reporting of all senior misconduct findings — no negotiated quiet exits
5. Suggestions — Reform That Would Actually Work
- Abolish the IPT in its present form. Replace with a specialist division of the High Court operating under ordinary civil procedure rules, with CMP reserved for genuine national-security disclosure only and reviewed annually by an external panel.
- Statutory notification right. Where surveillance has occurred, the subject must be notified within a fixed period after the operational reason for secrecy has expired — defaulting to ten years maximum.
- Independent NCA oversight body with subpoena power, equivalent to the IOPC but with criminal-referral authority and explicit jurisdiction over seized assets, evidence handling, and digital forensics.
- Public register of all CHIS criminal-conduct authorisations by category and number, annually, so the public can see the scale of state-authorised crime even where the individual instances are properly secret.
- Reverse the burden of proof in surveillance complaints at the gateway stage: once a complainant shows a real and credible basis for believing they were surveilled, the agency must justify the lawfulness of any conduct rather than the complainant having to prove what they cannot see.
- Whistleblower protection for police and intelligence officers reporting internal corruption, with statutory immunity from disciplinary or criminal proceedings for the act of disclosure to a designated independent body.
- Mandatory blockchain reconciliation of all seized cryptocurrency, signed by two officers, audited annually by an external forensic accountant.
6. Until Then
Until the UK builds an oversight architecture that does what its name claims, the practical reality is that:
- Complaints to the IPT will not produce truthful answers about whether one has been surveilled
- Complaints to the IOPC about police misconduct will be returned to the police
- Complaints to the NCA's professional standards function will be considered by the NCA
- Complaints to the ISC will be redacted by the Cabinet Office
- And the only mechanisms that have actually produced findings against the British state in the last twenty years have been litigation in the European Court of Human Rights and investigative journalism backed by leaked documents — neither of which is available to an ordinary citizen as a complaints route
Where the only effective complaint mechanism is foreign litigation or a leaked document, the country in question has no domestic complaint mechanism worth the name.
Primary Sources & Further Reading
- Regulation of Investigatory Powers Act 2000 (UK Statute) — Part IV (IPT)
- Investigatory Powers Act 2016 (UK Statute)
- Investigatory Powers Tribunal Rules 2018
- Big Brother Watch v United Kingdom, Grand Chamber, ECtHR, 25 May 2021
- Liberty v GCHQ, Investigatory Powers Tribunal, 6 February 2015
- Privacy International — "Challenging the UK's Mass Surveillance Regime" (2018–)
- Independent Office for Police Conduct — Annual Reports 2020–2024
- Investigatory Powers Commissioner's Office — Annual Reports 2020–2024
- Joint Committee on Human Rights — Reports on Surveillance and Oversight
- Crown Prosecution Service — R v Chowles, sentencing remarks (Liverpool Crown Court, 16 July 2025)
- Big Brother Watch — "The State of Surveillance" annual reports
- Liberty — "Spied On: Why we should challenge the UK's mass surveillance regime"
- Mitting Inquiry (Undercover Policing Inquiry) — interim findings