(8 years, 1 month ago)
Lords ChamberMy Lords, I first say to those who have supported the amendments in the name of the noble Baroness that I acknowledge the strength of feeling in the House on this emotive issue. As I said in my opening remarks, the Government know how important these matters are to everybody. We need a robust and workable system for media self-regulation, and resolving that is in everybody’s interest. However, I am afraid that I remain of the opinion that the Bill is not the means to achieve that. Of course I agree with the noble Lord, Lord Paddick, that the noble Baroness’s amendments are procedurally in order; that has never been in question. However, first, the scope of the Bill means it cannot do this subject justice. The amendments we are considering today concern only interception of communications and would not necessarily sit well with whatever broader solution is to follow. Secondly, and more importantly, the public consultation which the Secretary of State for Culture, Media and Sport announced yesterday provides a means for a reasoned, informed and considered public debate—
I thank the noble Earl for giving way. I would like to share with him a direct quotation from one of the six members of the Leveson inquiry—someone with whom I spoke this morning. He said, “The consultation announced this week is just a shabby stunt, probably concocted by Paul Dacre, to defer the betrayal of the victims of press abuse—past and future—until this Bill has been safely put to bed”. I would like to offer the noble Earl an opportunity to refute that charge.
My Lords, I repudiate it completely. The Government have been clear about the timescale of the consultation and have committed to respond in a timely manner. We are taking this matter with proper seriousness. It is important that everyone has an opportunity to take on board and reflect on the changes that have occurred in the years since Lord Justice Leveson made his recommendations. I say again to the noble Lord, Lord Paddick—
(8 years, 2 months ago)
Lords ChamberMy Lords, I will speak to our Amendments 252 to 254 and the other amendments in this group. To save the noble Lord, Lord Rooker, having to get to his feet, this one is from Apple.
As the noble Lord, Lord Harris of Haringey, just outlined, it is essential that end-to-end encryption is not compromised by technical capability notices. I anticipate that the Minister might say that Clause 231(3)(c) covers this in that it would not be technically feasible for the operator to remove electronic protection of this nature, but we support this amendment and believe that it needs to be explicit in the Bill. However, we do not believe that this amendment covers other forms of encryption. Our Amendment 252 is intended to protect UK operators from the real or perceived disadvantage they would be placed under if technical capability notices required them to make modifications that would make their product or service less secure than overseas operators, who may not be subject to or may refuse to comply with a similar technical capability notice.
Similarly, Amendment 253 is intended to prevent a technical capability notice stopping UK operators from innovating to improve the levels of security or encryption provided by their products and services in a way that would disadvantage them against overseas operators, which may not be subject to or refuse to comply with a similar technical capability notice.
Amendment 254 is intended to deal with the criticism of our amendment in Committee by the Minister, who said that he believed that it,
“would remove the Government’s ability to give a technical capability notice to telecommunications operators requiring them to remove encryption from the communications of criminals, terrorists and foreign spies”.—[Official Report, 13/7/16; cols. 272-73.]
This new amendment makes it clear that technical assistance can be given to enable interpretation and deciphering provided that it does not open the door to unauthorised access to encrypted materials by criminals, terrorists and foreign spies—essentially, what the noble Lord, Lord Harris, just said.
Amendment 252A, in the name of my noble friend Lord Strasburger, is an attempt to combine all the other amendments in this group into a much better-worded amendment. I look forward to hearing from him why this might be the case.
My Lords, I shall rise to that opportunity. Amendment 251, in the name of the noble Lord, Lord Harris, and my noble friends Lord Paddick and Lady Hamwee, addresses one particular kind of encryption—namely end-to-end encryption—and it is very good as far as it goes, which is end-to-end encryption. My own Amendment 252A is also in this group and is complementary to Amendment 251. It is, in my humble opinion, a neater way of dealing with encryption that is not end-to-end encrypted than the combination of the other amendments in this group: Amendments 252, 253 and 254. It is an alternative to them.
We have been around the block many times on the subject of encryption in the context of Clauses 229 to 231. It has come up several times in our debates on the Bill, as well as in questions in this House and in the Joint Committee on the Bill. Yet we are no closer to a clear and unambiguous understanding of the Government’s position on this vital issue, as the noble Lord, Lord Harris, has so eloquently said.
It might help if we start from common ground. I doubt that any noble Lord, myself included, would deny the authorities the option of requiring an operator to decrypt a communication where: the operator already possesses the capability to do so; the sender or receiver of the communication is genuinely suspected of committing or planning a serious crime; and the appropriate process has been followed and the action has been judged necessary and proportionate by a judicial commissioner. I do not think that anybody would argue about that.
I believe there is more common ground. Ministers have repeatedly confirmed that the Government fully accept that many uses of the internet that are now an essential part of everyday life, both for individuals and for large organisations, cannot possibly continue to happen without the security provided by unbreakable encryption.
If we take those two points as read, we are left with two questions about what happens if the operator is not able to decrypt the communication. The first is: should the Secretary of State be able to force an operator to redesign its product so that in future its encryption has a weakness that permits the operator, or perhaps GCHQ, to read a suspect’s messages? The other question is: should the Secretary of State have the power to prevent an operator introducing new or modified encryption services which neither the authorities nor the operator can break? The answer to both those questions is an unequivocal, “No, the Secretary of State should not have those powers”, and noble Lords will be hard pressed to find a single cryptography specialist who has a different view. If the Government concur, as I hope they do, they should have no problem accepting Amendments 251 and 252A, which would remove the ambiguity in the current drafting.
My Lords, if the noble Earl is so confident that none of the unintended consequences listed in Amendment 252A can occur, and that the Government do not want them to occur, what is his objection to putting them into the Bill?
We already have a wide range of safeguards which I have listed. I do not see that it is necessary to go down the road the noble Lord is advocating because of the dangers that I have pointed out. These amendments would create safe spaces which I am sure that neither he nor any noble Lord would desire to occur.
(8 years, 2 months ago)
Lords ChamberMy Lords, I regret that I cannot support my noble friends’ attempts to remove these clauses from the Bill. I say with great respect to them that it is a misconceived attempt and displays a misunderstanding of what the authorities do, have done and can do. In my judgment, for what it is worth, the removal of these clauses would reduce the capacity of the authorities legitimately to interdict what could be extremely serious crime and catch those guilty of it.
We have heard terms such as “limitless”, “monster” and “unfettered”. At the risk of repeating what has been said earlier on Report, it is grossly exaggerated to suggest that unfettered, monstrous or limitless power is being given to the authorities. There can never have been a Bill on subjects such as these that has had so many fetters on the authorities and that has placed so many limits on what they can do. Indeed, if it has created a monster at all, it is a monster of regulation, not of unregulated activity.
I saw a briefing on these amendments earlier today. They are founded on the proposition that the authorities—the police and the security services—have the time to go on fishing expeditions. If that is what is being said, I can think of at least two kinds of fishing expedition. One is the sort of fishing expedition where you stick a worm on the end of a line and dangle it into water not believing that there is anything in there, and the other involves casting a sprat to catch a mackerel. If there is a fishing expedition here, it is the kind in which the authorities would know that there is very likely to be a mackerel beneath the water into which they cast their well-fattened sprat.
These amendments would inhibit current practice in the courts and in investigations. I can think of two murder cases in which I appeared as leading counsel—one as a prosecutor, the other as a defender—in which a conviction resulted from exactly the kind of activity being permitted in the Bill. In each case, it is certainly possible—I do not want to exaggerate—that there would have been no conviction if not for the availability of this kind of activity. At the time of each of those cases, the activity was nothing like as well-controlled or scrutinised as is proposed in the Bill. The sort of activity that I am describing can and has been used to catch murderers, paedophiles and money launderers as well as terrorists. It is a necessary tool of a responsible state.
The issue is whether the Bill allows this information to be obtained in a responsible way by the state. I believe the Government have gone a very long way to ensure that everybody can be confident that in future such material will be obtained by a responsible state and that these clauses are a necessary part of that activity.
My Lords, I rise to speak to Amendments 100C, 100D and 100E which have been very ably explained by my noble friend Lord Paddick.
When vague and non-specific legislation comes before us, it is perhaps because its authors are unable to be more precise because they have not thought it through or because they choose to not share the details with us. Whichever reason applies in the case of the request filter, there is no doubt that Clauses 64, 65 and 66 are notable more for what they do not say than for what they do. Despite the best efforts of both the Joint Committees on which I had the privilege of sitting—the one on this Bill and the one that examined the draft Communications Data Bill in 2012, in which the request filter first appeared—we are none the wiser about the request filter architecture, how it will work, who will develop it and who will operate it.
We have only to look at an obscure section in an elderly piece of legislation—the Telecommunications Act 1984—to see how overbroad drafting can lead to unintended consequences. Years ago, Section 94 of that Act was used by the Home Office secretly to create a brand new, highly intrusive power—namely, bulk acquisition of communications data—which the Government, to their credit, are now bringing in from the cold in this Bill. For a long time, however, the existence and use of this power carried on without the approval, or even the knowledge, of Parliament. Quite by chance, just a few hours ago, the Investigatory Powers Tribunal ruled that this very powerful secret power of bulk acquisition of communications data, which was created out of that vague section in the Telecommunications Act 1984, has been used illegally by the intelligence and security services for 10 years. We must guard against carelessly passing clauses so vague as to be open to misuse.
