National Security Bill (Second sitting)

(Limited Text - Ministerial Extracts only)

Read Full debate
Committee stage
Thursday 7th July 2022

(2 years, 5 months ago)

Public Bill Committees
National Security Act 2023 View all National Security Act 2023 Debates Read Hansard Text Amendment Paper: Public Bill Committee Amendments as at 7 July 2022 - (7 Jul 2022)
Holly Lynch Portrait Holly Lynch
- Hansard - - - Excerpts

Q Sam Armstrong, on China specifically, what types of activities should we be most concerned about here in the UK?

Sam Armstrong: The problem is that it is so broad, in that there are problems even in this building. The security services will tell you privately that—far beyond Christine Lee, who obviously was named—there are agents of the Chinese state here who are known to the security services and in whom they have taken an active interest.

There are huge problems in academia; China has made no secret of its interest in academia. When the Zhenhua database leak happened a couple of years ago—this was a database that China was using to identify potential targets of intelligence activity—it was no surprise that they had targeted think-tanks and academics very carefully.

The third and final area that China is very, very interested in is anything related to technology, and to the areas that it would like to obtain and that it set out in its “Made in China 2025” programme. Those areas are twofold. The first is universities and open research. There are researchers in the UK right now who are, frankly, working with branches of the Chinese navy to come up with devices to track nuclear submarines around the world. That is as dangerous as it comes to our national security, and that work is going on in the open. I am also aware of British companies that are making engines—or casings for engines in this case—that they have admitted are good for nothing other than for engines in tanks. There are grievous concerns about the whole level.

Where do you start first? Well, that is a choice between those that are dangerously undermining our national security and tech, and those that are dangerously undermining our democracy in accessing this building and in terms of the influence and space in which they are influencing our democratic process.

Damian Hinds Portrait Damian Hinds (East Hampshire) (Con)
- Hansard - - - Excerpts

Q Mr Miller, to come back to information ops, what do we know about scale of state-enacted or state-sponsored information operations specifically?

Carl Miller: One suggestion that I was going to make today was that we have nothing like a comprehensive picture. This is often extremely sporadic project-based research, and it is usually platform-specific, even though we know that, in all likelihood, that is not how the campaigns work—they will work across tonnes of platforms all at once. We will see only certain kinds of campaigns. We are broadly better at seeing broad-based campaigns addressing quite large slices of a population, but again, if we were to put ourselves in the mind of an influence operator, there would be much more targeted campaigns directed towards—if you will—higher-value targets as well.

What we know about scale is that many more countries than those we talk about are doing it. I understand that in the last Indian election, accounts attributable to every single mainstream political party were taken down by Facebook during that campaign. It has emerged as an almost mainstream campaigning tactic.

Damian Hinds Portrait Damian Hinds
- Hansard - - - Excerpts

Q Sorry, but are you talking about domestic actors—domestic political parties in their engagement in domestic politics—rather than foreign state involvement?

Carl Miller: Yes. One of the reasons that I am hesitating is that, for researchers like me, clear and guaranteed attribution—outside the platforms—is unbelievably difficult, and I do not want to overstate. I can tell you that there are dozens upon dozens upon dozens of incidences, scenarios and narratives that we regard—reading the tea leaves of machine-learning patterns as we do—as suspicious. With the open data that is available to me, I cannot definitively link that back to a state. However, Twitter and Facebook, for example, have both disclosed dozens of campaigns that were—at least in part—likely targeting the UK, and linked them back to what they believe to be state actors.

Damian Hinds Portrait Damian Hinds
- Hansard - - - Excerpts

Q When we talk specifically about foreign-interference information operations in countries such as the UK, we tend to focus on elections times, big democratic events, referendums and so on, but is there any reason to believe that something of a moderately comparable scale does not go on the rest of the time?

Carl Miller: No, there is not. In fact, I am sure it does, and that is one of the big trends we are seeing. We ran an effort over COP26, and we saw that there were certainly various kinds of organised attempts to manipulate big global thematic conversations about climate action, for instance. Given the barriers of entry into this world, I also do not think that it will be national elections; it might be quite small and local events that see some level of manipulation happening, too.

I will also point out one reality about how these work. One of the difficulties in seeing how the Bill—I am sorry if I have misunderstood this—might apply is its requirement that the actors involved have to be conscious that they are working on behalf of a foreign power.

