(8 years, 2 months ago)
Lords ChamberMy Lords, I shall speak also to the other government amendments with which this is grouped.
This group contains the government amendments in relation to the acquisition of communications data under Part 3 of the Bill. Starting with Amendments 96 to 100, a designated senior officer may believe that a communications service provider has the communications data he or she requires and grants an authorisation or issues a notice to that provider for disclosure of the data. However, in such a case the provider may not actually have the data but is able to obtain it. The Bill already provides for an authorisation or notice in respect of such data. These amendments simply make it clear that a second authorisation or notice for the same data and for the same purposes is not required in these circumstances. I trust the House will agree that these are sensible amendments, ensuring that neither the public authority nor the communications service provider is unnecessarily burdened.
Amendments 101 to 103 update Schedule 4 in two ways. The first is through minor and technical amendments to the description of the minimum rank for authorising communications data requests within the Competition and Markets Authority and the Police Investigations and Review Commissioner in Scotland. These amendments correct an error and reflect an organisational restructure in the respective organisations. Secondly, they add the Department for Communities in Northern Ireland to the list of public authorities which may acquire communications data for the purpose of preventing or detecting crime or preventing disorder. Communications data are of course a vital tool in investigations to detect, prosecute and prevent benefit fraud, providing vital investigative leads that would not otherwise come to light. These amendments ensure that the Department for Communities in Northern Ireland has the same powers as its English counterpart, the Department for Work and Pensions. They will allow it to continue to investigate crimes, such as organised attacks on the benefits system.
On Amendments 104 to 106 and 109 to 114, the collaboration agreement provisions in this part of the Bill are intended to ensure that, where necessary and appropriate, one public authority can make use of another public authority’s authorising and single point of contact expertise. They will bolster the strength of the regime by allowing for the sharing and use of best practice and experience. These minor and technical amendments will ensure that public authorities can enter into collaboration agreements and benefit from them without any unintended consequences. For example, they would ensure that two public authorities could collaborate with each other, even though the purposes for which they can each acquire communications data are different. They would also ensure that restrictions, such as the requirement for local authorities to seek magistrate approval for their requests for communications data, operate properly under collaboration agreements.
Similarly, the amendments make clear that single points of contact in a public authority can themselves obtain the communications data from communications service providers on behalf of the authorising officer in the collaborating public authority, as well as provide their advisory function. The single point of contact already performs this role in respect of requests authorised within the same public authority, and this amendment was needed to ensure that nothing in the collaboration provisions casts doubt on their ability to perform that role. I hope the House will agree these amendments to improve the regime.
Finally, on Amendment 259, it has always been the case under RIPA that a public authority can request data that may reasonably be obtained by a communications service provider as well as data which it holds. This fact has been reflected in the telecommunication definitions in the Bill, which make clear that communications data includes data which are, are to be or are capable of being held or obtained by a telecommunications operator. This amendment does no more than ensure that the definition of communications data in the postal context is consistent in this respect. I beg to move.
My Lords, the noble Lord, Lord Rosser, has set perhaps the hardest task for the Minister today in asking him to comment on what was perhaps not a coded speech but simply one inviting speculation.
Turning to the amendment itself, as on the first day of Report we are sympathetic to where the noble Baroness is coming from. Indeed, I think we had an amendment on “reasonable suspicion” at an earlier stage. However, perhaps again I should phrase what I have to say as a request for confirmation, as my noble friend Lord Paddick did last week. Reasonable suspicion is encompassed by the necessity and proportionality test. The way the noble Baroness has expressed it is that there is a moderate-sized hurdle to be got over and then a higher hurdle to be surmounted, by having “reasonable suspicion” and then the necessity and proportionality test. To keep up the athletic metaphor, you will not get over the higher hurdle even if you get over the lower one, so it seems to us that you might as well just have the higher hurdle. Perhaps we can be given some more assurances about how the different criteria will bite.
My Lords, I listened carefully to the noble Baroness, Lady Jones of Moulsecoomb, and I am grateful for the case she has put. However, I cannot agree with it, and I will explain why that is.