My Lords, I am sure that the entire House is grateful to the noble Lord, Lord Paddick, for giving us a comprehensive list of ways in which we can try to keep our communications secret and away from prying eyes. I am sure that every Member of the House is grateful for that tutorial, but the noble Lord does rather elide the question of those people who perhaps have not had the benefit of his tutorial. I realise that the whole world of terrorism and organised crime is listening with intent to every word that he says on these matters, but there will be such. He gave a specific example, saying that communications data in the past would have demonstrated that X had contact at a travel agent. When I book train tickets, I usually do not use WhatsApp or a VPN—I simply go online and connect to the relevant train company. So if somebody wanted to find out whether I had been booking a train ticket, my internet connection record would provide that information. I therefore do not quite understand the argument that, because there are ways that you can avoid the state knowing what you have done if you are really determined, you should therefore prevent it knowing what you have done if you are not really determined.
My understanding is that not all terrorists and not all organised criminals are terribly good with this stuff—that they make mistakes—so the horrifying consequences that the noble Lord describes therefore might not actually occur, and instead, a lot of very nasty people will be caught, because they do not have the noble Lord’s encyclopaedic grasp of ways of keeping communications secret.
Amendment 118A seeks to prevent the creation and collection of internet connection records. My noble friend Lord Paddick has explained why ICRs are of little security value, and that they would be very difficult and expensive to collect and make use of. The only democracy to try was Denmark, which gave up after years of fruitless effort. It tried again at the beginning of this year with a project almost identical to the one planned by the Home Office, but quickly abandoned it when independent auditors confirmed that it would be prohibitively expensive.
I wish to draw the House’s attention to two other serious drawbacks that would arise from creating and storing internet connection records. The first is the serious impact on the privacy of every user of the internet in this country. We must remember that internet connection records do not currently exist, and until quite recently—say, 25 years ago—all the electronic data that would have to be collected together to create ICRs did not exist, either. In those days, our private interactions with those close to us left no trace. A conversation over lunch, a cash purchase at a shop, a visit to a library to do some research, attendance at a political meeting, a romantic assignation—all left no record of having happened. They were ephemeral. What happened between your four walls was between you and your God.
Fast forward to today, and we find that all the interactions I have just mentioned now leave an electronic trail behind them. A combination of credit card records, location services on our phones, our emails and text messages and records of every website we visit will give the whole game away—including the identity of whom we met at our assignation. If internet connection records are created and kept by our service provider, all these electronic trails will be available to hundreds of public authorities, not just the police and security services, on demand and simply by self-authorisation.
The Government have given this data the name “internet connection records”, which is technically accurate, but what they really are is private activity records: a log of everything we do and when and where we do it. The problem is not that the surveillance can occur at all, but that it happens indiscriminately to all of us, all the time. My second topic is the ironic fact that ICRs will actually reduce our security, rather than improve it, because of the virtual certainty of thefts of some of that private and personal data about every internet user in the country. If you do not believe me, consider just a few of the thousands—and I mean thousands—of recent data thefts from high-security establishments. I mentioned in Committee that SWIFT, the fulcrum of the global financial payments system, has had $81 million stolen from it by hackers. Last week, it emerged that it has been penetrated a second time. A gang of five eastern Europeans is believed to be behind the theft of 3 billion sets of customer data worldwide from many of the world’s leading tech companies, including the data of 500 million Yahoo! customers. As I mentioned earlier, powerful hacking tools belonging to the NSA, the American equivalent of GCHQ, suddenly appeared on the internet in August having been stolen from it, and two Israelis and an American stole 100 million people’s records from 12 US financial institutions. Those are just a few examples—as I say, there are many more—of thefts from sites which, dare I say it, were seemingly far more secure than those of UK service providers.
Internet connection records, or private activity records, will be stolen and the consequences will range from embarrassment to blackmail and fraud for the unfortunate victims. In the case of people in positions of responsibility, including government officials, the consequences could be catastrophic. Far from making us safer, ICRs would compromise our security and, as I have explained, seriously intrude on our citizens’ privacy. We should have nothing to do with them.
My Lords, I rise to speak against this amendment. As the chief executive of a telecoms company, I clearly cannot profess a lack of understanding of the technology. I am a little confused by noble Lords’ concern that internet connection records can be got round and are not perfect because telephony is exactly the same. If I make a telephone call and am really smart, I know how to make sure that you do not know what number or where in the world I am calling from. Without needing to be that smart, I can buy a temporary SIM card and throw the phone away as soon as I have made the call. Organised crime and nation states have been able to use plenty of ways to obfuscate the existing ability for us to track telephony. That does not mean we think it a bad idea to be able to track people’s telephone calls.
I argue that exactly the same is true of internet connection records and their use by law enforcement agencies. It would not be perfect; no piece of technology ever is. It needs very careful scrutiny, which the Bill has had in both Houses. But I want to live in not just a civilised physical world but a civilised digital world, and when all our law enforcement agencies say that their ability to hunt down criminals is seriously hampered by the world moving to the digital space, we should take that very seriously and make sure that we arm them with the best possible tools. I believe that access to internet connection records is practically possible and desirable to create a civilised digital world.
(8 years, 3 months ago)
Lords ChamberMy Lords, I am not sure how useful this intervention will be, but it occurs to me that when the Government consider the amendment and the proposed reduction of the period allowed for a review, they should also bear in mind the sole recommendation made by David Anderson in his review published in August, which we were all discussing last week, the Report of the Bulk Powers Review. I know that his amendment was not accepted then, but consideration will be given to it and I would expect amendment to the Bill along the lines that David Anderson recommended:
“The Bill should be amended to provide for a Technology Advisory Panel, appointed by and reporting to the IPC”—
that is, the commissioner,
“to advise the IPC and the Secretary of State on the impact of changing technology on the exercise of investigatory powers and on the availability and development of techniques to use those powers while minimising interference with privacy”.
Assuming that some effect is given to that and some such advisory panel—an altogether more elaborate advisory panel was canvassed during the debate last week by the noble Lord, Lord Carlile—that will surely bear on the appropriate period within which an overall review should take place.
My Lords, I had the privilege of sitting on the Joint Committee on the Bill and on the Joint Committee on its precursor, the Communications Data Bill, three years earlier. That puts me in a position to inform the House about one example of how technology has come to this area of law and the Government’s attitude to it. In the earlier Committee three years ago, the subject of the problems that encryption presented to the security services and law enforcement was raised several times with senior Home Office officials, the police and security agency officers. They dismissed it at the time. “It is not a problem”, they said—they were not concerned about it. In the proceedings of the Joint Committee and in this House on this Bill, the Government have repeatedly expressed their concern about the effect of encryption on their ability to protect us. That is a 180 degree change in the space of less than three years. I draw that to the House’s attention in support of the notion of substantially accelerating the review of the Bill.
My Lords, as the noble Baroness, Lady Hamwee, explained, Amendment 234A deals with the review of the operation of this legislation. The amendment would reduce the length of time for which it has been in operation from five years and six months to two years and six months. It is of course good practice to conduct post-legislative scrutiny, particularly for legislation as significant as the Bill. That is what the Bill provides for. Notwithstanding any suggestion by virtue of the amendment that the House might be eager to revisit the issue within the scope of this Parliament, I suggest that reducing the time for which the legislation had been operating before the review takes place would be profoundly unhelpful in assessing its utility.
First, the timing of when the review should occur is precisely as the Joint Committee convened to scrutinise the draft Bill recommended. As the noble Lord, Lord Murphy, said, that committee considered that work on a review,
“should begin within six months of the end of the fifth year after which the Bill is enacted”.
We have followed that lead.
I was asked what kind of review this would involve. As I mentioned, the Bill attempts to give effect to the recommendation of the committee. We cannot, clearly, bind Parliament in the actions that it takes, so the Bill provides for consideration of any report by a committee of Parliament. I hope that again accords with the steer that the Joint Committee gave us.
Of course, we must ensure that before such a review takes place, all the Bill’s provisions have commenced and been in effect for a sufficient period so that a review is meaningful and effective. As the Joint Committee again concluded:
“The evidence of several years’ operation will inform the debate”.
A review after two and a half years runs the risk that processes and capabilities will not have had sufficient time to bed down before they are subject to a formal review. We need to bear in mind, in particular, that communication service providers will need to implement legislation. Surely the last thing we want is for them to turn round after a short time, if the noble Baroness’s proposal gains traction, and say that it is too soon. We do not wish to create uncertainty for them at this stage. They have to implement this, as has everybody else. The noble Lord, Lord Murphy, rightly said that it is important that the impact of the Act should be reviewed and the noble Baroness, Lady Hayter, also correctly spoke of the need to monitor how the Act was working. I do not disagree with either.
However, I would just point out that an urgent review of the Act is not necessary, given the strong oversight provided in the Bill by the Investigatory Powers Commissioner and the requirement that the commissioner should publish annual reports. The exercise of the powers provided for under the Bill will be subject to the ongoing oversight of the Investigatory Powers Commissioner, and his report will be laid before Parliament. I was grateful for the intervention of the noble and learned Lord, Lord Brown of Eaton-under-Heywood. He referred to David Anderson’s recommendation to establish a technical advisory panel. I am reserving judgment on that recommendation in the light of our debates last week. David Anderson said, in paragraph 9.3, that the point of the TAP would not be to provide an alternative oversight function, or to place new regulatory burdens on the SIAs. Rather it would serve to inform the Secretary of State and enhance the work of the Investigatory Powers Commissioner by ensuring that both are kept as up-to-date as possible with the fast-moving technologies whose use they are asked to approve. There is good sense in not overlaying the oversight that the Act will have too heavily. For all those reasons, I invite the noble Baroness to withdraw her amendment. I hope that what I have said convinces her that there is some logic to the Government’s position.
(8 years, 3 months ago)
Lords ChamberMy Lords, if this was another forum, I might well say that I concur with the opinion of my noble friend Lord Carlile and say nothing more, but I, too, would like to add a few comments about this remarkable report. It has attracted some controversy. There was a sense at one stage, I think, that Mr Anderson was going up to the mountain and was expected to come down with tablets of stone, and to some extent he has done that.