Quite often, my suspicion is that you would have a state agency with various kinds of links with online actors, and there might be a whole chain, from a PR company to another more specialist digital consultant to a much spammier consultant, and that person might be the person reaching in and actually gathering together various kinds of functionalities, capabilities or services to do overtly illegitimate and malign forms of manipulation online. It might be very difficult; they might never know that a state is at the other end of the trail. With the companies that I mention—the ones selling large amounts of digital manipulation—I cannot believe that they do any kind of “know your customer” activity. I do not think that they have any idea who is employing them.

Damian Hinds Portrait Damian Hinds
- Hansard - - - Excerpts

Q You talked earlier about what we might call the falsehood versus division distinction, and we had a good conversation about this with a previous panel of witnesses. This question is for you both: will you say something about how the use of those techniques varies between states, and what trends we are seeing?

Carl Miller: I cannot create a profile for how each state would approach information operations, to be honest. I do think that there is quite a high degree of heterogeneity among the actors involved. You have all kinds of different intelligence agencies, and military-based and political PR comms-based actors. One of the truisms is that it is a bit of a scattergun approach at the moment, where lots of things have been tried and they are attempting to evaluate them, and they do not really know which ones are succeeding and which are not. I am not quite sure if that is true or not.

The actual nitty-gritty of the techniques and technologies involved is probably the shadowiest part of this whole area. If the Bill were to be effective, something we need in parallel to it would be almost a digital influence version of the national risk register, where we have state support to pull apart and lay out where we think the genuine threats are and the genuine bodies of capability and technology that have been built to do this kind of stuff. It is very difficult for researchers in the open to do this by ourselves.

Damian Hinds Portrait Damian Hinds
- Hansard - - - Excerpts

Q Mr Armstrong, with your China speciality, can you say anything about how that country’s approach to information ops has changed or is changing?

Sam Armstrong: Yes. China initially began—there is some really interesting stuff that has only happened in the UK in this space. We had a university that for a very long time rather openly advertised itself as providing services and specialist media training to officers of the Chinese propaganda Ministry, among others—various branches of the Chinese state—right here in London, metres away from the BBC. You also have the Confucius centre picture, which is important.

Where China has actually done very poorly is in its direct Government-to-Government disinformation. Some of the stuff that you saw around “Wolf Warrior” or that the Global Times—its state international newspaper—puts out is very ineffective. What China is incredibly effective at is not really that disinformation or misinformation public communications picture, but identifying individuals of influence within academia, business or wherever, and building up close relations with them. They are invariably people of influence, who in turn use their own networks to say, “Well, look, I’d be careful of all this talk about China. They are the biggest-growing economy on Earth, we really need to trade with them and we shouldn’t do anything to upset them at any point.” In so far as I have seen, that is where the Chinese influence picture has been focused.

Maria Eagle Portrait Maria Eagle (Garston and Halewood) (Lab)
- Hansard - - - Excerpts

Q I have a couple of questions. My first is for both of you. You have said slightly different things about the Bill, but is there anything that is not in the Bill that you think ought to be there and that would make a difference in the field in which you are doing research?

Sam Armstrong: Yes, there are two things. The first is the foreign influence transparency register system. I note that there has been a promise that it is to come, but the devil will be in the detail on that because there is a series of policy judgments that have to be made—whether it is expansive, where the teeth bite and so on. It is incredibly important that it is seen quickly.

Secondly, there should be an ability for the Secretary of State, either of the Home Office or the Foreign, Commonwealth and Development Office, to intervene in known problematic institutional relations. There are excellent powers here, such as the individual prevention and investigation measures, but there is very little capacity when that is done more corporately—to go in and say not just to universities but to companies, which would be an expansion of the Australian power, “This arrangement is not in the UK’s interest, and we are ordering you to terminate it.” To say that is a glaring omission is perhaps overstating it, but those are the two powers I would really like to see.

--- Later in debate ---
Damian Hinds Portrait Damian Hinds
- Hansard - - - Excerpts

Q You mentioned a moment ago that we know of no examples of successful interference in elections. Can you unpack what you mean by “successful”? Do you mean changing the outcome?

Louise Edwards: The intelligence community have not notified us of any successful attempts to interfere in UK elections. As I mentioned, the Electoral Commission is not a national security body—we do not have intelligence functions—so when it comes those matters, we receive the information rather than creating it or analysing exactly what it means.

