Baroness Hayter of Kentish Town
Main Page: Baroness Hayter of Kentish Town (Labour - Life peer)Department Debates - View all Baroness Hayter of Kentish Town's debates with the Ministry of Defence
(8 years, 4 months ago)
Lords ChamberMy Lords, I want to address Amendment 48 in a few words. I find myself uncomfortably caught between the issues raised by the Bill as drafted and Amendment 48. I agree very much with the criticism of the Bill that has been articulated by the three noble Lords who have already spoken. The test in the Bill as drafted is subjective, very wide and likely to have some of the undesirable consequences identified by the noble Lords. I also think that the amendment is, curiously, too narrow. As I interpret it, it requires compelling evidence of a criminal purpose.
A long time ago, when I was in the Home Office, I had responsibility for one of the prevention of terrorism Bills which was going through the House of Commons. One of the issues we had to consider in Committee was very similar to the point made by the noble Lord, Lord Carlile. What happens when a lawyer receives, through the legal process of discovery, information which is capable of supporting terrorism? We decided as a matter of principle that that information would not be disclosed to the defending lawyer because of the risk of transmission to the client, who might use it for the purposes of terrorism.
I am therefore concerned that while the Bill as drafted is too broad, the amendment is too narrow. It does not capture the situation when an innocent communicator can communicate to a client, who may be a terrorist, information which that person can use for an act of terrorism. I am glad to hear that this is a probing amendment, which has been accurately advanced, and that the Government are minded to be responsive to the anxieties expressed. I hope that the Minister will keep in mind my own anxiety, that while Amendment 48 has a great deal of merit, it is too narrow, while the Bill as drafted is too broad.
My Lords, I will not dare to try to better the arguments already made in this debate but will only emphasise two things with regard to the amendments to which I have added my name.
The first, which has already been mentioned by the noble Lord, Lord Pannick, is that this so-called privilege is of the utmost importance to clients—the description always sounds as if it is your privilege rather than ours. I speak as the former chair of the Legal Services Consumer Panel, where we represented the interests of those who—often in times of trouble—need the help and advice of a lawyer.
We know that very many people who could do with legal assistance do not go, partly because they do not know that they need it, partly because they do not know how to get it, partly due to cost, but also because it is all a bit too intimidating. It often falls to the lawyer to reassure them not just about the particular case, but that what passes between them will be absolutely confidential and—for example, in the case of a domestic break-up or a child’s custody—will never be revealed to their former partner or others involved, including agencies of the state.
Therefore, this confidential relationship is key to people getting good advice and advocacy and a fair hearing, as well as being key, as we have already heard, to the role of our lawyers and the rule of law. However, we also understand that there will be occasions when some details of this relationship might be caught by powers included in the Bill. We look for some assurance that the maintenance of clients’ confidence is absolutely understood, and that any such occasions will be as limited as we have heard, and only after proper due process.
We look forward to hearing in the Minister’s response the Government’s current thinking and perhaps some indication of what they will be willing to bring forward on Report.
My Lords, I put my name to these amendments. I am grateful to the noble Lord, Lord Pannick, for the clear exposition he has given of the reasons for them, and I have listened to the anecdotal evidence provided by the noble Lord, Lord Carlile.
I think we are all agreed that proper legal professional privilege is vital to the rule of law. It is not a privilege of the legal profession but of the client, as the noble Baroness said. However, the illustrations show that some other factor may be buried in proper legal confidentiality. The example of information being passed on innocently is one such. It was not part of the legal professional privilege conversation but an adjunct to it—“Please pass this on to my girlfriend”. Another possible illustration, which I have discussed with the Minister, is that the location of the client might be mentioned incidentally. Where he happens to be is not crucial to the advice he gets or the information he gives in order to get it, which is, of course, the real reason the conversation is protected.
