Earl Howe
Main Page: Earl Howe (Conservative - Excepted Hereditary)Department Debates - View all Earl Howe's debates with the Ministry of Defence
(7 years, 9 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Baroness Hayter of Kentish Town (Lab)
My Lords, I have added my name to Amendment 154 and will not repeat what has been said about it. It simply asks the Government to make explicit what they have said—namely, that the retention of third-party data will not be required. It would be helpful to make that clear in the Bill.
The Minister of State, Ministry of Defence (Earl Howe) (Con)
My Lords, as the noble Lord, Lord Paddick, has explained, these three amendments all deal with the issue of third-party data. Amendment 116 seeks to prevent public authorities from acquiring third-party data, Amendment 154 seeks to put the Government’s commitment not to require retention of third-party data on to the face of the Bill and Amendment 235 seeks to amend the definition of communications data to exclude from it third-party data.
On the acquisition of third-party data, the Bill maintains the existing position under RIPA that public authorities can acquire third-party data where necessary and proportionate to do so. But I want to be clear here—a provider is required to comply with a request for communications data, including a request for third-party data, only where it is reasonably practicable for them to do so. It is absolutely right that, where a communications service provider holds, or is able to obtain, communications data, whether in relation to its own services or those provided by a third party, then the data should be available to public authorities for the statutory purposes in the Bill. Put simply, data that already exist, are already held and which could save a life, convict a criminal, prevent a terrorist attack or provide an alibi, should not be put out of reach of law enforcement based solely on which company it is that holds the information.
Amendment 154 deals with the retention of third-party data. As I am sure the noble Lord knows, this matter was considered in the Commons, where the Government gave a commitment to consider it further. I am grateful to the noble Lord and the noble Baroness for tabling this amendment and giving me an opportunity to update the Committee on those considerations. My right honourable friend the Home Secretary has given a clear commitment that we will not require a telecommunications operator to retain third-party data, and that commitment is given effect to in the Communications Data Draft Code of Practice. However, distilling that commitment into primary legislative drafting is complex. We do not want to include provisions in the Bill that are not entirely clear in scope or which put in place restrictions that are broader, or indeed narrower, than intended. But we have been making good progress and are close to a provision that we think achieves the desired outcome. Of course, we need to test that drafting with operational stakeholders and with those telecommunications operators likely to be affected by the legislation, but we hope to be able to return to this issue on Report.
Finally, on Amendment 235, the principle of what are communications data is clear. Changing that position so that the classification of data changes depending on which provider holds them would no doubt cause confusion among providers as to how the data should be handled. While I understand the concerns around third-party data, and hope that what I have said today lays some of those to rest, amending the definition of communications data is not the right way forward. I invite the noble Lord to withdraw Amendment 116.
Lord Paddick
I am grateful to the Minister for his explanation and am encouraged by the promise of government amendments on Report. I have to say that I am still a little confused. The former Home Secretary, in her commitment, said that third-party data of telecommunications operators from abroad would not be required to be retained by UK telecoms operators. If the third-party data are of a different UK telecoms operator, surely the Secretary of State can make an order to get the data from that operator. But I will read carefully in Hansard what the Minister has said. As he has made a commitment, we will come back to this on Report. For the moment I beg leave to withdraw the amendment.
Earl Howe
My Lords, Clause 58 is the first clause of Part 3 of the Bill and deals with the targeted obtaining of communications data. It provides the power for only those public authorities listed in Schedule 4 to the Bill to authorise conduct to obtain communications data. Obtaining communications data may be authorised only when necessary for one of the statutory purposes listed in Clause 58(7) and where the conduct authorised is proportionate to what is sought to be achieved. Similarly, Clause 146(2) provides the statutory purposes for which a bulk communications data acquisition warrant will be considered necessary. Those purposes mirror the statutory functions of the security and intelligence agencies, since bulk warrants are of course available only to those agencies. They are where it is,
“in the interests of national security”,
for the prevention or detection of serious crime, or,
“in the interests of the economic well-being of”,
the UK where relevant to national security.
Throughout the passage of the Bill, we have heard repeatedly of the vital importance of communications data for the full range of law enforcement activity and national security investigations. This Government are committed to ensuring that law enforcement and the intelligence agencies have the tools they need to carry out the critical responsibilities that Parliament has placed upon them. Indeed, one of the key aims of this legislation is to ensure that investigatory powers are fit for a digital age and that crime can be investigated wherever it takes place, regardless of the method of communication. However, the Government consider these amendments unnecessary for targeted communications data and an inappropriate extension of responsibilities for our intelligence agencies for bulk communications data.
The Bill already provides that communications data may be acquired for the purpose of preventing or detecting crime, wherever that crime takes place and whatever scale it is on, where an application for communications data meets the requirements for necessity and proportionality. So it would already be available for the purpose of suppressing less serious crimes perpetrated on a large scale. I commend the aim of my noble friend Lord Lucas’s amendment but I believe that the Bill already provides the powers that he seeks.