As the noble Baroness explained, this amendment seeks to provide that certain communications data authorisations can be approved only where there is a reasonable suspicion that a serious criminal offence has been, or is likely to be, committed. In short, the amendment would undermine the ability of law enforcement and other public authorities to catch criminals and to keep the public safe. I will now set out why I believe that is so.
I shall start with the requirement for reasonable suspicion. As we discussed and agreed in this House last week, the necessity and proportionality test is established and well understood. It is difficult, therefore, to see what benefit would be derived from inserting a different test. Indeed, in order to approve an authorisation for communications data for the purpose of preventing or detecting crime, a sufficiently compelling case will always be required—a speculative authorisation would never be approved. Therefore, I suggest that the amendment responds to a concern that is fundamentally misplaced.
Turning to the serious crime threshold that this amendment would insert, assuming that the noble Baroness intends the threshold to be equal to that currently used to authorise the interception of communications, I believe once again that the amendment is inappropriate and damaging. Taking effective action against serious criminals often requires the investigation of, if I may use the phrase, lower-level individuals for activities that are not considered serious crimes in order to build a case against higher-ranked criminals. It may also include the investigation of minor offences where stopping an offender at this point may prevent an escalation of their criminal activities, such as in stalking and grooming cases.
It might be helpful if I expand on that. Placing this additional restriction on the acquisition of communications data would disrupt police investigations of online grooming and linked crimes, such as the sending of sexual communications to a child. This is because where such activity does not meet the high threshold proposed, which will often be the case if the child is over the age of 13, it may be impossible to identify perpetrators who may go on to be involved in child sexual exploitation. As such activities increasingly take place online, law enforcement agencies will rely heavily on communications data and the new power in relation to internet connection records in order to investigate this.
The amendment would also reduce the ability to investigate online fraud, which affects everyday internet users who shop or bank online, but which could, depending on the value of the fraud, fall below the serious crime threshold proposed here. Equally, the Department for Work and Pensions, for instance, investigates false tax credit claims which can result in the collective overpayment of millions of pounds of taxpayers’ money, but these false claims may not individually reach the threshold of serious crime. Communications data are currently used to investigate such activity.
I also believe that these amendments are unnecessary given the strict safeguards that already apply to the use of communications data. Data can be accessed only on a case-by-case basis and only where judged necessary and proportionate by a senior officer of a rank specified by Parliament and who is independent of the investigation. Strong judicial oversight will also be provided by the Investigatory Powers Commissioner.
I was grateful to the noble Lord, Lord Rosser, for qualifying his party’s position on this part of the Bill. We maintain that our existing regime and the proposals in the Investigatory Powers Bill are compliant with EU law, but whatever the final judgment, given the importance of communications data to preventing and detecting crime and safeguarding national security, we will ensure that plans are in place so that the police and others can continue to acquire such data in a way that is consistent with our obligation. I hope that that is helpful.
The Minister appears to be saying that the Government’s position is the same as ours, and that you cannot express a view on whether the law as it stands, as reflected in the Bill, meets the judgment of the European Court of Justice until we have seen and read what that judgment is.
I thank all noble Lords who have given me some support: it is something that I feel very strongly about. I thank the noble Earl for his full reply. Needless to say, I am not convinced because all of the issues that he talked about are in fact potentially serious crimes, so the threshold would be satisfied.
If the noble Earl had spoken to some of the people who had been blacklisted, for example, and whose lives were basically destroyed because of illegal surveillance and co-operation by the police with various organisations, it is possible that he would have been influenced in the same way that I have been. However, in view of the noble Earl’s answer, I beg leave to withdraw the amendment.
My Lords, I hope that I can reassure the noble Baroness. Amendment 100A is unnecessary since the use, retention and destruction of all personal data held by public authorities, including communications data, are already regulated by the Data Protection Act 1998. That means that, once communications data have been obtained, there must be a lawful purpose for their use and ongoing retention, and they must be destroyed when they are no longer held for a lawful purpose. I would draw the attention of noble Lords to Chapter 11 of the Communications Data DRAFT Code of Practice, which sets out detailed requirements, consistent with the Data Protection Act, on public authorities about the use, disclosure, protection and destruction of the communications data they hold.