My Lords, my noble friend Lord Paddick and I have Amendments 86 to 88, 244 and 245 in this group, which takes us to the provision for payment towards compliance costs. Under Clause 222(1):
“The Secretary of State must ensure that arrangements are in force for securing that telecommunications operators and postal operators receive an appropriate contribution in respect of such of their relevant costs as the Secretary of State considers appropriate”.
As I read that, I wonder why it needs to be “an appropriate contribution” and such as the Secretary of State “considers appropriate” of their relevant costs. That is belt, braces and some other form of security.
Amendments 86 to 88 taken together provide for cover for all the operators’ costs, but those costs should be assessed objectively, and I feel quite strongly that the arrangements should be in place before the operational parts of the Bill are in force. The audit provision—the subject of the amendment of the noble Lord, Lord Rosser, and the noble Baroness, Lady Hayter—would remain, as is right.
I feel strongly about this because however much good will there is on both sides, if you do not get an agreement in place before you get on with the next stage of the operation, there is always the danger that you will not satisfy the parties. It is important not to leave the matter open.
There has been a lot of discussion of the quantum. The Minister in the Public Bill Committee said that 100% of the compliance cost will be met by the Government. He clarified that the estimated costing of £174 million—which illustrates why it is important to get the Bill right—
“is not a cap, but an estimate”.—[Official Report, Commons, Investigatory Powers Bill Committee, 3/5/16; col. 632.]
The Science and Technology Committee, reporting on the Bill, recommended:
“The Government should reconsider its reluctance for including in the Bill an explicit commitment that Government will pay the full costs incurred by compliance”.
It is a short point regarding an awful lot of money and potential exposure for the operators, so we are concerned to get the matter pinned down. I beg to move.
My Lords, as was mentioned, Amendment 89 stands in my name and that of my noble friend Lord Rosser. Clause 222(6) contains what is to me the unusual phrase:
“Different levels of contribution may apply for different cases or descriptions of case but the appropriate contribution must never be nil”.
“Must never be nil” is a slightly strange phrase, especially given that someone who, until a few hours ago, was the Home Secretary but is now the Prime Minister said on Second Reading:
“I reiterate … that … 100% of the compliance costs will be met by the Government”.
She was asked to provide a long-term commitment for that and said,
“we are clear about that in the Bill … it is not possible for one Government to bind the hands of any future Government in such areas, but we have been clear about that issue”.—[Official Report, Commons, 15/3/16; col. 821.]
However, being clear about the contribution which must never be nil is not what I call clarity.
Amendment 89 simply takes the then Home Secretary’s words as used in Parliament that the Government would meet 100% of the compliance costs, with full cost recovery for communication service providers, which, after all, have to implement the legislation. It is important to write it into the Bill to ensure that the financial impact of the legislation is transparent, not hidden, and to give forward confidence to those companies, whose activity in this country is already a little wobbly thanks to Brexit, that they will not at some point be hit by unexpected and unavoidable costs.
As was mentioned, Amendment 89 also allows for a proper audit to ensure that operators do not provide unduly high costings. Obviously, they can make no profit from these procedures because they are a departure from normal business, but they need those costs to be met. Cost recovery could be significant, but the Bill does not seem to put any limit on it at present. We will depend on the good will of these companies to make the Bill effective. We should not charge them for their willingness as well.
My Lords, this amendment seeks to ensure that communications service providers are fully reimbursed for their costs in connection with complying with obligations under this Bill, and that arrangements for doing so are in place before the provisions in the Bill come into force. It is, of course, important to recognise that service providers must not be unduly disadvantaged financially for complying with obligations placed upon them. Indeed, the Government have a long history of working with service providers on these matters. We have been absolutely clear that we are committed to cost recovery. I want to reaffirm to the Committee a point that my right honourable friend the Security Minister made very clear in the other place: this Government will reimburse 100% of reasonable costs incurred by communications service providers in relation to the acquisition and retention of communications data. This includes both capital and operational costs, including the costs associated with the retention of internet connection records. I hope that that assurance is helpful.