As I said earlier, the bulk acquisition of communications data is available only to the intelligence agencies, whose statutory functions relate to serious crime and national security. The inclusion of a statutory purpose to obtain communications data in bulk so that our intelligence agencies could suppress less serious crime would therefore, in my submission, be inappropriate.
I hope that my noble friend finds those comments helpful and will feel able to withdraw his amendment.
Lord Lucas
My Lords, I thank my noble friend for his reply. I am not surprised but disappointed, but I shall certainly seek leave to withdraw my amendment.
“( ) The fact that the communications data which would be obtained in pursuance of an authorisation relates to the activities in the British Islands of a trade union is not, of itself, sufficient to establish that it is necessary to obtain the data for a purpose falling within subsection (7).”
“Restrictions in relation to internet connection records
(1) A designated senior officer of a local authority may not grant an authorisation for the purpose of obtaining data which is, or can only be obtained by processing, an internet connection record.(2) A designated senior officer of a relevant public authority which is not a local authority may not grant an authorisation for the purpose of obtaining data which is, or can only be obtained by processing, an internet connection record unless condition A, B or C is met.(3) Condition A is that the designated senior officer considers that it is necessary, for a purpose falling within section 58(7), to obtain the data to identify which person or apparatus is using an internet service where—(a) the service and time of use are already known, but(b) the identity of the person or apparatus using the service is not known.(4) Condition B is that—(a) the purpose for which the data is to be obtained falls within section 58(7) but is not the purpose falling within section 58(7)(b) of preventing or detecting crime, and(b) the designated senior officer considers that it is necessary to obtain the data to identify—(i) which internet communications service is being used, and when and how it is being used, by a person or apparatus whose identity is already known,(ii) where or when a person or apparatus whose identity is already known is obtaining access to, or running, a computer file or computer program which wholly or mainly involves making available, or acquiring, material whose possession is a crime, or(iii) which internet service is being used, and when and how it is being used, by a person or apparatus whose identity is already known.(5) Condition C is that—(a) the purpose for which the data is to be obtained is the purpose falling within section 58(7)(b) of preventing or detecting crime,(b) the crime to be prevented or detected is serious crime or other relevant crime, and(c) the designated senior officer considers that it is necessary to obtain the data to identify—(i) which internet communications service is being used, and when and how it is being used, by a person or apparatus whose identity is already known,(ii) where or when a person or apparatus whose identity is already known is obtaining access to, or running, a computer file or computer program which wholly or mainly involves making available, or acquiring, material whose possession is a crime, or (iii) which internet service is being used, and when and how it is being used, by a person or apparatus whose identity is already known.(6) In subsection (5) “other relevant crime” means crime which is not serious crime but where the offence, or one of the offences, which is or would be constituted by the conduct concerned is—(a) an offence for which an individual who has reached the age of 18 (or, in relation to Scotland or Northern Ireland, 21) is capable of being sentenced to imprisonment for a term of 6 months or more (disregarding any enactment prohibiting or restricting the imprisonment of individuals who have no previous convictions), or(b) an offence—(i) by a person who is not an individual, or(ii) which involves, as an integral part of it, the sending of a communication or a breach of a person’s privacy.(7) In this Act “internet connection record” means communications data which—(a) may be used to identify, or assist in identifying, a telecommunications service to which a communication is transmitted by means of a telecommunication system for the purpose of obtaining access to, or running, a computer file or computer program, and(b) comprises data generated or processed by a telecommunications operator in the process of supplying the telecommunications service to the sender of the communication (whether or not a person).”
(ba) there is an opportunity to obtain information where—(i) the opportunity is rare,(ii) the time to act is short, and(iii) the need to obtain the information is significant and in”
Earl Howe
My Lords, in moving Amendment 124 I shall speak also to Amendment 127. We consider the requirement for an authorising officer to be independent of the operation or investigation being worked on an important safeguard and intend the exceptions to be drawn as narrowly as possible. That is why we welcomed the Intelligence and Security Committee amendments on this in the House of Commons and why we have tabled these amendments, which fully reflect the substance of the ISC’s intention and more narrowly define the national security exceptions. I beg to move.
Lord Paddick
My Lords, my noble friend Lady Hamwee and I have Amendment 126 in this group. It attempts to challenge the fact that the size of the relevant public authority, which may make it difficult to find a senior officer independent of the investigation to which the authorisation relates, makes it an exceptional circumstance, which it would be if the Bill is accepted as drafted.
