Data Retention and Investigatory Powers Bill Debate

Full Debate: Read Full Debate
Department: Home Office

Data Retention and Investigatory Powers Bill

Lord Blencathra Excerpts
Wednesday 16th July 2014

(10 years, 3 months ago)

Lords Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Blencathra Portrait Lord Blencathra (Con)
- Hansard - -

My Lords, I support the Bill, which is an essential stop-gap measure.

We must continue with our current powers and the 12-month retention period until we pass new legislation which tackles the so-called capability gap, deals with the vexed question of IP addresses and strikes a proper balance between the needs of the security services and the police on the one hand and the privacy of the individual on the other. For the moment, that means the Bill that we are considering today, and it means more Elastoplasts on the broken and bleeding RIPA 2000. Also, we must attempt to persuade our United States service providers to co-operate with us—the extraterritoriality clause.

I do not want to sound like a second-hand car salesman as I return yet again to extol the virtues of the report of the Joint Committee on the Draft Communications Data Bill, which I had the privilege of chairing 18 months ago. We were fortunate to have the noble Lords, Lord Armstrong of Ilminster, Lord Strasburger and Lord Jones, my noble friend Lord Faulks and the noble Baroness, Lady Cohen of Pimlico, as well as six excellent colleagues from the Commons. Our task was to scrutinise the draft Bill, which was then commonly known as the snoopers’ charter. We all started with some fairly strongly held beliefs, some of which we discovered were quite wrong, and we held widely different views on key issues. Nevertheless, we agreed on a unanimous report, which I commend to the House and the Home Office as a blueprint for new legislation to replace RIPA. It is only £15.50 and I have lots of remaindered copies.

To be fair, just after we reported, the Home Office showed me and the noble Lord, Lord Armstrong, the framework for a new Bill, which incorporated about 95% of the recommendations we made in the report. Unfortunately, that new draft did not find favour with all members of the coalition, but I will not be critical. However, it is essential that after the next election measures along the lines we suggested should proceed expeditiously. Why, you may ask? It is simply because RIPA is no longer fit for purpose and should not be the framework on to which we patch amendments to catch up with technological changes. The Home Office says that there is a capability gap of 25% in the information it collects now as compared to 2000. My committee was highly sceptical about that.

In 2000, I had a top-of-the-range Nokia phone which held about 100 phone numbers and 120 short text messages. I wish I had that phone back. In 2000, only 50% of UK adults had a mobile phone. In 2012, that figure was 92% with 81.6 million mobile subscriptions. What does your iPhone or Galaxy hold now? A thousand times more information, as it can also handle all web and e-mail traffic. Facebook was invented on 4 February 2004 and Twitter on 1 March 2006 and both have added billions of bits of new information to the airwaves. After Twitter was launched, we were told that it took three years before the billionth tweet happened. Now there are a billion tweets every two days, God help us. That is why my committee said that,

“the volume of communications data now available is vastly greater than what was available when RIPA was passed. The much quoted figure of a 25% communications data gap purports to relate to data which might in theory be available, but currently is not. The 25% figure is, no doubt unintentionally, both misleading and unhelpful”.

Clause 2 of the Bill defines “communications data” and gives them the same meaning as Section 21 of RIPA, but what exactly are communications data? There are three parts to this. First there are traffic data, identifying the location of the device to or from which the communication is sent. Secondly, there are use data, which are anything other than content about the use made of a service. Finally, there are subscriber data which are data, other than traffic or use, held by a service provider about the persons to whom it provides the service. Traffic and subscriber data are absolutely vital for law enforcement authorities, as we have all heard, since they give the location, name and address of the subscriber, their bank account details and stuff such as that. At least that was all they did in 2000, when half of communications were by land line. However, RIPA was drafted in such a way that every bit of information one supplies to a service provider is automatically classed as subscriber data unless it is in the narrow category of traffic or use data. Subscriber data have, therefore, accidentally become a catch-all for everything not called traffic or use. That is one major reason why there was widespread criticism of the draft Bill and why many people called it the snoopers’ charter.

However, there were other reasons. The original Bill was exceptionally widely drafted, for the best of intentions. That was a tactical mistake by the Home Office. It wanted to make the legislation technologically future-proof. Facebook and Twitter came out a few years after RIPA was passed and the Home Office, Ministers and many of us who served there know that although one can get a crime and justice Bill in nearly every Queen’s Speech, there was little likelihood of a new RIPA being passed every year. So the Home Office tried to make the legislation in the draft Bill as wide as possible, taking into account any new gizmo, widget, app or service that some brilliant geek might invent in his bedroom many years hence. Inevitably, that very wide scope concerned many people and rightly so. My committee said that no area of technology was moving faster than communications technology and that if Parliament wanted more control of legislation in this field, we had to have a very efficient means of annually, if necessary, amending the legislation to keep up with technological advances. That was the quid pro quo; if this House or the other place wanted narrowly focused measures requiring parliamentary approval, we had to give the Government a rapid mechanism to approve changes.

The other major tactical mistake that the Home Office made originally and later corrected—but by that time the damage was done—was not to spell out exactly what were the crucial bits of information it really wanted in the new measures. Opponents were rightly pointing out that the draft Bill wanted to capture and store every communication, including the content of all e-mails and records of every website visited. We were told that the reasons could not be revealed because of secrecy, hence the very wide drafting of Clause 1. Initially, the Home Office would not tell us what data types it was looking for. However, when we talked to the police and others, it soon became clear that 98% of the time they needed only location, name, address, bank details and numbers. This is basic traffic, use and subscriber data—the who, what and when stuff.