The key question that this Committee needs to consider is whether it is appropriate for the Government of today to tie the hands of future Governments on this issue. I wonder whether, on reflection, the noble Baroness thinks it right to press for that. That does not mean that we take our commitment lightly or that future Governments will necessarily change course. Indeed, I suggest that it is unlikely ever to be the case; for example, the current policy has not changed since the passage of the Regulation of Investigatory Powers Act 2000 and so has survived Governments of three different colours or combinations of colours.
This Government have been absolutely clear that we practised cost recovery and we have been consistent in our policy for a very long time. Indeed, this Bill adds additional safeguards requiring a data retention notice to set out the level of contribution that applies. This ensures that the provider must be consulted on any changes to the cost model and also means that the provider would be able to seek a review of any variation to the notice which affected the level of contribution. The Government already have arrangements in place for ensuring that providers receive appropriate contribution for their relevant costs without delay, so the amendment that seeks to ensure that they are in place before the provisions come into force is, I suggest, unnecessary. Accordingly, I invite the noble Baroness to withdraw her amendment.
My Lords, I am speaking to Amendments 92, 102 and 103 in my name. These amendments address aspects of two extremely strong powers granted to Ministers by the Bill which are tucked away at the back in Clauses 225 and 226. As we have heard, they are about national security notices and technical capability notices. Although they are not listed as powers under the Bill, they are, in fact, very strong, broad powers.
The national security notices permit, with some caveats, the Secretary of State to instruct the telecommunications operator to do whatever she considers necessary in the interests of national security. Technical capability notices enable, with some caveats, the Secretary of State to instruct an operator to develop or maintain a capability to assist the authorities. Both types of notice must be kept secret by the recipient, if the Secretary of State so wishes. In a recent amendment, the Government added the need for a judicial commissioner to approve both types of notice. This is a welcome step forward, as is the forthcoming repeal of Section 94 of the Telecommunications Act 1984, which has been used in the past to create new powers.
These three amendments address one particular capability specified in Clause 226(5)(c)—the removal of electronic protection. All the experts who gave evidence to the Joint Committee, and with whom I have discussed this matter since, agree that the phrase “removal of electronic protection” must include decryption of encrypted information and/or weakening of encryption in some way. They are deeply alarmed about it.
Encryption is a vital feature of all the financial, commercial and personal activity on the internet. The Government have confirmed on several occasions, including in answer to Questions in this House, that any weakening of our back-door access to encryption would threaten the entire operation of large parts of the digital economy. Once the integrity of cryptosecurity has been compromised for one set of users—in this case the Government—that weakness is available for everyone, including hackers, criminals, terrorists and hostile Governments, to exploit. Furthermore, as my noble friend Lord Paddick has said, UK plc has many successful businesses operating in the field of encryption products. They are very concerned that their clients will shun their products if they suspect that the Government have secretly weakened the security that these products offer. Unless this risk is eliminated from the Bill, they may have to take their companies abroad to avoid their products being tainted by the perceived risk of government damage to the security integrity of their products.
At the end of Second Reading in this House, the Minister, the noble and learned Lord, Lord Keen, stated:
“The provisions of the Bill do not weaken encryption or threaten it. We do not seek what have sometimes been erroneously termed “back doors” into encrypted material. I would seek to dispel any such suggestion”.—[Official Report, 27/6/16; col. 1461.]
These amendments simply seek to give force to that clear assurance by deleting the reference to “removal of electronic protection” and explicitly prohibiting the use of national security notices and technical capability notices for the purpose of “removal of electronic protection”. I commend them to the Committee.
My Lords, Amendment 93 stands in my name and that of my noble friend Lord Rosser and is on the same issue of encryption. Encryption is fundamental to keeping the whole of the digital economy safe and secure. It is widely used by business, government and consumers to protect sensitive and confidential information and as a building block in the advanced security technology which has been described.
