Lord Clement-Jones
Main Page: Lord Clement-Jones (Liberal Democrat - Life peer)Department Debates - View all Lord Clement-Jones's debates with the Home Office
(1 day, 12 hours ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Clement-Jones
“Digital identity theft(1) A person commits an offence of digital identity theft if—(a) the person obtains, or attempts to obtain, personal or sensitive information relating to an individual, including but not limited to passwords, identification numbers, credit card numbers, national insurance numbers, biometric data, or other unique digital identifiers, and(b) the person intends to use this personal or sensitive information to impersonate that individual, or to enable another person to impersonate that individual, with the purpose of carrying out any transaction, activity, or communication in their name without their consent or lawful authority.(2) For the purposes of subsection (1)—(a) “personal or sensitive information” refers to any data, whether digital, physical, or otherwise, that can be used to identify, authenticate, or impersonate an individual;(b) “obtains” includes acquiring, accessing, collecting, or otherwise coming into possession of such information.(3) A person guilty of an offence under this section is liable—(a) on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine, or both;(b) on conviction on indictment in England and Wales, to imprisonment for a term not exceeding five years or to a fine, or both.”Member’s explanatory statement
This amendment creates an offence of digital identity theft.
Lord Clement-Jones (LD)
My Lords, Amendment 366 also stands in the name of my noble friend Lady Doocey. I have been a persistent—or is it insistent?—advocate for a specific offence of digital identity theft for many years. There is currently no criminal offence of identity theft in England and Wales—none. A fraudster can harvest your biometric data, clone your digital identity and impersonate you across multiple platforms, and at the moment of those acts they have committed no specific crime. The law does not intervene until after the damage is done.
Lord Katz (Lab)
While I understand the point the noble Baroness is making, I do not want to presage the content of the fraud strategy, which will be upon us really quite soon, or indeed what is in the legislation that will introduce national digital ID. I absolutely take the point that some people want to encourage digital ID because it gives security of identity in a digital form for deployment in a number of different areas, whether claiming a benefit, voting or whatever use it may offer—I will stop there because my expertise on digital ID does not extend much further. All I will say is that, given the comments I have already made about the Fisher review and the forthcoming fraud strategy, which will address emerging fraud risks, including identity theft, I hope that the noble Lord is content to withdraw his amendment.
Lord Clement-Jones (LD)
My Lords, I thank the Minister for his response. I thank the noble Baroness, Lady Coffey, and very much appreciate what she had to say. In particular, I thought the phrase “precious digital identity” was extremely important, as well as her reference to deepfakes. I also thank the noble Lord, Lord Davies of Gower, for his support. As he rightly identified, I said 59% and he rounded it up to 60%. That is the figure for the percentage of identity fraud in our landscape.
The noble Baroness, Lady Coffey, said that the Government need to answer what they are planning to do. The Minister threw the kitchen sink at that question but did not really answer it. We have police training in AI and digital, but I am not sure what I am expected to understand when he starts off by saying there is perfectly adequate criminal law on this, but then tells me that they will look very carefully at this as part of the Fisher review. Which one is the answer that I should take from the Minister—that he is taking it seriously or that he is not?
We seem to keep getting the same answer. The Minister starts off by saying that there is enough criminal law to cover this—completely contradictory to the Fraud Act Select Committee—and on the other hand he says that the review will consider this very carefully. That is a series of mixed messages, quite apart from the fact that the police will prioritise their response to digital crime. How will they prioritise their response to digital crime without the tools they need—i.e. a proper criminal offence of digital identity theft?
There is some confusion on the part of the Government. I still think they have not taken this seriously, and our citizens will suffer as a result, particularly in the age of AI, which both the noble Baroness, Lady Coffey, and the noble Lord, Lord Davies, were clear about.
If I wanted to talk to the Chief Whip or the government roster at this time of night, or if we were in prime time, I might push it to a vote. But I will not; I will withdraw the amendment.
Lord Clement-Jones
“Defences to charges under the Computer Misuse Act 1990(1) The Computer Misuse Act 1990 is amended as follows.(2) In section 1, after subsection (2) insert—“(2A) It is a defence to a charge under subsection (1) to prove that—(a) the person’s actions were necessary for the detection or prevention of crime, or(b) the person’s actions were justified as being in the public interest.”(3) In section 3, after subsection (5) insert—“(5A) It is a defence to a charge under subsection (1) to prove that—(a) the person’s actions were necessary for the detection or prevention of crime, or(b) the person’s actions were justified as being in the public interest.””Member's explanatory statement
This amendment creates defences to charges under the Computer Misuse Act 1990.
Lord Clement-Jones (LD)
My Lords, Amendment 367 is also in the name of my noble friend Lady Doocey, and there is rather better news on this amendment as a result of conversations with the Minister. I warmly welcome the significant movement the Government have made in this area. This is reflected both in the recent policy paper on introducing statutory defences into the Computer Misuse Act, which they have shared with me, and in the constructive meeting I recently held with the noble Lord, Lord Katz, for which I thank him.
The principle we have long championed, that a cyber security researcher’s intent and motivation should be a relevant factor in law, has finally been acknowledged. As the industry has told us for decades, the 1990 Act is a relic of a different era. It was drafted when only 0.5% of people used the internet. It is now being asked to govern a world of generative AI and industrialised cyber warfare. Its current blanket prohibition on unauthorised access makes no distinction between a malicious hacker and a white-hat security researcher. Under current law, our cyber defenders are forced to operate with one hand tied behind their backs, fearing prosecution for the very activities that keep our national infrastructure resilient. This is not just a legal anomaly; it is a direct threat to UK resilience.
