(11 months ago)
Public Bill CommitteesThe timings I was given were that the Committee would run until 1.30 pm, but it is a matter for the Whip.
The Government Whip has noted that the hon. Gentleman is very much in order.
Ordered, That further consideration be now adjourned. —(Scott Mann.)
(2 years, 5 months ago)
Public Bill CommitteesWe will now hear oral evidence from Jonathan Hall QC, independent reviewer of terrorism legislation. Before calling the first Member to ask questions, I should like to remind all Members that questions should be limited to matters within the scope of the Bill, and that we must stick to the timings in the programme motion that the Committee has agreed. For this panel we have until 12 noon. Could you please introduce yourself for the record?
Jonathan Hall: My name is Jonathan Hall and I am the independent reviewer of terrorism legislation, a position that I have held since 2019.
Q
Do you agree that utilising the tools made available in the Bill will enhance our ability to deal with the current threats, and give us the flexibility to respond to the changing threat landscape?
Jonathan Hall: Yes, the measures in part 1 and part 2—I will talk about part 3 at some later stage—contain tools that are necessary. I am not a state threats specialist—I am terrorism specialist—but I have had a chance to interrogate officials, and it is clear that there are determined and well-resourced adversaries who will not be put off by a knock on the door to say, “We know what you are up to.” The agencies and the police need measures to prosecute and PIMs—prevention and investigation measures—which are special measures.
Q
Jonathan Hall: There are two things. First, the official who chairs the review group meetings, which are to decide whether to submit to the Secretary of State that a measure ought to be imposed, or the group which reviews whether they remain necessary and proportionate, needs to be really strong. This is what I have witnessed, I am glad to say, with terrorism prevention and investigation measures. That official has to be able to really hold the agencies in particular to account, and really test and probe what they are saying, both about the intelligence that is being given to the review group and about whether the measures remain appropriate. The first message from the TPIMs is that you need to have a strong chair of the TPIM review group, or the equivalent, the PIMs review group.
The second thing is that one of the experiences from TPIMs is that it is really difficult with connectedness. People who are under those measures can become very isolated, and I think that officials have struggled with whether to allow those people to have smartphones or access to the internet. These days it is very difficult to function as a normal member of society unless you have access to those. One of the lessons that will be learned from TPIMs is how to try to square the circle to ensure that people cannot do bad communications but while also allowing them to function normally in the world with access to normal communications technology.
Q
Jonathan Hall: First, it is being able to go to the room where it happens—the meetings where these decisions are taken. When I review TPIMs, I have a completely free hand. I am able to interrogate officials and able to see whatever I want. That is really important. I am not just looking at judgments in courts, or just reading documents; I am actually there able to interrogate, test and challenge. That is what I do. Also, I think it is important that Parliament and the public have a sense of what is going on. Regrettably, because legal aid has not been made available in all cases for TPIMs, there are now fewer court cases, so general information about how this important but serious power is being exercised is relatively cut off. The independent reviewer can provide a lot of transparency about how it is operating.
Q
Jonathan Hall: It has been tentatively mentioned. Obviously, because the legislation has not been passed, I have not been formally asked whether I would do it, but it has been tentatively asked. My answer is that I think it actually is quite a good fit for the reviewer’s job, and I think it probably is right that the person who does the independent review of terrorism legislation should also do the state threats legislation. The reason is that this new legislation is really modelled on terrorism legislation. In crude terms, the concept of the foreign power condition sits in place of the purposes or acts of terrorism, and then there is the same framework in terms of very strong arrest power, detention up to 14 days, strong powers of cordons and search and investigations, and, of course, the PIMs. There are so many learning points between the two regimes that it does make sense.
Q
Sir Alex Younger: Hello, my name is Alex Younger and I was chief of SIS from 2014 to 2020.
Professor Sir David Omand: I am David Omand. I am currently at the King’s College London war studies department as a professor. My previous career in the civil service involved being director of GCHQ, permanent secretary of the Home Office and UK security and intelligence co-ordinator.
Q
Sir Alex Younger: Yes. That is a huge question. To keep it brief, though, I think the predominant fact that developed during my career was the erosion of boundaries. When I started, the difference between peace and war, domestic and international, covert and overt, and virtual and real was reasonably clear, and we were organised along those boundaries. The threats that eventuated most powerfully were the ones that recognised that those boundaries had eroded and crossed them. What I would call grey threats eventuated and often presented us with real challenges, particularly when actors or states felt themselves at war with us and we did not feel ourselves at war with them, for good reason.
My career saw less emphasis on conventional threats and more on grey space. Most of my career was devoted to counter-terrorism, which was the dominant example, but subsequently we saw state actors working in sub-threshold space—operations short of conventional war—to harm us. That is broadly the situation we are in now, even if we have a very 20th-century example of conflict happening on our continent.
Q
Sir Alex Younger: It has risen. During my career, we were broadly in a situation where we had to focus on state threats or terrorist threats. I think that all of us, societally, were hubristically convinced of the end of history and the fact that liberal democracy had triumphed. Perhaps another answer to your earlier question is that that was demonstrated to be false. In fact, we are in a geopolitically contested world, just as we always were. That led to the increasing dominance of the state threat over time as the world diverged ideologically. Of course, with Russia and the UK specifically, we had some really acute examples of that, in terms of services demonstrating complete contempt for us and our democracy by attempting to murder people on our soil. In a sense, that got us, particularly in the national security community, to the hard truth quicker than many.
Q
Sir Alex Younger: I think it is pressing, not least because, as I have said, many of the threats are ambiguous. This legislation, in seeking to dispel ambiguity—daylight is the best disinfectant—has my support. The reality is that the act of using deception on behalf of a foreign power to undermine our democracy, cause our citizens harm, sap our strategic advantage and undermine our economic advantage is essentially not criminalised at the moment, and that is odd. As you would expect, our adversaries have tonnes of legislation outlawing spying. That is what they do; it is part of how they engineer unity. There is a sense of an external and pernicious threat.