The point I will direct my brief remarks to is where Mr Anderson says that the review does not,
“reach conclusions as to the proportionality or desirability of the bulk powers … As the terms of reference for the Review made clear, these are matters for Parliament”.
My judgment—I do not suggest that my judgment is any better or worse than any other noble Lord’s—is that from the point of view of proportionality and desirability, these powers meet those two criteria. I offer in support of that the fact that the continuing threat level in this country is severe, as well as the experience in France and other parts of Europe. In that sense, if we are to reach a judgment about proportionality and desirability, I most certainly am on the side of those who say that those two elements are more than satisfied by the requirements now placed on us all in relation to the security of this country.
My Lords, I would like to put three questions to the Government, which arise from Mr Anderson’s latest report. There are not many surprises in the report but one of them—certainly to me and most other people who follow these matters—was the revelation that bulk personal datasets are used by agencies beyond the intelligence agencies. Perhaps the Minister could give us some information about which other bodies use bulk personal datasets.
I also ask the Minister to put on the record the difference between bulk equipment interference and thematic targeted equipment interference. I got the impression from Mr Anderson’s report that he was struggling to spot the dividing line, apart from that bulk equipment interference is likely to be required where,
“the Secretary of State and the Judicial Commissioner is not ... able to assess the necessity and proportionality to a sufficient degree at the time of issuing the warrant”.
Necessity and proportionality are the golden rules throughout the Bill and their apparent demise in respect of bulk equipment interference seems to alter the relationship between the citizen and the state. My third question is to ask the Minister to comment on this apparent relinquishing of the golden rules of proportionality and necessity in the case of bulk equipment interference.
My Lords, although I acknowledge that this power may be necessary to try to track down and deal with certain terrorist threats at certain points, the huge danger is that although we may regard the people currently in control of the state as being benign, we do not know that they will always be so. The real problem is privacy and that is why this amendment is particularly important. The moment no threat is urgent, we must get back to a state where privacy is the most important issue, because this power can also be used by organs of the state to protect themselves when they may have done something wrong or there may be someone not so benign within them.
This is a two-edged sword. On the one hand, the data collected may be very useful and may prevent some incidents, although some people challenge that; on the other, this could also mean a great weakness in the system whereby someone could get inside the system and then protect themselves. I would be very careful about assuming that it is always good and the state will always behave in a benign way. Just because I am paranoid, that does not mean they are not out to get me—that is the great saying. I do not think I am being paranoid but at some point in the future we will need to get back to a position where the state does not have the same ability to acquire data about its citizens as totalitarian states did in the recent past.
The noble Earl spoke at some length about the utility of bulk personal datasets to the intelligence agencies, but he did not answer my question, which was generated by the revelation in Mr Anderson’s report that bodies other than the intelligence agencies have access to bulk personal datasets. Which other bodies have access to bulk personal datasets?
Almost anyone has access to bulk personal datasets. Many of us have a telephone directory. A very wide range of public bodies and commercial organisations have access to bulk personal datasets, because that expression describes a wide range. I cannot be specific to the noble Lord, but if I am able, on advice, I will write to him to elucidate further.
(8 years, 5 months ago)
Lords ChamberMy Lords, I have Amendments 141 and 143 in this group. I very much share the concern of the noble Lord, Lord Paddick, about the request filter. It is an exceptionally powerful system because it will make life so easy. A casual request for data on someone who might possibly be of interest can be done in a moment—you do not have to think about it—rather than tying up resources to such an extent that you probably do not do it.
We are all familiar with the fact that those in the police service are human; doubtless, the people who run this resource will be human. The potential for casual misuse or misuse suborned by journalists will be considerable. On top of that is potential misuse by government. Given that at the moment we do not have an effective Opposition and I suspect that the Bill will effectively pass on the nod, I very much hope that my noble friend will reassure us that not only will there be exact and complete record-keeping for the filter but that those records will be independently inspected, that the results of those inspections will be publicly available and that people who find themselves tied up in nastiness as a result of information which may well have come from the filter will be able to find out whether that has happened.
My Lords, I shall speak briefly on the amendments on the request filter. Along with internet connection records, the request filter is another power that first appeared in the draft Communications Data Bill and which died along with that ill-fated Bill. The view of the pre-legislative Joint Committee on that Bill, on which I sat, was that,
“the Request Filter introduces new risks, most obviously the temptation to go on ‘fishing expeditions’. New safeguards should be introduced to minimise these risks”.
The request filter was described as,
“essentially a federated database of all UK citizens’ communications data”.
I dare say that the committee would be even more worried when it said that in 2012 if it had seen how this Bill expanded the range of data to which the request filter can be applied. That expansion comes from the proposed introduction of internet connection records, which would reveal every detail of a person’s digital life and a very large part of their life in the real world. The effect of the request filter will be to multiply up the effect of intrusion into those data by allowing public authorities to make complex automated searches across the retained data from all telecoms operators. This has the potential for population profiling and composite fishing trips. It is bulk surveillance without the bulk label.
Use of the request filter would be self-authorised by the public authority without any judicial authorisation at all. The concept that the Government promote for bulk data is that they are passive retained records, which they say sit there unexamined until someone comes to the attention of the authorities. That concept is negated by the request filter. The data become an actively checked resource and are no longer passive. Will the Minister confirm that the request filter is not yet in existence and is not yet being used?
The request filter is a bulk power masquerading as an innocuous safeguard to reduce collateral intrusion. Unless and until the Government come forward with proposals to strictly limit use of the request filter through tighter rules and judicial approval for warrants, as is the case with other bulk powers, Clauses 63, 64 and 65 should not stand part of the Bill.
My Lords, I shall use the opportunity that arises from Amendments 140 and 146A to ask the Minister to clarify whether it really is the case that Clause 2 does not automatically affect every power in the Bill. If this was the case, we would be sympathetic to these amendments, as the privacy objective should be considered before any of the powers are used. My understanding was that Clause 2 was a general provision, which affected everything. Indeed, the letter of the noble Earl, Lord Howe, of 14 July to my noble friend Lord Rosser says, “The new overarching privacy clause sets out the privacy obligations which constrain the use of the powers in the Bill”. Our understanding had been that it covered the whole Bill, so I was slightly bemused by Amendments 140 and 146A—not helped by a briefing received, again very late last night, from the Equality and Human Rights Commission, which only ever sends out its briefings on the very eve of debate. That briefing says that Clause 2 does not cover it all, whereas my understanding was that it did. Perhaps this is the opportunity for one of the Ministers to make clear the situation.
My Lords, I rise to speak to Amendment 147A in my name and that of my noble friend Lord Paddick. My noble friend also has Amendment 156A in this group and he will speak to that amendment; I may have something to add on it after he has spoken.
Amendment 147A requires a judicial commissioner to authorise requests to obtain data from internet connection records. As it happens, this is a very hot topic because only this morning an Advocate-General of the European Court of Justice issued his opinion in the case brought by Tom Watson and, before his appointment to the Cabinet, David Davis. Of course this is not the final judgment of the court, but it is usual for it to confirm an Advocate-General’s opinion. This case concerns the Data Retention and Investigatory Powers Act 2014, one of the Acts that this Investigatory Powers Bill seeks to replace.
In particular, the ruling addresses the legality and the safeguards around the speculative retention of communications data. As such, it is of direct relevance to the provisions in this Bill regarding the retention of communications data and the retention of internet connection records. So I have discarded most of my speech and instead I will let the Advocate-General’s words speak for Amendment 147A on my behalf. At paragraph 236 of his ruling he states:
“Lastly, I would add that, from a practical point of view, none of the three parties concerned by a request for access is in a position to carry out an effective review in connection with access to the retained data. Competent law enforcement authorities have every interest in requesting the broadest possible access. Service providers, who will be ignorant of the content of any investigation file, are incapable of checking that requests for access are limited to what is strictly necessary and persons whose data are consulted have no way of knowing that they are under investigation, even if their data is used abusively or unlawfully … Given the nature of the various interests involved, the intervention of an independent body prior to the consultation of retained data, with a view to protecting persons whose data are retained from abusive access by the competent authorities, is to my mind imperative”.
So the Advocate-General is saying that, because the police have a strong interest in the request for the data, and because the service providers cannot judge the merits of the request, and because the subject of the request does not know that it exists, it is imperative, in his words, that an independent body should decide. Incidentally, he goes on to suggest that there could be exceptions in cases of “extreme urgency”.
To my mind, that independent body he speaks of can only be the judicial commissioner, which is precisely what Amendment 147A stipulates. If the Government believe that the independent body could be something other than the judicial commissioner, perhaps the Minister can inform the Committee when he responds, and say how the Government intend to incorporate the Advocate-General’s opinion, should it be confirmed by the court, into this Bill. I beg to move.
My Lords, I wish to speak to Amendment 156A in my name and that of my noble friend Lady Hamwee. Before doing so, I endorse wholeheartedly what my noble friend Lord Strasburger has just said. The decision of the Advocate-General released today appears very much to add considerable weight to the arguments in favour of Amendment 147A.
Amendment 156A is an amendment to Clause 83, headed, “Powers to require retention of certain data”. It would exclude internet connection records from the types of data that telecommunications operators can be required to store, and, as such, would effectively remove the only new provision—the use of internet connection records—from the Bill.
We believe that such an amendment is necessary for several reasons. Internet connection records do not do what the Government claim they do. They do not provide the police and security services with the internet equivalent of the communications data they already have—for example, access to mobile phone provider data. It is far more complex than that. At best, internet connection records provide only details of which communications platforms have been used, most of which are based in the United States.