Damian Hinds Portrait Damian Hinds
- Hansard - - - Excerpts

Q I realise that this is not your end of the business, but I do not think anybody would claim that there has been no small “s” successful interference in the democratic process in the sense of—I do not know if you heard our earlier session—winding people up, making them think they have less in common than they really do with others in society, and all those sorts of things. I do not want to put words in your mouth, but I think what you mean is actually changing the outcome of an electoral process. Is that right?

Louise Edwards: That is my understanding of what the intelligence community mean when they tell us that, yes.

Damian Hinds Portrait Damian Hinds
- Hansard - - - Excerpts

Q I have questions about a couple of things that you have been talking about. I suppose that money coming into the political system depends on our definition of “political system”. A lot of the activity we are talking about probably involves a lot of money in one way or another, but it never actually penetrates the boundaries of what we call our political system.

We talk in other contexts about regulating political advertising—meaning adverts placed by political parties that are registered under the Political Parties, Elections and Referendums Act 2000—but in reality, political parties’ advertising is a very small fraction of the total online influencing that goes on in the run-up to elections. What is your expert assessment of how the whole political arena is changing? How do our institutions and our legislative approach need to change to keep up?

Louise Edwards: That is a very interesting question—how long do I have? The political finance side of the regime—I will unpack what I mean by that in a moment—is very much focused on the concept of regular and routine transparency that is enhanced significantly around an electoral event—an election, essentially.

When we talk about the political finance regime, we are talking about a defined set of actors: registered political parties, third-party campaigners, candidates or other members of political parties, and those who have specific responsibilities under law, including regular donation-reporting obligations. For example, political parties have to tell us about their substantial donations on a quarterly basis, and we then publish all that information.

When it comes to elections, as I am sure you know, there is a period in the run-up to elections called the regulated period. Any spending on campaigning that happens during that period—obviously, it gets more intense the closer you get to polling day—also has to be reported to us and gets published so that people can see it.

However, you are right that that is only one side of the nature of influencing or of the wider concept of political campaigning in the UK. There are some really interesting questions there around whether it is sustainable to look only at detailed spending in the run-up to an election, when you might well argue that political campaigning these days is year-round rather than in the run-up to particular polls.

There is also another side to it: how do you define regulated political campaigning and the spending that has to be reported? Back in 2018, we did some work with voters looking at what they thought about online campaigning specifically. One thing we found was that quite often voters did not realise that something they saw online was actually trying to influence their vote, because it was not immediately obvious on the face of the piece of literature that that was what was happening.

In terms of how things might change or develop in the future, there was a bit of thinking done about this in the Elections Act 2022, which introduced what we call “digital imprints”. They are a little bit of text that goes on a message online and says, “This was produced by this person, on behalf of this person, paid for by this person,” so you can see that it is a political advertisement. It is that level of detail and transparency that now needs to be applied.

Damian Hinds Portrait Damian Hinds
- Hansard - - - Excerpts

Q To be clear, to which actors does the digital imprint requirement apply?

Louise Edwards: It applies to anybody who is putting out regulated political material, so it would be political parties, third-party campaigners and candidates. The regime is fairly comprehensive, although not entirely comprehensive. I realise I am going slightly outside the scope of this Bill, but there is opportunity to make it more comprehensive and to really make it clear to voters every time they see a little bit of campaign material online who is paying for it. So it is those established actors who are—

Damian Hinds Portrait Damian Hinds
- Hansard - - - Excerpts

Q Exactly, as long as they are part of our regulatory framework.

Louise Edwards: Yes.

Maria Eagle Portrait Maria Eagle
- Hansard - - - Excerpts

Q We seem to have fairly decent regulation for participants in elections. We all know what imprints are, let us put it that way—anybody who has been elected knows what an imprint is. Some of the effort to perpetrate disinformation—to use a blanket term—whether that is successful or not, does not come from people who want to abide by the rules or who are keen to get their imprint on their material; that is precisely what they are not doing. Do you have any views about how we make it clear what is going on? In that respect, do you think that the foreign influence registration scheme that we are promised will be brought in during the Commons stages of the legislation will have a positive impact on identifying people who are trying to do this, or not?