I am more struck by the fact that many of our allies, particularly in the Five Eyes, have seen fit, for many years in some cases, to have such measures in place. To that extent, I regard them as basically uncontentious and overdue. If I may be permitted a professional observation as someone who has worked in this area for 30 years, they will definitely make it harder for people who mean us harm to operate, in a way that they would not like and the public would like.
Q
Sir Alex Younger: Yes.
Q
Sir Alex Younger: First of all, I think it is a good idea, fundamentally, to require people to say if they are acting on behalf of a foreign power. I am supportive of that because I know how difficult it makes it for people intent on conducting operations against us to operate, and makes it much easier to prove. I am therefore instinctively supportive of that, and of a register, and I think that we should get on with that. I have talked to the Government about that; they are understandably cautious, given all the unintended consequences attached to it, and the fact that our adversaries use those techniques in a way that lacks good faith and is malicious. However, fundamentally, I am supportive of it.
I have to be honest; I am more ambivalent about the idea of distinguishing between nations. My view of legislation generally, but particularly when it comes to technology, is that it is a mistake to write things to the current circumstances. It is much better to write things to the principles that you are seeking to employ. I am not a lawyer or a member of the Government, but my recommendation would be that we go for a principles-based approach in so far as we can.
Q
Professor Sir David Omand: Probably not, but on the other hand you have to balance that against the risk that legislation would inadvertently catch, for example, academic activity in think-tanks. Alex Younger has referred to transparency and covertness. Where a foreign power is taking covert acts and dirty tricks in order to access our institutions, think-tanks and universities, that would be criminalised by the Bill.
Where a member of the embassy of any foreign state represented here attends, quite openly, think-tank meetings and so on—everybody knows who they are and they know they are on the guest list—that does not pose a direct harm. It would be a mistake to start to try to confuse those categories too much. However, what it comes down to is that this is a probabilistic business; this is doing things that increase the chances that we all protect the citizens and the interests of the state. This Bill alone is not going to prevent states from attempting harm against us, and it probably will not catch all those harms either, but it is a good start.
Q
Professor Sir David Omand: Well, there is a lot in the Bill. The move away from having to identify states as enemies, for example. States have interests of their own and they will promote those interests. If they are doing so openly through diplomatic and academic means, that is one thing, but if they are doing it, as some are, covertly, then although you might not categorise them as enemies, they are none the less conducting themselves in a way that causes harm. That is one of the examples where I think the Bill takes a more up-to-date view. It is not just nations with which we are at war or potentially could be at war.
Q
Paddy McGuinness: My name is Paddy McGuiness, and I am currently an adviser with a critical issues firm called Brunswick Group. I was previously a national security official, latterly as the deputy national security adviser for intelligence, security and resilience in the Cabinet Office from 2014 to 2018. In that role, I oversaw hazards and threats affecting the UK homeland, including some aspects of counter-terrorism, alongside Sir Alex, and cyber-security programmes, offensive and defensive. I began the work on hostile states, and I also dealt with questions of broader resilience to natural hazard. For much of that time, I was also the Government’s chief security officer, overseeing matters of vetting, classification, investigation, and disciplinary and criminal proceedings to protect classified information.
Q
Paddy McGuinness: I really welcome the way you framed that question, because when I thought to myself, “What am I going to say in front of this Committee?” that was absolutely at the centre of it. As the representative, in a policy sense, of the intelligence agency—Sir Alex and the others—and as a person trying to practise Government security and see through disciplinary and sometimes criminal investigations around compromise of classified material, my lived experience was that our legislation and regulations were, frankly, a Potemkin front, and that behind them there was not very much.
I would move in public or speak to Members of Parliament and Ministers, and they would say, “Ah, we have got the Official Secrets Act. We have got this and that,” and they would look at the terrorism powers, which Jonathan Hall described so fully, and the way they interplay with the powers proposed in the Bill, and they would assume we have similar powers, but as you see we had almost nothing. Where there were powers, very few of them crossed the serious crime threshold to engage the full range of intrusive investigative techniques and police time to pursue them. That was very disturbing at a time, certainly when I was deputy National Security Adviser and previously, when the impact on the digital age, as described by Sir David and Sir Alex, came to the fore, and when many states were messing, within the United Kingdom, with our institutions, corporate life and communities, over which they thought they had some share because those people came from that country of origin.
The answer is that I was left very disturbed. That is why under the coalition Government, the Cameron Administration and the May Administration—I left during that—I was, if you like, an apolitical advocate of new powers to shore up what was a weakness or shortfall in our national security capability.
Q
Paddy McGuinness: Yes, and this is illustrative. In the other areas, as Sir Alex described and did fantastic service in countering terrorism, we have not had as much terrorist pressure on our societies and values as there might have been, because of the suppressive effect we have been able to have with our partners. That is because we had capabilities and powers. In the case of hostile state threats, we have some capabilities but perhaps not enough powers, and that is true in cyber. So we have left in front of people who wish to have purchase over our decision making, or to be able to influence us or possibly attack us, free space.
Inevitably, we concentrate on those that are most egregious. Sir David referred to the Lazarus Group in North Korea, and we might look at Iranian behaviours. Indeed, we might look at Russian or Chinese behaviours, particularly around intellectual property and technology, which are all very serious, but I refer you to the number of advanced persistent threats that are now listed because that gives you a description of the number of states that, unconstrained, are beginning to use these techniques for their policy purposes, whatever they are.
For me, almost the best example of this was in the covid pandemic, when there were intrusions and potentially damaging activity in the networks of international healthcare organisations that we needed to help us deal with the pandemic, such as the World Health Organisation. The APT—advanced persistent threat—identified was Vietnamese. I refer you to that list. We do not need to ask any former official to breach the confidentiality of high classification material to know that many states act in this space, and they have clear space in front of them in the cyber domain and in some of the techniques that are countered by the Bill.