Whether useful communications data can be accessed depends on voluntary co-operation by the American companies, which is unlikely in all but serious cases—for which there is an alternative. Internet connection records may provide leads, but they are difficult, complex and time-consuming to follow up. They fail the necessity test. The security services—MI5, MI6 and GCHQ—say that they do not need internet connection to be stored by telecommunications operators because they have other ways of securing the data that they need. In serious crime cases, GCHQ can, does and will help law enforcement to secure the communications data that the police need without recourse to internet connection records.
Indeed, there is a co-located joint operations cell in which the National Crime Agency and GCHQ have joined forces to tackle online crime—initially child sexual exploitation, but in the future other online crime as well. This information is in the public domain. At Second Reading, when I suggested that law enforcement could use security service powers instead of ICRs, the Minister said:
“But of course that is neither practical nor effective because many of the powers of the security services produce investigative material that is not admissible as evidence in a court of law”.—[Official Report, 27/6/16; cols. 1459-60.]
It would appear that the National Crime Agency and GCHQ agree with me rather than with the noble and learned Lord. Indeed, case studies that I was shown when I visited GCHQ tend to undermine the Minister’s assertion.
We began Committee stage by looking at RUSI’s 10 principles for the intrusion on privacy. I will quote just one, on “necessity”, which states that,
“there should be no other practicable means of achieving the objective”.
Internet connection records fail the necessity test. The National Crime Agency and GCHQ co-operation shows that there is a practical alternative.
My Lords, the noble Lord, Lord King, touched on the issue of the Joint Committee. It may be useful for your Lordships to hear what it said about ICRs. The noble Lord, Lord King, was quite right in that regard. The Joint Committee said:
“While we recognise that ICRs could prove a desirable tool for law enforcement agencies, the Government must address the significant concerns outlined by our witnesses if their inclusion within the Bill is to command the necessary support”.
The Joint Committee also said:
“We recommend that the definition of Internet Connection Records should be made consistent throughout the Bill and that the Government should give consideration to defining terms such as ‘internet service’ and ‘internet communications service’. We recommend that more effort should be made to reflect not only the policy aims but also the practical realities of how the internet works on a technical level”.
The Joint Committee also recommended that,
“the Government should publish in a Code of Practice alongside the Bill advice on how data controllers should seek to minimise the privacy risks of subject access requests for ICRs under the Data Protection Act 1998”.
The Government accepted the recommendation on a code of practice—and, indeed, on the definitions. However, in general, the majority of members of the committee believed that ICRs are absolutely necessary to protect our citizens and give the security agencies and the law enforcement agencies the tools they need.
My Lords, I rise to speak to Amendment 156A and cite the simple facts about internet connection records. They do not currently exist, would be very difficult and costly to manufacture, have very limited usefulness and collecting and storing them, far from making us safer, would expose everyone in Britain who uses the internet to new and serious risks. In addition, they are highly intrusive into everyone’s private lives and cannot be stored securely by service providers. So it is little wonder, then, that no other western democracy is collecting internet connection records, including the four other members of the “Five Eyes” partnership, the long-standing security alliance between the UK, the USA, Canada, Australia and New Zealand. In fact, the new Australian data retention law specifically excludes the retention of web browsing histories. As for the USA and Canada, David Anderson pointed out in his report that in both countries,
“there would be constitutional difficulties in such a proposal”.
As my noble friend Lord Paddick has already pointed out, Denmark is the only country known to have tried to collect internet connection records—session logs, as they called them. That project was abandoned after a review by the Danish ministry of justice found that it had been of almost no use to the police. The Home Office claims, with some justification, that the proposal in the Bill has some differences from the Danish system but this year the Danish Government came up with a revised scheme that is almost identical to the internet connection records provisions in the Bill. That was promptly abandoned when the prohibitively expensive cost estimates of the Danish service providers were confirmed as accurate by independent accountants. We must ask ourselves: what is it about our country that makes the Government believe that we should be in a stubborn minority of one on this important matter? I hope the Minister will be able to explain it to the Committee.
It is important to understand that internet connection records—ICRs—do not currently exist. Unlike itemised phone bills, which phone companies keep for billing purposes and are the basis of the current communications data regime, communications service providers—CSPs—have no need whatever for ICRs so they do not create or keep them. The Joint Committee heard from many technical and industry experts, including the committee’s two excellent technical advisers, that it would be very far from simple for CSPs to start intercepting these data as they pass through their networks. Each company would have to devise a method suitable for their own systems. They would need to install expensive and complex equipment to carry out “deep packet inspection”, which copies data packets as they fly past on fibre-optic cables. They would then need to process the collected data to find and discard the very large amount of internal housekeeping signals that keep the network healthy but have absolutely no intelligence value. The warnings the committee heard from the service providers about the difficulties of making ICRs happen and their negligible intelligence value echoed what Danish service providers told their Government before they embarked on their ill-fated and wasteful scheme.
However, if some British service providers could do better than their Danish counterparts and succeed in creating internet connection records, it would not make Britons safer; it would make us less safe. I will explain why. The very existence of internet connection records would create more hazards and dangers for the British public than they currently face, and these risks are as good as impossible to mitigate. The first rule of digital security is to not keep any data you do not need because they are all vulnerable. Yet here, we are talking about storing everything that we all do on the internet for 12 months. We should bear in mind that this information would be gold dust to those who would do us harm and would attract the efforts of hackers, blackmailers, criminals and rogue states from around the world. The prize for them would be the details of the private lives of millions of UK citizens: all our personal secrets, including our banking and credit card details; our problems with addiction; our mental and physical health; our sexual proclivities; our financial struggles; our political leanings; our hopes, our worries, our plans—just about everything about our lives.
If the Government attempt to convince themselves and this House that service providers will be able to keep these data safe, they will be deluding themselves and the British public. It is a matter of when, not if, these sensitive data get into the wrong hands. I will explain why. Our service providers make their money from transmitting our data on their way to and from our devices. They are not in the business of storing it securely. The noble Baroness, Lady Harding, who is the chief executive of TalkTalk could, if she were in her place, recount how 156,000 of her company’s customers had their data accessed by hackers last year. In February this year, SWIFT, the interbank financial transaction network, which presumably needs and has much stronger security than service providers, had $81 million stolen in one set of transactions. It would have been much more, but for a simple spelling mistake by the culprits. Canadian police reported in August last year that two clients of the infidelity website Ashley Madison had taken their own lives, following the theft of the personal data of 33 million Ashley Madison customers. Also last year, Chinese hackers stole the details of 4 million US Government employees, including their security clearances.
If the noble Lord had been in his place at Second Reading, he would have heard me give exactly that recognition. I recognise entirely the scrutiny and excellent work. I note that it is only because of the actions of people such as the then Deputy Prime Minister, Nick Clegg, that we had that scrutiny. I am grateful that we had it and the Bill is much better as a consequence. I welcome it. That does not mean, however, that as a result of that scrutiny we should abandon our Committee proceedings; it does not mean that those of us who have not served on Joint Committees should not be able to ask questions or seek answers. That is certainly what I will continue to do in this matter.
What is being required is an extraordinary power. We must be absolutely clear about that: it is unique. The noble Lord, Lord King, the Minister or any other noble Lord needs to explain—and nobody has, certainly not in all the proceedings so far in this House—why we, uniquely, need this power. The power is one that even such eminent people as my noble friend Lord Carlile—no slouch on counterterrorism measures—have questioned in the past. Indeed on 25 May 2013, he penned an article, I believe in the Daily Mail, in which he said:
“I, Lord Reid, Lord West and others of like mind have never favoured the recording of every website visited by every internet user, though we have been accused of that ambition”.
I hope the Minister will correct me if I am wrong, but as I understand it that is exactly what is proposed: the retention of data on the internet connection records of every internet user in the country. I hope that the Minister will address and answer all the detailed points put by my noble friends Lord Paddick and Lord Strasburger, and tell the House why we, uniquely, need a power required by no other constitutional democracy of a similar type in the world.
I assure my noble friend and the noble Lord, Lord King, that the report by the Joint Committee was not unanimous. We had something like 10 divisions, and for some peculiar reason I found myself on the wrong end of most of them.
If the noble Lord looks at the report, he will see that the paragraphs that I referred to were unanimously agreed.
My Lords, I thank the House for an interesting and lively debate, which this subject absolutely deserves. I am somewhat disconcerted by an assertion made by the Minister and one or two other noble Lords. Just because the Bill has been heavily scrutinised—I fully recognise that, and if it is the most scrutinised Bill in the history of this House, so be it—it does not mean that we should abandon our role in this House. We have six days in Committee; are we wasting our time attempting to honestly and genuinely scrutinise the Bill before the House? I do not think so. I will save most of my responses to the debate for Report. I will just say quickly to my noble friend Lord Carlile that there is a world of difference between communications data on mobile networks and internet connection records. I will leave it at that for now, and I am happy to withdraw the amendment.
My Lords, while my noble friend searches for his notes, would it be appropriate for me to make my short speech on this matter? No? I was just trying to help.
That gave me sufficient time. I apologise to the Committee; it has been a long day already. My noble friend Lady Hamwee and I also have Amendments 160 and 169A in this group.
Equipment interference can involve hacking into telecommunication systems or a network by deploying software that could compromise the security or integrity of that system or network, making them vulnerable to attack by not only the forces of good but the forces of evil. It can also expose the communications of everyone using that system or network.
Equipment interference can also involve hacking into someone’s phone or computer so that any communication can be seen by the police or the security services, including messages that are end-to-end encrypted. As the noble Lord, Lord Harris of Haringey, mentioned, that is crucial, particularly as more and more communication is encrypted. Basically, anything that the person sees on the screen of their phone or computer and any information contained on the device, the police or the security services can see as well. This may, however, make the device vulnerable to hacking by others.
