Investigatory Powers Bill
Debate between Baroness Hayter of Kentish Town and Lord Strasburger(7 years, 9 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Strasburger (LD)
My Lords, I shall speak briefly on the amendments on the request filter. Along with internet connection records, the request filter is another power that first appeared in the draft Communications Data Bill and which died along with that ill-fated Bill. The view of the pre-legislative Joint Committee on that Bill, on which I sat, was that,
“the Request Filter introduces new risks, most obviously the temptation to go on ‘fishing expeditions’. New safeguards should be introduced to minimise these risks”.
The request filter was described as,
“essentially a federated database of all UK citizens’ communications data”.
I dare say that the committee would be even more worried when it said that in 2012 if it had seen how this Bill expanded the range of data to which the request filter can be applied. That expansion comes from the proposed introduction of internet connection records, which would reveal every detail of a person’s digital life and a very large part of their life in the real world. The effect of the request filter will be to multiply up the effect of intrusion into those data by allowing public authorities to make complex automated searches across the retained data from all telecoms operators. This has the potential for population profiling and composite fishing trips. It is bulk surveillance without the bulk label.
Use of the request filter would be self-authorised by the public authority without any judicial authorisation at all. The concept that the Government promote for bulk data is that they are passive retained records, which they say sit there unexamined until someone comes to the attention of the authorities. That concept is negated by the request filter. The data become an actively checked resource and are no longer passive. Will the Minister confirm that the request filter is not yet in existence and is not yet being used?
The request filter is a bulk power masquerading as an innocuous safeguard to reduce collateral intrusion. Unless and until the Government come forward with proposals to strictly limit use of the request filter through tighter rules and judicial approval for warrants, as is the case with other bulk powers, Clauses 63, 64 and 65 should not stand part of the Bill.
Baroness Hayter of Kentish Town
My Lords, I shall use the opportunity that arises from Amendments 140 and 146A to ask the Minister to clarify whether it really is the case that Clause 2 does not automatically affect every power in the Bill. If this was the case, we would be sympathetic to these amendments, as the privacy objective should be considered before any of the powers are used. My understanding was that Clause 2 was a general provision, which affected everything. Indeed, the letter of the noble Earl, Lord Howe, of 14 July to my noble friend Lord Rosser says, “The new overarching privacy clause sets out the privacy obligations which constrain the use of the powers in the Bill”. Our understanding had been that it covered the whole Bill, so I was slightly bemused by Amendments 140 and 146A—not helped by a briefing received, again very late last night, from the Equality and Human Rights Commission, which only ever sends out its briefings on the very eve of debate. That briefing says that Clause 2 does not cover it all, whereas my understanding was that it did. Perhaps this is the opportunity for one of the Ministers to make clear the situation.
Investigatory Powers Bill
Debate between Baroness Hayter of Kentish Town and Lord Strasburger(7 years, 9 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Strasburger
My Lords, I am speaking to Amendments 92, 102 and 103 in my name. These amendments address aspects of two extremely strong powers granted to Ministers by the Bill which are tucked away at the back in Clauses 225 and 226. As we have heard, they are about national security notices and technical capability notices. Although they are not listed as powers under the Bill, they are, in fact, very strong, broad powers.
The national security notices permit, with some caveats, the Secretary of State to instruct the telecommunications operator to do whatever she considers necessary in the interests of national security. Technical capability notices enable, with some caveats, the Secretary of State to instruct an operator to develop or maintain a capability to assist the authorities. Both types of notice must be kept secret by the recipient, if the Secretary of State so wishes. In a recent amendment, the Government added the need for a judicial commissioner to approve both types of notice. This is a welcome step forward, as is the forthcoming repeal of Section 94 of the Telecommunications Act 1984, which has been used in the past to create new powers.
These three amendments address one particular capability specified in Clause 226(5)(c)—the removal of electronic protection. All the experts who gave evidence to the Joint Committee, and with whom I have discussed this matter since, agree that the phrase “removal of electronic protection” must include decryption of encrypted information and/or weakening of encryption in some way. They are deeply alarmed about it.
Encryption is a vital feature of all the financial, commercial and personal activity on the internet. The Government have confirmed on several occasions, including in answer to Questions in this House, that any weakening of our back-door access to encryption would threaten the entire operation of large parts of the digital economy. Once the integrity of cryptosecurity has been compromised for one set of users—in this case the Government—that weakness is available for everyone, including hackers, criminals, terrorists and hostile Governments, to exploit. Furthermore, as my noble friend Lord Paddick has said, UK plc has many successful businesses operating in the field of encryption products. They are very concerned that their clients will shun their products if they suspect that the Government have secretly weakened the security that these products offer. Unless this risk is eliminated from the Bill, they may have to take their companies abroad to avoid their products being tainted by the perceived risk of government damage to the security integrity of their products.
At the end of Second Reading in this House, the Minister, the noble and learned Lord, Lord Keen, stated:
“The provisions of the Bill do not weaken encryption or threaten it. We do not seek what have sometimes been erroneously termed “back doors” into encrypted material. I would seek to dispel any such suggestion”.—[Official Report, 27/6/16; col. 1461.]
