(8 years, 1 month ago)
Lords ChamberMy Lords, I am sure we do not want to prolong this debate. As I said on Monday, I was a member of the pre-legislative scrutiny group. You might wonder why a Bishop was invited to be part of that exercise, but I think it was because of this point—the ethics of interference with privacy. I am sorry that the discussion so far has almost become too polarised, because the noble Lord, Lord Paddick, is making a serious point, which I demonstrate by quoting David Anderson in his evidence to the Joint Committee on Human Rights. He said:
“I think there is a human rights issue in relation to this Bill that dwarfs all the others, and it is the question of the compatibility of bulk collection and retention of data with Article 8 of the European convention”.
The noble Lords, Lord Paddick and Lord Oates, make a serious point and we should acknowledge it, even if we come down on the side of the noble Lord, Lord King—as I do—that these powers are necessary and proportionate. The argument is about the safeguards—namely, that the warrant has to be personally signed by the Secretary of State, lapses after six months if it is not renewed, and is subject to the judicial commissioners. The real argument is about that. I do not think internet connection records are in principle different from other things that might be intercepted. However, I acknowledge the serious ethical point that the noble Lords, Lord Paddick and Lord Oates, raised, even if I come down on the side of the Government and the noble Lord, Lord King, in opposing the amendment.
My Lords, I fear that we are repeating the debate we had the day before yesterday. If noble Lords look at this amendment, they will see three reasons why they could support it. One is if they feel that bulk data powers are unacceptable in any circumstances. A second is if they feel that the elaborate controls referred to by my noble friend Lord King and the noble Lord, Lord Carlile, are not good enough. The third is if they object in principle to the collection of internet connection records. From what I have heard this afternoon, the argument of the noble Lord, Lord Paddick, is entirely the third point. I respect his view on internet connection records but we debated this on Monday and the view of the House was very clear. I fear that we are simply repeating that discussion. We should move on.
As the noble Lord, Lord Paddick, said, David Anderson QC commented in his report that neither the Bill nor the draft code of practice rules out the future use of the bulk acquisition power for internet connection records. Internet connection records are not currently acquired in bulk but existing legislation already permits the agencies to acquire such records in bulk, albeit there appears to be no present intention to do so.
The effect of this amendment would be to remove an existing legislative provision which could be needed in the future for bulk acquisition—bulk acquisition which David Anderson QC found had contributed significantly to the disruption of terrorist operations and, through that disruption, almost certainly to the saving of lives, and which had also been demonstrated to be crucial in a variety of fields. In addition, any such application in the future to obtain such data by the security and intelligence agencies would be covered by the relevant safeguards in the Bill, including in relation to necessity and proportionality in the interests of national security and the approval process.
This Bill is, among other things, about the appropriate balance between security and privacy. We clearly have a different view from that of some other noble Lords on where that appropriate balance lies. Our view is that, for the reasons I have sought to set out, we are unable to support this amendment and, if it is put to a vote, we shall oppose it.
(8 years, 1 month ago)
Lords ChamberMy Lords, I hesitate to enter the debate on the Bill at this stage because I have not been involved until now, but as I listened, I compared this in my mind with what occurred in Northern Ireland over 40 years of terrorism. I cannot support this amendment for the very reasons given by the noble Lord, Lord Carlile.
During the Troubles in Northern Ireland, when nothing was on the internet because it did not exist, every bit of information was in hard copy or personal contact. We in the security forces had the right to look at every single bit of information on a person, in their car or indeed in their home if we entered it for a specific reason. That information was held for a very long time. It is amazing how much of it, how many little bits of information, one day tied up with something else and became of extreme interest. Noble Lords who are aware of what happened in Northern Ireland, especially the noble Lord, Lord King, will support the fact that in many cases people’s lives—including in part, I have to say, my own—were protected by snippets of information that at the time were of no particular value and were simply filed away, because they led to associations between people or to intelligence that people were passing to each other. Anyone who has been near to a bomb in Northern Ireland will understand that it is worth while attempting to save people’s lives by the best method.
I have followed the Bill from the point of view of the restrictions on holding information. I do not support the tightness of that; our problems went on for 40 years but the problems that this country is facing at the moment are relatively short-lived. We must create the right security environment by allowing people to get information, which is no longer held in hard copy, on cigarette packets or bits of paper in their homes but is now on the internet. People involved in terrorism or civil crime, including paedophilia, are going to areas either that we cannot get to or where we are wilfully restricting our access to what amounts to very important intelligence.
I apologise again for entering proceedings at this stage, but I could not support such an amendment that would yet again restrict our Security Service and police from gaining and keeping intelligence that one day might be vital to any one of your Lordships. I know these matters seem a long way away when they are outside, in different cities or different parts of the country. If noble Lords lived in Northern Ireland, they would understand how important it is that some sort of connection is kept with leads about what is going on. That information is not in hard copy but up there in the cloud, and while we stay down here we are not going to get it.