Amendments 159 and 160 would include in the Bill safeguards to protect systems and networks, reduce collateral intrusion and ensure that critical national infrastructure is safeguarded by requiring those applying for equipment interference warrants to make a detailed assessment of the risks involved. Amendment 169A is intended to require the judicial commissioner who is asked to approve the warrant to also consider an assessment of the risks, although I am not sure that the wording is entirely right for that amendment. I beg to move.
My Lords, the Committee will get a feeling of déjà vu.
I rise to speak to Amendment 159 and others, and start by acknowledging that equipment interference—hacking, in common parlance—with a person’s computer or phone can be justified by known or suspected threats or by an actual incidence of serious crime. However, I still have two concerns. Some types of hacking pose a risk of serious unintended consequences for the target device and collateral damage to devices connected to it or even whole networks, right up to the national level. My other concern is that in the case of hacking by the police rather than by the security agencies there is a danger that a defence lawyer could, rightly or wrongly, claim that vital evidence located on the target device had been tampered with, so putting a successful prosecution at risk.
There are several known examples of large-scale unintended consequences of hacking by the authorities, and no doubt many more that we do not know about. One example is GCHQ’s attack on Belgacom, Belgium’s largest telecoms company, during 2010 and 2011. It involved infiltrating the home computers of several Belgacom staff to acquire their company passwords. Then highly sophisticated malware was installed on Belgacom’s systems to allow GCHQ to acquire large amounts of data. It cost Belgacom many millions of pounds and a lot of time to clean up its systems. Another example is a test by GCHQ that accidentally closed down an entire mobile network in a major city in this country for half a day. So there is a good case for the extra safeguards in Amendments 159 and 160, which are intended to reduce the risk of equipment interference going out of control, and I support them.
On the subject of the danger of allegations, accurate or otherwise, that the police had contaminated evidence in the device that they subjected to equipment interference, I would be interested to hear the Minister’s views. In the Joint Committee, my concerns were brushed aside by the police witnesses, but surely there is a serious danger that the police will be accused of planting, deleting or amending evidence just as they used to be about slipping incriminating evidence into the defendant’s pocket.
(8 years, 5 months ago)
Lords ChamberMy Lords, my noble friend is quite right: I feel the need to intervene on Amendment 176A. There seems to be a strong consensus among the bodies that considered the Bill in its draft stages and beforehand that there should be a commission rather than commissioners. The Joint Committee made this very clear in its recommendation 114:
“It is unclear to us why the Home Office chose to create a group of Judicial Commissioners rather than creating an Independent Intelligence and Surveillance Commission as recommended by David Anderson QC, a recommendation endorsed by the … Interception of Communications Commissioner’s Office. The benefits of having a senior independent judicial figure in the Investigatory Powers Commissioner would not be lost by putting the IPC at the head of a Commission. The evidence we have heard is that the work of the oversight body will be significantly enhanced by the creation of a Commission with a clear legal mandate”.
The Interception of Communications Commissioner’s Office commented:
“The bulk of the oversight will actually be carried out by inspectors and staff within the Commission who need a clear legal mandate to require information from public authorities, to launch and undertake audits, inspections, inquiries, investigations and react in real time when noncompliance or contraventions of the legislation are discovered during an inspection. There are examples of oversight bodies created as separate ‘Commissions’, e.g. section 9 of the Police Reform Act 2002 created the Independent Police Complaints Commission as a body corporate. We believe this legal structure provides an appropriate model for the Investigatory Powers Commission, with statutory functions vested in the body corporate as well as the Judicial Commissioners”.
The Government have elected to ignore all those recommendations. The only reason I have heard to date is the estimated additional cost of £500,000 a year of a commission, as opposed to commissioners. I have heard no substantive arguments against the proposition, so I await the Minister’s response with interest.
We have one amendment in this group, Amendment 194BA, and I have added my name to Amendment 194D. Most of the arguments have already been made but Amendment 194BA addresses a point raised in the report of the Select Committee on the Constitution and concerns the funding of the judicial commissioners. In its report the Select Committee points out that the Joint Committee on the Draft Investigatory Powers Bill concluded that it was,
“inappropriate for the Home Secretary alone to determine the budget of the public body which is monitoring the exercise of her surveillance powers”,
that body being the Investigatory Powers Commissioner.
The Select Committee went on to suggest that one way to,
“mitigate the risk of executive interference in the functions of the Judicial Commissioners would be conferring on the Investigatory Powers Commissioner the right to make written representations to Parliament”.
That is what Amendment 194BA seeks to achieve: it would implement the recommendation of the Select Committee on the Constitution. I am obviously interested to hear what the Government’s reaction is to that recommendation and whether they intend to take it up or not.
My Lords, Amendment 176A seeks to replace the statutory appointment of an Investigatory Powers Commissioner with the creation of an investigatory powers commission. This topic was discussed in detail, and voted on, in the other place, which agreed with the government position that establishing a commission was not necessary.
I am afraid I remain unconvinced of what practical good this amendment would do. The powers and duties on the proposed body would remain exactly the same as the responsibilities of a commissioner. The number of inspectors, technical experts and judicial commissioners employed by the organisation would remain exactly the same. In fact, as the noble Lord, Lord Strasburger, indicated, the only things that would increase would be the expense of the body to the taxpayer and the bureaucracy that it would be faced with. The body would need to be provided with a range of staff to perform corporate functions on its behalf, including its own IT people for when the printers break, its own procurement people to buy the stationery and so on.
I just wonder whether all the expenditure that the Minister is listing does not apply just as much to the commissioners as to any commission.
My Lords, this debate on who should appoint the judicial commissioners was discussed at length in the Joint Committee, and we heard lots of evidence on it. The conclusion was that the commissioners might be a little more independent if they were appointed by the Lord Chief Justice rather than by the Prime Minister. Certainly, the perception of their independence would be greatly enhanced if it were that way round and the appointments were not made by the Prime Minister.
We have some amendments in this group which, again, relate to the report from the Constitution Committee. Like the noble Baroness, Lady Hamwee, I acknowledge the amendments that the Government have tabled. They have certainly gone down the road that was indicated during the discussion on this matter in the Commons.
I simply want to ask the Minister whether the Government have given any consideration to going down the road suggested by the Constitution Committee, as opposed to that put forward in the Government’s amendments. I accept that there is not a great deal of difference between the two, as the Government’s amendments say that a person is not to be appointed unless they have been recommended by the Lord Chancellor and the Lord Chief Justice.
Finally, do the Government’s amendments also apply to the reappointment of commissioners and to dismissal? The recommendation in the Constitution Committee’s report related to appointments, reappointments and dismissal, but I am not clear whether the Government’s amendments would also apply in those three circumstances.
(8 years, 5 months ago)
Lords ChamberMy Lords, that is precisely what this amendment is seeking to do.
My Lords, I rise to speak to Amendment 41, which seeks to remove the requirement for a judicial commissioner to apply judicial review principles when approving warrants. I do so with some trepidation as I am only the second noble Lord who is not a lawyer to venture into this very dangerous territory, but I will have a go. We heard a lot about this subject on the Joint Committee on the Bill and a large amount of both written and oral evidence was presented to us. I have reviewed it all again in preparation for today and would like to make the following points.
Surely applying any rules at all to how a person is to make a decision must have the effect of constraining how that person makes their decision. As such, constraining the judicial commissioner to judicial review rules must reduce their contribution to the decision compared to that of the Secretary of State, who has no such rules or constraints to limit how she makes her decision. If we retain the judicial review principle for the judicial commissioner, we no longer have a true double lock; we have a 1.5, or 1.4 lock, or whatever. If we want a true double lock—the phrase the Government keep using—whereby both the Secretary of State and the judicial commissioner consider the application in identical ways, as we on these Benches believe is the ideal, then we cannot constrain one of the decision-makers to special rules, whether those of judicial review or otherwise.
Several witnesses to the Joint Committee pointed out a major flaw in the case for judicial review rules to apply. Normally during a judicial review, both parties are present and have the opportunity to make their case for and against the decision being sought. In the case of a warrant application, only one party is present and the judicial commissioner has to imagine what objections the person who is the subject of the warrant might offer, so it is not possible to truly apply judicial review rules. In his oral evidence on this aspect, Matthew Ryder QC said that,
“normally in judicial review, there is an element of an adversarial process. In other words, the judge is assessing it with somebody making representations in relation to the other side. There will be no adversarial process built into this, the way it stands at the moment. You will have a judicial review, but no one putting forward the argument to the judge in a different situation. Now, that is not unheard of; you have that in other situations, but not in … a judicial review situation”.
So far, no proponent of judicial review rules has explained why the judicial commissioner should be limited in his or her consideration of the warrant application, so perhaps one or more noble Lords will do so during this debate. The Home Secretary suggested in her oral evidence, somewhat counterintuitively, that being constrained would give the judicial commissioner more flexibility, when the opposite would seem to be the case. I will listen with interest to the debate on this amendment. In the meantime, I commend it to the House.
In moving Amendment 81, I shall also speak to Amendment 239. I am not proposing, now, a facile change in the rules of evidence—but given the subject matter of the Bill, it might be a little odd not to explore the issue of intercept as evidence a little. Amendment 81 contains an enabling clause; enabling clauses go a bit against the grain, but for this purpose I think one is appropriate. It would require consultation and the affirmative resolution—but this is a probing amendment.
I know about the concerns that intercept as evidence would be massively expensive, because of the entirely proper rules of disclosure of evidence to the defence and the prosecution. Intercepted phone calls would not just be monitored for intelligence, with rough notes made and conversations only partially transcribed; this would mean a huge amount of transcription, and maybe translation as well, plus storage and indexation. Disclosure could, I accept, have operational implications, through disclosing techniques and the capacity of the agencies.