Louise Edwards: You have hit upon one of the hardest issues here. Broadly speaking, people who are within the regime already—the established actors we have been talking about—comply with the law. Many of them, in fact, already put digital imprints on their online material, even though it is not yet a legal requirement to do so. The challenge is those who are perhaps based overseas or who do not want to play by the rules, basically. There are real enforcement challenges there, particularly when you are thinking about organisations or individuals based overseas.

If I go back to the recent Elections Act, one of the provisions that the Government brought in at that point was to lower the spending threshold in elections for people who are based overseas to £700: if you are an overseas entity, you can spend up to £700 campaigning in our elections, then that is it—that is your spending threshold. The problem is that, from our point of view, that can only really be symbolic, because it is virtually impossible to enforce spending at that low level. Even if we were to identify an overseas organisation spending in UK elections, they are overseas, so we have no enforcement powers that we can use to try to stop them.

I am painting a fairly awful picture, but there are some ways to tackle it from a slightly different perspective. For example, we have recently started launching a campaign before elections that is helping voters to look at online material with perhaps a more critical eye, to try to assess whether they should let it affect their vote and to give them a place to find out how to express concerns about that material, with the hope then being that we can perhaps raise confidence in legitimate digital campaigning while at the same time giving people an outlet if they see something they think is illegitimate. There is also a fair amount of work that you could do around political literacy at a very young age with voters, to help them to have that kind of critical perspective.

You mentioned the registration schemes. As a civil political finance regulator, our remit does not extend to matters of lobbying and influence, but one thing I would say, if I may, is that when it comes to the integrity of our democracy and voter confidence in it, transparency is key. Any registration scheme that brings more transparency around who is seeking to influence those involved in our democracy can only be to the benefit of the confidence of voters.

--- Later in debate ---
None Portrait The Chair
- Hansard -

Damian Hinds, very briefly.

Damian Hinds Portrait Damian Hinds
- Hansard - - - Excerpts

Q Professor Martin, one of the core aims of this legislation is to bring our counter-espionage capability up to date with the modern world. You spoke a little earlier about data theft in the context of the US Government and police. Will you briefly say something about how technology has changed states’ espionage capabilities and how we need to respond?

Professor Ciaran Martin: Why is so-called data sovereignty such an issue? There are all sorts of reasons in economics, but one of them is that the location of the storage of data is really important. Data centres are massive strategic assets and a vulnerability for any sort of country, and you can see that combined effort. Why did we have such a big debate about the role of Chinese technology in UK infrastructure? It is because of the potential—never mind 5G and so on, but rather in things like smart cities—for data to be siphoned off covertly and so forth. It is possible.

There are stats to show, if you had compromised the International Atomic Energy Agency in Vienna and you went in there, how much you could photocopy versus how much you could steal electronically. There is now the possibility and, in some cases, the practice of comprehensive strategic compromise of huge, important datasets and sensitive strategic knowledge across all sorts of sectors by a combination of mostly digital but sometimes human-enhanced means. Until now, as you say, Mr Hinds, we have not really had a legislative framework for it. This Bill does provide a no doubt improvable such foundation.

None Portrait The Chair
- Hansard -

That brings us to the end of this section of questions. On behalf of the Committee, I thank our witness, Professor Ciaran Martin. Thank you very much.

Examination of Witnesses

Dr Nicholas Hoggard, Professor Penney Lewis and Rich Owen gave evidence.

--- Later in debate ---
Holly Lynch Portrait Holly Lynch
- Hansard - - - Excerpts

Q Thank you. Can I ask for your thoughts on clause 23, which is on the extension of powers to the security services? The security services feel quite strongly about that and we have heard from them earlier today around encouraging or assisting offences. Did you have any thoughts at the Law Commission about that?

Professor Penney Lewis: Sadly, no. That was not within the scope of our project. It really exceeds the focus of our project on official Government data, so we did not make any recommendations in relation to those kinds of powers and we do not have a view.

Damian Hinds Portrait Damian Hinds
- Hansard - - - Excerpts

Q I turn to Mr Owen, briefly, to ask about the forthcoming foreign influence registration scheme. From your perspective, what would be your hopes on behalf of the legal profession for that scheme and do you have any concerns?