These amendments simply seek to give force to that clear assurance by deleting the reference to “removal of electronic protection” and explicitly prohibiting the use of national security notices and technical capability notices for the purpose of “removal of electronic protection”. I commend them to the Committee.
Baroness Hayter of Kentish Town
My Lords, Amendment 93 stands in my name and that of my noble friend Lord Rosser and is on the same issue of encryption. Encryption is fundamental to keeping the whole of the digital economy safe and secure. It is widely used by business, government and consumers to protect sensitive and confidential information and as a building block in the advanced security technology which has been described.
The undermining of encryption would not simply mean that the communications of criminals could be read more easily; it would risk creating a major vulnerability in the security infrastructure, which could be exploited by various malicious actors, be they criminal gangs or rogue states. So it is important for this economy and for all the financial and other businesses that depend on it that the foundations of encryption technology remain absolutely firm.
There will be times when state security undoubtedly needs access to encrypted information for a specific investigation. This is not the problem. The problem is whether the Government would ever require a company to engineer such access, enforcing the company to create a model which, if then followed by other nations with perhaps less security than ours, would lead to a lowering of standards. We welcome the statement by the Government that they do not require industry to build back doors into their encrypted products. The Bill as it stands is perhaps not as clear as the commitments the Government have made.
Clause 226 risks making encryption intrinsically weaker if a company could be asked to build the ability to break the encryption. Amendment 93 seeks to address that. We hope the Government will understand that, when the request is made, they should not ask a company to develop a new way of breaking encryption that is not already within its ability. At the moment, the clause implies that, where companies that did not have the ability to remove the protection were issued with a notice, they would be required to build that capability so as to adhere to the notice. That is worrying the companies because of the general undermining of encryption. End-to-end encryption is essential to protect sensitive personal, commercial and security information. I think the Government share our concern that we should maintain that.
The thrust of Amendment 93 makes it explicit that a company would be required to remove the electronic protection only where it had the current capacity to do so and that it should not have to engineer it. We hope it will be accepted by the Government.
Baroness Hayter of Kentish Town
My Lords, the Minister spoke about what is possible and reasonable, but the point of our Amendment 93 is that a notice may not impose the requirement to build a facility that would break end-to-end encryption. We may need to return to this on Report, but it would perhaps be useful to have a discussion between now and then about imposing the requirement to build capacity to break end-to-end encryption.
Lord Strasburger
I fear that the Minister is taking himself down a long cul-de-sac here, because the implication of what he is saying is that no one may develop end-to-end encryption. One feature of end-to-end encryption is that the provider cannot break it; encryption is private between the users at both ends. He seems to be implying that providers can use only encryption which can be broken and therefore cannot be end to end, so the next version of the Apple iPhone would in theory become illegal. I think that there is quite a lot of work to be done on this.
Investigatory Powers Bill
Debate between Baroness Hayter of Kentish Town and Lord Strasburger(7 years, 9 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Baroness Hayter of Kentish Town (Lab)
My Lords, I will speak very briefly on Amendment 16, to which I added my name, which has already been dealt with by the noble Lord, Lord Paddick. Should the Government accept the logic of that amendment, they might also want to look at Clause 4(8)(b)(i), which ought also to be amended to include “a private postal service”. Like the noble Lord, Lord Grabiner, I think the amendment in the name of the noble Lord, Lord Strasburger, sounds like a carte blanche for allowing private phone hacking. The noble Lord came up with better words than I could when he spoke about thinking that “public interest” and of “interest to the public” were the same. I would be very alarmed at the idea of allowing phone hacking by private bodies, simply because they thought it might be in the public interest.
The more substantial issue in this group is dealt with in Amendments 18 and 246—I refer to them as the Leveson amendments. The Labour Party has an interest in Amendment 18. Our names are not on it but our former leader, my right honourable friend Ed Miliband, was, along with the current Prime Minister, one of the signatories to the deal which has already been described and which led to amendments being withdrawn in this House and in the Commons. Failing to implement Parliament’s decision on this matter is a shameful disregard for the law on the part of the Government. The Act was passed in good faith and the Government should have implemented it, in accordance with the wishes of this House and the other place. Non-commencement is an unacceptable device to undermine legislation which has been passed.
Amendment 18 seeks gently to encourage the Government to bring into effect the law already passed, and we hope they will agree to do that. I will not rehearse the case that has been made so well already. However, it is remarkable that, as we consider a Bill on investigatory powers that sets out clearly and openly what the state and its agencies can do regarding hacking—the limits, the safeguards and the penalties for exceeding the law—private and unaccountable profit-making bodies such as the press continue to get away with things our spooks rightly would not be able to. The Government should not undermine Parliament by failing to commence Section 40 and we hope that, today, they will show their willingness to act now.
Lord Strasburger
Before the noble Baroness sits down, can I point out that I share entirely her concerns and those of her noble friend about journalists confusing the public interest with the interest of the public? If there were any such amendment along the lines that I suggested, it would have to be drafted so narrowly that that confusion could not exist.