(2 years, 5 months ago)
Public Bill CommitteesQ
Sam Armstrong: My fundamental answer is yes. There are a number of good powers in the Bill. It does not address every issue that some of our allies have wrestled with, but in so far as there are powers in it, all of them are in my view good and helpful powers, which will greatly aid the security services in their important work keeping us all safe.
Carl Miller: I will restrict myself from any broad observations and will keep to the one area that I actually know something about, which is to do with information warfare and influence operations, especially over the internet and social media, and how that might impact things. In so far as that is the case—I am sure we will dig into this more in a second—I do not see the Bill as doing any harm. In fact, strangely, as a centre-left think-tank, we have long been calling for more direct state activity in this area. We have deferred far too much and far too often to the tech giants to try to sort these kinds of problems out for us. My fear, though, is about how the Bill will be enforced and deployed. I do not think that in and of itself, as it stands, it alone will be enough to secure—digitally secure—elections and quite a lot of other important moments, themes and aspects of life against the kinds of online influence that we have seen.
Q
Carl Miller: If there is one thing to take away from any of my evidence it is probably this: we have completely misconceived—the Bill slightly, but generally in Government at the moment—the problem as one of disinformation. The problem is not overwhelmingly or primarily one of disinformation. When we pull apart these campaigns, ones that we know or highly suspect of being in one way or another sponsored or driven by, or of having interacted with, a foreign, usually autocratic state, we notice that disinformation is only one of a whole array of different methods that can be used to influence people. You can paint an extremely distorted picture of the world simply by amplifying some truths over others.
If we look at what is happening in Ukraine at the moment, it is as much about “Putin riding bear” memes as it is about explicit disinformation. Much of this interacts at the level of identity, belonging, kinship, friendship, reasons for getting up in the morning and the problems that people see in the world—hugely subtle. Even at the level of lying, it is less to do with the overt falsehood circulating on the internet and much more to do with the harnessing of false identities and false reasons for being involved in debates. I tend to view this as the emergence of a kind of shadowy tradecraft. It is one that can wrap together, yes, some disinformation, but also some black-hat search engine manipulation, the harnessing of outrage, things to do with identity, as I have been saying, and humour and comedy—all that is influential in different ways.
The way we often set up this problem is through a hyper-rationalist idea that there is this thing called disinformation that propagates online, people lacking digital literacy believe it, and that influences their behaviour and attitudes. I will shut up in a second. I rarely interview people, but I have interviewed some of the perpetrators that actually do these operations and they tell me one thing, time and time again. They say, “Carl, we don’t lie about the world to get people to change their minds. We tell people things they already think are true about the world and then guide that in a particular direction.”
The current influence operation in Ukraine is a brilliant example of that. What we are seeing is Russia or pro-invasion-linked influence operations targeting the global south, trying to portray the invasion as essentially being an anti-colonial gesture and tapping into deep-seated anti-western and anti-colonial attitudes within the audiences they are addressing.
Q
Sam Armstrong: Yes. In a sense, the threat is changing less so than our recognition of the change. Increasingly, we are waking up to the threat of the more all-encompassing nature of interference launched or directed by branches of the Chinese Communist party. Unlike traditional Russian or Soviet Union espionage, this is not 100 or 200 individuals in the UK at any time running a network of agents in a very organised way. This is something more full-throated and all-encompassing—they call it the united front—in which people who would not ordinarily be, or who would not see themselves as being, operatives of a foreign intelligence state are being brought into it or are acting in it.
In addition, the nature of the way that we have woken up to this threat means that there are individuals acting on behalf of the Chinese state quite explicitly and openly who are also employed concurrently, and declaredly so, by public authorities in the United Kingdom, most particularly at British universities, where we have Confucius centres. That is one well known example. They are a branch of the Chinese state and they often take money directly from the Chinese state for their operations. People are double-hatting in roles in the academy there and in the university. That means there is the bizarre case of the British Government—not the British Government as in Her Majesty’s Government, but public authorities at their largest—employing Chinese spies. The British state is certainly knowingly employing agents of the Chinese state.
Q
Sam Armstrong: This Bill will do an awful lot to deal with it. There are some offences in the Bill that are drawn extremely broadly and will allow the security services to take a knife to whichever problems they would like.
The Bill does not do certain things that other countries have done. For example, Australia introduced the Foreign Relations Act, which allowed the central Government to terminate relationships that public authorities had entered into with foreign states where they were undermining Australia’s foreign policy position. That is a power that I know Australian officials have been keen to encourage the British Government to replicate.
In terms of assisting foreign intelligence services, which I think is by far and away the most broadly applicable offence in the Bill, and the trade secrets offence, there are broad powers there and the Government deserve commendation for bringing those powers before Parliament, although not before time. The security services have been keenly pushing for them and they will appreciate them in doing their work.
Q
Carl Miller: That is a great question. We can start by cleaning up the grubby world of spam. Often, when talking about online influence operations and disinformation, we descend into this kind of rarefied world of grand geopolitics, but it has as much to do with a very wide array of services and companies. If anyone googles “buy retweets now”, you will be able to see what I am talking about.
There are a tonne of companies that operate in plain sight, selling social media manipulation as “social media services”. You can buy fake followers; you can buy fake engagement. I looked it up on the way here; as of about 10 minutes ago, there was a company selling positive comments in Ukrainian on Instagram—mostly, they claim, by users from Ukraine—for $78 per 1,000. That is on the light net; we are not even talking about the services that are cryptographically secured or anonymised.
There is an array of these kinds of operations. An almost shadowy grey-area marketplace has emerged, which radically lowers the barriers to entry into doing those kinds of activities. That has always been there, but the consensus has emerged among researchers like me that, over the last year or two, the actual number, sophistication and variety of those services has increased quite dramatically. To be honest, if we were to really try to genuinely start increasing the cost and penalties for the actors that do that kind of thing, we would have to target that entire industry as participants in it.
Lastly, in pulling apart some of the operations regarding Ukraine, our hunch is that state-backed activities have likely made use of those exact same services. We will see states maybe rolling out capability outside of state, setting up as private companies, and selling those capabilities back into state.