On the other hand, intercept evidence could significantly influence the outcome of a trial, but at the moment is simply unused. Lord Lloyd of Berwick said:
“We know who the terrorists are, but we exclude the only evidence which has any chance of getting them convicted”. —[Offcial Report, 19/6/00; cols 109-10,]
So we spend a lot of resources on spying on those implicated in organised crime and terrorism, but we cannot prosecute them or prevent further crime. Other common law countries use such evidence. I am aware that their legal systems are said to be “less demanding”, but does that not suggest that we should not abandon the idea?
The right to a fair trial raises the issue of all evidence being available to both prosecution and defence. The prosecution has the advantage of being aware of evidence but not using it, and that puts the defence at a disadvantage. Further, I understand that a ban applies only to interceptions in the UK. Recordings and transcripts of intercepted calls made in other countries are used, for instance in prosecutions for drug trafficking. Nor is there a bar on introducing evidence of phone calls made from prisons. I believe that the Ian Huntley Soham case featured such evidence. One can also use a recording from a hidden bug as evidence, but one cannot use interception as evidence.
It is argued that our system of public interest immunity could be applied to protect the details of investigative techniques—the subject of the concern that I raised a moment ago. The Privy Council’s review on that issue, which reported in 2008, concluded that it would be possible to provide for use as evidence by developing a “robust legal model” with public interest immunity as the basis, which would be human rights compliant. I appreciate that that review was the seventh report to Ministers in 13 years, so this matter has not gone unexamined.
However, we are now in a position whereby our criminal justice system cannot accommodate what will often be the best evidence in a case, so cases that should be prosecuted may not be. Given advances in technology—and those no doubt to come—it must be right to keep the issue on the agenda, which is what the amendment seeks to do. I beg to move.
My Lords, I have a question for the Government. Am I correct in believing that evidence derived from equipment interference is permitted to be used in court? If so, could not equipment interference lead to an equally large and costly process of evidence-gathering? Why is there a difference between the two sources of evidence?
My Lords, the Government are, of course, committed to securing the maximum number of convictions in terrorism and serious crime cases. The experience of other countries is that the use of evidence gathered through interception may help to achieve that. For that reason, the Government have considered whether there is a practical way to allow the use of intercept as evidence in criminal proceedings.
The issue of whether intercept material can be used as evidence has been considered in great depth no less than eight times since 1993. Each of those reviews—published by Conservative, Labour and coalition Governments—has concluded that the current prohibition which does not allow intercept material to be used as evidence should remain in place. This is the position maintained in statute since 1985, and provided for in the Bill at Clause 53.
The most recent review, in 2014, was overseen by an advisory group of privy counsellors from all parties, including my noble friend Lord Howard of Lympne and the noble Lord, Lord Beith, who is no longer in his place. That review went further than any previous review by considering the costs and benefits of a regime for the use of intercept as evidence, even if that meant considerable operational upheaval for the intercepting agencies. The review found that the substantial costs and risks of introducing the use of intercept material as evidence in court would outweigh the uncertain benefits.
When the conclusions of the latest review were published in December 2014, the Home Secretary undertook to keep the issue under review and to revisit it should circumstances change. But there has been no significant change since that time. We appreciate that the amendment is intended to provide for a change of circumstances to be reflected in secondary legislation. However, we consider that such a significant change as introducing intercept as evidence would be appropriate for primary legislation rather than regulations, even those subject to the affirmative procedure.
Finally, on the point raised a moment ago, it is the case that material derived from equipment interference is used in evidence. That has, historically, always been the case, and there is no need to move away from that established position. I invite the noble Baroness to withdraw her amendment.
I thank the noble and learned Lord for his reply, but my question was: why is it in one case suitable to use the evidence in court, but in the other not?
Because it has been established as a matter of evidential law over many years that it can be admitted. Therefore, adequate provision is in place for its admission as evidence.
My Lords, I am speaking to Amendments 92, 102 and 103 in my name. These amendments address aspects of two extremely strong powers granted to Ministers by the Bill which are tucked away at the back in Clauses 225 and 226. As we have heard, they are about national security notices and technical capability notices. Although they are not listed as powers under the Bill, they are, in fact, very strong, broad powers.
The national security notices permit, with some caveats, the Secretary of State to instruct the telecommunications operator to do whatever she considers necessary in the interests of national security. Technical capability notices enable, with some caveats, the Secretary of State to instruct an operator to develop or maintain a capability to assist the authorities. Both types of notice must be kept secret by the recipient, if the Secretary of State so wishes. In a recent amendment, the Government added the need for a judicial commissioner to approve both types of notice. This is a welcome step forward, as is the forthcoming repeal of Section 94 of the Telecommunications Act 1984, which has been used in the past to create new powers.
These three amendments address one particular capability specified in Clause 226(5)(c)—the removal of electronic protection. All the experts who gave evidence to the Joint Committee, and with whom I have discussed this matter since, agree that the phrase “removal of electronic protection” must include decryption of encrypted information and/or weakening of encryption in some way. They are deeply alarmed about it.
Encryption is a vital feature of all the financial, commercial and personal activity on the internet. The Government have confirmed on several occasions, including in answer to Questions in this House, that any weakening of our back-door access to encryption would threaten the entire operation of large parts of the digital economy. Once the integrity of cryptosecurity has been compromised for one set of users—in this case the Government—that weakness is available for everyone, including hackers, criminals, terrorists and hostile Governments, to exploit. Furthermore, as my noble friend Lord Paddick has said, UK plc has many successful businesses operating in the field of encryption products. They are very concerned that their clients will shun their products if they suspect that the Government have secretly weakened the security that these products offer. Unless this risk is eliminated from the Bill, they may have to take their companies abroad to avoid their products being tainted by the perceived risk of government damage to the security integrity of their products.
At the end of Second Reading in this House, the Minister, the noble and learned Lord, Lord Keen, stated:
“The provisions of the Bill do not weaken encryption or threaten it. We do not seek what have sometimes been erroneously termed “back doors” into encrypted material. I would seek to dispel any such suggestion”.—[Official Report, 27/6/16; col. 1461.]
These amendments simply seek to give force to that clear assurance by deleting the reference to “removal of electronic protection” and explicitly prohibiting the use of national security notices and technical capability notices for the purpose of “removal of electronic protection”. I commend them to the Committee.
My Lords, Amendment 93 stands in my name and that of my noble friend Lord Rosser and is on the same issue of encryption. Encryption is fundamental to keeping the whole of the digital economy safe and secure. It is widely used by business, government and consumers to protect sensitive and confidential information and as a building block in the advanced security technology which has been described.
The undermining of encryption would not simply mean that the communications of criminals could be read more easily; it would risk creating a major vulnerability in the security infrastructure, which could be exploited by various malicious actors, be they criminal gangs or rogue states. So it is important for this economy and for all the financial and other businesses that depend on it that the foundations of encryption technology remain absolutely firm.
There will be times when state security undoubtedly needs access to encrypted information for a specific investigation. This is not the problem. The problem is whether the Government would ever require a company to engineer such access, enforcing the company to create a model which, if then followed by other nations with perhaps less security than ours, would lead to a lowering of standards. We welcome the statement by the Government that they do not require industry to build back doors into their encrypted products. The Bill as it stands is perhaps not as clear as the commitments the Government have made.
Clause 226 risks making encryption intrinsically weaker if a company could be asked to build the ability to break the encryption. Amendment 93 seeks to address that. We hope the Government will understand that, when the request is made, they should not ask a company to develop a new way of breaking encryption that is not already within its ability. At the moment, the clause implies that, where companies that did not have the ability to remove the protection were issued with a notice, they would be required to build that capability so as to adhere to the notice. That is worrying the companies because of the general undermining of encryption. End-to-end encryption is essential to protect sensitive personal, commercial and security information. I think the Government share our concern that we should maintain that.
The thrust of Amendment 93 makes it explicit that a company would be required to remove the electronic protection only where it had the current capacity to do so and that it should not have to engineer it. We hope it will be accepted by the Government.
Certainly, targeted equipment interference is, if you like, the next step should interception not be possible for any reason. However, I will answer the noble Lord’s first question, on end-to-end encrypted services. We start from the position that we do not think that companies should provide safe spaces to criminals to communicate. They should maintain the ability, when presented with an authorisation under UK law, to access those communications. We will work with industry to ensure that, with clear oversight and the legal framework I have in part alluded to, the police and intelligence agencies can access the content of terrorists’ and criminals’ communications when a warrant has been approved in the usual way.
We will of course consider what steps are reasonably practicable for an individual telecommunications operator, taking account of a range of factors, including technical feasibility and likely cost. We recognise that what is reasonably practicable for one telecommunications operator may not be for another, so any decision will have regard to the particular circumstances of the case. However, I cannot go into our relationships with individual companies, as the noble Lord will understand. It is important to understand that the Bill does not ban encryption or do anything to limit the use of fully encrypted services.
I thank the Minister for giving way. I think this is the first time I have heard the Government admit that the phrase “removal of electronic protection” does in fact refer to encryption.
I want to emphasise—and anybody in the cryptography industry will spell this out—that you cannot have it both ways. Either encryption is secure, or it is not; it cannot be insecure for a small group of users and secure for everybody else. Once encryption is weakened, it is weakened for everyone and once this is done at the request of the Government, it is available to all the people I listed earlier who would do us harm. I would also point out that there are a myriad of encryption products available outside the UK—ISIS has its own set, and I have seen the manual. There are any number of ways that people who want to use encryption for malign purposes can acquire it and use it in a way that UK companies cannot break.
Lastly, when I was at GCHQ, it seemed fairly relaxed about the threat of encryption because it is very confident that it can use the other means we have referred to, such as equipment interference, to get the unencrypted data it wants. But the main point, which the Government really do have to take on board, is that encryption is either strong or it is not. It cannot be partially strong—that is, strong for most and weak for the Government.
