Andrew Murrison
Main Page: Andrew Murrison (Conservative - South West Wiltshire)Department Debates - View all Andrew Murrison's debates with the Home Office
(8 years, 6 months ago)
Commons ChamberMy answer to that is simply that if the Bill allows for bulk data harvesting, it can still happen. We cannot sit here and say, “No, it will never happen.”
The SNP argument is not to do down our security services or anyone else working to keep our constituents safe. We argue that we would fail as a Parliament if we assert our power on behalf of our constituents and fail to place proper limitations on the scope of the state to interfere in the lives of innocent private citizens.
I will not give way at the moment—I have given way too many times and others want to speak.
To use an illustrative analogy, if we were to authorise the opening, scanning and retention of all mail via a particular post office in the hope that one day we could go back once we had found, via another investigative technique, a suspicion about a certain user of that post office, our constituents would rightly be marching on this place demanding that we stop such an outrage. Do the Government really believe that people using that post office would be content to believe that all was well as long as the letters were stored in a big safe to which only the good guys had the key, or that they would be read only after a warrant was required? I do not believe so—people are not that daft and, strangely, for some unknown reason, they are not that trusting—yet the Government are asking us to focus on the issue of access and examination, and to ignore the massive combine harvester in the room, meaning bulk data collection. Government Members may well groan, but we are entitled to express our opinions on the Bill and to scrutinise the legislation rigorously.
On the Government’s own terms, that abuse of public privacy is of very limited use anyway. Targeted powers are far more effective and could resolve many of the privacy concerns. If we have a justifiable case to access information, we already know who we should be targeting for data collection. Why are we wasting time and resources using bulk techniques for that collection?
We have learned to admire the Minister greatly through this process, and we have learned that when he says something, it happens. I am reassured by the words that he has just put on the record.
If it helps—perhaps it does not, but I will say it anyway—I would favour quite a high test for ICRs, and significantly higher than six months. Alongside that, it might be possible to itemise the other individual occasions on which they could be used, be it online grooming or missing persons. The danger with trying to capture it all in a single time period is that we might open the net to other offences that we would not want to be included. I fully acknowledge that this is a complex area. That is why I want to give the Ministers leeway to see whether, working with us, they can find the right definition.
The Joint Committee spent a lot of time on ICRs and IP address resolution; then along came clause 222, which gave us some comfort because the matter can be reviewed in five years. Some of us are of the view that ICRs will not, in any event, prove to be as useful as we might hope and as Ministers certainly hope. The Danish experience was that they were not useful and their collection was therefore dropped. It is quite possible that that will come to pass here, and that in five years’ time we will review this matter. Does the right hon. Gentleman agree that clause 222 persuades some of us who are a bit doubtful about the utility and value of ICRs that we should allow the provision because it will be reviewed in five years’ time?
The review is clearly a good idea, but it is also a good idea to tighten the definition and the threshold now, because we need to ensure that there is a degree of public confidence in what is being done here. I fully accept that the review is important. The point is that although ICRs in themselves may not necessarily solve a crime, they may let the authorities know where to go to ask for more intrusive information. They will identify the app, service or whatever it is that is being used, which might allow further lines of inquiry.
I would not be casual about this point—not that I am suggesting the hon. Gentleman was being so. If we were to publish somebody’s 12-month website visiting record, which effectively is what an ICR is, it would reveal a large amount of information about them. It would give a pretty decent profile of what kind of person they were and some of the information could be highly personal. That is why I say that we need to legislate with great care in this area if we are to carry the public with us.
I wholeheartedly agree with my hon. and learned Friend.
Before I was intervened on the first time, I was saying that the Joint Committee on the draft Communications Data Bill said that
“storing web log data, however securely, carries the possible risk that it may be hacked into or may fall accidentally into the wrong hands, and that, if this were to happen, potentially damaging inferences about people’s interests or activities could be drawn.”
It is clear that the intelligence services and the police need powers that befit the digital age in order to keep us safe and to catch perpetrators. However, when seeking to introduce powers as intrusive such as ICRs, it is incumbent on the Government to ensure that their case is watertight. As my hon. and learned Friend said in Committee, we very much hope to be an independent country writing our own security policy, so we do not take our opposition to such measures lightly.
In drafting such a proposition, with such a loose definition, the Government are asking us all to trust them and to sign a blank cheque to allow the wide use of such powers without knowing what their full impact, costs or consequences will be. The Home Office has said that companies will be reimbursed for the additional costs placed on them, but that commitment does not appear in the Bill. The Government have earmarked £175 million to reimburse companies for the costs of meeting their new responsibilities. However, most in the sector believe that is a vast underestimation of what the true costs will eventually amount to. Owing to uncertainty about the extent and definition of ICRs and the extension of communication service providers that will be affected by the proposed provision, the cost is difficult to estimate, but industry figures have told me that they expect it to be anywhere between £1 billion and £3 billion.
