(9 months, 1 week ago)
Commons ChamberI beg to move, That the Bill be now read a Second time.
The first duty of Government is to keep our citizens safe. The United Kingdom faces an enduring threat from terrorists, hostile actors and organised criminal groups, and that threat is evolving and becoming more sophisticated. It is not enough for us to keep pace with those who would do us harm; we must endeavour to get and then stay ahead of them. The investigatory powers are the legal powers available to law enforcement, the intelligence services, MI5, the Secret Intelligence Service, GCHQ and other public authorities where appropriate to obtain communications and data about communications.
The Investigatory Powers Act 2016 provides a clear legal framework for the use of those powers, combining world-leading safeguards and oversight with giving agencies the tools they need to protect us. There is a double lock for the most sensitive IPA powers, meaning that an independent judicial commissioner must approve a decision by the Secretary of State to issue a warrant under the IPA. The use of any of these powers must be assessed as necessary and proportionate, with strong independent oversight by the Investigatory Powers Commissioner. The Investigatory Powers Tribunal provides a robust mechanism for providing redress in respect of any unlawful use of those powers.
The Home Secretary will be as aware as I am that very occasionally those in charge of our intelligence and security services do not act in the best traditions of this country in their offices, and I am thinking of cases such as Belhaj and Boudchar. Where people have been the victim of mistreatment—as a consequence of UK complicity with foreign powers, for example—should there not be a right for those people to have access to the information about that?
I listened carefully to the right hon. Gentleman’s point. I am not sure it is directly relevant to this matter, but I take on board the points that he makes. He will forgive me if I do not address them directly at this point; I want to consider them properly.
The IPA is sound legislation, but the nature of these threats has evolved since 2016, and we are confronted by greater global instability and technological advances, and they demand that we act. Terrorists, child abusers, organised criminals and malign actors from hostile states have exploited technological advances. Our job is to ensure that the UK’s investigatory powers framework remains fit for purpose. The changes that this Bill proposes were informed by the independent review of the IPA published by Lord Anderson of Ipswich in June 2023. The Bill received cross-party and Cross-Bench support as it passed through the other place. Every Government amendment was accepted, and I thank the members of the Intelligence and Security Committee of Parliament for the productive way they engaged with and helped to shape the Bill.
In particular, we have agreed to tighten the drafting of clauses 22 and 23 in line with amendments proposed by the Intelligence and Security Committee. Those changes put beyond doubt that the Prime Minister may delegate warrants for the purposes of obtaining communications of parliamentarians in two, and only two, exceptional circumstances: the personal incapacity of the Prime Minister and a lack of access to secure communications. There is also a limit of five Secretaries of State to whom this responsibility could be delegated in those circumstances. Further to that, in respect of new part 7A, parliamentary scrutiny will be enhanced through a statutory requirement for the Secretary of State annually to inform the Intelligence and Security Committee about the new regime for bulk personal datasets.
My right hon. Friend mentioned the ISC’s scrutiny of these matters. He will understand the concern about widening the number of people who can play the role previously played exclusively by the Prime Minister. I understand the reasons for that, but has he considered limiting that to those Secretaries of State who have warranting powers?
We looked at that. There is a balance to be struck, and actually the bulk of those Secretaries of State to whom the function could be delegated in those two exceptional circumstances do have warranting powers—I think the Secretary of State for Defence is the only one who does not. My right hon. Friend’s point is a fair one, but the scope of the Bill is not much greater than that.
As a member of the ISC, I welcome the Government’s acceptance of our recommendation. However, I would like to understand why they are not accepting our other, simple proposal: that when a delegation takes place, the Prime Minister would be informed about that afterwards.
I think it is inconceivable that the Prime Minister of the day would not be informed of the use of a delegated authority.
It is not about the Prime Minister not being informed about the delegation; it is about the Prime Minister looking at the case afterwards—they would not be second-guessing it, obviously, because it would already have been agreed. We suggested that, as a matter of course, the Prime Minister should be informed afterwards of the contents of that warrant. For some reason, the Government are resisting that. I cannot understand why.
I understood the point that the right hon. Gentleman was making—perhaps my answer was not clear—but I suggest that it is inconceivable that the Prime Minister would not routinely be informed of the exercise of this power. Ultimately, that is a level of granularity that would add complexity to the Bill without utility. But, as I have said, through the passage of the Bill thus far, we have listened carefully to the Committee’s suggestions, and although we may not always agree, I can reassure him, other members of the Committee and Members of the House that we will continue to act in listening mode in relation to the Committee’s suggestions.
On that point, will the Home Secretary give way?
I thank the Home Secretary for giving way. He mentioned listening to scrutiny by the ISC. The Joint Committee on Human Rights has issued a call for written evidence on the Bill, and as he will know from the human rights memorandum, the Bill raises important human rights issues relating to the rights to privacy and to freedom of expression, and possibly the right to an effective remedy. Will he therefore undertake to look closely at any correspondence that the Joint Committee might send him when we have completed our scrutiny of the Bill?
I reassure the hon. and learned Lady that we will do exactly that.
I turn to the measures in the Bill. We are creating a new regime for bulk personal datasets that have low or no expectation of privacy: for example, certain datasets that are widely publicly or commercially available. Bulk personal datasets are an essential tool to support our intelligence services in identifying fragments of intelligence within a large quantum of data, in order to disrupt threats such as terrorism and hostile state actors. The Bill seeks to create a new statutory oversight regime for how the intelligence services access and examine bulk personal datasets held by third parties. It will place that oversight on a statutory footing, increasing the transparency of the regime. The regime will be subject to strong safeguards, including the double lock.
We are also making changes to the notices regime that will help the UK anticipate and address the risk to public safety of companies rolling out technology that precludes lawful access to data. We want to work with those companies to achieve common goals, but we must have the tools available when collaboration falls short.
I know that the Home Secretary wants to make progress, but I am grateful for the opportunity to comment.
These reforms to the IPA are necessary to upgrade our world-class regime and ensure that our frameworks are kept up to date with evolving threats and, importantly, technology. We know that the terrorists, the serious organised criminals, the fraudsters and the online paedophiles all take advantage of the dark web and encrypted spaces: to plan their terror, to carry out their fraudulent activity and to cause devastating harm to innocent people such as children, in the field of online paedophilia. Does he share my concern and indeed frustration with companies such as Meta and Apple? The former has chosen to roll out end-to-end encryption without safeguards and the latter has rolled out advanced data protection, which will allow these bad actors to go dark, which will severely disable agencies and law enforcement from identifying them and taking action, and will enable—indeed it will facilitate—some of the worst atrocities that our brave men and women in law-enforcement agencies deal with every day.
My right hon. and learned Friend—and immediate predecessor—makes incredibly important points. Digital technology and online technology have been a liberator in so many ways, but, sadly, as has been the case with technology throughout time, it has also been used by those who would do people harm. Indeed, she mentioned in particular the harm done to children. We take that incredibly seriously. We value the important role of investigatory powers and will continue to work with technology companies—both those well established at the moment and those of the future—to maintain the balance between privacy and security, as we have always done, and ensure that these technology platforms do not provide a hiding place for terrorists, for serious criminals and those people taking part in child sexual exploitation.
The three types of notices under the existing IPA are data retention notices, technical capability notices and national security notices. Those notices must be both necessary and proportionate, and they are of course subject to the double lock. The Bill does not introduce any new powers for the acquisition of data. The changes are about ensuring that the system is up to date and remains robust. The Bill will create a notification notice allowing the Secretary of State to place specific companies under an obligation to inform him or her of proposed changes to their telecommunications services or systems that could have an impact on lawful access. This is not a blanket obligation, and it will be used only where necessary and proportionate, and then only on a case-by-case basis.
The notice does not give the Secretary of State any powers to veto or intervene in the roll-out of a product or services. It is intended to ensure that there is sufficient time for appropriate consideration of the operational impact of the proposed changes, and potentially for discussions with the company in question about them. The public, rightly, would want their representatives to know in advance if companies were proposing to do something that would put public safety at risk, and responsible companies will work with Governments to avoid endangering people, who are of course also their customers.
The Bill will also amend the IPA to require the company to ensure that existing lawful access is maintained. That means the company cannot legally take any action that would negatively affect the level of lawful access for our operational partners during the review period. In the other place, the Government tabled an amendment to allow a timeline for review of a notice to be specified in regulations. We also gave the judicial commissioner further powers for managing the review process. Taken together, they ensure that companies are clear on the length of time that a review can take, which reduces uncertainty for their business as well as providing greater clarity for the review process. In the other place, my noble colleague Lord Sharpe of Epsom also committed to a full public consultation before amending the existing regulations on the review of notices, and laying new regulations relating to the notification notices.
The Bill also clarifies the definition of a telecommun-ications operator, to make it clear that companies with complex corporate structures that provide or control telecommunications services and systems in the UK fall within the remit of the IPA. These changes do not directly relate to any particular technology, including end-to-end encryption, but are designed to ensure that companies are not able to unilaterally make design changes that compromise exceptional lawful access.
The Bill makes changes to the powers of public authorities to acquire communications data. Section 11 of the IPA made it an offence for a relevant person in a relevant public authority to knowingly or recklessly obtain communications data from a telecoms operator or a postal operator without lawful authority. The Bill will set out examples of the acquisition routes that amount to lawful authority outside the IPA, giving greater clarity to public authorities that they are not inadvertently committing an offence. Further targeted amendments will ensure that public sector organisations are not unintentionally prevented or discouraged from sharing data. Further changes will allow bodies with regulatory functions to acquire communications data.
The Bill also creates a new condition for the use of internet connection records—ICRs—by the intelligence services and the National Crime Agency. The IPA currently requires certain thresholds to be met on the known element of an investigation, such as exactly when a website has been accessed. That limits the ability of operational partners to use the ICRs to detect previously unknown criminals, terrorists or state threat actors who are acting online. The proposed measure will allow greater detection of high-impact offenders by removing the requirement to unequivocally know a specific time or times of access and service in use, and instead will allow these factors to be specified within the application.
I understand the use of the measure for the security services, but the Bill broadens the scope of how many people could be dragged into it. There is no judicial oversight of the Security Service or whoever is using it. The Bill states that the measure is for national security and economic wellbeing—that is a catch-all for quite a lot of things. Although the intent is right, there need to be some safeguards to prevent innocent people being dragged into that potentially broad measure.
I understand the right hon. Gentleman’s point. Innocent people’s data is often acquired in dataset capture, and it is always deleted. Economic wellbeing merely reflects the language that is used in other parts, for consistency across our various strands of work.
I thought we were here today to scrutinise the Bill. It should not be a chore for the Home Secretary to be asked questions. The definition of wellbeing could be quite broad. I understand the meaning of national security, as I think he does, and the House, but wellbeing could have quite a broad definition and I am not convinced that I have seen what it is. I am not sure that consistency with other legislation is a great argument for including it in this Bill.
The simple truth of the matter is that I disagree. In legislation of this nature, maintaining consistency of language with previous relevant legislation, including the Intelligence Services Act 1994, is incredibly important to clarity of intent. I recognise that the right hon. Gentleman has given thought to this, and we do not disregard his point, but we have thought through the importance of consistency of language, which is why we have maintained it.
A general listener to our proceedings might worry that the new powers could be used for fishing expeditions, rather than the very specific powers that they replace. Could the Home Secretary give some words of reassurance from the Dispatch Box that the broadening of bulk data collection without specific dates will not be used for fishing expeditions, which might affect the privacy of ordinary citizens who have done nothing wrong?
The hon. Lady makes an important point, but the powers could be applied to any bulk dataset collection, of which she knows there are many across Government. Provisions are in place to ensure that innocent people’s data is not held but deleted, and that our security services and other organisations that will utilise these powers always do so carefully and cautiously. There are relevant safeguards in place, as I have made reference to—the Investigatory Powers Commissioner and the tribunal—if there is wrongdoing. The proposals are put forward for a very specific reason. The Government have given thought to mission creep and broader expansion, and we feel that this is a modest extension that will give significantly greater protection to the British people.