Earl Howe
My Lords, Amendment 126, as the noble Lord, Lord Paddick, has just explained, concerns the independence of the authorising officer. As I mentioned a moment ago, the Bill provides for a very limited set of circumstances in which the designated senior officer need not be independent of the investigation or operation; for example, where delays in locating an independent officer may pose a threat to life, or in specific cases where the interests of national security prevent it. As we have heard, the intention behind the amendment is to ensure that an authorising officer is always, without any exceptions, independent of the investigation. I beg the noble Lord’s pardon.
Lord Paddick
I am grateful to the noble Earl for giving way. We entirely accept that some public authorities will be so small, or some investigations so important, that there cannot be someone independent of the investigation who can give the authority. As the Bill is drafted, however, simply the size of the public authority is seen as an exceptional circumstance. It is not an exceptional circumstance and the amendment attempts to allow the size of the authority to be a reason why an independent senior officer cannot give the authority without making it an exceptional circumstance.
Earl Howe
I am very grateful to the noble Lord. He is right: in some small public authorities there will be only a small number of staff sufficiently senior to take on this important responsibility. Where he and I part company is over the question of whether the rank of the designated senior officer should be lowered to ensure that there are sufficient numbers of them to always be independent of the investigation. I do not feel able to agree to that, because to do so would lower the safeguards that form an integral part of the communications data regime. Equally, I am afraid the Government are not prepared to remove these powers from some of the smaller authorities. They may be small, but they often do vital work in keeping the public safe and investigating crime.
I would be happy to discuss this further outside the forum of Committee, if that would help the noble Lord. I understand where he is coming from, but we have a fundamental disagreement of view on this.
Lord Paddick
I would just add that we do not disagree that a public authority may be so small that there is no independent senior officer who can grant the authority; the problem is whether that situation would amount to an exceptional circumstance. However, I would be very happy to discuss that situation with the noble Earl between now and Report.
( ) may cancel it at any time, and( ) ”
Lord Paddick
My Lords, Amendments 146 and 147 in this group are also in my name and the name of my noble friend Lady Hamwee. Much concern has been expressed about the number of public authorities that can intrude into people’s privacy, and as a result, restrictions have been put in the Bill. If the Bill is enacted there will be fewer public bodies with that ability, and that is to be welcomed. We therefore do not think it is right that under Clause 67 the Secretary of State should be allowed by regulation to add a public authority. Amendment 145 would delete this power from Clause 67(2)(a) and Amendment 146 would make a similar change to subsection (3).
Amendment 147 would impose a duty on the Secretary of State to consult representatives of local authorities—for example, the Local Government Association—if she intends to make regulations to change a local authority-designated senior officer to someone of lower office, rank or position, in addition to consulting each of the local authorities concerned, as set out in Clause 69(5). I beg to move.
Earl Howe
My Lords, these amendments all concern the public authorities that are able to acquire communications data. I should take this opportunity to mention a document which we published last week and which is available in the Printed Paper Office: Operational Case for the Use of Communications Data by Public Authorities. It sets out why it is essential that the authorities listed in Schedule 4 to the Bill are able to acquire communications data. It is important to recognise that the crimes they investigate are not trivial. They include offences such as bribery and corruption, defrauding vulnerable people of their life savings, stealing sensitive personal information and supplying dangerous counterfeit medicines. That document is pertinent to this group of amendments, because Amendments 145 and 146 would remove the ability of the Secretary of State to add public authorities to Schedule 4 by regulations.
I recognise the well-intentioned purpose of the amendments. However, it is not something that the Government can support because it goes against our stated aim of ensuring that the Bill is future-proofed. Although we have no plans to use the regulation-making power, and, indeed, we think it unlikely that any additional authorities will be identified, it would not be good policy to specifically rule it out. That is because communications data are an essential investigative tool for numerous investigations and they are used by a number of different authorities. As I said, we have published the operational case demonstrating why it is so essential that the authorities listed in Schedule 4 continue to be able to use these powers.
As that operational case demonstrates, the authorities that acquire communications data, including the so-called “minor users”, often do so to investigate serious crime and, in some cases, save lives. Should a new investigative body be established—for example, with a remit to investigate a specific type of serious crime—we would want the flexibility to give it the powers that it needed. Similarly, we need to be able to adapt the list if changes in the roles and responsibilities of public bodies mean that it falls out of date.
Of course, there should be full and proper scrutiny of any decisions to provide powers to an additional body. The Government will consider giving powers only where a public authority can make a robust case and, perhaps more importantly, the Bill allows a public authority to be added to Schedule 4 only under the enhanced affirmative procedure. This procedure requires additional consultation above and beyond the affirmative procedure and ensures that a parliamentary committee is provided with an opportunity to consider the draft regulations.
This power has been considered by the Delegated Powers and Regulatory Reform Committee. In her letter to the Joint Committee that scrutinised the draft Bill, my noble friend Lady Fookes reported that the committee accepted the need for the delegated power and welcomed the strengthening of scrutiny procedures under the Bill. She said that,
“the enhanced affirmative procedure ... provides an appropriate level of Parliamentary scrutiny”.