Rich Owen: We think the solicitors’ profession should be subjected to the scheme in just the same way as any other, although we would like an exception on grounds of legal professional privilege. This is an ancient common-law right going back 400 years or more. It is also regarded as a human right and as a corollary of everyone’s right to receive legal advice and assistance and we feel it plays a crucial role in the proper administration of justice.

To be clear on what we mean by legal professional privilege, it is communication between a client and lawyer whose dominant purpose is to seek legal advice, or a communication between a client and lawyer in anticipation of pending or actual litigation. We therefore think that if there is a foreign influence registration scheme without legal professional privilege, then solicitors acting for foreign states or foreign state-related actors, such as companies controlled by or influenced by foreign states, would have to disclose documents. We think that profoundly compromises the rule of law and the fairness of trials, and will affect the relationship between client and lawyer.

I think it is easy to forget that legal professional privilege is not a privilege for solicitors or lawyers; it is for the client. Of course, clients want to be open with their lawyers when they are seeking advice, and we think this scheme would inhibit that openness. Of course, very often, the reason why they want to be open with their lawyers is that they want to know how to comply with the law, rather than breach it. That is why an exemption is needed in any such scheme.

Damian Hinds Portrait Damian Hinds
- Hansard - - - Excerpts

Q What would the loopholes or potential unintended consequences be to such a provision, and how would you guard against them?

Rich Owen: It is important to know the limits to legal professional privilege. It cannot be used to further a crime—because of the so-called “crime-fraud exception” or the “iniquity exception”—so if a solicitor advances an assertion of legal professional privilege in bad faith, then they are not in a privileged situation and could potentially be charged with conspiring to pervert the course of justice.

Legal professional privilege would complement any scheme. The Home Office consultation on a possible scheme said it would respect the human rights framework. That privilege is an ancient common-law right. It is has also been recognised as a human right. The consultation also said that a scheme would not interfere with legitimate activities. It would be a legitimate activity to seek advice from your lawyer and not have that advice disclosed. If anyone was furthering that for espionage purposes, then that would not be a privileged situation; they would be acting outwith legal professional privilege.

Damian Hinds Portrait Damian Hinds
- Hansard - - - Excerpts

Q So you are not saying that you think that lawyers should be exempted from registering? Your objection is specifically about disclosure of documentation.

Rich Owen: Yes. Well, we are looking for something similar to the Australian scheme. The Australian legislation specifically exempts legal professional privilege, as well as seeking legal advice and assistance. That sort of model, which expressly exempts legal professional privilege, would be a suitable way forward for the scheme.

Sally-Ann Hart Portrait Sally-Ann Hart
- Hansard - - - Excerpts

Q I just want to look at the provisions relating to arrests without warrant, which is in clause 21 and schedule 3. The provisions relating to that include the ability to delay access to a solicitor and delay notifying a person’s family of their detention. Based on similar provisions for terrorism suspects, do you regard that as proportionate and necessary? Can I go to Dr Hoggard first?

Dr Nicholas Hoggard: You can, although I am afraid I will have to be very boring. Speaking with my Law Commission hat on, we are limited in what we can say with respect to those things that did not form part of the scope, regarding the protection of Government data. I am very sorry; I do not mean to be deliberately unhelpful, but we do not really—

--- Later in debate ---
Holly Lynch Portrait Holly Lynch
- Hansard - - - Excerpts

Q Perhaps I can return to my previous discussion with Professor Lewis on the issue around UK interests and Government interests? Putting aside the issue around leaks, I want to think about the “Assisting a foreign intelligence service” elements in clause 3. I will use a hypothetical. If there is a Foreign Secretary who has met with a former KGB officer, and you have that information and want to put it in the public domain—an outrageous example that would never happen—would the Government have grounds to say that, in disclosing that, you have acted against UK interests rather than Government interests? That is despite the fact that there was no material advantage to a foreign intelligence service or detriment to UK interests.

Professor Penney Lewis: I am sorry but I am going to be very boring again. The offence in clause 3 is not the implementation of one of our recommendations. It is one of the offences that was outside the scope of our project. The main espionage offences that are in the existing Official Secrets Act, which implement our recommendations, are in clauses 1 and 4 of the Bill.

Dr Nicholas Hoggard: I will add to that without going outside our own remit, but thinking more broadly about the distinction between UK interests and Government interests. To re-emphasise a point that Penney made earlier, the essence of espionage offences lies in that purpose prejudicial. That is why we see in those offences that have the purpose prejudicial element—where your purpose is prejudicial to the safety or interests of the United Kingdom—that the sentence is so much greater.