I shall of course reflect on those points, which I was already aware of. It is important to emphasise that any encryption arrangements that a communications service provider has not itself applied, or had applied on its behalf, would almost inevitably fall outside these provisions because it would not be reasonably practicable for the company to de-encrypt. Many of the biggest companies in the world rely on strong encryption to provide safe and secure communications and e-commerce, but nevertheless retain the ability to access the contents of their users’ communications for their own business purposes—and, indeed, those companies’ reputations rest on their ability to protect their users’ data. In many cases, we are not asking companies to do something that they would not do in the normal course of their business, but I note what the noble Lord has said.
Amendment 93 deals with the subject of end-to-end encryption more specifically. This matter was discussed in detail in another place, so I will reiterate what was said there to explain why this is not an appropriate amendment. I have already outlined the strict safeguards that will apply. This amendment is not necessary because the Bill makes absolutely clear that a telecommunications operator would not be obligated to remove encryption where it is not reasonably practicable for it to do so. It is important to highlight that the amendment would in many cases prevent our law enforcement and security and intelligence agencies from being able to work constructively with telecommunications operators as technology develops to ensure that they can access the content of terrorists’ and criminals’ communications. Depending on the individual company and circumstances of the case, it may be entirely sensible for the Government to work with them to determine whether it would be reasonably practicable to take steps to develop and maintain a technical capability to remove encryption that has been applied to communications or data. But the amendment would signpost to terrorists and criminals that there are communications services they can use to communicate with each other unimpeded and which the authorities will never be able to access. That cannot be right.
Amendments 108 and 109 propose changes to Clause 230, which provides for a telecommunications or postal operator to request a review by the Secretary of State of the obligations imposed on it by a technical capability notice or a national security notice. The Secretary of State must seek the views of the Technical Advisory Board—a group of experts drawn from the telecommunications operators and the intercepting agencies—and the Investigatory Powers Commissioner before deciding the review.
Amendment 109 seeks to insert the double-lock authorisation process into that review. I contend that this is unnecessary. The Government have an amendment which provides that the Secretary of State must initially consult the judicial commissioner on proportionality, and that the Secretary of State’s decision following the review must be approved by the Investigatory Powers Commissioner. As I have explained, if after consulting the commissioner and the Technical Advisory Board, the Secretary of State decides to confirm the effect of a notice or vary it, the Investigatory Powers Commissioner must approve that decision, so the amendment is not required.
Amendment 108 seeks to require the Technical Advisory Board to consider the consequences for others likely to be affected by obligations imposed by a notice. This proposal was first raised in the other place and, following discussion, considered to be unnecessary. I will briefly explain why. First, the Technical Advisory Board has a very specific role to play in advising the Secretary of State on cost and technical grounds. This role is reflected in its membership. Board members are drawn from the telecommunications industry and those persons entitled to apply for warrants and authorisations under the Bill. These experts are well placed to consider the technical requirements and the specific financial consequences of the notice. If they consider it appropriate, they may look beyond cost and technical feasibility, but those factors are rightly their focus.
The responsibility for considering the broader effect of the notice on the operator to whom it has been given sits with the judicial commissioner, and it is right that the commissioner has this role. As part of any review into the obligations set out in a notice, the commissioner must report on their proportionality. This would include an assessment of its consequences, both for the person seeking the review and for anyone else affected by it. Furthermore, the clause requires the commissioner to seek out the views of the person who has received the notice. The person will have an opportunity to raise any concerns regarding the effect of the notice with the commissioner for consideration, and the commissioner must report his or her conclusions to the person and the Secretary of State. In my view, and as concluded following discussion in the other place, the Investigatory Powers Commissioner is rightly placed to carefully assess proportionality as a whole. The amended wording would introduce unnecessary duplication and ambiguity over what the board and Investigatory Powers Commissioner are each considering.
Finally, allow me to turn to another part of the Bill. I welcome the intent of Amendment 129, which seeks to clarify the scope of the restrictions on the acquisition of internet connection records. The clarity that noble Lords intend to create with this amendment is already provided in the code of practice, and I hope I can reassure noble Lords that there are good reasons why this definition should not appear in the Bill. The Bill already contains definitions of “telecommunications service” and “communication” which make very clear that a communication can include messages between individuals, between individuals and machines, and between machines. This maintains the existing position in RIPA, and it is absolutely right that the powers and, indeed, safeguards in this Bill apply to all forms of communication.
Taken in its broadest sense an “internet communications service” is simply a telecommunications service that involves communication over the internet and it should rightly include all forms of internet communication. But in the context of internet connection records the term is used to mean services that facilitate communications between two or more individuals, like email or social networking websites. An “internet service”, by contrast, is any other communication service a person could connect to over the internet, including person to machine communications, such as a person accessing a website. This distinction is made clear in the code of practice, which is the appropriate place for it because the definition has a different meaning in other contexts in the Bill.
I hope that noble Lords will be reassured that the definition is contained in the code of practice. We are concerned that defining “internet communications service” on the face of the Bill in the way proposed could cast doubt on the scope of the Bill in so far as it applies to internet communication services more generally. For all the reasons that I have set out, I ask noble Lords not to press their amendments.
My Lords, the Minister spoke about what is possible and reasonable, but the point of our Amendment 93 is that a notice may not impose the requirement to build a facility that would break end-to-end encryption. We may need to return to this on Report, but it would perhaps be useful to have a discussion between now and then about imposing the requirement to build capacity to break end-to-end encryption.
I fear that the Minister is taking himself down a long cul-de-sac here, because the implication of what he is saying is that no one may develop end-to-end encryption. One feature of end-to-end encryption is that the provider cannot break it; encryption is private between the users at both ends. He seems to be implying that providers can use only encryption which can be broken and therefore cannot be end to end, so the next version of the Apple iPhone would in theory become illegal. I think that there is quite a lot of work to be done on this.
I was certainly not implying that the Government wished to ban end-to-end encryption; in fact, we do not seek to ban any kind of encryption. However, there will be circumstances where it is reasonably practicable for a company to build in a facility to de-encrypt the contents of communication. It is not possible to generalise in this situation. I am advised that the Apple case to which the noble Lord referred could not occur in this country in the same way.
(8 years, 5 months ago)
Lords ChamberMy Lords, I put my name to a couple of these amendments and I would like to speak to them. Under our constitutional arrangements, the Human Rights Act is the next best thing that we have to a constitutional guarantee of fundamental rights and freedoms. The Minister has rightly put his name on the front of the Bill, stating that in his opinion it is compatible with the convention rights. I have put my name to these amendments to seek to make sure that what the Minister has put on the face of the Bill becomes transparently clear in the statute when it is enacted.
Article 8 of the convention, which guarantees the right to personal privacy, indicates that any exception must be provided by law—that is to say, satisfy legal certainty—and by the principle of proportionality, and that any interference must be necessary and no more than necessary to safeguard other compelling public interests. The problem with the Bill as drafted is that it does not go quite far enough to ensure full compliance with the Human Rights Act and with Article 8 of the convention. That is why the amendments in the name of my noble friend Lady Hamwee are needed, in my view. First, it is important not merely to have regard to but to make sure that there is full compliance with the principle of proportionality. That is what these amendments seek. Secondly, without repeating what has already been said, it is very important that the obligations on public authorities—for example, not to use the powers listed in Clause (2)(1)—are no more than what,
“could reasonably be achieved by other less intrusive means”.
That is classic principle-of-proportionality language.
I very much hope that in one way or another the Government will come to accept these amendments or something very similar to them so that we can make sure that lawyers like me are not able to go to court to challenge all of this under the Human Rights Act, but that Parliament gets the statute clear to put beyond doubt the application of the principles of legal certainty and proportionality, which is what these amendments are designed to do.
I will say just a word about Amendment 14, not because I want to make an elaborate statement about it but because, as I said at Second Reading, it is very important that we have a board or commission with the requisite powers. I will come to that in later debates on the Bill.
My Lords, I will speak briefly to Amendment 14. We have already heard at length that, in its report on the Bill, the ISC called for a “backbone” of privacy to be inserted into it. The Home Office’s initial response was to add one word to the next version of the Bill: it inserted “privacy” into the title of Part 1 so that “General protections” became “General privacy protections”—nothing else changed. Later, under some pressure in the Commons, Clause 2 came into being, which goes some way, but not all the way, to inserting the privacy protections that we on this side of the Committee feel are needed.
This episode suggests to me that no one in the Government has a brief to speak up for privacy and civil liberties when legislation is being formulated. Presumably, that is why the Home Secretary included Section 46 in the Counter-Terrorism and Security Act 2015, giving her the power to establish the Privacy and Civil Liberties Board. The only problem is that she has not commenced this power and the vacuum in privacy protection advocacy in government is still there.
Amendment 14 would force the Home Secretary’s hand so that she must get on with it—actually, to be more precise, her successor must get on with it because she probably has bigger fish to fry as of Wednesday. For now, this is simply a probing amendment. If it were brought back on Report, it would probably need some improvement in terms of the board’s scope and powers. The American version of this, the Privacy and Civil Liberties Oversight Board, has been very successful with a much wider brief. For now, I will be content to hear the Government’s response to the amendment as it stands.
Before I sit down, I will say a couple of words regarding the friendly fire that has been coming from behind me during this debate—rather ungraciously, I might say—from the noble Lord, Lord Carlile. He queried whether I had read Nineteen Eighty-Four and knew about its description of CCTV in every bedroom. I have, actually, but I suspect that he has not been doing his reading on security matters because, if he had, he would know about Project Optic Nerve, in which GCHQ intercepted 1 million Yahoo! users’ webcams, which effectively put state cameras into 1 million bedrooms.
My Lords, I am not going to enter into an argument with my noble friend about the activities of GCHQ, particularly when they have been misdescribed so fully, but I will say one or two things about the merits of the amendments before us, particularly Amendment 6.