Q
Louise Edwards: Of course. We are, fundamentally, an organisation that oversees the running of elections in the UK. We also have a role as the civil enforcement and regulator body for political finance in the UK. For foreign interference, that means that we are the experts on electoral law, electoral finance and the running of elections, and we offer that advice to law enforcement and indeed to the security services, on request. We are not a national security body per se. We do not have an intelligence function per se. It is really a question of working with the intelligence services or law enforcement where we can to offer them that advice.
Q
Louise Edwards: As I said, we are not a national security body, so our knowledge of the threat of foreign interference in the UK is very much based on what law enforcement and the police tell us, essentially. If you think about elections in the UK, we have not been notified by the security services of any successful attempts at foreign interference in UK elections, and I think we take some confidence from that.
On the political finance side—the money that is going in and out of political parties, campaigners and others involved in our democracy—I caught the end of the previous session and there was reference to one notification from MI5 in that area. That is the only one that we are aware of. However, I would say that it is not a matter to be complacent about. There are things that could be done, particularly on the political finance side, to really modernise and improve the safeguards in the system, not just for foreign interference but for any kind of abuse or interference in the political finance regime.
Q
Louise Edwards: There is a key principle here, which is that you could hope there is a link between increasing the penalty that can be imposed for an offence and therefore disincentivising or deterring people from committing that offence. That seems like an in-principle link that you would want to see made. That is what perhaps the Bill is aimed at creating.
The measures in the Bill—the offences relevant to elections that are in it—are offences that the police will have to investigate and that will then go through the courts for prosecutions, so really key to making the provisions work effectively is to ensure that the police have the capability and capacity to take them forward, investigating them and passing them on to prosecutors when appropriate.
Q
Louise Edwards: Do you mean a potential problem in the sense of a foreign state interference issue?
We will now start our next session and hear from Professor Ciaran Martin, professor of practice in the management of public organisations at the Blavatnik School of Government at the University of Oxford. We have until 3.20 pm, so if colleagues could keep the questions succinct, I would be very grateful—then we can get in as many of you as possible. Could you introduce yourself for our records, Professor?
Professor Ciaran Martin: Thanks very much, Chair. My name is Ciaran Martin. As you say, I work at the Blavatnik School of Government at the University of Oxford. From 2014 to 2020, I served on the board of GCHQ, and I was the first chief executive of its National Cyber Security Centre.
Q
Professor Ciaran Martin: Thank you for your kind words. I broadly welcome this Bill. There are a serious of fairly antiquated pieces of legislation that—sometimes at the margin, sometimes a little more profoundly—inhibit the pursuit of hostile-state threats, because they are, in effect, pre-digital legislative frameworks, very simply. With some of the language, you are replacing words like “maps” with words like “data”, or at least adding words like “data” to words like “maps”. You are dealing with things such as the flying of unmanned drones over sensitive sites. Despite my previous experience on the inside of the national security side of Government, when I read the explanatory notes, it was a bit of a double-take to be reminded that we had to explicitly criminalise assisting a foreign intelligence service in this country.
I think it is a very sensible piece of legislation, with the modernisation and some of the tidying up. From listening to your exchanges with the Electoral Commission, I think the provisions around disinformation and interference in political and democratic processes are really difficult to get right, so I welcome this sort of process. I think the intent is obviously cross-party and commands widespread support. The intent and basic provisions should be uncontentious, but I think some of the detail is going to be quite tricky.
Q
Professor Ciaran Martin: When I say scale, I actually mean scale in its very precise meaning about volume. Digital espionage involves the extraction of information on a scale that was hitherto inconceivable, and that has, therefore, extended the scope of that. For example, there are specific references in the legislation to commercial and trade; we have seen that.
One of the changes that digitisation has brought, in terms of hostile foreign intelligence, is that it is possible to inflict large-scale strategic damage on the UK remotely, but it is not always done remotely. There are hybrid elements—there can be activity on the ground in the UK that assists digital espionage and digital penetration of the UK. Our existing legislative framework does not allow for that to be prosecuted. Even when it is done entirely remotely—for example, the People’s Republic of China has done some of its operations entirely remotely—we have seen from the United States that, although it is not transformative, it is a useful policy lever to have a framework of criminal law that criminalises activity even in eventualities where you will not realistically be able to apprehend a named human being.
To be a bit more succinct, the large-scale extraction of and interference with data is essentially the risk. The willingness of nation states—principally Russia and China, to a lesser extent Iran, previously but not so much recently North Korea, and a bunch of up-and-coming potentially hostile states—to do that has been a very significant feature of the national security landscape over the past decade, as the head of MI5 and so forth emphasised.
Q
Professor Ciaran Martin: One sees only the tip of the iceberg when there are major breaches. I will use a well-known example from the United States—a close ally that is perhaps easier to talk about because it does not involve disclosing sensitive things about the UK.
The hybrid operation against the United States in 2015, which the US Government at the time acknowledged formally was undertaken by the People’s Republic of China, involved the extraction of more than 20 million security clearance records from the United States Office of Personnel Management—effectively the civil service department of the US Federal Government. It was the security clearance application forms of everyone who had applied for security clearance from the US Federal Government in the first 14 years of the century. As a dataset, it is incredibly rich. For example, if you are part of a commercial data breach, it is likely to be just your name and email address—possibly a password, although perhaps not even that, and possibly the last four digits of a credit card. If you go through a Government security clearance process, it is everything.
Think of the current politics of the US and China, and think about the established fact that the Chinese Government have this dataset of US Government personnel, with lots of information about them. You can see the strategic impact that that can have. To the best of my knowledge, based on public scholarship and disclosures relating to that incident, it was a largely remote operation, but it did include some activity on the ground. You can see how the sort of legislation we are talking about here might be useful in at least deterring or being able to deal with that.
Q
Professor Ciaran Martin: I would say this, wouldn’t I, but there has been a reasonably decent trajectory of controlling it.