As my hon. Friend the Member for Wallasey (Dame Angela Eagle) just said, we need to give confidence to the public that what we are rightly doing to protect ourselves has that level of security in it. There is no judicial oversight of internet connection records. If we are to give these powers to the Security Service—which I approve of—we should be able to say to the public that they are proportionate and that there is an independent process to ensure that they cannot be abused. Surely, judicial oversight throughout should be important.
The right hon. Gentleman specifically spoke about judicial oversight, but there is oversight—
There is oversight by the Secretary of State through the warrant process, and oversight of the whole process by the Investigatory Powers Commissioner. Through the Committee on which the right hon. Gentleman sits, there is oversight of the Secretary of State’s function.
I agree, and I support that oversight, even though this Government have not made our job on the ISC easy. Unless I am missing something, there is no judicial oversight of internet connection records in the Bill. If we want to give people confidence, that backstop of judicial oversight should be important.
As I said, I noticed that the right hon. Gentleman specifically said that there is no judicial oversight—
I am not disagreeing, but there is oversight. The Committee on which the right hon. Gentleman sits is part of that oversight process.
The Home Secretary has just touched on the importance of the oversight role of the ISC, particularly in relation to these additional provisions. I wonder whether he remembers the passing of the National Security Act 2023. During the final stages of that important piece of legislation, the Government tabled an amendment in lieu promising that they would progress a review of the memorandum of understanding within six months of the Act coming into force to ensure there was an updated and robust relationship between the ISC and the Government, and the Prime Minister in particular, the ISC having been unable to secure a meeting with the Prime Minister since 2014, remarkably. Given the nature of the ISC’s important role in these provisions, I wonder whether the Home Secretary could update us on that review.
That is not an element of this Bill. On a commitment for the Prime Minister to meet with the Committee, I will look at the details.
Will the Home Secretary give way?
I want to make progress to ensure that everyone who wishes to speak in this debate is able to do so, but I will give way to the right hon. Lady.
On that point, will the Home Secretary encourage the Prime Minister to go before the Intelligence and Security Committee at the soonest opportunity? My understanding is that that has not happened for 10 years.
I cannot make a commitment on the Prime Minister’s behalf. Members of the Committee will know that I appeared before the Committee in my previous role, and I think it is important that Government do make themselves available for this scrutiny. As I say, it would be inappropriate for me to demand of the Prime Minister attendance anywhere, but I will pass on the right hon. Lady’s point.
I will assist the Home Secretary with a little context. When I was a ranking member of the Intelligence and Security Committee between 2010 and 2015, it was a matter of routine that the Committee went to see the Prime Minister once a year, usually in the Cabinet Room. That stopped in 2014. Successive Prime Ministers have failed to reinstate it, although it must be said that the shortest-lived of them did offer to meet with the Committee, but sadly ceased to be Prime Minister before that became possible.
The lengths that some people will go to to avoid Committee scrutiny. I am trying to remember where I was; it has been such a long time since I looked down the page of this speech. All such applications must be necessary and proportionate and subject to independent authorisation or inspection.
The Bill will also strengthen safeguards for journalistic material within the Investigatory Powers Act’s bulk equipment interference regime, aligning it with changes to the bulk interception regime that are under way to ensure compliance with obligations under the Human Rights Act 1998. Prior judicial authorisation will be needed before material obtained through bulk equipment interference can be selected for examination using criteria where the purpose is to identify, or is highly likely to identify, confidential journalistic material or confirm a source of journalistic material. Prior judicial approval is also necessary before such material may be retained for purposes other than its destruction. The other measures in part 5 of the Bill will ensure that the resilience and protections of the regime are maintained and enhanced.
The Bill will also make improvements to support the Investigatory Powers Commissioner in effectively carrying out their role, ensuring that the world-leading oversight regime remains resilient, including powers to enable the IPC to appoint deputies, delegate some of their functions to judicial commissioners and the newly created deputies, and put certain functions on a statutory basis. The Bill will ensure there is a clearer statutory basis for reporting errors to the IPC.
I sense that the Home Secretary is coming to the end of his speech. We have mentioned parliamentarians and journalists, but I want to talk about another important group: trade unions. Some people fear that the Bill will open the door even further than its parent Bill on the surveillance of trade unions. Does the Home Secretary agree that there should be no place for the surveillance of trade unions in a democracy? If so, will he consider amendments to the Bill to ensure that that does not happen, including a redraft of clause 5?
I take the point that the hon. and learned Lady puts forward. There are a number of organisations not explicitly mentioned in the Bill where that argument could be made, and I am not sure it would necessarily be useful or right to list them all, but I will take on board the point she makes in good faith—genuinely.
The Bill will bring the Investigatory Powers Act up to date with the modern age, provide greater clarity, make the system more resilient and retain the world-leading safeguards of civil liberties and commercial integrity. Above all, the Bill will mean that the men and women who work so incredibly hard to keep us safe, often without recognition, have the tools they need to do so in the modern era. I therefore commend the Bill to the House.
I call the Opposition Front-Bench spokesperson.
The first duty of any Government is to keep their citizens safe—to defend our national security and defend our citizens against terrorism, extremism and serious crime. Labour always stands ready to work cross-party on national security to keep our country safe. It is why we are supporting this Bill today, why we will work with the Government to get the details right, and why we look forward to pursuing some of these issues in further detail in Committee. We recognise the important work that the Intelligence and Security Committee has done on this and that Lord Anderson has done in reviewing these areas; I pay tribute to his work, and to his previous work as independent reviewer. We also recognise the detailed considerations that have already taken place in the House of Lords.
It is vital that our intelligence and law enforcement agencies have the powers and capabilities they need to pursue terrorists and dangerous criminals, such as child abusers, and to keep the public safe. I pay tribute to the work of the intelligence and security agencies and to our counter-terror police for the immense work that they do. We are all indebted to them for their tireless and, by necessity, often hidden work to protect our country and defend our democracy and our freedoms from those who would seek to do us harm.
It is significant in the context of the Bill that the work of those agencies is about not just protecting our security, but defending our democracy. That is why it is so important that the powers they possess operate within a clear and strong legal framework with proper oversight and robust safeguards to prevent abuse or misuse. It is why the agencies themselves support having a strong legal framework in place. It is how we ensure there is consent and support for the essential work that they do. It is why this framework has to both protect privacy and protect us against serious threats, and why it has to defend both security and liberty—in a democracy, those go hand in hand. Strong powers always need to be accompanied by strong oversight and strong safeguards. That is why it is important we get the detail right. Just as we worked in a constructive cross-party manner on previous investigatory powers legislation and on the National Security Act, we will continue to do so on this legislation.
The reality that we all face is that threats to our national security are now more complex than ever: fast-changing challenges from home-grown extremism and radicalisation; a steep rise in state-sponsored threats from hostile foreign actors; the exponential growth in new technologies; the proliferation of serious crimes; and national security threats such as child abuse being perpetrated and spread online, putting young children and young people at terrible risk.
Within that rapidly evolving landscape, we obviously cannot allow our security services to be outpaced. We must ensure that the interception powers that our security services and police have to fight crime are updated to cope with rapid technological changes and changing threats. We must also ensure that the safeguards and oversight keep pace with changing powers, so that we continue to ensure, as is embedded in the legislation, that all measures are appropriate and proportionate when action is taken. That is why we rightly have, in the existing Investigatory Powers Act 2016, measures such as the double lock on some provisions relating to judicial commissioners’ approval and oversight; those, too, need to be updated in response to changing technology.
The Bill is necessary because technology is moving so fast. We now see serious crimes such as: child abusers using new and very different methods to share vile images of sexual assaults on children; extremists and terrorists using different and changing internet forums and encrypted messaging to find new ways to radicalise and organise; and serious and organised criminals using new applications to launder money and drugs, and to facilitate organised immigration crime that can put lives at risk. Clearly, that means the legislation needs to be updated. That is why we recognise the need for measures and the main provisions in the Bill—for example, on bulk datasets. We recognise the need for the Government to make changes to the existing framework, because agencies that are working at pace to intercept threats should not have to go through the same lengthy processes to use datasets that are widely available to the public and other commercial organisations.
In the other place, Members debated the importance of getting the threshold right and how the phrase “low or no expectation of privacy” should be interpreted. Those discussions will rightly continue in Committee. We will also continue to seek further clarification on the interaction of these reforms with some of the measures in the Data Protection Act 2018.
On internet connection records, the Bill reflects some of the recommendations made by Lord Anderson. This is a sensitive area and, rightly, there is a high test for important agencies to meet to access vital records, but there are also particular concerns around child abusers and terrorists being able to use new forums and communication channels where there should be the further ability to pursue action and intelligence leads. We recognise the importance of the issue, but also of ensuring that we get it right and frame the detail in the right way to ensure that we can protect vulnerable young people and children.
Ministers are right to ensure that Government Departments are not inadvertently prevented from the kinds of normal and routine legitimate exchanges of basic information by inadvertent coverage of previous legislation, and to ensure that appropriate safeguards are in place. We agree it is important that there are processes to ensure that security and intelligence agencies can anticipate technological changes that are coming down the track from major telecommunications companies and major commercial organisations that might potentially make their work more difficult or inadvertently put national security at risk. Rather than have everyone simply try to play catch-up in retrospect, including with criminals and terrorists who may exploit those changes, it is sensible to have in place in advance a process for constructive dialogue between companies and intelligence agencies to mitigate any adverse consequences for tackling serious crimes, such as child sexual exploitation. I hope Ministers will look at how far they can ensure that regulations to govern changes to the notices regime are properly consulted on, scrutinised and therefore set at the appropriate level, and that they continue to engage with technology companies on how they should be implemented.
We welcome the additional safeguards and the introduction of stronger oversight, including as a result of the discussions in the other place—for example, ensuring that more of the commissioners’ functions are put on a statutory footing; ensuring there is proper oversight of the use of third-party bulk personal datasets by intelligence services; and including additional protections, through Government amendment 45 in the other place, relating to confidential journalistic material and sources. We hope that that issue will be looked at further in Committee.
In the context of what the oversight arrangements should be, I ask the Government to look again at the role of the Intelligence and Security Committee. As a former member of the ISC—although that was now more than two decades ago—I can testify to the importance of the Committee and the seriousness with which all its members take their work. The Committee provides a level of oversight and scrutiny that cannot be provided in the normal way by other parliamentary Select Committees, due to the nature of the secret work our intelligence agencies need to do. It also performs an important role for Government. There should be the reassurance for Ministers that the work of the intelligence and security agencies is being appropriately scrutinised. The Government therefore need to look again at updating the memorandum of understanding for the ISC to ensure that it, too, can fit with the evolving landscape under the changes that are taking place, and to make sure that its remit can do so as well.
I will press the Home Secretary again on this issue. I understand that he cannot answer for Prime Ministers in a simple way, but I press him to take back to the Prime Minister the importance of recognising the serious role played by the ISC. It is not simply about the role of the Foreign Secretary or the Home Secretary; it is also about the role of the Prime Minister. There are powers that only a Prime Minister has and has to execute, as is reflected in the Bill. Therefore, recognition from the Prime Minister of the role of the ISC is important.
Finally, there is the complicated issue that Lord Anderson raised regarding the circumstances in which the Prime Minister’s unique powers can be delegated in the context of intercept warrants targeted at Members of relevant legislatures. There was a detailed discussion. Those warrants are rightly subject to a triple lock process which requires the authorisation of the Prime Minister. We recognise that the experience of covid and the hospitalisation of the then Prime Minister in 2020 gave rise to questions about what should happen in such circumstances and making sure there are proper procedures in place to ensure that there is no national security gap. Members in the other place were right to press for a tightening of those arrangements. That raises wider issues that the Bill cannot address: around what happens if there is a conflict of interest for a Prime Minister or circumstances in which a Prime Minister is accused of being careless on issues around national security. I do not think that that can be addressed by the Bill or perhaps by any legislation, but it is a salutary reminder to us all about the importance of Prime Ministers taking immensely seriously their responsibilities towards our national security and always behaving in a way that means that that can never be in doubt.
