(8 years ago)
Lords ChamberMy Lords, I first say to those who have supported the amendments in the name of the noble Baroness that I acknowledge the strength of feeling in the House on this emotive issue. As I said in my opening remarks, the Government know how important these matters are to everybody. We need a robust and workable system for media self-regulation, and resolving that is in everybody’s interest. However, I am afraid that I remain of the opinion that the Bill is not the means to achieve that. Of course I agree with the noble Lord, Lord Paddick, that the noble Baroness’s amendments are procedurally in order; that has never been in question. However, first, the scope of the Bill means it cannot do this subject justice. The amendments we are considering today concern only interception of communications and would not necessarily sit well with whatever broader solution is to follow. Secondly, and more importantly, the public consultation which the Secretary of State for Culture, Media and Sport announced yesterday provides a means for a reasoned, informed and considered public debate—
I thank the noble Earl for giving way. I would like to share with him a direct quotation from one of the six members of the Leveson inquiry—someone with whom I spoke this morning. He said, “The consultation announced this week is just a shabby stunt, probably concocted by Paul Dacre, to defer the betrayal of the victims of press abuse—past and future—until this Bill has been safely put to bed”. I would like to offer the noble Earl an opportunity to refute that charge.
My Lords, I repudiate it completely. The Government have been clear about the timescale of the consultation and have committed to respond in a timely manner. We are taking this matter with proper seriousness. It is important that everyone has an opportunity to take on board and reflect on the changes that have occurred in the years since Lord Justice Leveson made his recommendations. I say again to the noble Lord, Lord Paddick—
(8 years, 1 month ago)
Lords ChamberMy Lords, if the noble Earl is so confident that none of the unintended consequences listed in Amendment 252A can occur, and that the Government do not want them to occur, what is his objection to putting them into the Bill?
We already have a wide range of safeguards which I have listed. I do not see that it is necessary to go down the road the noble Lord is advocating because of the dangers that I have pointed out. These amendments would create safe spaces which I am sure that neither he nor any noble Lord would desire to occur.
(8 years, 2 months ago)
Lords ChamberMy Lords, I had the privilege of sitting on the Joint Committee on the Bill and on the Joint Committee on its precursor, the Communications Data Bill, three years earlier. That puts me in a position to inform the House about one example of how technology has come to this area of law and the Government’s attitude to it. In the earlier Committee three years ago, the subject of the problems that encryption presented to the security services and law enforcement was raised several times with senior Home Office officials, the police and security agency officers. They dismissed it at the time. “It is not a problem”, they said—they were not concerned about it. In the proceedings of the Joint Committee and in this House on this Bill, the Government have repeatedly expressed their concern about the effect of encryption on their ability to protect us. That is a 180 degree change in the space of less than three years. I draw that to the House’s attention in support of the notion of substantially accelerating the review of the Bill.
My Lords, as the noble Baroness, Lady Hamwee, explained, Amendment 234A deals with the review of the operation of this legislation. The amendment would reduce the length of time for which it has been in operation from five years and six months to two years and six months. It is of course good practice to conduct post-legislative scrutiny, particularly for legislation as significant as the Bill. That is what the Bill provides for. Notwithstanding any suggestion by virtue of the amendment that the House might be eager to revisit the issue within the scope of this Parliament, I suggest that reducing the time for which the legislation had been operating before the review takes place would be profoundly unhelpful in assessing its utility.
First, the timing of when the review should occur is precisely as the Joint Committee convened to scrutinise the draft Bill recommended. As the noble Lord, Lord Murphy, said, that committee considered that work on a review,
“should begin within six months of the end of the fifth year after which the Bill is enacted”.
We have followed that lead.
I was asked what kind of review this would involve. As I mentioned, the Bill attempts to give effect to the recommendation of the committee. We cannot, clearly, bind Parliament in the actions that it takes, so the Bill provides for consideration of any report by a committee of Parliament. I hope that again accords with the steer that the Joint Committee gave us.
Of course, we must ensure that before such a review takes place, all the Bill’s provisions have commenced and been in effect for a sufficient period so that a review is meaningful and effective. As the Joint Committee again concluded:
“The evidence of several years’ operation will inform the debate”.
A review after two and a half years runs the risk that processes and capabilities will not have had sufficient time to bed down before they are subject to a formal review. We need to bear in mind, in particular, that communication service providers will need to implement legislation. Surely the last thing we want is for them to turn round after a short time, if the noble Baroness’s proposal gains traction, and say that it is too soon. We do not wish to create uncertainty for them at this stage. They have to implement this, as has everybody else. The noble Lord, Lord Murphy, rightly said that it is important that the impact of the Act should be reviewed and the noble Baroness, Lady Hayter, also correctly spoke of the need to monitor how the Act was working. I do not disagree with either.
