Online Safety Bill Debate
Full Debate: Read Full DebateLord Stevenson of Balmacara
Main Page: Lord Stevenson of Balmacara (Labour - Life peer)Department Debates - View all Lord Stevenson of Balmacara's debates with the Department for Digital, Culture, Media & Sport
(1 year, 7 months ago)
Lords ChamberMy Lords, this is the first time that I have spoken on the Bill in Committee. I know noble Lords are keen to move on and get through the groups as quickly as possible, but I hope they will forgive me if I say that I will speak only about twice on the Bill, and this is one of the groups that I want to speak to. I will try not to make your Lordships impatient.
I should tell the Committee a little about where I am coming from. I was very geeky as a kid. I learned to program and code. I did engineering at university and coded there. My master’s degree in the late 1980s was about technology and policy, so I have been interested in technology policy since then, having followed it through in my professional life. In 1996, I wrote a book on EU telecoms—it sold so well that no one has ever heard of it. One thing I said in that book, which though not an original thought is pertinent today, is that the regulation will always be behind the technology. We will always play catch-up, and we must be concerned about that.
Interestingly, when you look at studies of technology adoption—pioneers, early adopters and then the rest of the population—quite often you see that the adult industry is at the leading edge, such as with cable TV, satellite TV, video cassettes, online conferencing, et cetera. I assure your Lordships that I have not done too much primary research into this, but it is an issue that we ought to be aware of.
I will not speak often in this debate, because there are many issues that I do not want to disagree on. For example, I have already had a conversation with the noble Baroness, Lady Kidron, and we all agree that we need to protect children. We also know that we need to protect vulnerable adults; there is no disagreement on that. However, in these discussions there will be inevitable trade-offs between security and safety and freedom. It is right to have these conversations to ensure that we get the balance right, with the wisdom of noble Lords. Sacrifices will be made on either side of the debate, and we should be very careful as we navigate this.
I am worried about some of the consequences for freedom of expression. When I was head of a research think tank, one of the phenomena that I became interested in was that of unintended consequences. Well-meaning laws and measures have often led to unintended consequences. Some people call it a law of unintended consequences, and some call it a principle, and we should be careful about this. The other issue is subjectivity of harms. Given that we have taken “legal but harmful” out and there are amendments to the Bill to tackle harms, there will be a debate on the subjectivity of harms.
One reason I wanted to speak on this group is that some of the amendments tabled by noble Lords—too many to mention—deal with technology notices and ensuring that we are consistent between the offline and online worlds, particularly regarding the Regulation of Investigatory Powers Act. I welcome and support those amendments.
We also have to be aware that people will find a way around it, as the noble Baroness, Lady Fox, said. When I was looking at terrorism and technology, one of the issues that people raised with me was not to forget that one way around it was to create an email account and store stuff in a draft folder. You could then share the username and password with others who could then access that data, those pictures or those instructions in a draft folder. The noble Lord, Lord Allan, has gone some way to addressing that issue.
The other issue that we have to be clear about is how the tech sector can do more. It was interesting when my noble friend Lady Stowell organised a meeting with Meta, which was challenged particularly on having access to information and pictures from coroners. It was very interesting when Meta told us what it could access: it does not know what is in the messages, but there are things that it can access, or advise people to access, on the user’s phone or at the other end. I am not sure whether the noble Baroness, Lady Kidron, has had the conversation with Meta, but it would be helpful and important to find some common ground there, and to probe and push Meta and others to make sure that they share that information more quickly, so we do not have to wait five years to get it via the coroner or whatever. We ought to push that as much as possible.
I want to talk in particular about unintended consequences, particularly around end-to-end encryption. Even if you do not believe the big businesses and think that they are crying wolf when they say that they will quit the UK—although I believe that there is a threat of that, particularly when we continually want the UK to be a global hub for technology and innovation and so cannot afford for companies such as Meta, Signal and others to leave—you should listen to the journalists who are working with people, quite often dissidents, in many countries, and rely on encrypted communications to communicate with them.