In addition, the amendment would unnecessarily, and in some cases very damagingly, require a public authority to destroy communications data it had obtained once they had been used for the purpose for which they were acquired, but other legitimate and important purposes for holding data may still exist. For example, a public authority is obliged by law to retain material it holds that has been used in evidence to support a conviction in case of appeal or to overturn a potential miscarriage of justice. It is also obliged to retain any material that is potentially exculpatory, even if it considers that it no longer requires the data for the original purpose for which it was acquired. This amendment would cut across those important tenets of our criminal justice system and I cannot imagine that that is what the noble Baroness wants to see.
I hope that, in combination, what I have been able to explain will reassure her sufficiently to enable her to withdraw the amendment.
I should obviously have included something like the words “except as otherwise required by law”. I am grateful for that explanation and I am sympathetic to the Government trying to get everything into the Bill, but here we find yet another example of another piece of legislation that we need to look at. However, it is helpful to have the explanation, and I beg leave to withdraw the amendment.
The noble Lord made a very persuasive case for this amendment and I do not think that he will be surprised to be supported by these Benches, given our concerns about internet connection records—so any further constraint on them is something that we would welcome. But he went into far more detail than that and we support him.
My Lords, the Government have consistently recognised that care must be applied to the acquisition of internet connection records and, importantly, that they should not be acquired for trivial purposes. That is why we brought forward amendments in Committee to put in place a number of restrictions to provide reassurance that the powers to acquire internet connection records would only ever be used proportionately. These amendments included a threshold which would mean internet connection records could only be used to investigate certain crimes which could attract a sentence of at least six months’ imprisonment.
This amendment raises the threshold for offences which are sufficiently serious that an offender can be sentenced to at least 12 months’ imprisonment, rather than six. The amendment rightly leaves unchanged the important exceptions in the Bill to the crime threshold. The House has recognised the need to ensure that internet connection records can be obtained for the investigation of certain specified types of crime—for example, those relating to cyberbullying and harassment, and those relating to a breach of a person’s privacy—which, for whatever reason, carry a lower sentencing limit.
We recognise that this amendment will provide further reassurance and ensure public trust in the use of these vital powers, whose value and importance have been widely recognised and acknowledged. In these circumstances, we are therefore content to accept the amendment.
My Lords, I feel that I have to begin by saying to the noble Lord, Lord Paddick, that he has got this one wrong—indeed, very wrong. I am grateful to the noble Lord, Lord Carlile, the noble Viscount, Lord Brookeborough, my noble friend Lady Harding and the noble Lord, Lord Rosser, for the contributions that they have made.
The amendments seek to remove Clauses 64, 65 and 66 from the Bill, which provide that the Secretary of State may establish, maintain and operate filtering arrangements for communications data—colloquially referred to as the “request filter”—and detail the appropriate safeguards and restrictions around its use. Throughout the passage of the Bill we have repeatedly highlighted the many misconceptions and misrepresentations around the filtering arrangements, and we have demonstrated how the provisions in fact provide an important safeguard in the acquisition of communications data. It is therefore perplexing that the noble Lord, Lord Paddick, has given notice that he remains opposed to the clauses providing for the filtering arrangements to stand part of the Bill. It may therefore be helpful if I set out again what the filtering arrangements will actually do and not do.
Public authorities currently need to receive all the communications data disclosed by communications service providers in response to specific requests. In certain circumstances this amounts to more data—sometimes much more data—than are relevant to their investigation, and they will then need to determine which specific pieces of communications data are relevant. Perhaps I could illustrate with an example. The police may need to make a complex query, such as asking multiple communications service providers for data to identify an unknown person who is suspected of having committed a crime, such as armed robbery, at three different places at different times. Currently, public authorities might approach communications service providers for location data to identify all the mobile phones used in those three locations at the relevant times to determine whether a particular phone and a particular individual is linked to the three offences. This means that the public authority may acquire a significant amount of data relating to people who are not of interest but who just happened to be in the location at the time of the robbery.