However, I would just point out that an urgent review of the Act is not necessary, given the strong oversight provided in the Bill by the Investigatory Powers Commissioner and the requirement that the commissioner should publish annual reports. The exercise of the powers provided for under the Bill will be subject to the ongoing oversight of the Investigatory Powers Commissioner, and his report will be laid before Parliament. I was grateful for the intervention of the noble and learned Lord, Lord Brown of Eaton-under-Heywood. He referred to David Anderson’s recommendation to establish a technical advisory panel. I am reserving judgment on that recommendation in the light of our debates last week. David Anderson said, in paragraph 9.3, that the point of the TAP would not be to provide an alternative oversight function, or to place new regulatory burdens on the SIAs. Rather it would serve to inform the Secretary of State and enhance the work of the Investigatory Powers Commissioner by ensuring that both are kept as up-to-date as possible with the fast-moving technologies whose use they are asked to approve. There is good sense in not overlaying the oversight that the Act will have too heavily. For all those reasons, I invite the noble Baroness to withdraw her amendment. I hope that what I have said convinces her that there is some logic to the Government’s position.
(8 years, 2 months ago)
Lords ChamberThe noble Earl spoke at some length about the utility of bulk personal datasets to the intelligence agencies, but he did not answer my question, which was generated by the revelation in Mr Anderson’s report that bodies other than the intelligence agencies have access to bulk personal datasets. Which other bodies have access to bulk personal datasets?
Almost anyone has access to bulk personal datasets. Many of us have a telephone directory. A very wide range of public bodies and commercial organisations have access to bulk personal datasets, because that expression describes a wide range. I cannot be specific to the noble Lord, but if I am able, on advice, I will write to him to elucidate further.
(8 years, 4 months ago)
Lords ChamberMy Lords, Amendment 176A seeks to replace the statutory appointment of an Investigatory Powers Commissioner with the creation of an investigatory powers commission. This topic was discussed in detail, and voted on, in the other place, which agreed with the government position that establishing a commission was not necessary.
I am afraid I remain unconvinced of what practical good this amendment would do. The powers and duties on the proposed body would remain exactly the same as the responsibilities of a commissioner. The number of inspectors, technical experts and judicial commissioners employed by the organisation would remain exactly the same. In fact, as the noble Lord, Lord Strasburger, indicated, the only things that would increase would be the expense of the body to the taxpayer and the bureaucracy that it would be faced with. The body would need to be provided with a range of staff to perform corporate functions on its behalf, including its own IT people for when the printers break, its own procurement people to buy the stationery and so on.
I just wonder whether all the expenditure that the Minister is listing does not apply just as much to the commissioners as to any commission.
(8 years, 4 months ago)
Lords ChamberCertainly, targeted equipment interference is, if you like, the next step should interception not be possible for any reason. However, I will answer the noble Lord’s first question, on end-to-end encrypted services. We start from the position that we do not think that companies should provide safe spaces to criminals to communicate. They should maintain the ability, when presented with an authorisation under UK law, to access those communications. We will work with industry to ensure that, with clear oversight and the legal framework I have in part alluded to, the police and intelligence agencies can access the content of terrorists’ and criminals’ communications when a warrant has been approved in the usual way.
We will of course consider what steps are reasonably practicable for an individual telecommunications operator, taking account of a range of factors, including technical feasibility and likely cost. We recognise that what is reasonably practicable for one telecommunications operator may not be for another, so any decision will have regard to the particular circumstances of the case. However, I cannot go into our relationships with individual companies, as the noble Lord will understand. It is important to understand that the Bill does not ban encryption or do anything to limit the use of fully encrypted services.
I thank the Minister for giving way. I think this is the first time I have heard the Government admit that the phrase “removal of electronic protection” does in fact refer to encryption.
I want to emphasise—and anybody in the cryptography industry will spell this out—that you cannot have it both ways. Either encryption is secure, or it is not; it cannot be insecure for a small group of users and secure for everybody else. Once encryption is weakened, it is weakened for everyone and once this is done at the request of the Government, it is available to all the people I listed earlier who would do us harm. I would also point out that there are a myriad of encryption products available outside the UK—ISIS has its own set, and I have seen the manual. There are any number of ways that people who want to use encryption for malign purposes can acquire it and use it in a way that UK companies cannot break.
