(8 years, 1 month ago)
Lords ChamberI take on board what my noble friend is saying. I fully accept the distinction he makes but, basically, although I am a customer of some of these companies, I do not trust them—they will tell us that this has been built in and is secure, but do deals with those other regimes.
My Lords, there have not been very many points in the course of this legislation on which I have agreed with the noble Lord, Lord Strasburger, but on this point I do. Amendment 252A raises a very interesting and important point.
Although I am absolutely in favour, as you would imagine, of the Government having the opportunity to access the communications of anybody who is a threat to us—due to terrorism, criminal activities or anything of that sort—there is a competing national security issue here of this country having effective cybersecurity. We have seen the way in which hostile Governments have been seeking to intervene in the American elections, and we have seen all sorts of attempts by hostile states, criminal groups and others to use cyber weaknesses to take forward hostile agendas. Therefore, there is a genuine national security interest in ensuring that, as far as we can, our citizens can communicate securely and privately when they are not going about mischievous business.
The idea that we should take into consideration the requirement not to place non-targeted customers or others at additional security risk is an entirely legitimate one, and I am very interested to hear how the Minister would want to interpret this. We have competing national security issues here and it is a point well made.
My Lords, we have had some rather good discussions with the tech companies. In Committee, we put in some of the amendments that they suggested to us, and some of the government amendments we have been dealing with over the past few days reflect that. I thank the tech companies for their very responsible attitude in continuing discussions with the Government over this period. Certainly with us they have been open, flexible and fairly straight as to what is possible and what the dangers are for them—for example, and as we have discussed, whether a weakness in end-to-end encryption could actually undermine the security that banks and others rely on in their systems—and for their clients, public confidence and national security. The companies recognise that they have a duty of care and loyalty to their customers, while fully respecting the law of the land in which they operate and the legal demands on their staff, wherever they are located.
In their discussions with us, companies have sought clarity that they will not be asked, effectively, to create a new system that would breach end-to-end encryption. They need this clarity for their shareholders and customers’ peace of mind because the reality is that they could never be forced to create a new computer program to hack their own security. I for one cannot imagine the noble Earl, Lord Howe, or anyone else standing over a hapless computer programmer shouting, “Break into it!”, if that company did not want to do it or the computer genius was on a go-slow that day. The idea that you could force somebody to create a program that the company and the employee did not want to is probably not possible.
Given that, the reality is that the things the Government want to ask will happen only when there is a good working understanding between the security services and the company. Therefore, if the tech companies want this clarity as set out in Amendment 251—as we know they do—our interest is to hear from the Minister just what the obstacles are to giving them the clarity that they seek.
(8 years, 4 months ago)
Lords ChamberMy Lords, I was slightly puzzled by the comments from the noble Lord, Lord Paddick, suggesting that the National Crime Agency did not support these powers. The implication was—
I did not say that. Perhaps I can assist the Committee. What I said was that the security services—MI5, MI6 and GCHQ—have told me, in my visits to those agencies, that they do not require the retention of internet connection records for them to carry out their very important work around national security and serious crime. It is not the case, nor did I state, that the National Crime Agency does not support this measure. The National Crime Agency has supported it in its presentations to me. I have been to the National Crime Agency twice, because it failed to convince me the first time, and I am sad to say that it did not convince me the second time either.
I apologise if I misunderstood the reference to GCHQ and the National Crime Agency and the way in which that was phrased. I ought to declare that I am a former non-executive director of the National Crime Agency. I have been very affected in my thinking on this by the extent to which every law enforcement agency that I have spoken to, in particular the National Crime Agency, seems to believe that this is a very necessary power to enable it to have the evidential ability to pursue serious crime. That is where the distinction lies between the intelligence agencies, which are not seeking this as an evidential tool, and the National Crime Agency and other law enforcement bodies, which see it as an evidential necessity. Depending on a relationship between the NCA and GCHQ within the National Crime Agency seems an unlikely way around this. If there is an evidential requirement, we should put that in the Bill and provide it to law enforcement, rather than relying on GCHQ to provide it by some particular piece of machinery within the NCA, because that would not then be available to all those who might need it within law enforcement.
This is also relevant in terms of why, or the extent to which, other countries have not gone down this road. There is plenty of evidence that the United Kingdom has been considerably more successful, particularly in the pursuit and prosecution of paedophile crime online, than a number of other jurisdictions. That is partly because we have provided appropriate powers to law enforcement to be able to pursue this. The UK has been much more successful in terms of prosecution figures for very similar situations to those facing some European countries. We should continue to provide the powers that enable the UK to pursue those sorts of crimes, which are at the moment an absolute wave hitting the law enforcement community. If we do not provide it with the powers, we will leave a situation where very many people who have committed online paedophile crime are not prosecuted. From my point of view, that certainly does not seem a satisfactory way forward.
I am also slightly cautious about the argument that people can always get round this and that anyone applying their best security would not get caught. Almost all investigation, whether intelligence or criminal, relies on those who are criminals or threats to our security not being as good at what they are doing as they hoped. To say that we should not introduce powers because they are not infallible and that if someone applied all security measures they might be able to get around them would mean that we would provide very few powers to either the intelligence services or law enforcement agencies, because someone somewhere might be able to avoid them. Most people, most of the time, do not apply all the security that they could when they are undertaking either national security threats or crime. That is why we can catch them. We should provide as many powers as we can to catch these people before they damage us, and prosecute them afterwards.