When applied to computers and the technology we have now, that meant three slightly different things. Subscriber data would include IP addresses, but that is no different, in principle, from telephone numbers. The second, highly contentious items we wanted were data identifying which services or websites are used on the internet up to the first forward slash. Thirdly, there were data from CSPs based overseas, which are addressed in Clause 4 of the Bill. The Home Office confirmed to my committee on 24 October 2012 that those three items were the capability gap it wanted to plug.

The extraterritoriality provision in Clause 4 attempts to deal with the difficulty of obtaining information and co-operation from giant service providers based mainly in California. I am with very distinguished and learned noble Lords but that clause is a little bit of wishful thinking. We are legally powerless to compel Google or Apple, or any of the rest of them in California, to give us information held on their servers outside the UK. However, in 2012, we heard fairly powerful evidence that they co-operated all the time with the British Government—nudge, nudge, wink, wink: we do all that co-operation stuff—but they wanted a comfort blanket of something judicial or semi-judicial that they could rely on. That is what they get in the States. The FBI gets a judge to approve a warrant and then the CSPs will hand over everything straightaway. So they wanted this fig leaf of some British warrant so that they could say to their customers, “We do not want to give anything away, we will keep everything secret, but we have this judicial warrant so we have to hand it over under the law”. It is great if they do that, but do not expect United States service providers to feel legally bound by the power we are putting in here. It is a good little fig leaf; it is ours and we should give it a go.

The one mega item that my committee wrestled with was internet protocol or IP addresses and web logs. There is deep division in the country and in Parliament about the state collecting and storing all these and how far that impinges on personal liberty. This is not the time to go into it but it is the core of the concerns raised about the earlier Bill. This Bill, rightly, does not touch on it, but we will have to return to this issue early in the next Parliament. My committee concluded that a new Bill should be drafted in such a way that this one item could be voted on in both Houses of Parliament and a definitive decision reached on it. We did not want it hidden away in some obscure legal or technical jargon that would cause suspicion of the Government’s motives, as well as confusing every single one of us who were supposed to vote on it.

I am proud to say that my committee was thorough and meticulous, not because of me but because of the others who served on it. We savaged the Home Office draft Bill and I make no apology for that. However, we drew up a framework for a better Bill. I pay tribute to Home Office Ministers and officials who rapidly took on board 95% of what we suggested. The noble Lord, Lord Armstrong, and I were fortunate enough to see some of the revised draft. That draft did not get full coalition support but, in my opinion, it dealt with all the problems. If that Bill were to be presented again, it could never be properly called a snoopers’ charter. It targeted the gap, narrowed the scope and built in protections.

Turning to Clause 7 and the independent reviewer, I shall send Mr Anderson our report since we have done most of the work for him—at least, on items concerning Clause 7(2)(b) to (f). We were not allowed, and we did not want to have, the power to comment on current and future threats to the United Kingdom. There is a clear case for new legislation to replace RIPA to give our security services, the police and others the powers that they need, but that has to be based on parliamentary approval of all aspects of all the powers. The public will consent to quite large levels of intrusion so long as the powers to do it are clear, open and proportionate, and have had proper democratic scrutiny. I hope that when Mr Anderson reports we will not be faced with a heavily redacted report on which the Government may wish to base the reasons for new legislation. That simply would not get through this House.

Noble Lords will be pleased to hear that that leads me to my final point. I think I heard the Home Secretary say that there will be a scaling back of the organisations that could get access of some sort to the data. On our committee, I think we were all surprised and appalled to discover that more than 600 organisations, including 400 councils, could use RIPA to access data. None of them is in RIPA except the police, SOCA, which is now the National Crime Agency, HMRC and the security services. That was another fundamental presentational mistake that the Home Office made and is still making. We have the repeated mantra from Ministers and the Government that access to communications data is essential to deal with terrorists, paedophiles and serious crime, and that these organisations need the exceptional powers granted in RIPA to deal with them. We all agree on that and there is no argument there. But when one finds that local councils are included as relevant authorities, and that one used RIPA to catch out a parent outside a school catchment area, and that others use it to catch fly tippers, no wonder people simply do not believe that the Government were thinking only of taking exceptional powers to deal with terrorists, paedophiles and serious crime.

Among the 200 other organisations is my favourite bête noire: the Defra egg inspectorate is on the list because its job, through its Veterinary Medicines Directorate, is to investigate the serious crime of stamping the little lion on the wrong eggs. I kid you not. I checked on the website this morning and—I do not know how this can be put in HansardI can give the Minister the pages from the website, including the picture of the little lion on the eggs. That is still being done. I make that slightly silly point because these organisations are on the list and they undermine the argument that we need RIPA powers to deal with the serious crimes. I ask the Minister to get rid of all these other organisations, which account for less than 2% of the access requests to RIPA but do enormous discredit to the main argument. I know that they cannot get access to intercepted communications data and that they are more limited in what they can get access to, but they get some form of access. Let us restrict the new RIPA powers to the police, the security services, the FSA, the NCA, HMRC and the United Kingdom Border Agency—the big players. If we do that, we will go a long way to removing the snoopers’ charter label. The British people and this Parliament will be happy to grant exceptional powers to these important organisations to access all data if it is to catch terrorists, paedophiles and serious criminals. But the quid pro quo is that they, and only they, should have access to these powers. I appreciate that some of these matters are not for this Bill but they are part of the broken and bleeding sore that is RIPA just now and which this Bill is trying to patch up. We need the Bill but we need a new RIPA even more. I apologise for taking so long.