This should be a cross-party issue—a matter on which we all work together. I know that Members who are present this evening and have great expertise in this area will want to raise further questions about the detailed application of the Bill, and I hope that those will be considered in the same spirit that we saw in the House of Lords. Often in this place, the Government simply maintain their position and the detailed amendments are tabled in the Lords, but I hope that on this issue we will see the same spirit of cross-party discussion that we saw in the other place.
This is about ensuring that there is proper oversight and there are proper safeguards, but it is also, vitally, about defending our national security at a time of rapidly changing technology, when we all have grave concerns about the potential for terrorists, extremists and serious criminals to exploit that new technology to do us harm. We must all be vigilant, and ensure that the intelligence and security agencies are supported so that they can do the work we need them to do, on our behalf, to keep our country safe.
Let me say first of all that I am in favour of the Bill, which I think constitutes a sensible updating of the intelligence community’s powers in the ways that the Home Secretary and, indeed, the shadow Home Secretary have described. I am also in favour of the principle, mentioned by the shadow Home Secretary, that greater powers for the intelligence agencies should come with greater oversight of those powers.
I know that my colleagues in the Intelligence and Security Committee will want to focus on certain areas covered by the Bill. I want to focus my remarks on internet connection records, which are, of course, important pieces of intelligence. We are talking here about which internet sites were accessed and when, not about precisely what was viewed or what activity was carried out, but none the less this data can be of significant intelligence value. The Investigatory Powers Act 2016 allows for the obtaining of internet connection records data in certain circumstances. The circumstances on which I want to concentrate are those in which an intelligence agency is focused on the use of a particular internet service at a particular time and is keen to know the identity of the person or persons who have been using it at that time. This is covered by section 62 of the Act, which gives authority for an intelligence agency to obtain that information. The Bill seeks to broaden an agency’s power to act in those circumstances.
The law currently requires the agency to know specifically which service has been used, and specifically at which time it was used. Clause 15 seeks to extend that to allow the collection of ICR data to identify individuals using “one or more” specified internet services “in a specified period”. What that means, at least as the Bill is currently drafted, is that there is no apparent limit on the number of internet services that can be specified or on the length of the specified period, so the clause could allow an intelligence agency to collect ICR data on a large number of different internet services, and over a long period. That would inevitably involve data on the activities of a potentially large number of people, whereas the current law permits only examination of a specific service at a specific time, which carries much less risk of other wholly innocent and uninvolved individuals being caught in the net.
I do not suggest—and neither, I think, does the Intelligence and Security Committee—that the intelligence agencies do not need these wider powers. We do say, however, that this is a significant widening of their powers, and that it should therefore come with additional scrutiny from a judicial commissioner. I think we can deduce, not just from the debate in the other place, but from what the Home Secretary has said in this House and what other Ministers have said at other times, that the Government essentially have two arguments in response to that. The first is that this new power is not intrusive enough to merit extra oversight, as ICR data relating to those not subject to agency interest is not retained, and the second is that the power being proposed is no more intrusive than current powers to collect internet connection data.
On the first of those arguments, the fact that data is not retained does not mean that it is not intrusive to collect it. Many of our constituents would be concerned about their internet activity being scrutinised, even if no action were taken thereafter—and we should bear in mind that the Bill’s language does not limit that scrutiny to sites visited which are inherently suspicious. Even everyday online activity may be of interest in the case of individuals of concern, but this provision would mean that the everyday online activity of many who are not of concern will also be examined. That, we say, makes the provision worthy of additional oversight.
The second argument the Government might advance is that this is no more intrusive than current powers. That, I think, is true in terms of the depth of the intrusion—it is still the “when” and “where” of internet activity rather than the “what” that we are talking about—but it is not true in terms of its breadth. Many more people will be caught by it, and that is a significant and material increase in intrusion for the population at large. We therefore believe that the Government should think again, not about whether intelligence agencies should have these wider powers, but about whether there should be the involvement of external scrutiny to ensure that they are used properly.
There is only one other matter that I want to touch on briefly, and it has been mentioned already: the grounds on which powers such as these can be used. There are, essentially, three. First, they can be used in the interests of national security, and I have no argument with that. Secondly, they can be used in urgent cases to combat some forms of criminality. Thirdly, they can be used in the interests of the economic wellbeing of the UK, in so far as those interests are also relevant to national security. As the House knows, the last of those has long been controversial as an appropriate ground for action—and, of course, the more intrusive the powers that can be used with that justification, the more controversial it is. I think it fair to say that the ISC is concerned about its use in that regard, and I am sure the House will want to consider, as the Bill proceeds, whether its application to these powers and more generally is still appropriate.
Let me start with two thank yous. First, let me put on record my party’s gratitude to the intelligence services and law enforcement organisations that work so incredibly hard to keep all our citizens safe in the face of constantly changing and developing threats. Secondly, I thank all those who took part in the reviews of the 2016 Act that have informed the Bill. However, as Lord Anderson said in his own review, they should be a starting point for parliamentary scrutiny and debate rather than a finishing point.
Although any opportunity to revisit and improve the 2016 Act would generally be welcome, my party has serious concerns about certain provisions in this amendment Bill. In short, while it is constantly presented as “updating”, and as protecting and making efficient pre-existing powers, we fear that the reality is a very significant expansion of what are, we must remember, already extraordinarily wide powers by international standards. There are significant privacy and human rights risks, and the danger of increasingly widespread suspicionless surveillance. We fear that we may be handing invasive powers to intelligence and law enforcement agencies not because the powers are necessary or essential to their work but because they are convenient, and that is not striking the right balance.
All this is consistent with the very detailed and principled privacy and human rights concerns that my party raised in relation to the 2016 Act itself—particularly in the speeches made by my hon. and learned Friend the Member for Edinburgh South West (Joanna Cherry), who is here to take part in the debate again today. As will be the case today, we did not oppose the Second Reading of that Bill, but in the absence of important amendments, or concessions and reassurances—again, as with the 2016 legislation—we keep open the option to oppose the current Bill at a later stage.
Today I will focus on concerns relating to bulk personal datasets, and on notices relating to changes in telecommunication services. I will also briefly flag up our concerns about internet connection records and changes to the offence of unlawfully obtaining communications data. My party also believes that this Bill provides an opportunity to revisit the whole issue of snooping on parliamentarians, if we are bold enough to take it.
I shall turn first to bulk personal datasets and part 7 of the 2016 Act. In short, we struggle to see that the proposed changes have been shown to be necessary. We fear that they will instead create even larger gaps in the oversight regime in relation to these capabilities. A whole host of concerns arises in relation to the provisions of clause 2 and the concept of data in relation to which there can be
“low or no reasonable expectation of privacy”.
Bluntly, I struggle to see how a decision maker is supposed to assess people’s reasonable expectations of privacy, and when we say “people” we can be talking about hundreds or thousands of people or potentially several million people. Within that group of individuals there will be many varying attitudes to further privacy, and the data related to individuals could vary hugely from the mundane to the deeply personal. It may be that there is supposed to be some type of “reasonable person” test applied, but is that reasonable person black, gay, Jewish or indeed a trade unionist? How are potentially very different subjective attitudes to be accounted for? These might seem like odd questions, but the experience in the United States of America, where a similar test is involved, proves that these questions are very real indeed. Is it a general question of privacy in relation to the data or a more specific question of expectations of the use of that data by intelligence services? What precisely is low expectation? This seems to be an impossible assessment to undertake in any realistic or meaningful sense.
I thank my hon. Friend for his kind comments earlier. As usual, he is making a very forensic speech. On this issue of a reasonable expectation of privacy, does he agree that clause 2 and clause 11(3) seem to be based on a legal misunderstanding that people lose their right to privacy when they happen to share certain information with someone else? He will be as aware as I am that that runs contrary to the jurisprudence of the European Court of Human Rights and that, by contrast, the Court has actually said that privacy includes
“the right to establish and develop relationships with other human beings”.
Does he agree that it is important to ensure that this Bill is commensurate with our obligations under the European convention on human rights?
My hon. and learned Friend will not be surprised to hear that I completely agree with her.
In fact, that brings me to the next point I want to raise in relation to clause 2. As well as putting in place what I struggle to see as being a reasonably operated assessment, the clause raises concerns in relation to consistency with data protection legislation and with human rights obligations. The factors to be taken into account when undertaking that really difficult assessment do not even expressly include the sensitivity of the data in question, which surely should be central to any question of processing. That is an inconsistency with existing data protection principles and laws, and I agree that the compatibility of such provisions with our human rights obligations is also surely highly dubious. Just because someone has shared personal data does not mean that they automatically lose their right to further protection around how that data is shared and processed, especially when it is sensitive personal data, as my hon. and learned Friend has just said.
The role of judicial commissioners in this area is even further diluted, reduced to reviewing by judicial review standards whether datasets do indeed relate to data where there can be low or no expectation of privacy. Frankly, that is not a safeguard at all. At the very least, their role needs to be strengthened when the Bill is considered in Committee. We also need to seek assurances around how the Bill will impact on the reporting of the retention and use of bulk personal datasets. If large numbers are retained under category authorisations, we may not know how many datasets are actually being gathered.
Let me turn to various aspects of part 4, on notices. Again there are some controversial provisions, particularly in clause 21 and the requirement on selected telecommunications operators to inform the Secretary of State if they propose to make changes to their products or services that would negatively affect existing lawful access capabilities. That seems like an extraordinarily broad power, without anything remotely appropriate in terms of oversight and limitations. These powers are going to make the UK a real outlier. Essentially, the Secretary of State will be empowered to say to tech companies, “You are not allowed to improve your products without consulting us, so that we can still break in to access the data that we need and when we want it”. Despite what the Secretary of State says, taken together with other changes to review processes, such powers could easily be used to significantly delay, or de facto veto, updates to security, rendering everybody’s data more vulnerable to hacking by third-party actors.
That is simply incorrect, and I know that the hon. Gentleman would not wish to continue down a road that he knows to be incorrect. Let me just be very clear: this is a continuation of a power that was granted in 2016. The notice does not extend that power; it merely enables a conversation to begin with companies before any action is taken, to maintain an existing standard and not in fact to change it.
I am grateful for that clarification from the Minister, and we will of course engage further in this debate in Committee.
These concerns have been raised not just by me but by significant tech companies; this is not something that has come to me simply through perusing the Bill. The key question remains: why is there to be no proper oversight of these notices and notice powers by independent advance authorisation? Why is there not even the double lock that applies to other notices that can be served on communications providers under that Act? Surely that scrutiny should be carried out in advance. There are also lots of question marks around the expanded claims of international jurisdiction. How will potential conflicts of law be resolved, especially if a company subject to one of these notices that is contrary to its domestic laws cannot even say anything about it because it is bound to secrecy by this legislation? What are the prospects of other Governments copying what our Government are doing and seeking to replicate such provisions, and what would the impact of that be on UK companies?
Turning to internet connection records, the starting point is that we should remember that no other European Union or Five Eyes country permits the requiring of ICR generation or retention in relation to its own residents, so this was a hugely controversial development in the 2016 Act. As we have heard, ICRs can reveal huge amounts of deeply sensitive information about a person. For now, secret services can seek ICRs only when certain facts that are already known, such as the identity of a person connecting or the time and use of the connection, so that the retention is at least targeted in some way.
The risk in this Bill is that reasonable suspicion will no longer precede targeted surveillance. Instead, the Bill would seek to use ICRs for the discovery of new targets, which is a really significant jump and development. I can genuinely understand some of the reasons being offered for this change, and I am not unsympathetic to the case being made, but if these powers are not carefully circumscribed, they risk creating a big step towards mass surveillance and fishing exercises. We need to ask whether there are less invasive alternatives and whether these powers are therefore really necessary. Alternatively, we need to look again at the oversight mechanisms for the use of these powers.