I agree with what my noble friend Lord Lester of Herne Hill said about this group of amendments, including Amendment 6, for the reasons he gave. It would be helpful if the noble and learned Lord, Lord Keen, could explain to the Committee the difference between Amendment 6 and the intention of the Government as set out in Clause 2(2)(a). If the intention of the Government is to do what my noble friend Lord Lester described, I respectfully suggest that the adoption of the wording in Amendment 6 would be more useful and more certain and, above all, as my noble friend said, would avoid unnecessary disputes about the meaning of and compliance with Article 8 in the courts.
Unfortunately, I disagree again with my noble friends about Amendment 14. I am not against a Privacy and Civil Liberties Board if the Government wish to create one. Indeed, I would rather support the creation of a board which had an overarching view of privacy and civil liberties. The board that was created in the 2015 Act is most certainly not a Privacy and Civil Liberties Board. It is a board that was intended to have some kind of oversight of interception, surveillance and other matters, and was a construct agreed as a compromise because of the nature of government at that time. I am afraid it is a glass half-full. Therefore, I urge the Government not to adopt that Privacy and Civil Liberties Board.
It is also worth saying that we have come an awfully long way in the protection of the public against unlawful intrusion by the state into their private affairs since the enactment of the Privacy and Civil Liberties Board provision, which has not been brought into force. The safeguards included in this Bill as a result of the work of my successor as independent reviewer, David Anderson, and of the Intelligence and Security Committee and the RUSI panel mean that we have a much fuller raft of protections in the Bill. In my view, they are far more beneficial and provide a great deal more than was ever going to be provided by this form of the Privacy and Civil Liberties Board. I respectfully suggest to Ministers that this amendment is entirely unnecessary.
However, I emphasise that there are genuine concerns about potential breaches of privacy and civil liberties. They are concerns about what the public sector can do and they should also be concerns about what the private sector already does. Any of us who subscribe to online groceries, books, music or other similar consumer opportunities on the internet, as I confess I do—I frequently stream music in my car from my mobile phone—probably do not realise how much we have allowed our privacy to be trespassed upon by the so-called privacy policies of large internet service providers. If we are to have a Privacy and Civil Liberties Board, let us do the whole job, not just a bit of it.
My Lords, I support Amendment 25 and declare an interest as the mother of a journalist. I also apologise for not having spoken at Second Reading; I was not able to be here. My only concern with Amendment 25 is that it does not go far enough and there is no “reasonable suspicion” test. We must remember that journalists often uncover some pretty heinous crimes and pretty awful stories. While we often talk about the damage they do and the crimes they commit, they also do some incredibly valuable work for our society, so I think this an extremely important amendment.
My Lords, my name is also to this amendment. I shall not detain the House for very long. There is one aspect of this that I do not think has been mentioned: without protection for the anonymity of whistleblowers, far fewer will come forward and expose themselves to the revenge of their employers or others in powerful positions. There is ample evidence of whistleblowers being severely victimised, so anonymity is essential. Without whistleblowers, wrongdoing and cover-ups in the private and public sectors will go unreported and uncorrected, and that outcome is to the detriment to all of society, particularly those who lack a loud enough voice to be heard when things go wrong.
In recent years we have seen many cases of legislative arbitrage by the police in order to use powers that were never intended for the purpose of discovering journalists’ sources, finding ways to do so with the fewest protections. The “plebgate” scandal was a particularly graphic example, where RIPA was misused to find the source of a story in the Sun. Journalist’s phones on the Sun’s newsdesk were investigated by the police and their communications data were obtained. Under RIPA this was, of course, completely self-authorised; there were no external checks on what they were doing.
I believe that the Bill actually reduces the protection for journalists’ sources in the case of interception of communications and communications data. It provides no protection at all against the use of other surveillance powers, especially equipment interference. Amendment 25 seeks to rectify these shortfalls; I do not believe it is perfect yet, but it is a good start.
Perhaps I may ask the Minister three questions. Do the Government have any problems with the way that PACE currently protects journalists’ sources? I ask this because many of the criticisms he made of this amendment with respect to potential tipping off would surely also apply to PACE. The second question is this: do the Government feel that this Bill protects the communications data of journalists as well as PACE currently does? Thirdly, what special protections do the Government say the Bill gives journalists with respect to equipment interference?
My Lords, the Government are clear that the regime provided for in the Bill is not inferior to the provisions of PACE. It requires that applications be made to a court for a production order on notice to the holder of the material. In the case of communications data the whole of the material is a telecommunications provider, not a journalist. We are therefore clear that nothing in the Bill enables the investigatory authorities to circumvent the protections for journalists’ sources contained in PACE. Indeed, in 2015 the Interception of Communications Commissioner conducted a detailed investigation into the allegations that public authorities had utilised RIPA to avoid the use of PACE and clearly rejected the claim. The amendments that we have made to the Bill combined with the other safeguards for acquiring communications data mean that the relevant considerations laid out in Schedule 1 to PACE are addressed on the face of the Bill.
(8 years, 5 months ago)
Lords ChamberMy Lords, I should mention that this subject was covered extensively in the Joint Committee on the Bill. It seems that the noble and learned Lord is suggesting that in order to be able to monitor a gang when we do not know if it is made up of three or four people, the language of the clause should be this open. Perhaps I may quote from some of the evidence that was given to the committee. The clause fails to,
“exclude the possibility that everyone who belongs to a certain trade union, political party or book club; visits a certain shop; attends (or has friends or family members who attend) a certain house of worship; subscribes to a certain publication; participates in a lawful and peaceful demonstration; celebrates or may celebrate a certain religious or national holiday”,
and so on and so forth. All those activities seem, perhaps as an unintended consequence, to be swept up by this provision. Recommendation 38 made by the committee states that,
“the language of the Bill be amended so that targeted interception and targeted equipment interference warrants cannot be used as a way to issue thematic warrants concerning a very large number of people”.
A thematic targeted warrant will be granted only in circumstances where the Secretary of State is satisfied that it is necessary and proportionate. None of the examples cited by the noble Lord comes within a hundred miles of that.
I support what the noble Lord, Lord Paddick, has said, and I too would be grateful for an explanation of why it is necessary or appropriate for the Secretary of State to be involved in the issuing of warrants in relation to non-contentious matters. My understanding—and I should be grateful if the Minister can deal with this—is that the Bill will impose those responsibilities on the Secretary of State in relation to basic policing functions, even though, under existing law, the Secretary of State has no role in the issuing of warrants in such circumstances.
My Lords, I spent a lot of time sitting on the Joint Committee, and since then, searching in vain for a cogent reason why the Secretary of State needs to sign off warrants that have no national security or diplomatic import. Why should the Minister spend her valuable time examining and authorising warrants about everyday criminals? We are told that two-thirds or three-quarters—I do not know which; I have heard both figures—of warrants have nothing to do with national security or diplomacy.
The Secretary of State has no role in authorising property search warrants, which arguably are more intrusive, and involve invasion of a person’s home and discovery of information about a far wider range of subjects than a person’s communications. The only reason ever offered is that the Secretary of State is subject to scrutiny by Parliament, whereas a judicial commissioner is not.
When they gave evidence to the Joint Committee I asked two former Ministers who were responsible for authorising warrants how many times they had been held to account by Parliament. Both the noble Lord, Lord Blunkett, former Home Secretary, and Owen Paterson, former Northern Ireland Secretary, said that it had never happened. That was just as well because it is a criminal offence under RIPA for the existence or details of a warrant to be publicly disclosed. Clause 54 of the Bill continues that ban, with a penalty of up to five years in prison. Therefore, the whole notion of parliamentary accountability for Ministers who authorise warrants is a complete myth. It has never happened and the Bill prohibits it.
I expect that the Government will refer to the potential to be held to account by the ISC, but that does not fit the Bill and is not visible to the public. As far as I know—and as far as the noble Lord, Lord Blunkett, knew when he gave evidence—there are no examples of the ISC holding Ministers to account. I should be interested if the Minister can give some examples of when that has happened. I, too, wait with interest to hear the Government’s response to the amendment.
My Lords, the Secretary of State’s involvement in law enforcement warrants is a historical hangover from when this was the only kind of control or restraint on police applications that existed prior to this legislation. Perhaps it shows a lack of rethinking the nature of judicial authorisation, such as this Bill provides for, that her involvement—it may well be “him” in the future—should have survived when it does not seem either to have practical purpose or to add significantly to the protections that the legislation will afford against misuse or excessive use of the power.
I think the Minister will have to concede that the notion of democratic accountability is wafer thin because a Minister cannot come to Parliament to explain or defend what is being asked about—any warrant. I would like the Minister to explain to us why the four other partners in the “Five Eyes” network—that is, Australia, Canada, the US and New Zealand—find no need for this democratic accountability.
The “Five Eyes” partnership of Australia, New Zealand, Canada, America and the UK has been in existence since the Second World War. The UK is the only one out of those five that feels the need for Secretaries of State or politicians in general to be involved in authorising warrants. I was wondering why the UK has to stand out alone in that way.
It is really quite difficult for me to answer the noble Lord’s question on the “Five Eyes”: it has to be a question for the other members of that group. The approach we have taken is consonant with our general wish, as a country, to hold Ministers to account for important decisions taken about national security and privacy, rather than to consign those decisions to the court. Nevertheless, we believe there is a role for a judicial commissioner to approve what Ministers do. That double lock is the formula which most people in the other place were comfortable with. That is probably all I can say on that score. I hope that the noble Lord will reflect on the case of Lee Rigby, which is a good example of how a Minister was directly accountable to Parliament, albeit in secret session but nevertheless fully accountable to a committee of Parliament. I am sure there are other examples where that has occurred.