Lastly, when I was at GCHQ, it seemed fairly relaxed about the threat of encryption because it is very confident that it can use the other means we have referred to, such as equipment interference, to get the unencrypted data it wants. But the main point, which the Government really do have to take on board, is that encryption is either strong or it is not. It cannot be partially strong—that is, strong for most and weak for the Government.
I shall of course reflect on those points, which I was already aware of. It is important to emphasise that any encryption arrangements that a communications service provider has not itself applied, or had applied on its behalf, would almost inevitably fall outside these provisions because it would not be reasonably practicable for the company to de-encrypt. Many of the biggest companies in the world rely on strong encryption to provide safe and secure communications and e-commerce, but nevertheless retain the ability to access the contents of their users’ communications for their own business purposes—and, indeed, those companies’ reputations rest on their ability to protect their users’ data. In many cases, we are not asking companies to do something that they would not do in the normal course of their business, but I note what the noble Lord has said.
Amendment 93 deals with the subject of end-to-end encryption more specifically. This matter was discussed in detail in another place, so I will reiterate what was said there to explain why this is not an appropriate amendment. I have already outlined the strict safeguards that will apply. This amendment is not necessary because the Bill makes absolutely clear that a telecommunications operator would not be obligated to remove encryption where it is not reasonably practicable for it to do so. It is important to highlight that the amendment would in many cases prevent our law enforcement and security and intelligence agencies from being able to work constructively with telecommunications operators as technology develops to ensure that they can access the content of terrorists’ and criminals’ communications. Depending on the individual company and circumstances of the case, it may be entirely sensible for the Government to work with them to determine whether it would be reasonably practicable to take steps to develop and maintain a technical capability to remove encryption that has been applied to communications or data. But the amendment would signpost to terrorists and criminals that there are communications services they can use to communicate with each other unimpeded and which the authorities will never be able to access. That cannot be right.
Amendments 108 and 109 propose changes to Clause 230, which provides for a telecommunications or postal operator to request a review by the Secretary of State of the obligations imposed on it by a technical capability notice or a national security notice. The Secretary of State must seek the views of the Technical Advisory Board—a group of experts drawn from the telecommunications operators and the intercepting agencies—and the Investigatory Powers Commissioner before deciding the review.
Amendment 109 seeks to insert the double-lock authorisation process into that review. I contend that this is unnecessary. The Government have an amendment which provides that the Secretary of State must initially consult the judicial commissioner on proportionality, and that the Secretary of State’s decision following the review must be approved by the Investigatory Powers Commissioner. As I have explained, if after consulting the commissioner and the Technical Advisory Board, the Secretary of State decides to confirm the effect of a notice or vary it, the Investigatory Powers Commissioner must approve that decision, so the amendment is not required.
Amendment 108 seeks to require the Technical Advisory Board to consider the consequences for others likely to be affected by obligations imposed by a notice. This proposal was first raised in the other place and, following discussion, considered to be unnecessary. I will briefly explain why. First, the Technical Advisory Board has a very specific role to play in advising the Secretary of State on cost and technical grounds. This role is reflected in its membership. Board members are drawn from the telecommunications industry and those persons entitled to apply for warrants and authorisations under the Bill. These experts are well placed to consider the technical requirements and the specific financial consequences of the notice. If they consider it appropriate, they may look beyond cost and technical feasibility, but those factors are rightly their focus.
The responsibility for considering the broader effect of the notice on the operator to whom it has been given sits with the judicial commissioner, and it is right that the commissioner has this role. As part of any review into the obligations set out in a notice, the commissioner must report on their proportionality. This would include an assessment of its consequences, both for the person seeking the review and for anyone else affected by it. Furthermore, the clause requires the commissioner to seek out the views of the person who has received the notice. The person will have an opportunity to raise any concerns regarding the effect of the notice with the commissioner for consideration, and the commissioner must report his or her conclusions to the person and the Secretary of State. In my view, and as concluded following discussion in the other place, the Investigatory Powers Commissioner is rightly placed to carefully assess proportionality as a whole. The amended wording would introduce unnecessary duplication and ambiguity over what the board and Investigatory Powers Commissioner are each considering.
Finally, allow me to turn to another part of the Bill. I welcome the intent of Amendment 129, which seeks to clarify the scope of the restrictions on the acquisition of internet connection records. The clarity that noble Lords intend to create with this amendment is already provided in the code of practice, and I hope I can reassure noble Lords that there are good reasons why this definition should not appear in the Bill. The Bill already contains definitions of “telecommunications service” and “communication” which make very clear that a communication can include messages between individuals, between individuals and machines, and between machines. This maintains the existing position in RIPA, and it is absolutely right that the powers and, indeed, safeguards in this Bill apply to all forms of communication.