The significance of the request filter is that, when a police force makes such a request, they will see only the data that they need to. Any irrelevant data about people who are not suspects will be deleted and not made available to the public authority. That is why I maintain that the filter acts as a vital safeguard, protecting privacy by ensuring that the police see only the data they need to. These amendments would remove that important safeguard—so it is perplexing, as I say, that the noble Lord wishes to do this.
To further reassure the House, I remind noble Lords of what the Joint Scrutiny Committee on the draft Bill stated about the filtering arrangements. It stated:
“We welcome the Government’s proposal to build and operate a Request Filter to reduce the amount of potentially intrusive data that is made available to applicants”.
The Joint Committee believed that the requirement upon law enforcement to state the operational purpose of accessing data through the filter and the oversight of the Investigatory Powers Commissioner will ensure the appropriate use of the filter.
The noble Lord, Lord Paddick, said that the Bill provided for unfettered access to private and confidential information. But access is not unfettered—and nor does the Bill permit fishing expeditions, as the noble Lord, Lord Carlile, rightly emphasised. The filtering arrangements can operate only in response to a specific, necessary and proportionate authorisation for the acquisition of communications data. That request must already have gone through all the existing communications data safeguards, such as authorisation by a designated senior officer of a rank specified by Parliament, who must be independent of the investigation.
I noted with some dismay the aspersions cast by the noble Lord on the likely integrity of those individuals actually retrieving the data—including, to my surprise, the integrity of the police. I am pretty shocked by the language that he used. The noble Lord also described the filter as a “database”. A database has to contain data. The filter will not hold any communications data. Once a request has been processed by the filter, any data—that is to say, all data—will be discarded. I hope that that does clear some of the fog.
The request filter will act as an important safeguard. It will ensure that police officers and others will see only the information they really need to in those cases where it is used. Accordingly, I respectfully request that the noble Lord, Lord Paddick, withdraws his amendment.
I thank the Minister for his remarks, and other noble Lords who have contributed. I acknowledge the great experience of my noble friend Lord Carlile of Berriew both as a lawyer and as a former Independent Reviewer of Terrorism Legislation. However, it is clearly untrue for him to say that, in his judgment, excluding the request filter from the Bill would reduce the capacity of the authorities to investigate cases. The request filter does not exist at the moment, so it cannot possibly reduce the capacity. It may restrict the capacity of the agencies in the future, but it will certainly not reduce it, because the authorities do not have a request filter at the moment. The “monster” that I alluded to is nothing other than the mechanism—the request filter—that these clauses and this amendment are all about.
My noble friend described two murder cases where convictions could not have happened were it not for the sort of data that we are talking about here. Those two convictions were obtained in the absence of a request filter, because the filter does not exist. So it is clearly nonsense for my noble friend to say that excluding the request filter from the Bill was likely to have impacted on convictions that relied on something that does not even exist at the moment.
I acknowledge the experience of the noble Viscount, Lord Brookeborough, in Northern Ireland. As the Minister said, this is not a database. It is not intelligence information that is gathered and stored. It is a mechanism—a piece of kit, if you will—that reaches out into databases held by private companies, such as the internet service provider led by the noble Baroness, Lady Harding of Winscombe, retrieves data and brings it back. As the noble Earl said, it is not about a real database but a virtual or federated one. In other words, the tool will effectively act as a database rather than being an actual one. I am sorry that, in the number of times that I have used this expression—at Second Reading, in Committee and now on Report—I have not been able to get my message across about the difference between a virtual database and a real one. But I think that it is time I stopped flogging that horse.
The noble Lord, Lord Rosser, is reassured that Clause 2, the overarching privacy clause, applies to every power in the Bill. This is not a power: it is a piece of kit, a search engine. The Government have said nothing in their response to this amendment to reassure us that Clause 2 applies to this, because it is not actually a power. The Minister used the example which I spoke to, almost exactly, when I moved the amendment. To use his word, it is “perplexing” that the noble Earl did not hear my objections to that as a good example.