There is a challenge for defenders. If you are attacking—if you are Russia and you have a programme of destabilisation of the UK through these sorts of means—it is all the same programme to you. But if you are defending against it, the defence of the networks of a privately owned critical infrastructure company, such as the energy grid, is one problem, and the protection of sensitive Government networks—diplomatic cables and intelligence services—requires you to do something slightly different.
Disinformation is a different problem again, because historically under our laws, quite rightly, it has not been an offence to make up a lie and put it on the internet. That is different from a cyber-attack. Putting it under a single organisation is really quite hard.
Things were starting to get better around the time of the end of my Government service in 2020, although there is probably some way to go, on the synthesis of operational cohesion—the sharing of information—across these different parts. It is better than it is in quite a lot of other countries—it is less siloed—but I am sure, Ms Lynch, that there is plenty more that could be done to improve it.
We will now hear from Dr Nicholas Hoggard, Professor Penney Lewis and Mr Rich Owen. We have until 4 o’clock for this session. I would be very grateful if the witnesses introduced themselves for the record.
Dr Nicholas Hoggard: Hello, I am Dr Nick Hoggard. I was the lead lawyer for the Protection of Official Data project at the Law Commission, which was the project referred to us by the Cabinet Office. It informs a number of the offences in part 1 of the National Security Bill.
Professor Penney Lewis: I am Professor Penney Lewis. I am the criminal law commissioner at the Law Commission, so I led that project in its latter stages.
Rich Owen: I am Rich Owen. I am here today in my capacity as the chair of the access to justice committee for the Law Society. I am also director of a pro bono law clinic, the Swansea Law Clinic, which is part of Swansea University, and the chair of a regional advice network for Swansea, Neath and Port Talbot, which was set up by the Welsh Government.
Q
Professor Penney Lewis: That is a great question. This Bill implements the first part of our report, which was concerned with the espionage offences. I think it is worth saying that we did not envisage that any one statute would implement all the recommendations that we made in that report, even were the Government minded to accept them all.
The second and third parts of the report concern unauthorised disclosure and the role of the public interest in relation to unauthorised disclosures. We understand that the Government are still considering those recommendations. But in relation to the espionage recommendations, yes, this Bill implements our recommendations. There are minor differences, which is to be expected as part of the parliamentary drafting process, but we are very pleased that the Government have accepted those recommendations.
We had several concerns about the existing offences; as the previous witness mentioned, they were not fit for the current threat. The focus, for example, on enemies was unhelpful. It did not—does not—fully reflect the nature of the threat against the UK. It also risks causing offence to states with which we are not at war. We had concerns about the territorial ambit of the offences, which are addressed by this Bill—the offences in part 1. We were also concerned that there were not sufficient culpability thresholds, such that individuals might be prosecuted for the existing offences without being sufficiently culpable. We are pleased to see that those thresholds have been raised in the offences in the Bill.
Dr Nicholas Hoggard: As a matter of generality, I think Penney has it absolutely right: the offences reflect well the recommendations that we made. As Penney said, there are some differences that will arise naturally in the course of drafting and negotiating with parliamentary counsel, but our view is that the spirit of our recommendations has very much been carried through. There is probably not much more I need to add at this point.
Q
Professor Penney Lewis: I am afraid that I will be less happy about that question. The Law Commission was asked to look at the Official Secrets Act. The project’s terms of reference focused on official Government data, so we have not looked at those matters. There are a number of matters contained in the Bill that were well outside the scope of our project, and I am afraid that we just cannot comment on them.
Q
Dr Nicholas Hoggard: Yes, I think we are. One of our concerns about the existing offences in the 1911 Act was that the existing prohibited places—though extensive; it is an extensive and complicated piece of drafting—have a strong military focus, and they do not necessarily reflect the way that critical national infrastructure, for example, or sensitive information is held by the Government.
There are some powers for the Secretary of State that exist under the 1911 Official Secrets Act, but they are quite restricted. What is good to see about the powers under this Bill is they are quite principled powers. The basis on which the Secretary of State can define something as a protected place is much more transparent. There are just three limbs that are easy to understand. That basis for affording the Secretary of the State the power is much more useful. It is more transparent, but it also enables us to capture within the offence places where there is actually a real risk of harm arising from hostile state activity.
On that front, I would say the power is good in so much as it aligns with the spirit of our recommendation. The fact that there will be parliamentary oversight of this process is important. It was a fundamental feature of our recommendations, and the negative resolution procedure is an important part of that process. The Secretary of State’s powers are more effective than is permitted under the current law, but also there is sufficient oversight.
Q
Poppy Wood: Good afternoon, everyone. My name is Poppy Wood, and I lead on UK public policy for an organisation called Reset. We are a philanthropic organisation that focuses on digital threats to democracy. We have a particular interest in disinformation. I was a civil servant about 10 years ago, and have worked in tech and, at times, in cyber-security over the past decade. I am pleased to be here today to talk about some of our work as it relates to the Bill, particularly our research on disinformation and state actors.
Q
Poppy Wood: That is a good question, and one I hope is being asked every time that we are looking at new versions and new clauses of the Bill. When the consultation came out last year, those of us who had worked in state-backed disinformation for a while were delighted to see some of the questions being asked, at least in the first instance, about the role of state actors and about foreign interference.
When Ken McCallum said last year in his annual threat report that our adversaries are really good at using co-ordinated behaviour to probe UK vulnerabilities, and that we in return really need a holistic response to that—that was about a year ago—a lot of us thought, “But we’re not. It’s great that they are, but we certainly aren’t. No one is really gripping this.” That echoed language from the ISC report in 2020—the Russia report, which said that co-ordinated disinformation and state-backed interference is a really hot potato. No one wants to grip it—not GCHQ, not DCMS, not the other security services. It is too difficult, so we were really relieved to see the Bill come forward, and the consultation late last year.