We also have concerns about the Bill’s proposals in relation to the offence created by the 2016 Act, where relevant persons in a relevant public body knowingly or recklessly obtain communications data from a telecoms or postal operator without lawful authority. This Bill seeks to set out examples of what would amount to lawful authority, which is a laudable aim. However, there are real questions about whether some of the examples in clause 12 are not in fact redefining the concept of lawful authority. In particular, the assertion that there would be lawful authority simply because
“the communications data had been published before the relevant person obtained it”
is controversial. That is particularly so when
“‘published’ means make available to the public or a section of the public (whether or not on a commercial basis).”
As I said in relation to bulk personal datasets, limited publication is not authority for intrusive surveillance. Could a simple private message not amount to publication of comms data? The implications of this definition of lawful authority need very careful scrutiny indeed.
Finally, on the interception and hacking of parliamentarians, making provision for circumstances where the Prime Minister is unavailable to play his part in a triple lock seems sensible, but the fact that the issue of snooping on MPs and others is being revisited should trigger us all to rethink the whole scheme. Our role of representing our constituents, interrogating legislation and holding the Government to account should not be interfered with lightly. We should take the chance to consider post-surveillance notification of MPs who have been spied upon, by judicial commissioners, once investigations are completed. As matters stand at the moment, redress is almost impossible to obtain. We should also require that the investigatory power commissioners be informed every time these powers are used, so that there is transparency about how often this is happening. All other options should be on the table as well.
I started by thanking intelligence and law enforcement authorities and I am happy to do so again in closing, but our respect for them does not mean we should ever consider writing blank cheques or handing them whatever powers they ask for. They are not perfect. From time to time they exceed their powers and certain individuals abuse their lawful capabilities. The powers that they seek through this Bill are extremely invasive and broad in scope. There is a real danger that key provisions of the Bill will go beyond what is necessary and get the balance with privacy and human rights wrong. These provisions will need serious scrutiny and revision in Committee, and that is what we in the SNP will seek to secure.
Hegel said, “What is reasonable is real, and what is real is reasonable.” In facing the very real threats that pervade, it is certainly reasonable that we equip those missioned to keep us safe with the powers they need to do so. That is partly about putting in place a legislative framework that allows them to counter those threats, for we know what will happen otherwise. We sit in this Chamber graced by the coats of arms of our former colleagues Jo Cox and David Amess. We in this place know what it means when those missioned to keep us safe are unable to do so.
On that basis, I was proud and pleased to take the original Investigatory Powers Bill through this House—some veterans of its passage are in the Chamber tonight—and, in doing so, we were conscious of the need to strike a balance between, on the one hand, providing the powers and equipping the police and the security services with the necessary mechanisms to do their job and, on the other hand, retaining both the privacy of individuals and putting in place the necessary safeguards mentioned by the shadow Home Secretary, the right hon. Member for Normanton, Pontefract and Castleford (Yvette Cooper).
That balance was at the heart of our considerations then. I am conscious that I said in that debate:
“It is important to understand that privacy is at the very core of the Bill… The protection of private interests and the protection of the public are at the heart of all we seek to do”.––[Official Report, Investigatory Powers Public Bill Committee, 12 April 2016; c. 90.]
That remains so, but it is also important to recognise that we always anticipated that the legislative arena was bound to require a dynamic approach, of the kind we are discussing this evening, and that we would need to update the legislation to deal with the changing character of the threats I described. It comes as no surprise that the Government have introduced legislation to do just that, to add to what is already on the statute book and to make it more appropriate.
The right hon. Gentleman and I often crossed swords during the passage of the 2016 Act, but we have since reached a point of rapprochement on discovering our mutual passion for the importance of freedom of expression. From what he is saying this evening, I think we can also agree on the importance of privacy. Of course, that comes from the right to a private and family life under article 8 of the European convention on human rights. Does he agree that it is unfortunate, given this Bill’s huge implications for our constituents’ privacy, that the Government have decided not to conduct a privacy impact assessment? Surely such an assessment is vital, and it is perhaps something upon which he and I can again, rather unusually, agree.
Our agreements are becoming rather less unusual. I do not know whether that gives the hon. and learned Lady any pleasure, or whether it causes her pain. None the less, she is right that, when we consider such legislation, it is important that it is scrutinised to an even greater degree than we would normally expect in this place.
The 2016 Act was considered by three Committees of this House. It was subject to pre-legislative scrutiny by a Joint Committee of both Houses of Parliament and, indeed, the bulk powers, which have been mentioned, were subject to an independent review by David Anderson, who has since been elevated to become Lord Anderson.
The hon. and learned Lady is right that the need for scrutiny is profound, particularly when we equip organisations with extensive authority to invade private space. Of course, we will not know much of what they do. Many of the individuals involved in the security services and the police, and the work they do, are rightly unknown to all but a few, so it is all the more important that, in giving them such authority, we behave in the way that the hon. and learned Lady describes—I am now adding to the small, two-person coalition formed between us.
It is right that the legislation is updated to make it fit for purpose. The ISC, of which I am also proud to be a member, has been told of the need for urgent, targeted and necessary changes. When we consider this Bill, we should test whether its provisions are indeed urgent, targeted and necessary. I am not absolutely convinced that all we see before us passes that test, and I will say a little more about that when I come to clause 14 and its associated schedule.
There is more expertise in the Chamber tonight than I could possibly imagine but, by way of background for the wider audience, I will say a word about what the 2016 Act does and why this Bill therefore matters. The Act provides the law-enforcement and security services with the vital powers they need to keep us safe, and it does so in a way that is clear and transparent.
When we passed the Act into law, we ensured that the safeguard mechanisms were radically overhauled. The innovative double lock that we put in place was, at the time, unprecedented. As the shadow Home Secretary said, it does two things: it provides the necessary protection that she describes, but it also gives the security services confidence that what they are doing is not only authorised but thoroughly checked. It is also good for Ministers to know that the process has judicial oversight as well as political oversight.
There have been a number of changes since the Act was passed, both in the job done by the security and intelligence services and the police and in the reason they have to do that job, for the people who seek to do us harm are dynamic, too; they change what they do, and technology has also changed. All of that explains why this Bill is, in broad terms, welcome and necessary.
But the powers I describe are not given solely to the people I mentioned. They are also given to a number of other public bodies. This was debated at great length when the 2016 Act was considered in this place. These public bodies—ranging from local authorities to the Environment Agency, the Health and Safety Executive and all kinds of others—have proper legal functions. I am not debating that, but they are not quite of a kind with the security services and the police. To grant these bodies such intrusive powers was always controversial and, to put it mildly, was bound to give rise to some scepticism.
When Parliament considered the Act, we deliberated on that provision in great detail and took a very considered and cautious decision to restrict the use of the power, which we considered to be intrusive. As a result, the public bodies that I have described, including the Environment Agency, the Health and Safety Executive and local authorities, are required to take further procedural steps in order to compel the disclosure of communications data from telecommunications operators. They must obtain either an authorisation under the current IPA, a court order or other judicial authorisation, or regulatory powers in relation to telecommunications or postal operators, or they must obtain the communications data as secondary data as part of a valid interception or equipment interference warrant. So their ability to take advantage of the powers within the existing Act is both limited, particular and subject to those safeguards. The Bill before us seeks to remove that requirement for those further procedural steps in relation to a wide range of public regulatory authorities.
Worse still—I hope the Minister will correct this in his summation—we have yet to learn which those bodies are, as we have not seen a list of the authorities. I hope we will get that list, if not tonight—as it is a big ask for the Minister to read them all out in his 10-minute summation, I hope he will write to the House, and put a copy of the letter in the Library, explaining which bodies will enjoy those powers.
The Government’s argument for removing the restrictions I have set out is that a broader array of communications now fall into the category of communications data—the definition of communications data has broadened—and that a wider number of organisations now constitute telecommunications operators. As a result, it is said that the current restrictions prevent some regulatory authorities from acquiring the information necessary to carry out their statutory responsibilities. The problem with that argument is that unless we know what those regulatory functions are and unless we understand which bodies are involved in the supervisory functions, it is hard to know whether the changes before the House can be legitimised. I have no doubt that will be explored in Committee— I would be amazed if it is not—but it would be helpful if the Minister could be ahead of that further consideration and clarify which specific bodies will fall into this category.
As I said, the issue was highly scrutinised when we last debated these matters. At that time, the powers were tied to national security and serious crime circumstances only, to avoid impinging on the very privacy mentioned by the hon. and learned Member for Edinburgh South West (Joanna Cherry). For that reason too, Parliament granted the powers to a limited range of organisations. We should not brush that aside lightly. Colleagues will be aware of various reports of the intrusive use of investigatory powers by local authorities and other public bodies. The House would not be content to introduce sweeping powers for an unknown and potentially unlimited number of public bodies, when a previous Parliament decided that was too intrusive. I would like the Minister to satisfy the House about the necessity of the change, to specify to whom the change will apply, and to reassure us that there is no weakening of the core connection between the privacy of the individual and the necessary powers available to do what is legally right.
As I said earlier, in broad terms the Bill is welcome. It is important to understand that we need to update the legal framework in which those missioned to keep us safe operate, but the Bill can be improved during its scrutiny. I simply point out that when we debated the Act in its original form, we recognised that through scrutiny that Bill could be improved. As we continue consideration of this important measure, I hope that this Minister—one of my successors as Security Minister—will recognise the same.
In common with all the speakers who have made their contributions thus far on Second Reading of the Investigatory Powers (Amendment) Bill, I will not say that I oppose the Bill or that these powers should not exist or be updated in this rapidly developing area of technology. As others have observed, the rapidly evolving technology is creating threats about which we could not have dreamed when the original Act was introduced after an ISC report on privacy and security in 2015. Although the issues are evolving, some things stay the same, namely that in a democracy it is important that the security services and all the agencies, whether they relate to police or security, can be held to account by the democratic structures that are created to make our democracy real.
I emphasise a point that has not been stressed by others: we are living through an era during which authoritarian governments across the world are beginning to challenge the openness of democratic structures and test whether those who live in a democracy have the political will to maintain their democracy, keep it vibrant and protect it from threats. Against that background of being challenged—we do not have to look much further than Europe and the borders of Ukraine to see how some of those challenges are beginning to develop—we are being asked whether we rate the health and strength of our democracy enough to protect it. We are also being asked, which is the nature of this debate, to justify the powers we are giving to the security and police services to our constituents and those citizens of our country who wish to see their democracy protected, as well as having a proper balance between democratic oversight safety and the powers we give our security services to do their jobs.
As others have mentioned, there is a balance between the effectiveness and speed of those powers and the safeguards that this Parliament puts in place in order to ensure that there is proper oversight and use of them. We have heard how that balance and safeguarding has been developed in law. We are looking now at amendments to the existing law in order to update and modernise those powers to make them more effective, efficient and easier to use, and to ensure protecting our security, be it from criminality, terrorism, paedophilia or state actors who wish to our country harm, is balanced correctly with safeguards, openness and transparency oversight. Then we can protect our society and values, while respecting the privacy of every individual citizen who enjoys the freedom of living in our democracy.
The Bill seeks an expansion in investigatory powers and some of those powers available to agencies to deal with the evolution of this area. Our job, not only in the debate tonight, but in the scrutiny of this Bill in Committee, is to test and ask the appropriate questions about whether the right balance has been struck by Ministers and the relevant agencies in the extra powers that they want to introduce. As the newest member of the ISC, I believe that, as the investigatory powers evolve, it is also important that the powers of the Intelligence and Security Committee to do its job in these new areas are properly developed and resourced. I shall just leave that on the record. It is not a surprise to those who have read the Lords debates that this is an issue.