The mens rea—the fault element—of those criminal offences lies in that purpose prejudicial. You need not only your purpose but to have known, or ought to have known, that your purpose was prejudicial to the safety or interests of the UK. Also, you must have known, or ought to have known, that you were acting to benefit a foreign power on behalf of a foreign power. Taken together, it is that essence that makes those offences substantively different from the sort of behaviours that might embarrass a Government—or a Government Minister. That sort of thing often falls for consideration within unauthorised disclosure offences, but it is not really the meat of an offence focused on the active interference with the proper safety or interests of a state.

Regularly throughout the project we met with a number of the UK intelligence community in Cobra with the Government security group. The evidence we heard of the nature of hostile state activity does not really have a bearing on the sort of material that sometimes gets disclosed that might embarrass Government Ministers. They are two quite different creatures.

Damian Hinds Portrait Damian Hinds
- Hansard - - - Excerpts

Q Turning to Law Commission colleagues, you have conducted a very comprehensive review of the four Official Secrets Acts. Let us set aside the Official Secrets Act 1989, which is, as you rightly say, in a different category, because it is about disclosure rather than espionage. Looking at the Acts of 1911, 1920 and 1939, I think it would be useful for the Committee’s deliberation to hear a little about how you went about your review and what you learned along the way—perhaps about if you conferred with your equivalent commissions in other countries and what you heard about the changing nature of the threat that we are trying to deal with and so on.

Professor Penney Lewis: Maybe I will start with the high level and then Nick can come in with a bit more detail. I should preface my answer with a slight caveat. This project started in 2015. Nick joined the Law Commission in February 2019 and I joined in January 2020, so while we were heavily involved in the final report, neither of us were involved in drafting the consultation paper or in the consultation period, which happened in 2017. None the less, we have read the consultation responses, and I can also talk slightly more generally about how we go about doing a consultation.

We were asked to take on this project. The way we work is that we undertake a pre-consultation investigative phase where we talk to stakeholders. That involved Government stakeholders, including Government security stakeholders. We talked to a lot of academics who work in this field. We talked to the media, because obviously they were particularly interested in the 1989 Act, and various organisations that are interested in freedom of expression and open government. We then drafted a consultation paper, which contained provisional proposals for reform. We put those out to public consultation. We had a three-month consultation period, and we had a number of consultation events during that. At the same time, we are continuing to talk to Government security colleagues, as Nick mentioned.

We eventually came to an agreement with Government security colleagues about how they would brief us about the details of the threat facing us without us then being in a position where we would have to say in our report, “Well, we have heard all this secret evidence. We can’t tell you what it is, but trust us that these are the recommendations we think will safeguard the security and interests of the UK”, and without also putting the security and interests of the UK at risk. We agreed a confidential briefing process that involved Nick and me. We then also agreed the disclosure by Government of hypothetical examples that they had drafted to represent the real threats that they told us about confidentially and securely.

Throughout the report, there are hypothetical vignettes that illustrate particular risks. Those are the Government and intelligence services’ creatures, but they were the way in which we were able to reflect the reality of the threat. We then considered the consultation responses and the information we had had from the Government security group. We actually changed a number of things we had said in our consultation paper, so in between the provisional proposals and the recommendations there are a number of significant differences, particularly in relation to the 1989 Act. We then published a report in 2020, which contained our final recommendations for reform.

Dr Nicholas Hoggard: I will go into some specifics of what we learned, which is generously open-ended. What Penney says is correct; there were a number of changes that followed the consultation paper, come the final report. One of the major reasons for that was our engagement more substantively with confidential material and representatives from the UK intelligence community—UKIC—and across a number of Departments. It became increasingly clear to us that the scale of the threat was of an order of magnitude that, even in relatively recent integrated reviews, had not really been reflected. That scale really comes from the cyber-threat. I do not want to repeat what far more sophisticated witnesses said earlier in respect of that, but it also became increasingly clear to us that the way in which very capable state actors were wielding that cyber-threat meant that certain of the original provisions we had made needed to be reconsidered.