The unfettered access that I am talking about is not unfettered access to data by the police and the security services, and I never suggested that it was—but there will be unfettered access by those who operate the request filter because the request filter will have direct access to the databases operated by the communications providers. So I am not saying that there would be unfettered access to data by the police and security services; what I am saying is that government officials, or those acting on behalf of the Secretary of State, would have unfettered access to these databases were the request filter to come into existence. So I, too, am perplexed that the Government have not responded positively to this amendment and I wish to test the opinion of the House.
My Lords in moving this amendment I will speak to the other amendment in this group. They provide for the introduction of judicial approval for data retention notices given under Part 4 of the Bill. This is an important new safeguard. It means that such notices given, authorised or varied by the Secretary of State, including those requiring the retention of internet connection records, will in future also require the approval of a judicial commissioner.
The Secretary of State must already consider whether it is necessary and proportionate to issue a data retention notice to a telecommunications operator. This amendment would mean in future that the decision to give a notice would be reviewed by a Judicial Commissioner, in line with the authorisation procedures for other powers in the Bill. I hope that the House will welcome this additional safeguard and, accordingly, I beg to move.
My Lords, we take this opportunity to thank the Government for listening to us, to the service providers and, in this case, also to the human rights monitors—everyone is in agreement. We are happy to support the amendments.
My Lords, Amendment 117B is grouped with government Amendments 118 and 130. It aims at the same thing, but I think that the Government’s aim is better than ours in Amendment 117B. The amendments are about the retention of third-party data, so in order to move the business on we are very happy to support the government amendments in this group. I beg to move.
My Lords, I do not understand why the noble Baroness wishes to insist on Amendment 117B.
Sorry, I am getting a great deal of advice from around the Chamber, and it is all immensely helpful.
Perhaps I may explain the purpose of government Amendments 118 and 130. As I said in Committee, we have been making good progress on drafting a clause that could put into the Bill the Government’s clear commitment that we will not require a telecommunications operator to retain third-party data.
It is important to be clear exactly what we are referring to as third-party data. Where one telecommunications operator is able to see the communications data in relation to applications or services running over its network but where it does not use or retain that data for any purpose, then it is regarded as third-party data. For example, if you use an internet access provider such as a home broadband provider to use the internet to log into a separate email provider in order to send an email, the broadband service might be able to see your access communications data in relation to the email service. If that information was not used or retained for any purpose by the broadband provider, the data would be considered to be third-party data.
I am pleased to say that we have now produced a clause that prohibits the retention of third-party data. We have tested this drafting with operational partners and with those telecommunications operators likely to be affected by the legislation and we are confident that it delivers the desired effect. That being so, the Bill essentially replicates the current position in RIPA, which is that data that already exist and could save a life or convict a criminal and so on can be accessed, but we are not insisting that data should be retained.
In these circumstances and in light of the opening observations by the noble Baroness, I commend government Amendments 118 and 130 in the event that we proceed.
I am sorry to have confused the noble and learned Lord. I was simply trying to explain that we are seeking to achieve the same thing, but that the Government have done better than we have. I beg leave to withdraw the amendment.
The effect of this amendment, as has been said, would be to leave out internet connection records from the definition of “relevant communications data” in Clause 84, which covers powers to require the retention of certain data. The Bill has had extensive pre-legislative scrutiny, including by a Joint Committee of both Houses, and we supported it at Third Reading in the Commons subject to, among other things, amendments being made which addressed the issue of access to internet connection records not being used in relation to minor crimes. Our amendment on the definition of “other relevant crime”, which raised the threshold from six months to 12 months, has been accepted by the Government. We will be opposing an amendment that now appears to weaken the effectiveness of the provisions relating to internet connection records, at least under Part 4 of the Bill, specifically Clause 84.
My Lords, the amendment would prevent the Government being able to require telecommunications operators to retain internet connection records. The noble Lord, Lord Paddick, tabled exactly the same amendment in Committee, and he will not be surprised to know that the Government still cannot support such an amendment. As the noble Lord, Lord Harris of Haringey, and the noble Baroness, Lady Harding, observed, these provisions may not give rise to a perfect system of record recovery but it is preferable to a dark hall where criminals move unseen and with impunity.