We were even more relieved earlier this week to see that there will be a link between this Bill and the Online Safety Bill. I have not yet seen that amendment brought forward by the Government; I am hoping that is happening now, because we expected to see it yesterday—I hear the Government have been quite busy this week. That is really about saying that the Home Office and DCMS recognise the role of social media in pushing these co-ordinated campaigns, that electoral interference and foreign state interference is a priority, and that we are seeing platforms being weaponised in order to push the sort of disinformation you mentioned in your question.
We have seen that time and again. In the Scottish referendum in 2014, the Free Scotland 2014 campaign turned out to be backed by Russian and Iranian actors. They were massively weaponising social media by putting up inauthentic accounts and Facebook pages, with mocked-up pictures of the royal family, saying they wanted to take all the money from Scotland and buy new houses. It was complete nonsense, the aim of which was to destabilise the Union.
The Free Scotland 2014 campaign was called out by Twitter and Facebook in 2018. So four years later they said, “Hey, we’ve just found all these accounts that were trying to destabilise the Union four years ago”, and we were going, “But what did you do about that four years ago?” I think we are going to see that again in Northern Ireland, we saw it in the US elections in 2016 and 2020, when the US Senate said that Russia was targeting African- American electors as a priority, to drive division in the States, and we will see that in any election we have in the UK.
I am really pleased to see that the Government are trying to link the two Bills. I think there are three words missing from both the Bills, and they are “co-ordinated inauthentic behaviour”. This Bill and the Online Safety Bill might be getting towards those words, but one of them has to say them, because we are talking about individuals and organisations in this Bill and social media in the Online Safety Bill, but the examples I have just given are absolutely about co-ordination.
It will be hard to find one person. The extra-territoriality provisions in this Bill are good, but we should not be measuring the success of this Bill as people in prison. This is all about troll armies abroad, so the link is important, but I think it needs to go further on specifically calling out co-ordinated inauthentic behaviour in either or both of these pieces of legislation.
There are some questions about case law linked to the Online Safety Bill and the National Security Bill. In the amendments, we are expecting, hopefully today, for foreign interference to be listed as a priority harm in the Online Safety Bill. The question arises of how social media platforms, which will now effectively be given the power to police these kinds of things, will catch foreign interference when, as the Online Safety Bill says, the
“content amounts to an offence”.
How can a social media platform judge how content would amount to a criminal offence?
We need to think about some of the language around how people identify that criminal offence. I think Carnegie UK, or another group, has suggested something along the lines of illegal content meaning content that the provider has “reasonable grounds to believe” amounts to a relevant offence. I do not think that “amounts to” has the precedent, and it is going to be hard, particularly in content law, to catch that.
The other thing about the Online Safety Bill and the National Security Bill is that we may end up seeing the case law being made in the civil courts, because we will see Ofcom taking a case against a platform, that platform appealing and the case being handled in the civil court, even if it involves foreign interference and a criminal offence. That needs to be thought about. I certainly do not have a solution, but I just want to flag it as a risk of linking these two Bills but not thinking about how they are fully linked.
However, going back to my first point, we were delighted to see that the Government are taking this really seriously.
Q
Poppy Wood: Obviously, you have heard from much greater experts than me about hack-and-leak operations et cetera, and I refer you to their remarks about that. In terms of co-ordinated disinformation campaigns, as I said we have seen that in the US election, with really targeted approaches to particular groups that people wanted to divide. When I mentioned that the US Senate said that African-American electors were being targeted, it was clear that the Russians wanted to stir up tensions within that group and between that group and white police. They would really push Ku Klux Klan narratives, false images and all sorts to make sure that those groups were infighting. I would absolutely expect to see that here as well.
Political ads are also a really big issue. I cannot work out whether they are dealt with in the Bill, but they are certainly not dealt with in the Online Safety Bill. The Cabinet Office seems to own the political ads regime, but we are seeing shell companies buying these ads purely to stoke division and tension, and we would expect to see that again. One of the problems with not having a grip of the issue, particularly as we could go into an election period in the UK at any point, is that we need someone to comprehensively pull this all together.
The Russians and the Iranians often leave quite a lot of fingerprints on their work, sometimes intentionally. I know that Ken McCallum, who is director general of MI5, and the FBI discussed the threat from China yesterday. They did not mention disinformation, which I thought was interesting, but the Chinese have historically been much better at not leaving their fingerprints on things, so I cannot really speak to some of their activity. However, we have seen it time and time again.
It is probably best not to talk about the Brexit referendum, but we all know what happened there with the engagement from foreign actors. We should not be surprised to see disinformation. We are vulnerable in the UK because of our role in supporting Ukraine, and we have to pull it all together. If the Online Safety Bill, combined with the National Security Bill, does not do so, I do not know what will.
Q
Poppy Wood: We have to be careful not to try to define disinformation. There is some language in the Bill about misrepresentation, and the idea of intentionally misrepresenting is important. We will never get a grip on exactly what disinformation is, because it is a shapeshifter.
On the first part of your question, it is about the system of amplifying and the ease with which people with malicious intent can manipulate systems by creating fake accounts, not verifying IDs and exploiting the recommender algorithms so that they hook you with one piece of content. We see this time and time again. One piece of bad content is not the problem, but they hook you on it, which then leads you down a rabbit hole to something much darker and more radical. It does not even have to be radical; it can be the sort of stuff that we were talking about with the Scotland referendum. It can be innocuous, such as stories about what the royal family are doing. It is about sowing seeds and exploiting cognitive dissonance, which bad actors are very good at and which social media is absolutely weaponised to make the most of, because of the pace and amplification of the content.
The Online Safety Bill goes part of the way there; it is imperfect, partly because it is so hard to define disinformation. There is very little in the Online Safety Bill on disinformation. There is an advisory committee that is years down the road. It is ironic that the National Security Bill is about trying to rein in certain types of transparency. Transparency is a really big part of all this, so it is about trying to find out who is behind things and what the data patterns really look like, and building in researchers. I think that was something Ken McCallum said last year. A holistic approach is a cross-Government approach, but it also involves industry, civil society, journalists and researchers. Everyone has to focus on this. Both Bills could go further on systems and, as I say, the co-ordinated inauthentic behaviour language just is not there either.