The other risk we should be aware of is that it is very difficult to keep technology to a few people. In my academic career, I also looked at technology transfer, both intentional and unintentional. We should look at the intelligence services and some of the innovations that happened: for example, when Concorde was designed, it was not very long after that the Soviets got their hands on that equipment. Just as there used to be a chap called Bob in the exchange who could share information, there is always a weak spot in chains: the humans. Lots of humans have a price and can be bought, or they can be threatened, and things can be shared. The unintended consequence I am worried about is that this technology will get into the hands of totalitarian regimes. At the same time, it means people over here who are really trying desperately to help dissidents and others speak up for freedom in other countries will be unable to support them. We should be very careful and think about unintended consequences. For that reason, I support this group of amendments.
I really am looking forward to the responses from the Minister. I know that the noble Lord, Lord McNally, said that he was a Minister for three years on data protection; I was a Minister in this department for one month. I was so pleased that I had my dream job, as Minister for Civil Society and Heritage, and so proud of my party and this country because we had elected the first Asian Prime Minister; then, six days later, I got sacked. So, as they say, be careful what you wish for.
In this particular case, I am grateful to the noble Lords who have spoken up in this debate. I do not want to repeat any other points but just wanted to add that. I will not speak often, but I want to say that it is really critical that, when we look at this trade-off between security, safety and freedom, we get it right. One way of doing that is to make sure that, on technology notices and RIPA, we are consistent between the online and offline worlds.
My Lords, it has been a very good debate indeed. When I first saw this grouping, my heart sank: the idea that we should be able to encompass all that within the space of just over an hour seemed a bit beyond all of us, however skilled and experienced we were, and whatever background we were able to bring to the debate today. I agree with both noble Lords who observed that we have an expertise around here that is very unusual and extremely helpful in trying to drill down into some of these issues.
The good thing that has come out from this debate, which was summed up very well by the noble Lord, Lord Kamall, is that we are now beginning to address some of the underlying currents that the Bill as a boat is resting on—and the boat is a bit shaky. We have a very strong technological bias, and we are grateful for the masterclass from the noble Lord, Lord Allan of Hallam, on what is actually going on in the world that we are trying to legislate for. It leaves me absolutely terrified that we are in a situation where we appear to be trying to future-proof, possibly in the wrong direction. We should be very careful about that. We will want to reflect on the point he made on where the technology is driving this particular aspect of our social media and search engine operations.
All the phrases used in the Bill are subject to the usual scrutiny through the judicial process—that is why we debate them now and think about their implications—but of course they can, and I am sure will, be tested in the usual legal ways. Once a company has developed a new technology that meets minimum standards of accuracy, Ofcom may require its use but not before considering matters including the impact on user privacy, as I have set out. The Bill does not specify which tools are likely to be required, as we cannot pre-empt Ofcom’s evidence-based and case-by-case assessment.
Amendment 285 intends to clarify that social media platforms will not be required to undertake general monitoring of the activity of their users. I agree that the protection of privacy is of utmost importance. I want to reassure noble Lords, in particular my noble friend Lady Stowell of Beeston, who asked about it, that the Bill does not require general monitoring of all content. The clear and strong safeguards for privacy will ensure that users’ rights are protected.
Setting out clear and specific safeguards will be more effective in protecting users’ privacy than adopting the approach set out in Amendment 285. Ofcom must consider a number of matters, including privacy, before it can require the use of proactive technology. The government amendments in this group, Amendments 290A to 290G, further clarify that technology which identifies words, phrases or images that indicate harm is subject to all of these restrictions. General monitoring is not a clearly defined concept—a point made just now by my noble friend Lord Kamall. It is used in EU law but is not defined clearly in that, and it is not a concept in UK law. This lack of clarity could create uncertainty that some technology companies might attempt to exploit in order to avoid taking necessary and proportionate steps to protect their users. That is why we resist Amendment 285.
I understand the point the Minister is making, but it is absolutely crystal clear that, whatever phrase is used, the sensibility is quite clear that the Government are saying on record, at the Dispatch Box, that the Bill can in no way be read as requiring anybody to provide a view into private messaging or encrypted messaging unless there is good legal cause to suspect criminality. That is a point that the noble Baroness, Lady Stowell, made very clearly. One may not like the phrasing used in other legislatures, but could we find a form of words that will make it clear that those who are operating in this legal territory are absolutely certain about where they stand on that?
My Lords, I want to give clear reassurance that the Bill does not require general monitoring of all content. We have clear and strong safeguards for privacy in the Bill to ensure that users’ rights are protected. I set out the concerns about use of the phrase “general monitoring”. I hope that provides clarity, but I may have missed the noble Lord’s point. The brief answer to the question I think he was asking is yes.