The noble Lord, Lord Paddick, talks of observations from the Security Service and the Secret Intelligence Service, but be it noted that it is not for them that these records are so essential; it is for the police forces and the enforcement agencies in respect of crime. I have spoken at length to the National Crime Agency, which has underlined to me the critical nature of these records now that telecommunications data are so often routed through the internet, not by means of normal telephony.
Earlier today this House recognised the importance of the use of internet connection records, subject to strict safeguards, as noted by the noble Lord, Lord Rosser. I do not think this House will want to prevent internet connection records being retained with the result that they are not available for any form of criminal investigation. Indeed, we have just discussed the government amendment to require judicial approval before a data retention notice can be given, which, as I said at the time, puts in place a significant new safeguard before a telecommunications operator can be required to retain the data.
There has been considerable debate on this topic, not just today but as the Bill has progressed through Parliament. However, in relation to this amendment, I should perhaps reiterate why internet connection records are so essential for law enforcement. As communications increasingly take place via the internet, information that used to be routinely available to law enforcement from telephone-based communications data is increasingly unavailable—for example, the identity of an individual suspected of sharing indecent images, or people with whom a missing person was last in contact. Internet connection records are essential because they will ensure that the type of communications data that were previously available to law enforcement will remain available in future, not perfectly but generally. It will help to ensure that terrorists and criminals cannot evade detection simply because they choose to communicate online.
The noble Lord, Lord Paddick, observed that there may be applications or social media apps on a device that maintain a persistent connection to a service. That is true, but even in such cases the relevant ICR will signpost the service access by the device, enabling a public authority to make further inquiries with the service provider, which is identified through the ICR. ICRs will allow law enforcement to approach online service providers to acquire communications data where it is known that a specific device has accessed their service. So it is not the case that simply because you have open or permanent connections, the use of ICRs is rendered useless; that is simply not accepted.
The alternatives available to the security and intelligence services are not available to the police, and certainly cannot be adduced in a court of law. The police can acquire communications data only on a case-by-case basis where necessary and proportionate, and where they have made strong operational cases as to why they need to retain these records. Equally, the intelligence agencies may acquire data only for their own statutory purposes, which are far narrower than the criminal types investigated by the police. It is also the case, as I mentioned before, that intercept material from the agencies may not be used as evidence in court, a position that has been upheld by numerous independent inquiries over the years, most recently by a panel of the Privy Council in 2014.
Giving evidence to the Public Bill Committee, the noble Lord, Lord Reid, and Charles Clarke, previous Home Secretaries, were asked whether ICRs were a key part of updating legislation to the current world, and they both definitely agreed. Indeed, one could go further. The noble Lord, Lord Paddick, alluded to the observations of the Joint Committee on the draft Bill. Let us look at its conclusion:
“on balance, there is a case for Internet Connection Records as an important tool for law enforcement”.
The Government recognise the sensitive nature of internet connection records, which is exactly why we had our earlier debate concerning the safeguards that must surround their recovery. The point has already been made that those records will not give access to the content, it is the record of connection that will be recovered.
I appreciate that the noble Lord, Lord Paddick, still has concerns about internet connection records, and I fear that nothing I say will convince him otherwise, but I again reassure him that we have all the right safeguards in place. Data can be retained only when necessary and proportionate and following authorisation and approval by the Secretary of State and a judicial commissioner. We have mechanisms in place to ensure that data are held securely, including audit by the Information Commissioner. Once the data are retained, they can be accessed only on a case-by-case basis, and only when judged necessary and proportionate by a senior officer at a rank specified by Parliament who is independent of any investigation being carried out. Strong judicial oversight will be provided by the Investigatory Powers Commissioner and, thanks to the changes made by this House, internet connection records cannot be acquired for minor offences, an amendment we discussed earlier.
In summary, internet connection records are a vital power. As to their cost, I believe that the figure given at a previous stage was £174 million over a period of 10 years. That is a not inconsiderable sum, but a manageable figure in the context of what we face with police powers. Accordingly, I invite the noble Lord to withdraw the amendment.