(4 years, 2 months ago)
Commons ChamberFirst, I commend the hon. Member for Bristol North West (Darren Jones) for bringing forward the Bill and my hon. Friend the Member for Bolton West (Chris Green), who, as we have heard, tried unsuccessfully with a similar Bill in the previous Parliament.
I am far from an expert in forensic science, but I guess the beauty of private Members’ Bills and sitting Fridays is that we get a chance to explore things that we would not normally show an interest in. I have spent the last few days going through the Bills, the Select Committee hearings in the Lords and other things.
The Bill establishes the Forensic Science Regulator as a statutory office holder. The regulator can exercise those functions and powers in respect of forensic science activities for the purposes of the criminal justice system in England and Wales. The regulator will be required to publish, and keep under review, a code of practice about forensic science activities, subject to approval by Parliament. Among other powers, the regulator can investigate and take enforcement action in relation to forensic science activities carried on in a manner that risks prejudicing the course of legal proceedings.
Forensic providers for police forces need greater quality control when processing evidence. I know they are fictional depictions, but we see programmes on Netflix or drama shows all the time, where solicitors look at evidence and dig into it further, trying to find a way to say that it was not collected correctly, that it was incorrectly labelled, or that processes had not been properly followed. Although that is a depiction, there is probably a bit of validity regarding how the process operates, and it makes sense for us to have not poorer quality control, but much better quality control.
I welcome the fact that dozens of police forces across England and Wales are making improvements in areas of forensic science, such as fingerprint comparison data, the examination of crime scenes, and the extraction of data from digital devices. It is vital that the Government act quickly to provide statutory powers, which have been promised for a number of years. I welcome this Bill, which has my full support. There is a clear need to build public consensus and confidence in the quality of forensic evidence used in court proceedings, and the powers in the Bill will help that to happen. Our constituents demand that our systems are robust.
In 2019, the Science and Technology Committee in the House of Lords published a report on forensic science and the criminal justice system that highlighted a number of interesting and informative points. Forensic science has been under sustained scrutiny over the past 10 years, and that complicated discipline interacts with a wide range of fields, including science, policing, government, and law. Clear and deep-rooted challenges have been identified but not addressed, and the inquiry highlighted the importance of effective, robust, and high quality forensic science, and its contribution to the justice system. It also stated that we must enable a world-class forensic science regulator.
Forensic science applies scientific methods to the recovery, analysis and interpretation of relevant materials, providing data for criminal investigations and the court proceedings that follow. For both intelligence gathering and evidential tools, it is vital that we assist the justice delivery mechanisms. Forensic science is traditionally viewed as a collection of different sub-domains that share overarching principles, processes, and activities. Within those sub-domains there are a range of primary aims and variables in the scientific underpinning of those robust methods.
Professor Peter Sommer, Professor of Digital Forensics at Birmingham City university, summed those activities up well. He makes four relevant points. The definition is:
“‘Trace’ or ‘wet’ forensics: where a laboratory carries out…a series of standard tests to identify or match some material found at a scene of crime or associated with an individual…Interpretation: where the result of the examination of the trace is ambiguous but nevertheless some sort of inference or conclusion is desired. “Interpretation” may mean…a statistical probability of likelihood”
which leaves the door open to being challenged. His definition also includes:
“Reconstruction of events: where large numbers of different ‘traces’…and testimonial evidence are combined by a skilled investigator who produces a reconstruction of a sequence of events. Examples include road traffic accidents”.
Finally, there is opinion evidence, where an expert looks at a range of circumstances and offers an opinion based on skill, training and expertise.
Forensic science is rather unique, sitting in a nexus of science, law, policy and investigation. It should be viewed as a process that encompasses the crime scene through to court. Professor Claude Roux has said of forensic science that a free society is dependent on the rule of law, which in turn relies on the quality of access to justice. The Lords Select Committee’s report says:
“The evidence we received points to failings in the use of forensic science in the criminal justice system and these can be attributed to an absence of high-level leadership, a lack of funding and an insufficient level of research and development. Throughout this inquiry we heard about the decline in forensic science in England and Wales, especially since the abolition of the Forensic Science Service.”
This private Member’s Bill addresses many of these points. Professor Roux went on to say:
“When I was a student, England and Wales held, essentially, the international benchmark. It was the ‘Mecca’ for forensic science. Some 30 years later, my observation from the outside”
was that it had fallen away. In the past 10 years, there have been nine reports, each with numerous assessments of the state of forensic science in England and Wales and recommendations to address some of the challenges. In addition, there have been two influential reports from the United States with similar findings.
Some of the concerns that were raised were that major crimes could go unsolved unless the Government did more to support forensic science, that forensic science provision was under threat because the police were increasingly relying on unregulated experts to examine samples from suspects and crime scenes, and that cost had become a greater factor in the tendering process than quality. There was concern that without statutory powers to enforce compliance, which this Bill introduces, the Forensic Science Regulator could not ensure that science used in the criminal justice system would be carried out to the required standard.
My hon. Friend is making a compelling speech and he is absolutely right to point out the vital importance of forensic science in the detection, prevention and prosecution of crime. Does he agree that we must also be careful not to see forensic science as a silver bullet for crime solving but rather as a tool for the police? I am reminded of a story that you will remember well, Madam Deputy Speaker, of the Night Stalker, a gerontophile who plagued south and south-east London for some 25 years, breaking into people’s homes, often those of elderly people, and assaulting and often raping them. The Metropolitan police pursued this man for many years. He was active for a while, then disappeared for a while, then came back and was active again. Enormous amounts of active effort was put into pursuing him on a forensic basis. DNA samples were gathered, analysis was done, and they identified where in the world this person might have come from. Other people from similar demographics were asked to come forward and volunteer their DNA. Still, they failed to find him until there was a rotation of the investigating officer. A new person was put in charge of the investigation who worked out that the police were not actually trying to catch a rapist. They were trying to catch a burglar who happened to rape at the same time. That change in investigative posture meant that they caught him within two weeks. Although forensics can be vital, sometimes they are not the silver bullet people hold them out to be.