Let the record stand clear: yes. It was the slight equivocation around how the Minister approached and left that point that I was worried about, and that people might seek to use that later. Words from the Dispatch Box are never absolute and they are never meant to be, but the fact that they have been said is important. I am sure that everybody understands that point, and the Minister did say “yes” to my question.
I did, and I am happy to say it again: yes.
The points the noble Baroness has just made bring me neatly to what I was about to say in relation to the question raised earlier by the noble Lord, Lord Knight of Weymouth. But first, I would say that Ofcom as a public body is subject to public law principles already, so those apply in this case.
The noble Lord, Lord Knight, asked about virtual private networks and the risk of displacing people on to VPNs or other similar alternatives. That is a point worth noting, not just in this group but as we consider all these amendments, particularly when we talk later on about age verification, pornography and so on. Services will need to think about how safety measures could be circumvented and take steps to prevent that, because they need to mitigate risk effectively. There may also be a role in enforcement action, too; Ofcom will be able to apply to the courts to require these services where appropriate to apply business disruption measures. We should certainly be mindful of the incentives for people to do that, and the example the noble Lord, Lord Knight, gave earlier is a useful lesson in the old adage “Caveat emptor” when looking at some of these providers.
I want to say a little bit about Amendments 205A and 290H in my name. Given the scale of child sexual abuse and exploitation that takes place online, and the reprehensible nature of these crimes, it is important that Ofcom has effective powers to require companies to tackle it. This brings me to these government amendments, which make small changes to the powers in Clause 110 to ensure that they are effective. I will focus particularly, in the first instance, on Amendment 290H, which ensures that Ofcom considers whether a service has features that allow content to be shared widely via another service when deciding whether content has been communicated publicly or privately, including for the purposes of issuing a notice. This addresses an issue highlighted by the Independent Reviewer of Terrorism Legislation, Jonathan Hall, and Professor Stuart Macdonald in a recent paper. The separate, technical amendment, Amendment 205A, clarifies that Clause 110(7) refers only to a notice on a user-to-user service.
Amendment 190 in the name of the noble Lord, Lord Clement-Jones, seeks to introduce a new privacy duty on Ofcom when considering whether to use any of its powers. The extensive privacy safeguards that I have already set out, along with Ofcom’s human rights obligations, would make this amendment unnecessary. Ofcom must also explicitly consult persons whom it considers to have expertise in the enforcement of the criminal law and the protection of national security, which is relevant to online safety matters in the course of preparing its draft codes. This may include the integrity and security of internet services where relevant.
Amendments 202 and 206, in the name of the noble Lord, Lord Stevenson of Balmacara, and Amendments 207, 208, 244, 246, 247, 248, 249 and 250 in the name of the noble Lord, Lord Clement-Jones, all seek to deliver privacy safeguards to notices issued under Clause 110 through additional review and appeals processes. There are already strong safeguards concerning this power. As part of the warning notice process, companies will be able to make representations to Ofcom which it is bound to consider before issuing a notice. Ofcom must also review any notice before the end of the period for which it has effect.
Amendment 202 proposes mirroring the safeguards of the investigatory powers Act when issuing notices to encrypted messaging services under this power. First, this would be inappropriate, because the powers in the investigatory powers Act serve different purposes from those in this Bill. The different legal safeguards in the investigatory powers Act reflect the potential intrusion by the state into an individual’s private communications; that is not the case with this Bill, which does not grant investigatory powers to state bodies, such as the ability to intercept private communications. Secondly, making a reference to encryption would be—
Is that right? I do not need a yes or no answer. It was rhetorical; I am just trying to frame the right question. The Minister is making a very strong point about the difference between RIPA requirements and those that might be brought in under this Bill. But it does not really get to the bottom of the questions we were asking. In this situation, whatever the exact analogy between the two systems is, it is clear that Ofcom is marking its own homework—which is fair enough, as there are representations, but it is not getting external advice or seeking judicial approval.
The Minister’s point was that that was okay because it was private companies involved. But we are saying here that these would be criminal offences taking place and therefore there is bound to be interest from the police and other agencies, including anti-terrorism agencies. It is clearly similar to the RIPA arrangements, so he could he just revisit that?