Bob Stewart
Main Page: Bob Stewart (Conservative - Beckenham)Department Debates - View all Bob Stewart's debates with the Home Office
(9 years, 11 months ago)
Commons ChamberI appreciate the comments of my hon. Friend. As a member of the Intelligence and Security Committee, he will recognise the challenges. He is right to underline the significance and to reiterate what I said on Second Reading—that security and liberty should be mutually reinforcing. His point about it not being a zero sum game is well made.
The hon. Member for Kingston upon Hull North (Diana Johnson), who speaks for the Opposition, identified a list of 10 points, and I will do my best to respond to some of them. The hon. Member for Hayes and Harlington (John McDonnell) underlined the role of sensitive categories of person and additional safeguards that may be provided in respect of them when we consider communications data and the ability of the police to request such data. As my right hon. Friend the Member for Berwick-upon-Tweed (Sir Alan Beith) pointed out, we are looking at metadata—who said what to whom, when and where—rather than the content.
It is clear from the contributions that we have heard that gaps in communications data capability have a serious impact on the ability of law enforcement and intelligence agencies to carry out their functions—the point that was made clearly by the right hon. Member for Knowsley (Mr Howarth) and the shadow Minister. One such gap is internet protocol address resolution. The Data Retention and Investigatory Powers Act 2014 maintained our lawful data retention regime. It did not create any additional powers, nor did it address any of the gaps in capability. To respond to the point made by the hon. Lady, we remain confident about the manner in which it did that in seeking to address the points raised by the European Court of Justice.
Clause 17 amends that Act—DRIPA—to ensure that communications service providers can be required to retain the data necessary to link the unique attributes of an internet connection to the person or device using it at any given time. Every internet user is assigned an IP address to ensure that communications service providers know which data should go to which customer and route it accordingly. Addresses are sometimes assigned to a specific device, such as a broadband router located in a home or within the work environment, but they are usually shared between multiple users—hundreds or even thousands—and allocated automatically by the provider’s systems. Many providers currently have no business reason for keeping a log of who has used each address. It is therefore not always possible for law enforcement agencies accessing the data to identify who was using an IP address at any specific point in time.
The provision would ensure that these data are available to law enforcement. It would improve the ability of the police and other agencies to identify terror suspects who may be communicating with each other via the internet and plotting attacks. It would also help to identify and prosecute paedophiles, organised criminals, cyber-bullies and computer hackers, and to protect vulnerable people. For example, it could be used to identify a child who has threatened over social media to commit suicide. The IP address has direct relevance to all these issues and it is evidence that can be brought before the court. In the context of the previous debate, it is often instrumental in bringing prosecutions. Communications data are used in about 95% of all serious crime prosecutions, so they have a direct utility.
Just a question to the Minister—does this also apply to medical in confidence communication between, say, a doctor and a patient, and documents being intercepted, or am I totally out to lunch, as it were?
I am not sure that my hon. Friend would ever be out to lunch, particularly at 3.26 in the afternoon. I think he is talking about interception. The clause is about the connection, the metadata—about who communicated with whom—rather than the content of the communication. The hon. Member for Hayes and Harlington spoke specifically about interception and the way in which certain protected categories of individual may be affected. My hon. Friend highlights a specific point, but I will come on to communications data, DRIPA and the codes of practice, and the status of certain individuals in respect of requests that may be made for that information.
Amendment 5, as the hon. Lady explained when she moved it, seeks to limit the scope of the provision to the retention of data that is necessary to allow the identification of a user from a public internet protocol address. I am pleased to say that there is no difference of principle between us on this issue. It is important that this provision goes no further than necessary to ensure that communications service providers can be required to retain the data necessary to link the unique attributes of an internet connection to the person or device using it at any given time.
I can confirm that the provision is already limited in the way the Opposition propose. Subsection (3) defines the data to be retained as data that
“may be used to identify, or assist in indentifying, which internet protocol address, or other identifier, belongs to the sender or recipient of a communication”.
As such, any data that cannot be used to identify, or assist in identifying, the user of an IP address are already outside the scope of the provision. A requirement to retain the data may be imposed only where it is necessary and proportionate to do so.
On the hon. Lady’s specific point about web logs, I can assure the Committee that the Bill is already tightly drafted. In particular, clause 17(3)(c) excludes so-called web logs. It provides for the retention of data relating to IP resolution, and only such data. Anything else is already beyond the scope of what the clause permits. Accordingly, although I entirely agree with the sentiment behind the amendment, I do not believe that it is necessary.
Part 4 and schedule 2 deal with aviation, maritime and rail security. For the benefit of the Committee, I will go through each of the provisions, listen to right hon. and hon. Members’ contributions and then respond to their questions. I welcome the right hon. Member for Delyn (Mr Hanson) to the Opposition Front Bench. He has taken a close interest in these issues.
Clause 18 provides a new legal basis for the operation of authority-to-carry schemes, which are commonly known as no-fly schemes. We have a scheme in place that relates to passengers being carried to the UK. The clause makes provision for a broader scheme that relates to individuals who are arriving or are expected to arrive in the UK, and individuals who are leaving or are expected to leave the UK.
