Lord Katz
Main Page: Lord Katz (Labour - Life peer)Department Debates - View all Lord Katz's debates with the Home Office
(1 day, 12 hours ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Davies of Gower (Con)
My Lords, I thank the noble Lord, Lord Clement-Jones, for bringing back his amendment on Report. His Majesty’s loyal Opposition retain our support for his measures, and I thank him for continuing his campaign.
I understand that the Minister refrained from supporting the amendment in Committee for fear of unnecessary duplication of legislation. I gently urge him that this provides an opportunity for the opposite. It is common practice across Governments to use new legislation to amalgamate old pieces of legislation into a single draft. This seems the perfect time to do so with digital identity theft.
There is an array of Acts that creates a puzzle from which a digital identity theft offence appears, but it is somewhat distorted, if not fragmented. At least five Acts cover areas of digital identity theft; a wide purview is by no means a bad thing, but they were all designed for a different age. Just reading out the years of our primary Acts demonstrates this: 1968, 1990, 2006 and 2010. Even the Data Protection Act 2018, the most recent application, is for an era without AI.
It is not worth repeating the statistics that we have heard throughout the course of the Bill. A simple fact will suffice: 60% of all fraud cases are identity fraud, and the recent increase has been driven by the internet and artificial intelligence. The Government talk about being ahead of the curve on AI safety and online regulation. That is commendable, but to claim one thing and then refuse to act on it is not. I hope the Minister can at least acknowledge the scale of digital identity theft and its growing prevalence. If he cannot support it now, I hope that he will commit to look into it in the future.
Lord in Waiting/Government Whip (Lord Katz) (Lab)
My Lords, I am grateful to the noble Lord, Lord Clement-Jones, for returning to this important matter. As I set out previously, although digital identity theft is not a stand-alone offence, the behaviour the noble Lord highlights is already captured by existing legislation. Indeed, the noble Lord, Lord Davies of Gower, predicted some of the response that I would give; it has not changed hugely since Committee. This includes the misuse of personal sensitive identifiable information. The Fraud Act 2006 criminalises the use of another person’s identity with the intention to gain or to cause loss. Unauthorised access to personal data, including biometric information, is covered under the Computer Misuse Act 1990.
I fully recognise the concerns raised, which is why the Government are already taking clear action. The new Report Fraud service has replaced Action Fraud, giving victims improved reporting tools and providing police with stronger intelligence and better support pathways. A full review of police skills has been completed and its recommendations will be reflected in the upcoming fraud strategy, which the noble Lord, Lord Clement-Jones, will be pleased to know will be published imminently.
Baroness Coffey (Con)
I am actually very pro-digital ID, as long as it is not mandatory, but one of the things to improve take-up is the fear that people will have fraud committed against them. This amendment introduces an offence not necessarily to reduce the likelihood of that, but to provide potential weapons that can be used against criminal forces. That is why I am so keen on this amendment.
Lord Katz (Lab)
While I understand the point the noble Baroness is making, I do not want to presage the content of the fraud strategy, which will be upon us really quite soon, or indeed what is in the legislation that will introduce national digital ID. I absolutely take the point that some people want to encourage digital ID because it gives security of identity in a digital form for deployment in a number of different areas, whether claiming a benefit, voting or whatever use it may offer—I will stop there because my expertise on digital ID does not extend much further. All I will say is that, given the comments I have already made about the Fisher review and the forthcoming fraud strategy, which will address emerging fraud risks, including identity theft, I hope that the noble Lord is content to withdraw his amendment.
Lord Clement-Jones (LD)
My Lords, I thank the Minister for his response. I thank the noble Baroness, Lady Coffey, and very much appreciate what she had to say. In particular, I thought the phrase “precious digital identity” was extremely important, as well as her reference to deepfakes. I also thank the noble Lord, Lord Davies of Gower, for his support. As he rightly identified, I said 59% and he rounded it up to 60%. That is the figure for the percentage of identity fraud in our landscape.
The noble Baroness, Lady Coffey, said that the Government need to answer what they are planning to do. The Minister threw the kitchen sink at that question but did not really answer it. We have police training in AI and digital, but I am not sure what I am expected to understand when he starts off by saying there is perfectly adequate criminal law on this, but then tells me that they will look very carefully at this as part of the Fisher review. Which one is the answer that I should take from the Minister—that he is taking it seriously or that he is not?
We seem to keep getting the same answer. The Minister starts off by saying that there is enough criminal law to cover this—completely contradictory to the Fraud Act Select Committee—and on the other hand he says that the review will consider this very carefully. That is a series of mixed messages, quite apart from the fact that the police will prioritise their response to digital crime. How will they prioritise their response to digital crime without the tools they need—i.e. a proper criminal offence of digital identity theft?