My Lords, I oppose the amendment, purely from a position of practicality. I have an interest as chief executive of TalkTalk, one of the communications service providers. If we are to legislate to create a tool to be used, it needs to be effective. My business involves consuming large amounts of data and trying to analyse them, and you cannot do that without a filter. There are other elements of the Bill on which we can debate whether we have the appropriate legal checks and balances, and I defer to the many noble and learned Lords in this House who are debating them, but surely it cannot make sense to withdraw completely the tool that would make those checks and balances effective.
Amendment 118A seeks to prevent the creation and collection of internet connection records. My noble friend Lord Paddick has explained why ICRs are of little security value, and that they would be very difficult and expensive to collect and make use of. The only democracy to try was Denmark, which gave up after years of fruitless effort. It tried again at the beginning of this year with a project almost identical to the one planned by the Home Office, but quickly abandoned it when independent auditors confirmed that it would be prohibitively expensive.
I wish to draw the House’s attention to two other serious drawbacks that would arise from creating and storing internet connection records. The first is the serious impact on the privacy of every user of the internet in this country. We must remember that internet connection records do not currently exist, and until quite recently—say, 25 years ago—all the electronic data that would have to be collected together to create ICRs did not exist, either. In those days, our private interactions with those close to us left no trace. A conversation over lunch, a cash purchase at a shop, a visit to a library to do some research, attendance at a political meeting, a romantic assignation—all left no record of having happened. They were ephemeral. What happened between your four walls was between you and your God.
Fast forward to today, and we find that all the interactions I have just mentioned now leave an electronic trail behind them. A combination of credit card records, location services on our phones, our emails and text messages and records of every website we visit will give the whole game away—including the identity of whom we met at our assignation. If internet connection records are created and kept by our service provider, all these electronic trails will be available to hundreds of public authorities, not just the police and security services, on demand and simply by self-authorisation.
The Government have given this data the name “internet connection records”, which is technically accurate, but what they really are is private activity records: a log of everything we do and when and where we do it. The problem is not that the surveillance can occur at all, but that it happens indiscriminately to all of us, all the time. My second topic is the ironic fact that ICRs will actually reduce our security, rather than improve it, because of the virtual certainty of thefts of some of that private and personal data about every internet user in the country. If you do not believe me, consider just a few of the thousands—and I mean thousands—of recent data thefts from high-security establishments. I mentioned in Committee that SWIFT, the fulcrum of the global financial payments system, has had $81 million stolen from it by hackers. Last week, it emerged that it has been penetrated a second time. A gang of five eastern Europeans is believed to be behind the theft of 3 billion sets of customer data worldwide from many of the world’s leading tech companies, including the data of 500 million Yahoo! customers. As I mentioned earlier, powerful hacking tools belonging to the NSA, the American equivalent of GCHQ, suddenly appeared on the internet in August having been stolen from it, and two Israelis and an American stole 100 million people’s records from 12 US financial institutions. Those are just a few examples—as I say, there are many more—of thefts from sites which, dare I say it, were seemingly far more secure than those of UK service providers.
Internet connection records, or private activity records, will be stolen and the consequences will range from embarrassment to blackmail and fraud for the unfortunate victims. In the case of people in positions of responsibility, including government officials, the consequences could be catastrophic. Far from making us safer, ICRs would compromise our security and, as I have explained, seriously intrude on our citizens’ privacy. We should have nothing to do with them.
My Lords, I rise to speak against this amendment. As the chief executive of a telecoms company, I clearly cannot profess a lack of understanding of the technology. I am a little confused by noble Lords’ concern that internet connection records can be got round and are not perfect because telephony is exactly the same. If I make a telephone call and am really smart, I know how to make sure that you do not know what number or where in the world I am calling from. Without needing to be that smart, I can buy a temporary SIM card and throw the phone away as soon as I have made the call. Organised crime and nation states have been able to use plenty of ways to obfuscate the existing ability for us to track telephony. That does not mean we think it a bad idea to be able to track people’s telephone calls.
I argue that exactly the same is true of internet connection records and their use by law enforcement agencies. It would not be perfect; no piece of technology ever is. It needs very careful scrutiny, which the Bill has had in both Houses. But I want to live in not just a civilised physical world but a civilised digital world, and when all our law enforcement agencies say that their ability to hunt down criminals is seriously hampered by the world moving to the digital space, we should take that very seriously and make sure that we arm them with the best possible tools. I believe that access to internet connection records is practically possible and desirable to create a civilised digital world.
Briefly, this brings up the principle of what society is prepared to sacrifice—in this case, a little privacy—to get what it needs to fight criminals and terrorism. I am sorry to go back to Northern Ireland but everybody was stopped daily and their lives were infringed on the whole time there. But they were happy enough because the fight, which was against terrorism in our case, was succeeding. By the end, 95% of all incidents planned by the IRA never took place because of intelligence activity. We know that it is intrusive to do this but if we had stopped stopping cars, when 99.9% of those cars held the innocent and the unassociated, it would have enabled those we were up against to operate freely across everything. The very fact that people were prepared to sacrifice some of their freedom meant that it was more difficult for those who wanted to kill, maim and commit crimes. If we do not push them out of normal day-to-day activity into the more complicated part, we will never succeed in fighting them.