Authority to carry is necessary to prevent the entry or return to the UK of foreign nationals who pose a terrorism-related threat and to mitigate the threat of an attack, primarily on aircraft. It is also necessary to disrupt the return to the UK, and prevent the departure from the UK, of British nationals who are subject to legal restrictions on their travel. Under the clause, any scheme must set out the carriers to which it applies and the classes of individuals a carrier may be refused authority to carry to or from the UK. Classes of individuals may be specified in a scheme only if it is necessary in the public interest. When travelling to the UK, that could include persons who are excluded or have been deported from the UK, individuals whose presence in the UK would not be conducive to the public good, and those who would otherwise be inadmissible to the UK. It may also include individuals subject to a temporary exclusion order under clause 2.
When travelling from the UK, carriers might be directed not to carry individuals subject to a TPIM or a post-custodial licence preventing travel following a conviction for a terrorism-related offence. The scheme may also include individuals who have had their passport cancelled or not issued on public interest grounds, or seized under powers in schedule 1. Any scheme must set out the process for carriers to request authority to carry, and state how that authority is granted or refused. That may include requirements for carriers to provide passenger information by a certain time before departure, or for carriers to be able to receive information that grants or refuses authority to carry in a way compatible with the Government’s border system.
We will work with carriers to resolve any compliance issues, but if a carrier fails to comply, clause 19 provides regulations to impose a civil penalty on those who breach a scheme. The new regulations set out how a penalty will be calculated, imposed and enforced, and must provide a means for carriers to object to a proposed penalty. The regulations are subject to the affirmative procedure, and the authority-to-carry scheme to which the regulations refer must be laid in Parliament at the same time.
Clause 20 makes provision for schedule 2 to the Bill. Part 1 of schedule 2 amends passenger, crew and service information relating to aircraft and ships, and may be extended to international trains through secondary legislation. Paragraphs 1(2) and 1(3) mean that a carrier may be required to be able to receive communications about information that it has provided to the border authorities in a way compatible with the Government’s border system. That might be a simple receipt, or an alert about errors in the format of the information.
Paragraphs 1(4) and 1(7) of schedule 2 allow the regulations to introduce requirements for advance information about persons on flights or voyages to and from the UK that do not operate to a published schedule—collectively referred to as “general aviation” and “general maritime.” The regulations will set out the classes of ships or aircraft to which they apply, the information required, the time by which it must be supplied, and how it is to be supplied. That will allow a much clearer picture of incoming and outgoing traffic and the identification of aircraft and ships that require close attention from the border authorities. Those paragraphs also provide for regulations to impose a civil penalty for a failure to comply with new requirements to provide information. The regulations may set out how a penalty will be calculated, administered and enforced, and make provision for an appeal.
The Minister has not mentioned this so far, although I assume he will come to it, but is it correct to say that if a carrier brings someone to this country whom we do not want to come, not only will it receive a civil penalty, it has a responsibility to take that person back to whence they came immediately?
As my hon. Friend will realise, provisions in the Bill overlap with other issues and provisions. He will be aware of sanctions that are already available and establish penalties for those who have no lawful authority to be in the UK, and of the checks that are obliged on people to ensure that appropriate visa or other requirements are in place. These measures build on that and there are established processes for the return of individuals who should not be here.
The new transport security provisions in part 2 of schedule 2 build on existing powers and enhance our ability to respond effectively to transport-related terrorism threats. They amend transport security legislation to strengthen existing powers and require certain security measures to be implemented before an operator may operate into the UK or, in the case of ships, a UK port. The schedule makes similar provisions for services in the aviation, maritime and rail transport industries.
The schedule inserts provisions into the respective aviation, rail and maritime statutes enabling faster collection of security related information from operators. It provides enabling powers to make regulations, imposing a wider range of methods for electronic service of security directions or requests for information, to ensure that security directions become effective in the shortest possible time. In addition, it inserts a power into the Aviation Security Act 1982 for the Secretary of State to make regulations to introduce civil sanctions for non-compliance by the aviation industry, with information requests or security directions subject to the affirmative procedure.
In the old days, when I was working with the security services in Northern Ireland, it used to be called profiling. Does the hon. Gentleman agree that we are looking at a form of profiling again?
The hon. Gentleman is far more informed on these matters than I am, and I certainly would not argue with him about that. This is a similar approach, but it psychologically categorises the processes within that and shows how it can be dealt with. It is easier for the people operating these systems to be able to recognise particular behavioural patterns and to deal with them. This does do what the hon. Gentleman says, therefore, but it is important that this has already been designed and that security personnel are working with it. In order to meet the issues raised in clause 18, it is important that we have such a system in place, but the only way we can do that is by sharing best practice. That has already been done by Sussex police, and I commend that approach to the Minister and hope he takes lessons from the work that has already been done by Detective Sergeant Mike Redmond. We should all acknowledge the great work he has done.