As always, I am grateful for my hon. Friend’s knowledge on this subject. He shares my passion for increasing the number of police on our streets and there is nothing greater than the police being out there when it comes to collecting data and evidence. I guess my view is somewhat clouded by the programmes I have watched on television where they solve the crime in an hour; sometimes it takes a little longer. I am grateful to my hon. Friend for pointing me in that direction.
The Lords inquiry considered the contribution of forensic science, and the understanding of forensic science evidence, in the criminal justice system. The Committee examined the scientific evidence base for different technologies and the regulatory framework that underpins the sector, and considered the instability of the forensic science market and research. It held 21 oral evidence sessions, had more than 50 witnesses and received 103 written submissions. The Committee visited the Metropolitan police’s forensic science lab on 6 October and observed forensic analysis, including fingerprint analysis, ballistic comparisons and digital forensic analysis.
A couple of things came out of the report that I need to highlight. First, on oversight, leadership and responsibility, and secondly, on research and development. On the culture and environment of oversight within forensic science, a consistent theme that ran through the report was the piecemeal nature of oversight and responsibility for forensic science in England and Wales. Should the Bill pass today—hopefully it will—it will alleviate some of these concerns. The Committee repeatedly heard that the system was not operating as it should and was in a state of crisis, threatening to undermine the justice system.
The Knowledge Transfer Network’s Forensic Science Special Interest Group—that is a bit of a mouthful—thought that there was
“a lack of clear leadership, oversight and governance across the wider forensic landscape. A fragmented and weakened marketplace, lack of funding for forensic research supporting the evidence base and a silo approach”.
As we have seen from many other organisations, silos never work well when people are bedded down into them. That led to some regions having different processes from others, whereas consistency is needed right across this thing.
That leads me on to my next point—the piecemeal nature of oversight. As forensic science is fragmented, there are challenges in developing a co-ordinated strategy, a sustainable marketplace and science with a strong theoretical foundation to underpin practice. That piecemeal approach has led to some of the serious and urgent problems facing the sector. Rebecca Endean, director of strategy at UK Research and Innovation, described forensic science as
“probably as disparate as it could be”.
While the Home Office has overall responsibility for forensic science, much of its application is in the courts, which fall under the remit of the Ministry of Justice. The then Minister of State at the Home Office, the right hon. Nick Hurd MP, told the Committee that there were “significant problems” trying to manage that, with one reason being that there had been such a fragmented approach over such a long period of time. He said:
“The response is to support a strategic approach that supports more collective leadership in addressing some of the key capability gaps and identifying the road map.”
He went on to say that he was trying to tackle some of those issues and intended to publish the results of the Government’s review into forensic science by the end of March 2019. It would be good to know whether that review was published, and whether Government support for that review led to the introduction of and support for the Bill.
The then Parliamentary Under-Secretary at the Ministry of Justice, my hon. and learned Friend the Member for South East Cambridgeshire (Lucy Frazer), was clear that forensic science lay squarely in the remit of the Home Office, but said that the Ministry of Justice was supporting and assisting the Home Office. On why the Ministry of Justice did not have a greater role, given that forensic science is essentially about ensuring that justice is done, she said
“sometimes it is important for one department to lead on an issue”,
but agreed to think about how the Ministry of Justice could work better with the Home Office on forensic science.
Forensic science in England and Wales is now provided by private companies and the police. The fragmentation of certain aspects of this could undermine public trust. I do not want to see that; I want a consistent approach running through this. It is important to recognise that, with the Policing Vision 2025 and the Home Office forensic science thing, a much more joined-up approach is required.
The sustainability of the police force is vital, and as I have already alluded to in this speech, I am grateful for the investment that we are seeing in supporting retention of police officers and recruitment of new ones across the country. That is vital for me, knowing that my constituents can feel safe in the knowledge that evidence is being collected and sent to the right place.
The other part of the report was on research and development, and there are three main areas where it was felt that increased scrutiny was needed:
“The scientific validity of the approaches used to identify the source of a material or mark, and the challenges in addressing complex mixed provenance samples…The need to understand better the activity of materials to aid interpretation of forensic science evidence…and their implications for reaching conclusions”
when reconstructing crime scenes, and:
“Awareness of the importance of human decision-making in the forensic science process and the challenges of identifying factors which can affect judgments.”
In response to a very critical report published in the United States in 2009 by the National Research Council, the then President, President Obama, commissioned a study in 2015 to examine the scientific validity of different forensic science methods, which examined the DNA analysis of single-source and simple mixture samples, DNA analysis of complex mixture samples, bite marks, latent fingerprints, firearms identification and footwear analysis. The report found that many of those methods did not meet the scientific standards for foundational validity.
That was concerning at the time, because those methods were used routinely for court trials and there were concerns in the States that the methodology and pattern recognition in the analysis were a main contributing factor in many criminals’ missing out on proper justice. We need to rule out all ambiguity, as much or as best we can, in terms of delivering good-quality judicial practice across the board with evidence collecting. That is what leads me to think that the regulator is required and why I am supporting the hon. Member for Bristol North West today.
The work of the regulator should include advising the Government and the criminal justice system on quality standards, identifying the requirements for new and improved quality standards, leading on the development of new standards where necessary, providing advice and guidance so that providers will be able to demonstrate compliance with common standards, for example procurement and in the courts, ensuring satisfactory arrangements exist to provide assurance and monitoring of standards and reporting on quality standards generally.
In conclusion, I welcome and support the changes that are being proposed by the hon. Gentleman. I had rather a tour de force running through the forensic science this week, and I have really enjoyed it. It has been very interesting The Bill has my full support today; I will be voting for it and I hope to see it make progress through the House.