There is some confusion on the part of the Government. I still think they have not taken this seriously, and our citizens will suffer as a result, particularly in the age of AI, which both the noble Baroness, Lady Coffey, and the noble Lord, Lord Davies, were clear about.
If I wanted to talk to the Chief Whip or the government roster at this time of night, or if we were in prime time, I might push it to a vote. But I will not; I will withdraw the amendment.
Lord Cameron of Lochiel (Con)
My Lords, I am grateful to the noble Lord, Lord Clement-Jones, and the noble Baroness, Lady Doocey, for bringing back this amendment on Report. As was our position in Committee, we recognise the need to update the Computer Misuse Act 1990 and bring it in line with the online reality in which we now live, 36 years after the Act.
I am grateful that, in Committee, the Minister acknowledged the need for the Government to examine the pro-innovation regulation of technologies review by the noble Lord, Lord Vallance, and come to their own conclusions. He was right then that it is entirely reasonable to expect cyber security to be updated with the growth in internet use and the corresponding growth in cyber attacks.
Little more needs to be said, other than that we support the intentions of the noble Lord, Lord Clement-Jones. I hope that the Minister will be able to update the House on the changes to the Act that the Home Office has considered.
Lord Katz (Lab)
My Lords, I am once again grateful to the noble Lord, Lord Clement-Jones, for his amendment and for returning to this very important subject. I am also grateful to the noble Baroness, Lady Coffey, the noble Lord, Lord Fuller, and the noble Lord, Lord Cameron of Lochiel, for contributing to this short but vital debate. I thank the noble Lord, Lord Clement-Jones, for taking the time last week to meet with myself and officials to discuss this issue.
Cyber security professionals play a crucial role in protecting the UK’s digital systems. I support the intention behind this amendment; we broadly agree on the benefits of introducing a statutory defence. That is why we have been developing a limited defence to the offence of unauthorised access to computer material, provided for in Section 1 of the Computer Misuse Act, that will allow trusted cyber security researchers to spot and report vulnerabilities in a responsible manner.
We have made significant progress in shaping a proposal, but some details, including ensuring adequate safeguards, still need refinement. To date, we have briefed over 100 industry and expert stakeholders, including both cyber security firms and system owners, to finalise the approach. Engagement to date has revealed strong support for reform, alongside clear calls to ensure that the defence is workable for a range of cyber security researchers. We will provide a further update once that work is complete.
The noble Lord, Lord Fuller, said that the principle of a limited statutory defence risks creating a hacker’s charter. I stress that we are working with the whole industry—including, of course, the system owners—to develop a nuanced approach that is future-proofed and allows for responsible work in this area.
I reassure the noble Lord, Lord Clement-Jones, that the Government intend to legislate for a statutory defence against Section 1 of the Computer Misuse Act once this work has been completed and when parliamentary time allows. We are not quite there yet, so this Bill is not the right vehicle, but we are committed to delivering a solution that is proportionate and practical for both researchers and law enforcement. Like his colleague on the Liberal Democrat Front Bench—the noble Baroness, Lady Pidgeon—did earlier, the noble Lord tempts me to somehow forecast what might be in a future King’s Speech. I cannot be that precise.
As a possible response, the noble Lord mooted the Cyber Security and Resilience (Network and Information Systems) Bill, which will be a carry-over Motion. I am not going to get into the detail of that tonight, but I am very keen that we stay in communication. The noble Lord has asked some complex questions. He is going to write to me, and I am very happy to respond in kind. In light of the progress we made at the meeting we had last week, and the progress we were making on developing a proposal that has acceptance across the industry and is future-proofed and nuanced—we are, of course, very keen to continue the dialogue—I hope the noble Lord will withdraw his amendment.
Baroness Coffey (Con)
The Minister just said that he will exchange correspondence with the noble Lord. Will he make sure that that is copied to everybody who is participating in this debate?
Lord Clement-Jones (LD)
I thank the Minister for his response, and the noble Baroness, Lady Coffey, and noble Lord, Lord Fuller, for their contributions. As the Minister says, this defence is at the behest of the cyber security industry. That is a very important point. This is not just a group of hackers who have decided that they need to cover their tracks; this has long been demanded by the cyber security industry. I very much hope that when the industry sees the policy paper produced by the Government, it will see that the movement towards a defence is constructive and particular and does not have the kind of loopholes that it fears.
I thank the Minister for his reassurances about future legislation. I am obviously in very good company with my noble friend in providing temptation for the Minister about the King’s Speech. We look forward to the future legislative opportunities that the Minister has described. In the meantime, I withdraw my amendment.