I appreciate that the Minister, in a letter to the Committee, reiterated the Government’s intention to bear the cost of implementation, but without clearer information we cannot expect Parliament to sign a blank cheque. Between £175 million and £3 billion is a rather large range, and at a time when disabled people are losing benefits and the WASPI women cannot get the pension they were promised, this seems a rather anomalous and large black hole in potential Government spending. I have said in the past that the Government know the cost of everything and the value of nothing, but in this case they do not even know the cost.
This is a global problem and as such requires a global solution, and it is important that we reflect on what other countries have done to address the issue and that we learn any lessons from their experiences. It is unfortunate, therefore, that a similar scheme of logging data in Denmark has recently been abandoned. That scheme operated for seven years, and although I accept that there were differences in that scheme, there were many similarities. Upon its abandonment, the Danish security services expressed their view about the difficulty of being able to make proper and effective use of the large amount of data that had been gathered. It seems that, instead of spending their valuable time locating criminals, the security services will spend most of it working on spreadsheets and filtering out the useless from the useful. It should be noted that the Danish ICR model was proving too expensive and the cost spiralled out of control, that Australia considered the proposal but decided not to pursue it, and that, as we have heard, the United States is rescinding many of its intrusive powers and moving in the opposite direction.
It is for those reasons that we believe the case for ICRs has simply not been made. The Government have failed to convince us, and those working in the industry, that ICRs are necessary, proportionate and in accordance with the law. We tabled an amendment to remove them from the Bill, but it was not accepted, which leaves us no option but to vote against the Bill in its entirety. That is not a step that we take lightly, but, ultimately, it is a necessary step.
In the event that we are unsuccessful in bringing down the Bill, we will still attempt to ameliorate aspects of it in order to protect smaller companies, especially those that supply lifeline and low-profit services to rural communities. New clause 26, which I tabled along with SNP colleagues, would exclude the providers of rural or community access communication services and small service providers from the obligation to collect and retain data. I have mentioned the deep concern in the sector about the expense that the Bill will impose on industry. I am sure that the Government will not want to put any businesses in a perilous situation, particularly those that operate with smaller cash flows and tighter margins in rural Scotland in order to provide a vital service for their local communities.
The Committee was provided with written evidence stating that smaller internet service providers were still subject to the same demands as the much larger organisations that operate on the world stage. Organisations such as HUBS are supplying vital internet connections to some of the most remote communities. If the Government railroad these clauses through the House without proper regard for the impact they will have, they will seriously endanger those small businesses and restrict internet use for some of our rural communities.
I am afraid not, because I do not have time. Plenty of other Members want to speak.
You will pleased to hear, Mr Speaker, that I am nearing the end of my speech. [Hon. Members: “Hear, hear.”] Thank you.
We live in a digital age. I therefore welcome the Government’s proposed digital economy Bill, and, indeed, the Chancellor’s commitment to match the Scottish Government’s commitment to universal broadband provision. The digital economy Bill is intended to make the United Kingdom a world leader in digital provision. However, according to many in the industry, this Bill will completely undermine that goal before the draft Bill has even been printed.
It is only right and proper for the Government to consider and propose new powers that our security agencies can use to keep us safe, but in many parts of the Bill the Government fail to make the case that the powers they want to introduce will be effective, are necessary, are in line with our right to privacy, and cannot be challenged in the courts. It is for those reasons that the SNP are still unconvinced of the merits of the Bill, and will vote against its Third Reading later this evening.
I certainly rise to support this measure, which has improved enormously during its passage. I cannot think of a measure in my 15 years here that has been more thoroughly scrutinised than this one. Our constituents are going to be very pleased with what we have been doing over the past weeks and months. I have to say to the right hon. Member for Orkney and Shetland (Mr Carmichael), whom I respect very much, that one thing our constituents dislike most about this place is the perpetual protest in opposition, which we hear too often, particularly from his party. It does him no good. This Bill is—
Certainly not. This Bill has been characterised by consensus, and I have been heartened by the constructive attitude that the Labour Front Benchers have taken to this measure, moving from a position of abstention on Second Reading to one of support now. It does them a great deal of credit and has made this Bill very much better. The double lock was a turning point in this measure as far as I am concerned, but may I also say that the privacy clause, new clause 5, is essential for many of us? The Home Secretary pointed that out. We have not had an opportunity to debate it very much today, but new clause 14, on health matters, has also been particularly important for a number of us who had concerns.
Clause 222 has not been debated at great length, but again it is vital because it allows us in five years’ time to come back to this measure to see what more needs to be done and what might be removed. That is particularly relevant in the context of ICRs. We have heard that one outstanding issue relates to the definition and use of ICRs, and I know that the other place will debate that at some length. My right hon. Friend the Minister for Security has referred to it and he is right to do so. I firmly believe that we will want to come back to it in any event in five years’ time, as technology will have changed so much in that period.
In summary, I very much welcome this measure—it is absolutely right. I am convinced that that overwhelming majority of our constituents will be pleased with the assiduity we have applied to this measure and, in particular, with the consensual nature of our debate. It is a great measure. It will give our constituents the protection that they undoubtedly need, while safeguarding their historic liberties.
For the remaining one and half minutes, I call Suella Fernandes.