However, while the policy paper is a major step forward, we must ensure that it results in robust statutory protection, not just a vague promise of prosecutorial discretion. Reliance on the good faith of prosecutors is not a long-term solution for an industry that requires absolute legal certainty. Our amendment would provide that framework—a defence where actions were necessary for the detection or prevention of crime or justified in the public interest.
I ask the Minister to address some of the following critical concerns arising from the Government’s own policy paper. Because of the time of night, I am going to abbreviate it to give him the headings and write to him subsequently. First, the accreditation bottleneck is a national security risk. The whole question of having to have chartered-level UK Cyber Security Council accreditation will create a bottleneck. The definition of “suitably qualified” suggests that only those with membership of professional bodies such as the UK Cyber Security Council will be valid, but will it recognise in due course that those with established industry experience, who may not hold formal academic credentials, will also qualify? The “no supervision” rule is operationally unworkable, and the scope of non-intrusive activity seems somewhat random.
The vulnerability duty creates a legal trap. The paper requires a researcher who discovers a vulnerability to make all reasonable efforts to report it to the system owner as soon as practicable, but the paper itself acknowledges the difficulty of identifying system owners.
The bug bounty market is under threat. The paper prohibits permitted persons from requesting or demanding payment for reporting a discovered vulnerability. The global bug bounty market, where organisations invite researchers to find and responsibly disclose flaws in exchange for payments, is worth hundreds of millions of pounds and is a cornerstone of modern cyber defence. The paper’s drafting risks chilling this entire ecosystem.
Then we have statutory versus non-statutory protections. The paper acknowledges that reliance on the good faith of prosecutors is not a solution. Can the Minister commit to placing these defences in the Bill during this Session? If not, what vehicle do the Government envisage? Could the upcoming Cyber Security and Resilience (Network and Information Systems) Bill accommodate this reform? We need a clear answer on the legislative timetable.
The paper does not seem to cover the public sector—the National Cyber Security Centre itself—yet the proposed defence appears directed entirely at privately accredited individuals. That is a question that needs answering.
We cannot allow technological development to race ahead of democratic deliberation. Our cyber security professionals need the clarity of the law to protect the UK in 2026 and beyond. I very much hope that this is a moment of genuine policy momentum, so let us produce legislation that is workable, inclusive and legally certain. I am very hopeful that the Minister will continue the dialogue over this policy paper. I beg to move.
Lord Clement-Jones (LD)
I thank the Minister for his response, and the noble Baroness, Lady Coffey, and noble Lord, Lord Fuller, for their contributions. As the Minister says, this defence is at the behest of the cyber security industry. That is a very important point. This is not just a group of hackers who have decided that they need to cover their tracks; this has long been demanded by the cyber security industry. I very much hope that when the industry sees the policy paper produced by the Government, it will see that the movement towards a defence is constructive and particular and does not have the kind of loopholes that it fears.
I thank the Minister for his reassurances about future legislation. I am obviously in very good company with my noble friend in providing temptation for the Minister about the King’s Speech. We look forward to the future legislative opportunities that the Minister has described. In the meantime, I withdraw my amendment.
Lord Hogan-Howe (CB)
I rise briefly to support this amendment. This country has been good at reducing fires. It has done it by designing things and places not to burn. We have never had the same determination about designing things not to be stolen. This is all about preventing crime by design. The secondary feature is that people do not tend to steal things that have no value. There are a lot of negatives, but fundamentally, if it has value, people will steal it. They do not steal it to deprive you of it but to sell it, often to fund their drug habit. This amendment is all about taking the value out of the stolen phone.
There is some success at the moment, in that some of these phones cannot be reactivated on UK systems, but as we have heard from the noble Lord, Lord Jackson, they are getting activated abroad. It is hard to stop them going abroad; very small portable devices put in containers are hard to discover. Although it was mentioned that the Met and others are having good success with drones and chasing, I guarantee that one day somebody will get badly hurt—either one of the people being chased or one of the cops. Chasing is, inevitably, dangerous. This is about stopping the chase and stopping the crime.
The 70,000 crimes mentioned by the noble Lord, Lord Jackson, will be a bare minimum. Many people do not bother reporting them. There is no need to report them for many people. Sometimes they lose them in embarrassing situations, and they certainly do not report it then. We are talking about a large amount of crime that can have something done to prevent it.
My final points are these. There is no incentive at the moment for the phone companies to stop this crime, because when you lose your phone or have it stolen, you buy another one from them. The £50 million-worth of phones that the noble Lord, Lord Jackson, mentioned means £50 million more for the providers of the phones. So why would they stop it? All they have is more business coming through the door. The business model is not helpful to preventing crime.
It is a common-sense measure. It is well thought out. The amendment looks like it will work, given its extent and comprehensiveness, and nobody has a better idea; or, if they have, I have not heard it. This does not cost the Government anything. It will possibly cost the manufacturers, but it will be marginal to the costs and profits they have already. It is a really good idea. It helps the police a bit, but it mainly helps the victims as it reduces their number. It means that you can walk down the street, come out of the Tube, take your phone out and not have somebody whip it out of your hand.
My final point is that it is not just about theft. Often people are injured when their phone is taken—it is violence as well as theft. Particularly with vulnerable victims, nobody knows where it will end. It can end up with a murder or a very serious crime. If we can do something about this, it will have an impact. It is achievable, and I recommend that the Government, if they do not accept the amendment, try to find a way to do it in the future.
Lord Clement-Jones (LD)
My Lords, I rise to support Amendment 368 from the noble Lord, Lord Jackson, on which he has campaigned so strongly. It addresses a crime that has become a blight on our streets: the industrialised theft of mobile devices. We must remove the profit motive from street crime. If a phone is useless the moment it is stolen, the thefts will stop. California proved it and the technology exists; the only thing missing is the will to legislate. I urge the Minister to move beyond collaboration and accept the amendment.