I draw attention to an area of the Bill where amendments were agreed in the Lords: what is known as the triple lock, rather than the double lock. That is the mechanism that protects the communications of Members of this Parliament and other relevant legislatures from being arbitrarily intercepted by agencies for no reason. In fact, it is part of the protection that one would expect in a robust democracy for those people who are elected to represent their constituents. They have a reasonable expectation, I think, to be allowed to go about their business without being subjected to that kind of intrusive power, unless there is an extremely good reason for it. Members will know that the underlying principle is that the communications of Members of this Parliament and other relevant legislators should be intercepted and read only where it is absolutely essential to do so—in the most serious of circumstances. In the Investigatory Powers Act 2016, which this Bill will change, Parliament recognised that that was an issue by adding a third layer of safeguards to the approval process for warrants for targeted interception and targeted examination of communications. Those warrants are issued only by a Secretary of State and reviewed by a judicial commissioner, which is the double lock, but they are also approved by the Prime Minister personally. As my right hon. Friend said from the Dispatch Box, there is an issue if the Prime Minister is unavailable to do that. It is important that there is not a gap in security protection, which would happen if the Prime Minister is unable to be the third part of that triple lock.
Nobody disagrees with the idea that that process should be made more robust, but there is also an issue about how wide the power to issue that final approval—currently, that final approval rests only with the Prime Minister—should go. There were debates about that when the Bill went through its stages in the other place. The question of balance is how the new Bill deals with ensuring that the triple lock is robust while not creating a lacuna should the Prime Minister be indisposed and unable to issue warrants without that power going too wide. The ISC supports the intention behind this, which is to provide resilience around the current arrangements. It is important that the Prime Minister is the person who approves these things, but this may affect the operations of the intelligence agencies when they are seeking a targeted interference or a time-sensitive warrant. None the less, there was agreement that, in truly exceptional circumstances, it may be appropriate for a Secretary of State to temporarily deputise for the Prime Minister. The Committee considered that it was important that decisions in this area should be delegated only in the most exceptional circumstances, and delegated only to a limited number of Secretaries of State who are already responsible for authorising relevant warrants. We want the Prime Minister to retain sight of all warrants relating to Members of a relevant legislature. Most of that was agreed in the other place, although there is an issue about whether the relevant Secretaries of State—there can be up to five of those—are ones that already issue warrants.
I was a little taken aback that the Home Secretary just assumed that, once these had been agreed by a substitute, they would automatically be reviewed by the Prime Minister. Clearly, that is a big assumption. Does my hon. Friend not think that it would be better if we put it in the Bill that the Prime Minister had full oversight of this warrant?
Clearly, putting such things in the Bill is often an important safeguard. Certainly, I do not understand why the delegation of these powers should not be limited to Secretaries of State who also issue warrants. I do not quite understand why there is an obsession with five Secretaries of State. We could have four and still have robust oversight.
Is the hon. Lady aware that the Wilson doctrine is still in operation? This came about in the ’60s and ’70s when Harold Wilson, the Prime Minister of the day, gave an undertaking to this House that the mail of Members of Parliament would not be routinely tapped; it would happen only in exceptional circumstances. All this triple lock is doing is putting that doctrine on to a statutory footing.
I thank the hon. Gentleman for his comments. Obviously, the Wilson doctrine is in the previous Investigatory Powers Act. However, given what happened with the incapacity of the Prime Minister during the covid pandemic, we are seeking to tweak it. It seems sensible to do so, but we need to tweak it in a way that is as narrow as possible to ensure that there is no lacuna in protection.
I wonder why this idea of five Secretaries of State is so important. I also wonder why we cannot restrict the Secretaries of State who could operate in place of the Prime Minister in this very particular circumstance to those Secretaries of State who also issue warrants, and why that cannot be on the face of the Bill. I hope that, in his response, the Minister might have some contribution to make about why the Government are sticking on this particular issue, given that everyone understands how important it is to have resilience. But the resilience that the ISC is seeking is slightly stricter than that which the Government seem to wish to grant. It would be helpful for Committee stage if the Minister explained why that is.
It is important that our discussions on particular bits of the Bill, which we will have in Committee, are seen in the context of a widespread acknowledgement that we need to ensure that the investigatory powers to which the Bill relates are updated, and continue to evolve, to make them relevant, and efficient and effective to use. At the same time, any expansion in investigatory powers must have particular safeguards and oversight in a democratic country, so that we can assure our constituents that it is being done in the interests of preserving our democracy and ensuring that we can protect the population from growing and ever-evolving threats, be they of terrorism, state actors or crime, and that their human rights and rights to privacy are still appropriately protected with proper oversight, which of course the ISC is an important part of.
It is a pleasure to follow the hon. Member for Wallasey (Dame Angela Eagle). As she mentioned, she is the newest member of the Intelligence and Security Committee, but that has not prevented her, as we have seen this evening, from already making a valuable contribution to our work. As Chairman of the ISC, I will set out the Committee’s view of the Bill as a whole, based on the engagement that we have had with the intelligence community, and with the Government more broadly, on the legislation. In doing so, I pay particular tribute to our member in the other place, the noble Lord West of Spithead, who has already clearly set out our Committee’s position there, and had success, in at least one respect, in obtaining an improvement to the Bill. In looking at the Bill as a whole, I will also touch on one other specific matter in addition to those that my colleagues have tackled individually.
As right hon. and hon. Members on both sides of the House will be aware, the original Investigatory Powers Act was introduced as a result of the Intelligence and Security Committee’s 2015 report on privacy and security. The report recommended the creation of a new Act to set out clearly: the intrusive powers that are available to intelligence agencies; the purposes for which they may be used; and the authorisations and, crucially, the oversight that should be required. There have, however, been a number of developments since the Act was introduced. As the Home Secretary said in opening the debate, we now face a different threat picture, with greater danger from state actors, a significant rise in internet-enabled crime, and an ever-accelerating pace of technological change.
The ISC has therefore made time to consider and scrutinise the case for change put forward by the intelligence agencies and the Government, and to take classified evidence on the Bill. I can tell the House that, broadly, the Committee welcomes the Bill as a means of addressing those developments that have the potential to undermine the ability of the intelligence agencies to detect threats and protect our country. However, as we have heard, there are several areas in which the Committee considers that the Bill goes too far. In particular, it does not yet provide the safeguards and oversight that are so essential when it comes to secretive actions that have the potential to intrude on a great many people.
The Bill seeks an expansion of the investigatory powers available to various public bodies. The Committee is in agreement that, at least in the case of the intelligence services, that is justified, but we are still sceptical—this was eloquently presented in more detail by my right hon. Friend the Member for South Holland and The Deepings (Sir John Hayes), who took the original legislation through when he was Security Minister—of the broad way in which some powers have been restored to an unknown number of as yet unidentified public bodies through clause 14. Any increase in investigatory powers ought to—indeed, must—be accompanied by a concomitant increase in oversight. That is a very basic principle that Parliament has always expected to be followed. By oversight, I do not just mean parliamentary oversight as exercised by my Committee, but robust ministerial, judicial and regulatory oversight too. During the passage of the Bill, Members of the Intelligence and Security Committee will seek to ensure the inclusion of necessary safeguards and sufficient detail on those safeguards.
The Bill deals with a number of technical areas, where it is right that the necessary guidance is provided in codes of practice. However, matters that deal with procedural safeguards or external oversight must be on the face of the Bill to ensure that they are adhered to and cannot be changed or watered down without Parliament being consulted.
I am sorry to say that in recent years the Government have been reluctant to ensure that democratic oversight keeps pace with intelligence powers, particularly where it is related to the remit and resources of the ISC, which have been increasingly undermined in a way that I believe Parliament never intended. It is therefore imperative that Parliament ensures that the safeguards and scrutiny provided by the ISC and other external oversight bodies, such as the Investigatory Powers Commissioner, are clearly set out and cannot be discarded on a political whim. That means putting them in the legislation itself. Fine words in a code of practice are, I am afraid, not worth the paper they are written on; the statute must include everything that is needed to provide Parliament and the public with the necessary assurance that investigatory powers are tightly drawn and robustly scrutinised.
The Committee therefore expects the Government to take this opportunity to bolster the effective oversight that they keep saying they value. Actions speak louder than words, as is often said, so I look forward to hearing the Minister’s assurances in his response to our interventions. I hope that he will be able to find a solution both to the individual aspects of the Bill that continue to be raised, and to our overarching concern about the diminution of parliamentary powers in respect of national security.
I would like to highlight one particular issue, which concerns my colleagues on the ISC and myself, relating to the oversight requirements for the retention and examination of bulk personal datasets. The Bill will insert new section 226DA into the Investigatory Powers Act 2016 to require each intelligence service to provide the Secretary of State with an annual report detailing the individual bulk personal datasets that they retained and examined under either a “category authorisation” or an “individual authorisation” during the period in question.
In the upper House, Lord West, on behalf of the Committee, tabled an amendment that was designed to ensure that there is independent parliamentary and judicial scrutiny, too—I emphasise that—of this information, rather than just political oversight. The amendment would have achieved that by providing that the annual report that the Government propose be sent to the Secretary of State should also be sent both to the ISC and the Investigatory Powers Commissioner. One would think that that was a pretty reasonable request. Such a measure would rectify the current gap in parliamentary oversight of these authorisations and complement the commissioner’s existing powers of inspection to provide oversight at all levels.
Unfortunately, the Government did not accept the amendment. However, they did at least acknowledge that the gap existed and that some level of parliamentary oversight of the new regime was needed. The Government therefore introduced their own amendment, which, rather than providing the ISC with the same report that they are providing to the Secretary of State, places an additional duty on the Secretary of State to provide a separate report to the ISC. Notably, even this secondary report would not be provided to IPCO. That Government amendment is now proposed new section 226DB.
Although we are reassured that the Committee’s strength of feeling, which was matched by the feeling of noble Lords in the upper House, has been recognised by the Government, what concerns the Committee is why the Government have chosen to craft a separate amendment requiring a separate report to be drawn up.
There are three key differences of which the House will wish to be aware between the proposals of the Committee and those of the Government. The first is that the Government’s proposal will actually create more work for the intelligence community because, instead of simply sending the existing annual report to the ISC, it will have to produce an additional report. That seems entirely at odds with the Government’s general approach to the Bill. The Minister in the upper House was keen to emphasise the need to minimise the burden on the agencies when it came to other elements in the Bill, so it is most peculiar that the Government are deliberately choosing to increase the burden unnecessarily.
The second difference is that the Government proposal excludes the Investigatory Powers Commissioner completely, and it is not clear why. Oversight by the commissioner should be regarded as essential, because that is what it is.
The third and most important difference is that the Government amendment is less specific on the information to be provided to the Intelligence and Security Committee, and does not include individual authorisations within its scope, only category authorisations. It therefore does not provide the same level of assurance to Parliament and the public that the ISC will be fully sighted on the operation of this new regime. It is that final point that is causing us most concern. I therefore seek assurance from the Minister that the Government proposal will not limit the information received by the ISC to category authorisations, and that all the information contained in the report to the Minister will be contained in the report to the ISC, unless it is material that falls strictly within the definition of current operations at the time at which the report is provided, which we accept is the one thing that we do not generally see. That definition should be strictly as set out in the Justice and Security Act 2013. Any excisions beyond that would undermine what we presume is the intent to provide assurance to Parliament and the public that the regime has robust democratic oversight.
Finally, I simply reiterate the key point: the Bill seeks an expansion in the investigatory powers available to the intelligence services. Although that expansion may be justified, any increase in investigatory powers must be accompanied by a concomitant increase in oversight, and the Government have not yet fulfilled that requirement.
Let me start by thanking our security services. I think I am now the longest-serving member of the ISC, and it is a privilege to work with them and scrutinise their work, as our Committee does. They do not get a great deal of publicity—for the right reasons—but when they do, it is sometimes not factual by any stretch of the imagination. They do an invaluable job, and in protecting our democracy, the threat that they face—that we all face—is changing, so the Investigatory Powers Act 2016 needs revising.