Taken in its broadest sense an “internet communications service” is simply a telecommunications service that involves communication over the internet and it should rightly include all forms of internet communication. But in the context of internet connection records the term is used to mean services that facilitate communications between two or more individuals, like email or social networking websites. An “internet service”, by contrast, is any other communication service a person could connect to over the internet, including person to machine communications, such as a person accessing a website. This distinction is made clear in the code of practice, which is the appropriate place for it because the definition has a different meaning in other contexts in the Bill.
I hope that noble Lords will be reassured that the definition is contained in the code of practice. We are concerned that defining “internet communications service” on the face of the Bill in the way proposed could cast doubt on the scope of the Bill in so far as it applies to internet communication services more generally. For all the reasons that I have set out, I ask noble Lords not to press their amendments.
My Lords, the Minister spoke about what is possible and reasonable, but the point of our Amendment 93 is that a notice may not impose the requirement to build a facility that would break end-to-end encryption. We may need to return to this on Report, but it would perhaps be useful to have a discussion between now and then about imposing the requirement to build capacity to break end-to-end encryption.
I fear that the Minister is taking himself down a long cul-de-sac here, because the implication of what he is saying is that no one may develop end-to-end encryption. One feature of end-to-end encryption is that the provider cannot break it; encryption is private between the users at both ends. He seems to be implying that providers can use only encryption which can be broken and therefore cannot be end to end, so the next version of the Apple iPhone would in theory become illegal. I think that there is quite a lot of work to be done on this.
I was certainly not implying that the Government wished to ban end-to-end encryption; in fact, we do not seek to ban any kind of encryption. However, there will be circumstances where it is reasonably practicable for a company to build in a facility to de-encrypt the contents of communication. It is not possible to generalise in this situation. I am advised that the Apple case to which the noble Lord referred could not occur in this country in the same way.
(8 years, 4 months ago)
Lords ChamberPerhaps I may ask the Minister three questions. Do the Government have any problems with the way that PACE currently protects journalists’ sources? I ask this because many of the criticisms he made of this amendment with respect to potential tipping off would surely also apply to PACE. The second question is this: do the Government feel that this Bill protects the communications data of journalists as well as PACE currently does? Thirdly, what special protections do the Government say the Bill gives journalists with respect to equipment interference?
My Lords, the Government are clear that the regime provided for in the Bill is not inferior to the provisions of PACE. It requires that applications be made to a court for a production order on notice to the holder of the material. In the case of communications data the whole of the material is a telecommunications provider, not a journalist. We are therefore clear that nothing in the Bill enables the investigatory authorities to circumvent the protections for journalists’ sources contained in PACE. Indeed, in 2015 the Interception of Communications Commissioner conducted a detailed investigation into the allegations that public authorities had utilised RIPA to avoid the use of PACE and clearly rejected the claim. The amendments that we have made to the Bill combined with the other safeguards for acquiring communications data mean that the relevant considerations laid out in Schedule 1 to PACE are addressed on the face of the Bill.
(8 years, 4 months ago)
Lords ChamberI think the Minister will have to concede that the notion of democratic accountability is wafer thin because a Minister cannot come to Parliament to explain or defend what is being asked about—any warrant. I would like the Minister to explain to us why the four other partners in the “Five Eyes” network—that is, Australia, Canada, the US and New Zealand—find no need for this democratic accountability.
The “Five Eyes” partnership of Australia, New Zealand, Canada, America and the UK has been in existence since the Second World War. The UK is the only one out of those five that feels the need for Secretaries of State or politicians in general to be involved in authorising warrants. I was wondering why the UK has to stand out alone in that way.
It is really quite difficult for me to answer the noble Lord’s question on the “Five Eyes”: it has to be a question for the other members of that group. The approach we have taken is consonant with our general wish, as a country, to hold Ministers to account for important decisions taken about national security and privacy, rather than to consign those decisions to the court. Nevertheless, we believe there is a role for a judicial commissioner to approve what Ministers do. That double lock is the formula which most people in the other place were comfortable with. That is probably all I can say on that score. I hope that the noble Lord will reflect on the case of Lee Rigby, which is a good example of how a Minister was directly accountable to Parliament, albeit in secret session but nevertheless fully accountable to a committee of Parliament. I am sure there are other examples where that has occurred.