One example of that would be the extraterritoriality provisions, both in relation to the espionage offences and the unauthorised disclosure offences. The nature of the way in which cyber-information is held—of course, cyber-information now basically means all information—has changed. The existing offences under the 1911 Act and its ancillary Acts are now almost quaint in the way that they perceive espionage as something that happens on our territory. Of course, that is simply not the case anymore. These extraterritoriality provisions, though relatively unusual for criminal offences, are none the less vital if we are to capture the sort of behaviour that we see now. I think the process we went through in engaging with UKIC was actually vital for the understanding of, and background to, some of the recommendations that we made.

None Portrait The Chair
- Hansard -

If there are no further questions, can I thank our witnesses? We will now move to the next panel.

Examination of Witness

Poppy Wood gave evidence.

--- Later in debate ---
Holly Lynch Portrait Holly Lynch
- Hansard - - - Excerpts

Q We will be tabling an amendment that would require the Government to commission an independent review every year on the prevalence of disinformation and the impact that it has on elections. Who would you imagine would be most suited to undertake that report?

Poppy Wood: That is a brilliant idea. It goes back to the point about grip. We are seeing really good work being done by the Home Department and the Department for Digital, Culture, Media and Sport. I think the DCMS counter-disinformation unit is an important tool, but it is very small, as is DCMS, and it is lacking the transparency that such interventions require. It should probably be a body like the Intelligence and Security Committee—some kind of cross-party body, quasi-independent of Government, thinking about the issues, with input from expertise in the relevant services and relevant Departments. I know that the Home Department and DCMS work together closely on this, and I think the Cabinet Office also has a role to play. Instinctively, I feel that something like the ISC would be the best place for it, but I am sure that is to be worked out.

One of the issues with a lot of this stuff is the role of the Executive, and making sure that the body is that far removed from political interference.

Damian Hinds Portrait Damian Hinds
- Hansard - - - Excerpts

Q Hello. Earlier, you queried why something that happened in 2014 might only have been called out by Facebook in 2018. Isn’t it quite obvious that what happened was 2016 in the middle, and all the brouhaha that followed from the American elections and the congressional inquiry, and all the rest of it? It turned out that when Facebook and others went looking, it was amazing what they could find.

Poppy Wood: Absolutely. If you are suggesting that they respond to PR crises, I would agree with you on that one. Of course, this about brands. We have seen with revelations from Frances Haugen that Facebook is not understaffed but just not focusing them in the right direction on this stuff. There are only handfuls of people focusing on co-ordinated disinformation for the whole world within these big technology companies. It should be dozens, especially if they are hiring 10,000 engineers for the metaverse in Europe. They can put some of them on elections and tracking. They say that they go far, but they could go much further. When there is pressure on them, they respond, and so far that pressure has been PR because there has not been regulation.

Damian Hinds Portrait Damian Hinds
- Hansard - - - Excerpts

Q Would it be fair to say that they have at least got better? If you take the American 2020 election, there does not seem to have been the same volume of attempted disruption as in 2016 election, or at least not in the places where we are now looking, like Facebook?

Poppy Wood: We do not know, because we have not got the transparency. They may seem to have got better, but as a percentage of what, we cannot know. They will say that it has got better and that they have caught this many thousand as opposed to that many thousand last time, and those accounts have been taken down, but we have no idea if it is a percentage of what. That is why people, such as Frances Haugen, who have come forward as whistleblowers to say, “They are telling you this, but the data says that,” show that we should not be relying on those people. I am sure we will come on to the whistleblowers, but there have to touchpoints much earlier on, from civil society, from Government, from researchers, to say “Hey, actually, the scale is much larger,” or, “You’re not even looking at this stuff.”

London is one of the most linguistically diverse cities in the world, and when we are talking about counter-terrorism speech, one of Frances’s revelations was that 75% of counter-terrorism speech was identified as AI—it is terrorism speech, so it is taken down. We are thinking about the UK as an English monolith, but there is plenty of linguistic diversity that puts us at risk when those platforms are weaponised in elections, focusing on diaspora and so on.

I would hope that the platforms have got better, and I would like to give them the benefit of the doubt, but the truth is that we just do not know.

Damian Hinds Portrait Damian Hinds
- Hansard - - - Excerpts

Q You mentioned that there is not transparency, but there is at least one type of transparency with Facebook—main Facebook—as in you can see what is on it. I wonder what you think of the role of channels that you cannot see, such as private messaging that includes private parts of Facebook, WhatsApp, and what they call copypasta—copying and pasting SMS messages—and so on. How much do we know about that?