As my hon. Friend the Member for Wallasey (Dame Angela Eagle) said, the important point is that any new powers that we give the security services to act on our behalf should come with an equally balanced level of scrutiny and oversight. I see the scrutiny of our security as like a three-legged stool, with the Investigatory Powers Commissioner, the Investigatory Powers Tribunal, and the ISC. Well, actually, I would say that it is more like a two-and-a-half-legged stool, because the Home Secretary has done what most Ministers do; they say how wonderful the ISC is, how much they value our work, and that they want us fully involved—in passing this legislation, for example—but since 2017, when I first sat on the ISC, there has been a marked increase in lip service paid to it, as I think we see again in the Bill. As my right hon. Friend the Member for Normanton, Pontefract and Castleford (Yvette Cooper) said, we have not met the Prime Minister for 10 years—any of them; I think we had one who offered to come in the dying days of her Administration. We have taken evidence from the security services on the Bill, and I have to say that they are not the problem: it is the Government who are the problem all the time. That was the case with the National Security and Investment Act 2021. Frankly, it is an uphill struggle to get things changed in this Bill—changes that would not only improve the Bill, but make sense. One has just been highlighted by the Chairman of the ISC, the right hon. Member for New Forest East (Sir Julian Lewis).
On occasions, it is a bit like going round in circles. I will give an example. We have actually made one little advance in the other place, in terms of acceptance of the changes to do with the triple lock. Now, though, the sensible thing we are asking for—that it should be in the Bill that the Prime Minister should actually see those warrants—is being resisted as though it would somehow stop the world. I am sorry, but I do not think it would. I think the Government believe that they have to be seen to be resisting any changes. I like the Minister, but the passage of the National Security and Investment Act was a pretty dark day for the Government’s relationship with the ISC, because we had to fight tooth and nail to try to get anything changed in that Bill.
I think the Minister was, actually. I think he picked up the tail end of that Bill.
The ISC has looked at this issue in detail. We have taken evidence from the heads of the security services, and we want to be supportive of change, but we also want that important role of scrutiny and ensuring the public are protected from the occasions when things might go wrong. The other thing that struck me today is that, although the Home Secretary can read a good speech, I am not sure he had a great grasp of some of the detail of the Bill. All I ask of the Minister is to please take on board some of the things we are saying, so that we can make progress in Committee. They are not radical things that are going to upturn the Bill; they are things that will improve it. I suspect that in certain parts of the Government there is a hatred of the ISC, and the belief that we have to be resisted at all costs. That will lead to a poorer Bill, because the amendments we will be tabling would actually improve the Bill. Lord West also did a great job in the other place.
I now turn to clause 2 of the Bill, which introduces the bulk personal data regime. There is a worrying gap: oversight of what are deemed low or no privacy datasets added to category authorisations. At the moment, the system does not work, because things like the electoral register have to get special permission. That is silly, frankly, but we need to ensure that these provisions are scrutinised.
New part 7A of the Investigatory Powers Act 2016, introduced by clause 2, provides for a light-touch regime for the retention and examination of bulk personal datasets by the intelligence services where the subject of that data is deemed to have low or no reasonable expectation of privacy. As the hon. Member for Cumbernauld, Kilsyth and Kirkintilloch East (Stuart C. McDonald) said, people are increasingly giving their personal data with little thought to how it is going to be used—not just by the intelligence services, but for commercial purposes. That needs looking at.
Approval of such a dataset will be sought either under a category authorisation, which encompasses a number of individual datasets that have a similar content and may be used for a similar purpose, or by individual authorisation, which covers a single dataset that does not fall neatly into a category authorisation or is subject to a complicating factor. For a category authorisation, a judicial commissioner will approve the overall description of the category authorisation before it can be used. A judicial commissioner will approve renewal of the authorisation after 12 months, and the relevant Secretary of State will receive retrospective annual reports on the use of category and individual authorisations.
However, as the Bill is currently drafted, this oversight is all retrospective. The problem is that what is missing is real-time or even near real-time oversight of changes. Under the present regime, once a category authorisation has been approved, the intelligence services have the ability to add individual datasets to that authorisation through internal processes alone. They examine the dataset without being subject to any political or judicial oversight, and they would be able to use those datasets for potentially a year without anybody being any the wiser.
We do not question why the security services need these powers, but there is potential for mission creep without any oversight of what is being authorised. We are not saying that these powers are not required; they are required. What we are really being asked to do is rely on the good faith of the intelligence services to use the powers in a certain way. I do not think that is strong enough, and no legislation should be solely dependent on good will. We also have to guard against—there are such occasions—situations when mistakes happen or people use powers for purposes that are not in the public interest.
It is important that we fill this 12-month gap, and the ISC thinks that the easiest and simplest way to change this process would be for the Investigatory Powers Commissioner to be notified when an individual bulk personal dataset is added by an agency to an existing authorisation. I understand that Lord Anderson of Ipswich, in his review of 2023, recommended a similar proposal. The argument from the Government—it is similar to what they have used throughout this Bill, as the Committee Chairman has remarked—is that that will be onerous in adding to the work of the intelligence services. Well, it would not, because it would simply mean sending a one-line email to the Investigatory Powers Commissioner containing the name and description of the bulk personal dataset as soon as reasonably practicable.
The decision would be approved internally and then sent to the Investigatory Powers Commissioner, so it is not actually asking for approval. It is just making sure that the Investigatory Powers Commissioner is aware of what is being added, and that the individuals taking such a decision realise that they must inform the Investigatory Powers Commissioner. That would obviously allow the Investigatory Powers Commissioner to look at trends in what is happening. Clearly, after the 12 months, they could look back, but they could also intervene if they thought something was not in touch.
An argument the Government use quite often about this Bill is that it is to have a light-touch approach, and I think this suggestion is for a light-touch approach. I do not know what is onerous about the security services sending an email to the Investigatory Powers Commissioner. I think it would ensure the oversight that is needed. Real-time oversight is what we are suggesting, and I do not think it would add to the administration of the security services, but it would lead to the Investigatory Powers Commissioner at least having some visibility on another layer at which decisions are taken.
The proposal would be a very simple thing to do, and I do not understand why the Government are resisting it. I suggest they are resisting it for the many reasons they have resisted some of the other sensible things we have put forward: just because they want to do that. I do not know how we go forward with the relationship between this present Government and the ISC. Dragging information out of them screaming and kicking is taking a long time, even though we have a legal duty to get information, and the critical point now is the starvation of resources from the Committee which is creating real problems in the way that it can operate.
I hope that things change and that when we table amendments we will not get the usual response that amendments to this type of legislation should only be done in the Lords. Are we here to cause trouble for the security services? No, we are not; we want to ensure we do our job, which is set out in statute, to supervise the security services and improve the powers, but to ensure that the public have the recognised safeguards we should expect in a democracy such as ours.
Unlike most Members present, I am not an expert on security. We in this House often have to be generalists. We are here to participate in debates, to understand legislation and to raise concerns where we see them. Like all Members who have spoken before me, I would like to put on the record my deep gratitude to our security services; I regard them with the highest respect. We all regard them with the highest respect and within that there is a slight danger: we respect them and admire their work so much that we are almost always going to grant them what they want. That is a danger, because our duty is to scrutinise what people want and, as the right hon. Member for North Durham (Mr Jones) has just said, not to create trouble but to raise questions of concern. I know these questions of concern will be well received by the Minister on the Front Bench, who thinks deeply about these matters and is also a good friend of mine.
I will be brief because we are coming to the end of the evening, but I want to look at clause 15 and internet connection records. The general rule of investigation is that suspicion precedes surveillance, so if there is good reason to believe that someone is up to mischief, we can start to look at them more closely; we can conduct surveillance to see if our concerns are factually based. The problem with the recommendation in clause 15 is that it allows for target discovery as opposed to target development. If I have got this wrong, I am happy to take an intervention, but what target discovery means to this layman of security matters is possibly going on fishing expeditions—just looking out there to see what is going on and processing enough data on enough people. As my right hon. and learned Friend the Member for Kenilworth and Southam (Sir Jeremy Wright) said, people who are perfectly innocently going about their business will get caught up in this data-processing machine just to make sure they are not up to anything nefarious, dangerous or unpleasant. That causes me some concern.
I do want bad people to be caught—I benefit from the capture of bad people; my constituents benefit from the capture of bad people—but surveillance always needs to be proportionate and risk-based, as the hon. Member for Wallasey (Dame Angela Eagle) said in her speech. Freedom is important. One of the most ridiculous constructs in the English language is “Nothing to hide, nothing to fear”, because if people saying that genuinely believed it, they would not have any curtains in their home.
The truth is that we like to think that we have private space in which to operate and go about our legitimate business without the state taking a view that we are up to mischief or might be up to mischief. I know that point was touched on in previous speeches. I think the Chairman of the Committee, my right hon. Friend the Member for New Forest East (Sir Julian Lewis), who is also a good friend, touched on it. Sometimes it is difficult to keep up with experts, but he made it clear that the Committee has concerns about these new powers.
I said I would speak briefly, so I will just close on this point. There are people in this country who like to protest and, frankly, often get in the way of other people, but what they are doing is not illegal. I would hate to think that people within those organisations might end up having their internet records checked out, just to make sure that they were being good citizens. I remember that during the debates on covid-19 perfectly respectable, hugely respected scientists and respected Members of this House were raising concerns about Government policy on lockdowns. I am not saying that the security services were keeping tabs on their interventions, but we know from subject access requests that people in Government were keeping tabs on these people, as if what they were doing was against the interests of the state. That is why I raise my concerns about the clause. I hope the Government will bring forward amendments, but if they do not, I hope they will not be too offended if I perhaps bring forward some amendments on Report.
First, I thank all right hon. and hon Members for their contributions. This is a complex issue, and that is clear from the level of scrutiny and debate we have seen thus far. The Bill seeks to find a balance—the shadow Home Secretary referred to that very word, “balance”—between necessary investigatory powers and not having a Big Brother, nanny state.
I thank, as others have done, the security forces and those involved in the intelligence sector for all that they do, their work and their commitment and dedication to the job, which have made all our lives safer. Many in this House—I know a few, anyway—could say that they owe their lives to them, and I would be one of them. I thank them very much for all they have done.
I am keen to see work on international terrorism. I was talking to my friend, the right hon. Member for North Durham (Mr Jones), about how international terrorism works. The Real IRA has contacts in the middle east and eastern Europe. It has contacts where all evil organisations come together, because their ultimate intention is to create havoc and murder innocent people. This Bill is important, because it can address terrorism in Northern Ireland and its contacts with international terrorism. I hope and pray that the work will be successful. As someone who has lived through years of terrorism, I am well used to curtailed freedoms, with checkpoints and stop and search. I have understood the necessity for that and have been thankful for those protections. Let me be clear: I have no issue whatever with this Bill in principle, but I have some questions for the Minister.
Various constituents have contacted me to express concerns, and I want to put those on record, ever mindful of supporting the Government on this issue as measures come forward. I will take a few moments to seek some clarification. First, a concern has been outlined to me about having a notification requirement to require operators to inform the Secretary of State if they propose to make changes to their products or services, and I am sure that other Members have received that briefing. Open Rights Group states:
“While this objective may appear to be reasonable, it would allow the Home Office to prevent secure services from launching in the UK, even where they are rolled out elsewhere. This provision would allow the Home Office to place itself in a position of power over the provider as soon as it hears about the possibility of data being less accessible than it is currently. This situation would take place without reference to an independent authority to assess the rationale or proportionality. Such a move might not be proportionate, for instance, if the security technology had already been introduced safely and with demonstrable benefits to users in other parts of the world.
