Lord Paddick
Main Page: Lord Paddick (Non-affiliated - Life peer)Department Debates - View all Lord Paddick's debates with the Home Office
(9 years, 4 months ago)
Lords ChamberMy Lords, it has been a very interesting debate and one that will obviously help inform the upcoming debates on the investigatory powers Bill. I also very much welcome the Government’s approach of publishing a draft Bill and having pre-legislative scrutiny by a committee of both Houses of Parliament.
I am a Liberal Democrat and the House would expect me to put privacy and the rights of the individual front and centre of my contribution—and I will not disappoint the House. I was also a police officer for over 30 years, albeit having very little to do with the investigation of terrorism. However, 10 years ago, to the day, I fronted press conferences as the Metropolitan Police spokesman following the 7 July bombings. I subsequently went round London and spoke to police officers who had gone down on to the tracks in the Underground stations, tending to the seriously injured and recovering the bodies. I know the consequences of terrorism, but I also know that, as one noble Lord has already said, even with unlimited resources, state-of-the-art technology, the dedication, professionalism and experience of the security services and the police of this country, which are second to none, and with legal powers that would be a counterterrorism officer’s dream, atrocities like 7/7 could still happen. Anyone who argues that if we had this or that legislation we would all be safe is being dishonest.
Terrorism has changed in nature, even during my time as a police officer. The IRA was like an army— it was a hierarchical organisation that could be infiltrated. Fixed-line and mobile communication data, including text messaging and who was contacting whom, from where and at what time, could easily be accessed because mobile phone service providers need this information so that they can bill the customer. As Anderson says, quoting from one of the Snowden documents, we were in a “golden age” in terms of the accessibility of intelligence—never before had the police and the security services had such a wealth of information about the communication between criminals, terrorists or otherwise.
Some noble Lords talked about the level of threat. The noble Lord, Lord King of Bridgwater, quoted a former head of the Security Service, the noble Lord, Lord Evans of Weardale, about the level of threat—as does Anderson. However, Anderson says something somewhat different from what the noble Lord, Lord King, said. The noble Lord, Lord Evans of Weardale, said that the nature of the threat is changing, rather than necessarily getting more complex, unpredictable or alarming. As a result, Anderson concludes at paragraph 3.6 that:
“claims of exceptional or unprecedented threat levels—particularly if relied upon for the purposes of curbing well-established liberties—should be approached with scepticism”.
I hope that we will approach such issues with scepticism.
The noble Baroness, Lady Manningham-Buller, and other noble Lords talked about technology racing ahead. The noble Lord, Lord Blair, talked about the digital world going dark. It is absolutely right that the risk is heightened because of those changes. For me, it was my noble friend Lord Scriven who asked a critical question at the crux of this: how do we make up for those deficiencies? I think that the more important question is: will it be legislation and giving the security services and the police more powers that bridges that gap, or will it be something completely different?
The attacks that we have seen in the UK and most recently in Tunisia have tended to be by lone wolves or small groups of people who have long known each other and are therefore impossible to infiltrate. There have also been changes in technology, with the advent of web-based communication, such as Facebook Messenger and “over-the-top”—or OTT—provider apps such as WhatsApp and Wickr. They are free-to-use services, so there is no need to record any billing information. Such systems of communication are causing the security services and the police to fall behind in terms of the intelligence that they can access. To ensure privacy and the integrity of communications, to give confidence to their users, such providers have encrypted the information. Indeed, Wickr messages apparently self-destruct once delivered, and FaceTime calls and iMessages between Apple devices cannot even be decrypted by Apple itself. As quoted by Anderson at paragraph 11.16(b), Apple states:
“Apple doesn’t scan your communications, and we wouldn’t be able to comply with a wiretap order even if we wanted to”.
The technology is outpacing the police and the security services, and indeed our efforts to keep up with it. By way of another example, an IP address identifies a device on a network but it can be shared by multiple users simultaneously. We passed the Counter-Terrorism and Security Act 2015, which requires communication service providers to retain other data to ensure that, even if a shared IP address is used, it can be tied down to one device. However, there are already problems with that legislation.
First, the measure is likely to identify only the bill payer and not the device. If you use a virtual private network, as we all do when we access the parliamentary intranet from our iPads, the IP address is that provided by the VPN and not by the device. By using a VPN where the server is in the UK, I can make the internet think that I am in the UK whereas I might be in Australia—which is very useful when you want to watch the BBC News but questionably legal. Although a VPN may be provided by a single entity, so that the single entity could be asked who is using the service, other VPNs such as Tor—apparently otherwise known as as The Onion Router—use a network of 6,000 computers to encrypt data and hide the IP address and other identifiers. This is all in the Anderson report.
I could go on baffling noble Lords and myself with examples provided by Anderson, but I can best describe the situation as akin to that applying to new psychoactive substances. As soon as the Government think of legislation, such as the communications data Bill, to close a gap in the police and the security services’ capability, technical experts will create another gap. For example, keeping 12 months of people’s web logs will tell you nothing about who is communicating with whom if it is done on Facebook Messenger or Wickr, but it will be a massive intrusion into people’s privacy. There is a real danger that it will be all pain and very little gain.
The Anderson report is comprehensive, informative and well balanced. Where the recommendations entirely agree with the report produced by the noble Lord, Lord Blencathra, quite some momentum is being built up in terms of anybody being able to argue against it. However, you cannot take an informed decision on what legislation is necessary to replace existing legislation unless you have a grasp of the technology.
There is much that we have to take on trust from the security services because they deal in secrets, and we do not want to reveal to the enemy exactly what the security services’ capabilities are. However, what we do not have to take on trust, because it is not a secret, is the technological landscape that the new legislation will have to operate in. Nor do we have to take on trust the legislation that the security services are asking for. We should not simply give the police and security services what they are asking for. In the past, for example, the police service, although not the security services, asked for 90 days’ detention of terrorist suspects without charge. Parliament, quite rightly, refused, so there is also a precedent for this.
On the communications data Bill or any successor, Anderson is clear. He says:
“If a sufficiently compelling operational case has been made out”—
and he says that one does not exist at this time—
“a rigorous assessment should then be conducted of the lawfulness, likely effectiveness, intrusiveness and cost of requiring such data to be retained”.
That was also the recommendation of the committee of the noble Lord, Lord Blencathra. Anderson adds:
“No detailed proposal should be put forward until that exercise has been performed”.
It is a very powerful report. Consultation should not just be with noble Lords in this House or with Members of the other place. There needs to be proper consultation with industry professionals, which, as the noble Baroness said, should include the security industry. However, it should also be with internet service providers. On Thursday last week, I was invited to the annual awards ceremony of the Internet Service Providers’ Association. Its villain of the year award went to the Home Secretary for failure to consult the industry at all on data retention. Surely, if we are to be successful in defeating terrorism, we have to have the support and co-operation of those who provide the means by which these terrorists communicate with each other.