The undermining of encryption would not simply mean that the communications of criminals could be read more easily; it would risk creating a major vulnerability in the security infrastructure, which could be exploited by various malicious actors, be they criminal gangs or rogue states. So it is important for this economy and for all the financial and other businesses that depend on it that the foundations of encryption technology remain absolutely firm.
There will be times when state security undoubtedly needs access to encrypted information for a specific investigation. This is not the problem. The problem is whether the Government would ever require a company to engineer such access, enforcing the company to create a model which, if then followed by other nations with perhaps less security than ours, would lead to a lowering of standards. We welcome the statement by the Government that they do not require industry to build back doors into their encrypted products. The Bill as it stands is perhaps not as clear as the commitments the Government have made.
Clause 226 risks making encryption intrinsically weaker if a company could be asked to build the ability to break the encryption. Amendment 93 seeks to address that. We hope the Government will understand that, when the request is made, they should not ask a company to develop a new way of breaking encryption that is not already within its ability. At the moment, the clause implies that, where companies that did not have the ability to remove the protection were issued with a notice, they would be required to build that capability so as to adhere to the notice. That is worrying the companies because of the general undermining of encryption. End-to-end encryption is essential to protect sensitive personal, commercial and security information. I think the Government share our concern that we should maintain that.
The thrust of Amendment 93 makes it explicit that a company would be required to remove the electronic protection only where it had the current capacity to do so and that it should not have to engineer it. We hope it will be accepted by the Government.
My Lords, first, I should draw attention to my interests in the register on policing and counterterrorism matters. Secondly, I should make clear that my starting point on the Bill is that it is important that the developing gaps in access to communications data are addressed to protect the nation against all sorts of threats.
In any set of counterterrorism or counterespionage measures, or whatever else it might be, you have to look at the balance and weigh the benefit to the nation in protecting its citizens by having those powers against the potential downside or consequences of exercising them.
When we come to the question contained in this group of amendments—essentially about enabling or requiring companies to break the apparent encryption—we have to look carefully at the potential downsides presented by this. The first downside, or danger, is that by enabling this to happen—by creating the mechanism and requiring companies, as my noble friend Lady Hayter said, to make new arrangements so that encryption can be broken—you create a back-door mechanism. This would be available not just to the forces of good—those who are trying to protect all our security—but to cybercriminals and those who would do us ill. Therefore you need to weigh clearly what you are trying to do against whether you are creating something that will make it easier for criminals and those who would do us harm.
The second element is the extent to which what we do in this country sets a precedent that will be seized in other countries, whose interests may not be the same as ours or as positive as ours towards their citizenry. If we create that precedent, what is to prevent Governments in other countries saying that they want the same powers and therefore doing the same? That test has to be applied to quite a number of the measures in the Bill. As I say, my starting point is that I want the state to be able to fill the gap in its access to communications data that is emerging and opening up. However, I want to hear from the Government a clear explanation of why in this set of cases the benefits outweigh the potential disbenefits.
It might be, but it might not be. Again, it depends on what is reasonably practicable in the particular circumstances. Those circumstances might vary from provider to provider and from situation to situation, so it is not possible for me to generalise about this, but I will take further advice and write to the noble Lord about it.
My Lords, the Minister spoke about what is possible and reasonable, but the point of our Amendment 93 is that a notice may not impose the requirement to build a facility that would break end-to-end encryption. We may need to return to this on Report, but it would perhaps be useful to have a discussion between now and then about imposing the requirement to build capacity to break end-to-end encryption.
I fear that the Minister is taking himself down a long cul-de-sac here, because the implication of what he is saying is that no one may develop end-to-end encryption. One feature of end-to-end encryption is that the provider cannot break it; encryption is private between the users at both ends. He seems to be implying that providers can use only encryption which can be broken and therefore cannot be end to end, so the next version of the Apple iPhone would in theory become illegal. I think that there is quite a lot of work to be done on this.