Open Rights Group is concerned that these powers could deny people the access to technological developments upon which people’s free expression and right to privacy rely. For example, major tech providers such as Apple have stated that they would pull certain services from the UK rather than compromise their security if this power was used to prevent them from rolling out security updates.”
I gently ask the Minister to be clear about why the presumption should not be made in the manner I outlined and what discussions have taken place to ensure that providers such as Apple can work securely in the UK. The right hon. and learned Member for Fareham (Suella Braverman) referred to the dark web and all the things that can happen in it. It is really important that the dark web is taken care of in this legislation.
Also highlighted to me were end-to-end encryption issues and the inability of service providers to see service users’ content in their apps and systems. I am not a technical whizz kid; I am the very opposite. I am of that old generation who can just about do text messages on their phone and turn on Zoom meetings, but if something goes wrong, I am lost. When it comes to technology, I am not au fait with it, but I do know this. I understand the need for people with no question mark above them whatsoever to know that their messages are private and that the Government are not storing information—that could be accessed by others—on them for no reason. It is important that that never happens.
Data breaches affected staff in my office when my accounts in the House were hacked in the last fortnight. We let the security people know, and I understand that it is not unusual for it to happen, but when it does and people’s content is accessed, it is important that such breaches are taken care of. We have also had the breach of data on police officers in Northern Ireland. Those are both testament to the fact that breaches occur. Therefore, only what is essential should ever be gathered and stored. Reference was made to the need to have robust monitoring and regulation. If that had been in place, the Police Service of Northern Ireland data breaches, which I think disadvantaged more than 3,500 people, would never have happened.
While I cannot browse and shop online—I have no interest in doing so—watch TV programmes online or do any of those other things, I do believe that there is a need for privacy. My concern is that the Bill is encroaching too far on those whom the Government have no reason to hold data on. I ask the Minister again to make it clear why any online search history should be stored. These are gentle questions—they are not meant to be intrusive or aggressive—but it is important that I put these matters on the record on behalf of the constituents who have contacted me.
I highlight the concerns of my constituent that the Bill’s proposed measures are poised to
“profoundly impact political dissidents and opposition figures residing in the UK. Refugees, political exiles and human rights advocates who have sought refuge in the UK deserve the assurance of digital safety and security.”
I seek that assurance for those who have fled offensive and oppressive regimes and sought refuge in this great United Kingdom of Great Britain and Northern Ireland.
I would further appreciate an insight into how we can ensure that there is freedom to express opposition, yet not see harmful rhetoric. That balance is clearly difficult to reach. I seek the necessary clarification that we have struck that balance. I very much look forward to hearing from the Minister, because I believe that his response will encapsulate the questions we have asked and give us the answers that we desire.
The Investigatory Powers (Amendment) Bill is a technical but important piece of legislation that, as my right hon. Friend the shadow Home Secretary said in her opening remarks, we support. We support the Bill, which updates aspects of the Investigatory Powers Act 2016, because it is imperative that legal frameworks are updated to ensure that our security and law enforcement services keep up with changes to communications technology in an increasingly challenging and complex landscape of threats to our safety and our national security.
At the outset, let me pay tribute to the exceptional men and women who serve in our law enforcement and security services, often in the shadows and without recognition, to keep our country safe. We owe them all a deep debt of gratitude. I also thank officials at the Home Office, who have provided very helpful briefings on the Bill to the shadow Home Office team. I hope that the Minister will join me in paying tribute to our noble colleagues in the other place, especially Lord Anderson, Lord Sharpe, Lord Coaker, Lord Ponsonby and Lord West, among many others. They have already done a lot of the intellectual heavy lifting, digging into the technical details of the Bill to improve it ahead of its Second Reading today. Those contributions are most welcome, but the Bill still needs to be scrutinised in more depth to probe any remaining ambiguity and ensure that safeguards are strengthened. I will say a little more about that later.
As the shadow Home Secretary said, the Opposition will work in the national interest with the Government on national security because, as legislators, we all have a duty to ensure that the law is one step ahead of those who seek to harm us. As lawmakers, we have a duty to ensure that when technical Bills are before us on matters relating to national security, we scrutinise them carefully and get into the detail. Members on both sides of the House have fulfilled that important duty with a number of thoughtful and considered contributions in this debate, including the right hon. and learned Member for Kenilworth and Southam (Sir Jeremy Wright), who spoke, as always, with great authority and made important points about oversight and the interests of economic wellbeing. I am certain that we will return to those in Committee.
The right hon. Member for South Holland and The Deepings (Sir John Hayes), a former Security Minister, helpfully reflected on his experience of taking the original legislation through the House back in 2016, and made some important points about the role of public bodies. My hon. Friend the Member for Wallasey (Dame Angela Eagle), the newest member of the ISC, made an important point about the context in which we are having this debate, with authoritarian regimes around the world constantly seeking to test the will of democracies. She also made an important point about the balance between safeguarding our security and oversight and transparency.
The chair of the ISC, the right hon. Member for New Forest East (Sir Julian Lewis), spoke with his long-standing experience of these matters, and expressed clearly the view of the Committee. He made a number of important points, including about the safeguards that he will seek to include in the Bill. I am sure that we will return to that. He also made the important point about any increase in powers coming with an increase in oversight—a point reiterated by my right hon. Friend the Member for North Durham (Mr Jones), who I think is the longest serving member of the ISC. He spoke about the two-and-a-half legged stool, made a number of important points and provided a constructive challenge to Government. I hope that he will work with us, the other Committee members and the Minister in Committee to make some improvements to the Bill.
The hon. Member for Broxbourne (Sir Charles Walker) made a typically carefully considered speech. For someone who claimed not to be an expert, he made a number of important points, not least about surveillance needing to be proportionate. The hon. Member for Strangford (Jim Shannon) reflected, as he often does, on his own experiences of dealing with terrorism in Northern Ireland, and rightly paid tribute to all those who served to keep our country safe.
I will now turn to aspects of the Bill that could be improved. The measures outlined in the Bill continue to provide our law enforcement and security services with some of the most powerful measures that our state has at its disposal to keep us safe, intercepting private communications and retaining information where necessary. With those strong powers there must also be strong, robust safeguards, to guarantee their appropriate and proportionate use.
When the Minister responds, I would be grateful if he provided further assurances that the notices regime will be kept under constant review. Such assurances are important as the power to access telecommunications data through bulk personal datasets unlocks an individual’s digital footprints of their online activity. For those of a certain age—I do not have anybody in particular in mind—investigatory powers can conjure images of wiretapping telephone lines, and, for those of a very certain age, even steaming open letters. However, the modern reality is that the huge amounts of data produced every second could be sifted through and used by law enforcement and crime agencies when there is a lawful basis to do so. The Bill must therefore clearly establish a precedent of proportionality, such as further defining what is meant by low or no reasonable expectation of privacy, in clause 2, in relation to certain bulk personal datasets. I would be grateful if the Minister outlined how the Government intend to do that.
The UK’s use of investigatory powers should be clearly understood by our international partners. Vast amounts of telecommunications data, such as WhatsApps, are now stored in servers across many jurisdictions by multinational companies with sometimes complex corporate structures. I understand that Meta, for example, has stringent measures to protect those servers from cyber-attacks, preventing WhatsApp messages from being interfered with or accidentally deleted. If only the same stringent measures existed for some Members on the Government Benches—and the SNP Benches, for that matter.
Moving swiftly on, a warrant to intercept messages between two UK nationals in the UK could be stored on a server in another jurisdiction, leading to potential conflicts of law arising from clause 17, which would strengthen extraterritorial enforcement of retention notices. I would therefore be grateful if the Minister said something about the feedback the Home Office has had from international partners about potential conflicts of law that could arise from clause 17, and what actions have been taken to avoid potential conflicts. Can the Minister also say what recent feedback the Home Office has received from companies providing messaging services in the UK that use servers storing communications data in other countries?
Ensuring the utmost clarity in the measures outlined in the Bill must also include where they are applied in the most exceptional circumstances, such as when the Prime Minister cannot make a decision to sign off an interception warrant. The shadow Home Secretary rightly mentioned the importance of Prime Ministers treating these matters with the utmost seriousness. This was also discussed and debated in detail when the Bill was progressing through the other place, with the term “unable” being used if a Prime Minister cannot make a decision, compared with other terms such as “unavailable”. I expect the Minister will be relieved that I do not plan to spend too much time on this, but that is not to underplay its importance. The debate between noble colleagues on whether “unable” or “unavailable” was the most appropriate term may in part have been generated by the activities of two former senior figures in Government, neither of whom is still a serving Member of Parliament. For the benefit of the House, I will just say that one of them might have been a Foreign Secretary who became Prime Minister, and the other might have been a Prime Minister who became Foreign Secretary.
The Prime Minister plays a crucial role in making decisions on national security. May I remind the Minister, as other hon. Members have sought to do during this debate, that since 2014, successive Prime Ministers have failed to meet with the Intelligence and Security Committee? As we all know, the ISC is a senior Committee of Parliament that provides absolutely vital oversight on these crucial matters. We heard from the Chair, the right hon. Member for New Forest East (Sir Julian Lewis), who made some important points. Can I again ask the Minister why he thinks no Prime Ministers have made themselves available to the Committee for a decade now?
Furthermore, recent updates to the IPA 2016 after the ruling of the European Court of Human Rights in the case of Big Brother Watch and Others v. the United Kingdom provide further safeguards to protect sensitive information relating to freedom of expression, such as journalistic material, from the usual interception and retention regimes. Other elements of freedom of expression should have similar safeguards. Does the Minister think there should be similar exemptions in the Bill for communications relating to the vital work of trade unions? That was a point also made by the hon. and learned Member for Edinburgh South West (Joanna Cherry).
To conclude, this is an important Bill that demands strong and careful scrutiny. Our personal liberties and our national security depend on it. It is in the national interest to get the legislation right: to make sure it is both appropriate and proportionate in its scope. It must also be effective in maintaining the current powers our law enforcement and security services already have to disrupt and defeat criminals and malign actors who seek to harm us and undermine our way of life. On the Labour Benches, we will work with the Government as much as we possibly can in the national interest to get it right. I look forward to working with the Minister and other colleagues on that important endeavour as the Bill progresses through the House.
I thank hon. and right hon. Members from across the House for their contributions not just today, but throughout the many different stages of the Bill. I pay huge tribute to the Members of the other place who have contributed enormously, in particular Lord Anderson, who has been an exceptional asset to the passage of the Bill and the condition it is in, and Lord West who, as a member of the Intelligence and Security Committee, not only shepherded some extremely important amendments into the Bill, but was kind enough to say that it was the first time in 14 years that he had ever had an amendment accepted by the Government. I am delighted to say that it was to this Bill. It was because we are so committed to working with all parts of both Houses and with the ISC that we got so much through in the other place. [Interruption.] That said, many comments will no doubt be raised in this House. I can assure hon. Members, especially the right hon. Member for North Durham (Mr Jones), that I will approach all suggestions in the way that I have done to date. Where we may not agree—it may not be that he is right, or that I am right—it will be for good reason and I will set out my reasons in the appropriate way.
The Bill is about one fundamental thing: the security of the British people. We rightly heard from my hon. Friend the Member for Broxbourne (Sir Charles Walker) about the nature of freedom, but the truth is that freedom without security is impossible. It is a chimera. The Bill is about ensuring that the British people have the security to enable that freedom. That is an absolutely vital responsibility not just of this Government, but of this House and the other place. I am grateful for the work that the hon. Member for Barnsley Central (Dan Jarvis) and the shadow Home Secretary, the right hon. Member for Normanton, Pontefract and Castleford (Yvette Cooper) have put in to ensure the co-operative, bipartisan and open approach to the Bill, as is merited by the work of our fantastic intelligence services to provide security for our whole country.