Poppy Wood: I would challenge the first assumption that you can see what you can see on Facebook. They still view that as private information. Researchers cannot get access to that unless they kind of beg, borrow and steal. I understand the question—

Damian Hinds Portrait Damian Hinds
- Hansard - - - Excerpts

But you can see public postings on Facebook. That is my point.

Poppy Wood: On your page, you can, but researchers cannot.

Damian Hinds Portrait Damian Hinds
- Hansard - - - Excerpts

But that is still more than you can see on WhatsApp, where you cannot see a post at all.

Poppy Wood: That’s true. I suppose I would say they could do much more about transparency just about the public posts—that is my first point. Secondly, on encryption, there are concerns about some of the amendments in the Online Safety Bill and what that really means for encryption. I know we are not here to talk about that Bill, but encryption is an important tool. We know that those spaces are misused, but we need to be really clear about some of the benefits that encryption offers to lots of people, particularly the security services, for sharing information safely. We need to be careful.

Damian Hinds Portrait Damian Hinds
- Hansard - - - Excerpts

Q I was not trying to start an argument or even a discussion or analysis of end-to-end encryption. I was just asking, relatively speaking, how much do we know? There is a hypothesis that the reason why there was apparently less material in recent American elections on Facebook than in 2016 is that large parts of it have moved to other channels where we just cannot see it. We just do not know what is there.

Poppy Wood: Let me give you a good example on Russia Today. We do a lot of work and analysis around Russia and Ukraine. Obviously, Russia Today was taken down from most national broadcast networks. It has been resurrected multiple times on social media. This week, we saw it resurrected with another name, like “Discovery Dig” or something, on YouTube, where lots of the comments, imagery and language were directing people to Telegram channels where they are actively mobilising.

What we see in the active mobilisation on Telegram channels is the outing of national security agents, the putting up of email addresses of politicians and saying, “Target them and say they are on the wrong side of the debate,” or, “Write to this national newspaper.” In all three of those examples, it is predominantly in the UK. They are telling them it is all fabricated. They are absolutely weaponising those private spaces. As you say, it is quite hard to get into them—but actually, it is not that hard. They are pretty open channels, with thousands and millions of engagements and followers. That is the scarier bit. They are private, but you are getting tens of millions of people and engagements on them. I am not sure that is the true definition of private, but it is certainly in an encrypted space.

Jess Phillips Portrait Jess Phillips (Birmingham, Yardley) (Lab)
- Hansard - - - Excerpts

Q I want to touch on the whistleblower issue you raised. There have been some concerns that the Bill might not sufficiently target those with malicious intent. Is there a risk that it potentially criminalises whistleblowers?

Poppy Wood: The role of whistleblowers in society is really important. I know the Government understand that. There are some good recommendations from the ISC about whistleblowers that I do not think have been adopted in this version of the Bill. That is about at least giving some clarity to where the thresholds lie, and giving a disclosure offence and a public interest defence to whistleblowers so they can say, “These are the reasons why.” My understanding is that at the moment it sits with juries and it is on a case-by-case basis. I would certainly commend to you the recommendations from the ISC.

I would also say—this was a recommendation from the Law Commission and also, I think, from the ISC—that lots of people have to blow the whistle because they feel that they do not have anywhere else to go. There could be formal procedures—an independent person or body or office to go to when you are in intelligence agencies, or government in general or anywhere. One of the reasons why Frances Haugen came forward—she has been public about this—is that she did not really know where else to go. There were no placards saying, “Call the Information Commissioner in the UK if you have concerns about data.” People do not know where to go.

Getting touchpoints earlier down the chain so that people do not respond in desperation in the way we have seen in the past would be a good recommendation to take forward. Whistleblowers play an important part in our society and in societies all round the world. Those tests on a public interest defence would give some clarity, which would be really welcome. Building a system around them—I know the US intelligence services do that; they have a kind of whistleblower programme within the CIA and the Department of Defence that allows people to go to someone, somewhere, earlier on, to raise concerns—is the sort of thing you might be looking at. I think a whistleblower programme is an ISC recommendation, but it is certainly a Law Commission recommendation.