Investigatory Powers Bill
Debate between Lord Harris of Haringey and Baroness Hayter of Kentish Town(8 years, 4 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Harris of Haringey
My Lords, as I said earlier in Committee, it is important that, in assessing any proposal made in the Bill, we strike the balance between the need for it and any possible negative consequences, and whether that may weaken the security of a device, enabling the malign elements, as opposed to benign, to penetrate systems. As I understand it, the purpose of the amendment is to try to ensure that that balance is clear in the Bill. It would place an obligation on those seeking warrants and those considering them to look at whether that balance has been struck and ensure that it has.
It is reasonable for those seeking warrants to demonstrate that they have considered whether there are any negative consequences of the action they are prepared to take, particularly if it leads to a weakening of the general security of a wider system that may mean it is prone to attack from cybercriminals or others accordingly, or that there is likely to be a large amount of collateral damage in other people’s information being made available to the authorities.
I make it clear that I do not think the fact that the information of other people who are not the purpose of a warrant may be compromised is necessarily a reason why we should not proceed with this. It should be balanced with the consequences. For example, I can conceive of circumstances where a warrant might be sought for a machine in an internet café. Clearly, that is because certain individuals are thought to be using it. In any application I would want consideration to be given to what would be done about those other, presumably entirely innocent individuals who might use the same machine.
I am concerned that, as part of the process, there should be consideration of the downsides of a particular application: whether it is weakening the system or interfering with the privacy of other people who are not specifically targeted. If either is the case, there should be clear consideration of what can be done to minimise those risks. The fact that another person is not the subject does not necessarily mean that it should not be proceeded with. It is a matter of proportionality—the benefits that will be gained from the action being taken and whether those are properly considered by those making the application and those considering whether to approve it. For those reasons, the amendment is broadly helpful. I hope that Ministers may be prepared to accept this or something like it to provide that assurance.
Baroness Hayter of Kentish Town (Lab)
My Lords, I added my name to Amendments 159 and 160. Amendment 164 is in my name and that of my noble friend Lord Rosser. Our points are much the same as those made by my noble friend Lord Harris. I do not think there will be planting of evidence, for example. Our concern is much more about the risk to any public cybersecurity system, and we would want that to be taken into account. These amendments follow the recommendations of the Joint Committee. The idea is to minimise any potential risks. If, for example, the Secretary of State has to take into account any risk to the security and integrity of the networks, that by itself will ensure that any applicant sets that out in the form they submit. We hope the Government will respond, as my noble friend Lord Harris said, not necessarily by using these exact words but in the spirit of these amendments in order to retain overall security.
Investigatory Powers Bill
Debate between Lord Harris of Haringey and Baroness Hayter of Kentish Town(8 years, 4 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Baroness Hayter of Kentish Town
My Lords, Amendment 93 stands in my name and that of my noble friend Lord Rosser and is on the same issue of encryption. Encryption is fundamental to keeping the whole of the digital economy safe and secure. It is widely used by business, government and consumers to protect sensitive and confidential information and as a building block in the advanced security technology which has been described.
The undermining of encryption would not simply mean that the communications of criminals could be read more easily; it would risk creating a major vulnerability in the security infrastructure, which could be exploited by various malicious actors, be they criminal gangs or rogue states. So it is important for this economy and for all the financial and other businesses that depend on it that the foundations of encryption technology remain absolutely firm.
There will be times when state security undoubtedly needs access to encrypted information for a specific investigation. This is not the problem. The problem is whether the Government would ever require a company to engineer such access, enforcing the company to create a model which, if then followed by other nations with perhaps less security than ours, would lead to a lowering of standards. We welcome the statement by the Government that they do not require industry to build back doors into their encrypted products. The Bill as it stands is perhaps not as clear as the commitments the Government have made.
Clause 226 risks making encryption intrinsically weaker if a company could be asked to build the ability to break the encryption. Amendment 93 seeks to address that. We hope the Government will understand that, when the request is made, they should not ask a company to develop a new way of breaking encryption that is not already within its ability. At the moment, the clause implies that, where companies that did not have the ability to remove the protection were issued with a notice, they would be required to build that capability so as to adhere to the notice. That is worrying the companies because of the general undermining of encryption. End-to-end encryption is essential to protect sensitive personal, commercial and security information. I think the Government share our concern that we should maintain that.
The thrust of Amendment 93 makes it explicit that a company would be required to remove the electronic protection only where it had the current capacity to do so and that it should not have to engineer it. We hope it will be accepted by the Government.
Lord Harris of Haringey (Lab)
My Lords, first, I should draw attention to my interests in the register on policing and counterterrorism matters. Secondly, I should make clear that my starting point on the Bill is that it is important that the developing gaps in access to communications data are addressed to protect the nation against all sorts of threats.
In any set of counterterrorism or counterespionage measures, or whatever else it might be, you have to look at the balance and weigh the benefit to the nation in protecting its citizens by having those powers against the potential downside or consequences of exercising them.
When we come to the question contained in this group of amendments—essentially about enabling or requiring companies to break the apparent encryption—we have to look carefully at the potential downsides presented by this. The first downside, or danger, is that by enabling this to happen—by creating the mechanism and requiring companies, as my noble friend Lady Hayter said, to make new arrangements so that encryption can be broken—you create a back-door mechanism. This would be available not just to the forces of good—those who are trying to protect all our security—but to cybercriminals and those who would do us ill. Therefore you need to weigh clearly what you are trying to do against whether you are creating something that will make it easier for criminals and those who would do us harm.
The second element is the extent to which what we do in this country sets a precedent that will be seized in other countries, whose interests may not be the same as ours or as positive as ours towards their citizenry. If we create that precedent, what is to prevent Governments in other countries saying that they want the same powers and therefore doing the same? That test has to be applied to quite a number of the measures in the Bill. As I say, my starting point is that I want the state to be able to fill the gap in its access to communications data that is emerging and opening up. However, I want to hear from the Government a clear explanation of why in this set of cases the benefits outweigh the potential disbenefits.