As the British public would expect, we keep our approach to national security under constant review. Where we identify the need for change or improvement, we will not hesitate to act. That is why we have brought forward the Bill, which acts on the findings of the Home Secretary’s report and Lord Anderson’s independent review into the Investigatory Powers Act 2016. Hon. and right hon. Members will not need me to rehearse the arguments, but we have seen an extraordinary, rapid evolution in the nature of the threats since the 2016 Act: Russia’s threat to the whole of Europe and not just to Ukraine; the violence that Iran is trying to bring not just in the middle east but even on to our own shores; and the way technology has enabled hostile states not only to steal our technology but to introduce intelligence-gathering platforms into our country through the guise of car sales.
We have seen a change in the way technology works and a change in the nature of the threats, and we must keep up to date with those changes. That is why this work is so important. It is essential that the United Kingdom’s investigatory powers framework remains fit for purpose to help our intelligence agencies detect and stop some of the most serious threats posed to the UK and its citizens, including threats from terrorism, state threats, and child sexual abuse and exploitation.
Because these are exceptional powers, Members have rightly pointed out that they require appropriate, robust and, in this case, world-leading safeguards, and that is what we have sought to set out. The changes in the Bill are relatively narrow in scope, but unless we make them now, the ability of our agencies to tackle evolving threats will be increasingly constrained in the face of global instability, technological advances and state hostility, so now is the time to act.
Let me now deal with some of the points that have been raised. The hon. Member for Cumbernauld, Kilsyth and Kirkintilloch East (Stuart C. McDonald) raised a rather interesting point about the changes to “lawful authority” in clause 12 in respect of published data. The purpose of new subsection (3A) is for material that has already been published not to require additional authority for its disclosure by a telecommunications operator to a relevant public authority. The definition of “publish” and reference to “a section of the public” would not include private messages unless they had been made public in some other way—just as our sitting room could not be considered a public place unless we opened it up to the public. It would be our choice, and nothing to do with the nature of the building.
The hon. and learned Member for Edinburgh South West (Joanna Cherry), who has made important contributions through her chairmanship of the Joint Committee on Human Rights, raised questions about the transparency safeguards in the 2016 Act. Those extremely robust safeguards are centred on considerations relating to intrusion into privacy, and that will remain the case in the Bill. They include a requirement for investigatory powers to be used in a “necessary and proportionate” way, with independent oversight by the Investigatory Powers Commissioner and redress through the Investigatory Powers Tribunal.
My right hon. Friend the Member for South Holland and The Deepings (Sir John Hayes) contributed in his usual robust fashion to the debate—and, I should add, to the session that I was fortunate enough to have with the Intelligence and Security Committee, in which he was enormously helpful in assisting me with some changes to the Bill. He spoke about the five individuals who could be designated by the Prime Minister, and asked why we had not referred specifically to “those with warranting powers”. It is possible that a Minister with warranting powers who had that experience would then be moved to another Department, or indeed that the machinery of government change would alter the nature of the oversight. While we felt that it was right to limit the number to as few as possible, we also felt that it was right to have a relevant selection, which is why we left the number at five—after some very good consultation with the ISC, for which I am extremely grateful to my right hon. Friend the Member for New Forest East (Sir Julian Lewis) .
My right hon. Friend has been immensely generous both in giving way and in his earlier comments about my role. Will he briefly deal with the issue of the other bodies with the regulatory function who can compel the release of communications data? As he will remember, the point I made was that the existing law obliges them to take further procedural steps before they do so. Why is that no longer deemed appropriate?
As my right hon. Friend will know, several powers in the earlier Bill—the one that he took through the House—were indeed overseen in various different ways. The Bill does not seek to undermine any of that oversight; what it seeks to do is clarify, in certain areas, where it is necessary. My right hon. Friend has highlighted individual agencies or bodies, and I should be happy to write to him to ensure he is aware of exactly where that is being covered.
The right hon. Member for North Durham spoke about prior judicial authorisation for ICRs. The purpose of the Bill is to try to streamline operations for the intelligence services in areas where the risk is of, as we are calling it, low or no expectation of privacy. He will have seen in the Bill what the expectation means, including areas where information has already been readily made public. I accept his commentary and I would be happy to enter into further conversations with him, but the reason we are not currently going down that route is simply that the existing law, the IPA 2016, allows the collection of bulk data with prior authorisation. This is intended to speed the process up. If we put in the measures he is referring to, we would effectively remain in the same place that we are now. That would make it harder for the volume of data that is now coming to be considered by the intelligence agencies. That is why we have made the provision for a subsequent approval rather than a prior approval. He is right to say that it involves a maximum of a year, although I think it unlikely that it would go to that maximum. That will be in cases where this is low or no expectation of privacy—after it has already been agreed by a judge to be in the correct category. I think the right hon. Gentleman might be looking at this through the other end of the telescope.
What the Minister has to realise is that the big concern from the public—although let’s be honest, the public are not looking at the detail of this—is that somehow the security services will be getting access to huge amounts of bulk data and just having a free run at it. All that I and the Committee are suggesting is that an email should be sent when there are changes to the Investigatory Powers Commissioner. That would be a simple thing. It would not be onerous, and it would reinforce the point that there was at least some potential oversight of the process.
I think we may be conflating different aspects of the Bill. I do believe that this already has oversight.
Let me answer the point raised by my hon. Friend the Member for Broxbourne, which touches on a similar area. Where people have the right to and expectation of privacy and freedom, this provision does not remove that right. What it does is allow the intelligence agencies to use bulk data to target an individual at a particular point, and the excess collected information will not be able to be used for targeting an individual without the warrant process that would be expected for any initial search. In that sense, this is not undermining anybody’s privacy; it is allowing for the fact that information is now largely in bulk format. The hon. Member for Barnsley Central was talking about steaming open envelopes. It is impossible to steam open a single envelope today; one has to steam open thousands because that is how data comes. Without an amendment such as that set out in the Bill, we would simply be interrupting the work of the intelligence services to the degree that it would hold them back and make the process harder, but I would be happy to take this up with my hon. Friend the Member for Broxbourne later if he wishes.
I thank the hon. Member for Halifax (Holly Lynch), who was here earlier and made an interesting point about the various ways in which the memorandum of understanding should be looked at through the National Security Act 2023. Friends of mine will know my thoughts on that and know that I gave the Conservative party the chance to allow me to change that 10-year absence, but the Conservative party chose somebody else to make that decision so I have sadly lost the ability to have that influence.
My right hon. and learned Friend the Member for Kenilworth and Southam (Sir Jeremy Wright) made a typically insightful speech and typically sensible comments on the ways in which we must consider how the authorisation must not be used to mount general surveillance. Condition D will be used only when an applicant makes a clear and compelling case, based on tangible, reliable intelligence leads, information and analysis, that the resulting data will identify parties involved in a relevant serious crime or national security-related specified operation or investigation. The applicant must explain any anticipated collateral intrusion, and how this will be managed to ensure that the application is necessary and proportionate to the outcomes of the investigation.
I accept what my right hon. Friend says but, in the context I described, the case is being made to someone else within the intelligence agency. There are, of course, two types of authorisation—D1 and D2—and we are worried about D2, under which the application is made from inside the intelligence agency to inside the intelligence agency. That does not present the sort of external scrutiny that we suggest is necessary.
My right hon. and learned Friend is right, but he also knows that IPCO has retrospective oversight of these areas. Where it comes under a category allocation through “low or no”, there is an automatic review period within a year. Although he is correct that the application is made within the service, it is within the service subject to a pre-agreed condition and with follow-up oversight, so as to enable that speedy response.
On a different but not unrelated point, the Minister will recall that I referred to the annual report given to the Secretary of State detailing the individual bulk personal datasets that had been retained and examined. There is no extra work involved in letting the ISC and IPCO see that report. The only possible justifiable exclusion would be something that, at the time of the report, was still current. Is there any reason at all why IPCO and the ISC should not be sent that report, rather than a severely watered-down version?
My right hon. Friend answers his own question. The reason for the difference is the currency element.
In that case, we can reach agreement if the Minister would like to give us an assurance that the only difference between the two reports will be the exclusion of matters that are current at the time of drawing up the report, but I suspect that there will be many other differences between the two reports.
I will be very happy to talk to my right hon. Friend about that to make sure that he is satisfied. It is important that we make sure that the reports that go to the House—through the ISC, because of the nature of the reports—are relevant and allow appropriate scrutiny. I think we can all agree with that.
I have covered the points raised by my hon. Friend the Member for Broxbourne, so I will turn to the hon. Member for Strangford (Jim Shannon), who made an extremely important point: that his constituents, like any other citizens of the United Kingdom, should expect the right to privacy. He also made a compelling point about the need for security, and I think the Bill strikes that balance extremely carefully. He is right to say that people will be concerned, and he is not alone. I am also concerned that we maintain the right to privacy within our legislative framework, which is why we checked very carefully that the Bill is fully compliant with the ECHR right to a private life. It is also why we looked at the various exceptions.
The hon. Member for Barnsley Central mentioned the notices regime, and he is right that we will keep it under review. We maintain a regular conversation with companies that have an interest in this area, and he is right to say that there is an overseas element. I merely point out that it is the role of this House to legislate for the security of the British people and, in particular, for the safety of our children and families. Such security is not something we can outsource to tech firms on the west coast. We sometimes have a responsibility to pass extraterritorial laws—as he knows very well, we have done that in the past—so although this measure adds to that ability, it is not detrimental because it asks people to maintain their current position before making any changes and to talk to us during that period. There is no requirement to break any policies, change products or introduce new products; it is merely to maintain the status quo, so that we have the same ability to keep the British people safe until we have had a conversation about how that status quo should change.
Finally, the hon. Member for Barnsley Central raised a question about trades unions. He is right that there are many different professions where protected characteristics could come into play, including lawyers, doctors and psychiatrists, and where any such intrusive power should be used with exceptional caution. I would just say that, due to the nature of this place and Parliaments around the United Kingdom, the position of parliamentarian is particular, which is why it is set out specifically and separately in the Bill. That does not mean that any attitude against any other individual should be used cavalierly. It is not a question of the role or the post the person holds, but their rights as a British citizen. Those rights should be absolutely guarded from intrusion or aggression by the state without exceptionally good reason. This amendment, which the hon. Gentleman is kindly supporting, sets out that balance between British citizens’ right to privacy and their right to security. With that, I commend the Bill to the House.
Question put and agreed to.
Bill accordingly read a Second time.
Investigatory Powers (Amendment) Bill [Lords] (Programme)
Motion made, and Question put forthwith (Standing Order No. 83A(7)),That the following provisions shall apply to the Investigatory Powers (Amendment) Bill [Lords]:
Committal
(1) The Bill shall be committed to a Public Bill Committee. Proceedings in Public Bill Committee
(2) Proceedings in the Public Bill Committee shall (so far as not previously concluded) be brought to a conclusion on Tuesday 12 March 2024.
(3) The Public Bill Committee shall have leave to sit twice on the first day on which it meets.
Consideration and Third Reading
(4) Proceedings on Consideration shall (so far as not previously concluded) be brought to a conclusion one hour before the moment of interruption on the day on which those proceedings are commenced.
(5) Proceedings on Third Reading shall (so far as not previously concluded) be brought to a conclusion at the moment of interruption on that day.
(6) Standing Order No. 83B (Programming committees) shall not apply to proceedings on Consideration and Third Reading.
Other proceedings
(7)Any other proceedings on the Bill may be programmed.—(Mark Fletcher.)
Question agreed to.
Investigatory Powers (Amendment) Bill [Lords] (Money)
King’s recommendation signified.
Motion made, and Question put forthwith (Standing Order No. 52(1)(a)),
That, for the purposes of any Act resulting from the Investigatory Powers (Amendment) Bill [Lords], it is expedient to authorise the payment out of money provided by Parliament of:
(a) any expenditure incurred under or by virtue of the Act by the Secretary of State or a government department, and
(b) any increase attributable to the Act in the sums payable under or by virtue of any other Act out of money so provided.—(Mark Fletcher.)
Question agreed to.