I hope that that reassures the Committee that sufficient scrutiny is already built into the process to ensure that an additional public authority would be added to Schedule 4 only where it had a robust and compelling need for the powers.
Lord King of Bridgwater (Con)
Obviously, this is a very important area, which has given rise to a lot of public concern about how widely this would go in terms of all the authorities that might have access to information in this way. But it must be right that, if there is to be a list and it is to bear the power to remove names—which the noble Lord, Lord Paddick, is not suggesting should be deleted—there must be a power to add to the list as well where appropriate. Knowing the way that Governments, bodies and names change, I can see without altering the impact at all that it would be necessary to exercise this power. Could the Minister say a little more about the committee that he was talking about? Is it a standing committee, special committee or advisory committee? When he mentioned the proposal to add somebody to the list, he said that that would be scrutinised by a committee. What sort of committee would that be?
Earl Howe
My Lords, I was referring to the procedure relating to the enhanced affirmative process. That procedure is set out in Clause 239 of the Bill. Importantly, it provides for a relevant parliamentary committee to report on the regulations. I do not think that I can be more specific at this stage. The enhanced affirmative procedure has been used in the past, albeit not very frequently, and is there as an additional safeguard. I endorse everything that my noble friend said in support of my remarks. He is absolutely right that we cannot foresee at this stage the need to add to the list, but we must and should provide for the circumstances where that becomes necessary.
Lord Paddick
I am grateful for the noble Earl’s explanation. The noble Lord, Lord King of Bridgwater, raised this important concern that people have about the range of public authorities that will be able to access this data. There is a real concern that the Secretary of State by regulation can simply add to the list included in the Bill. As a general principle, to have provisions in a Bill in order—to quote the noble Earl —to future-proof it, even if those are unlikely to be used, is not the ideal way forward. However, the enhanced affirmative procedure does give some reassurance on that issue.
On the other matters, I will read carefully what the noble Earl has said, but at this point I beg leave to withdraw the amendment.
“( ) The fact that the data which would be retained under a retention notice relates to the activities in the British Islands of a trade union is not, of itself, sufficient to establish that the requirement to retain the data is necessary for one or more of the purposes falling within paragraphs (a) to (j) of section 58(7).”
Lord Rosser
The intention behind this amendment to Clause 83 is to replicate the Data Retention and Investigatory Powers Act in its original form. In so doing, it would restrict the scope of Clause 83 and equate it to existing data retention provisions in DRIPA, with the only addition being the inclusion of internet connection records.
Under the Data Retention and Investigatory Powers Act, the term “relevant communications data”, as I understand it, covers internet access services, internet email and internet telephony. Those categories replicate the 2009 data retention regulations, which implemented the then EU data retention directive. The Counter-Terrorism and Security Act 2015 extended DRIPA to include what was called IP address resolution data.
Clause 83 currently empowers the Home Secretary to issue retention notices covering some six categories of data under the definition of “relevant communications data”. One of these categories is internet connection records. That therefore leaves five other categories, which on the face of it would appear to go wider than the existing data retention categories under the Data Retention and Investigatory Powers Act 2014 as amended by the Counter-Terrorism and Security Act 2015.
As the Bill is currently drafted, the term “relevant communications data” could be interpreted as some sort of catch-all definition of relevant communications data that would cover the collection of virtually any type of communication on a network, including communications where the sender or recipient was not a human being. If that is an accurate assessment, the definition of “relevant communications data” in Clause 83 would cover not only background interactions that smartphone apps make automatically with their supplier servers but presumably also the entire internet of things.
I therefore seek an explanation from the Government as to why the scope of “relevant communications data” in the Bill is not consistent with that in current recent legislation, the reasons and justification for the apparent broadening of the scope, and the difficulties that presumably the Government believe would be caused if the scope of Clause 83 were restricted in line with the amendment and instead equated to existing data retention provisions in DRIPA, apart from the addition of the inclusion of internet connection records. I beg to move.
Earl Howe
My Lords, the amendment seeks to amend the definition of “relevant communications data”—that is, the communications data that the Secretary of State will be able to require communications service providers to retain.
In looking at how the amendment is couched, I would like to bring the Committee’s attention to a statement made by David Anderson QC in his report on investigatory powers. He said that,
“any new law … must be couched in technology-neutral language”.
The Government agree. However, the amendment would go against that advice. It would seek to revert to the technical language from the data retention regulations 2009. This, in turn, as the noble Lord mentioned, was drawn from the EU data retention directive 2006, which was struck down in 2014.
I suggest to the noble Lord that it would be inappropriate to base today’s law on specific tele- communications definitions from a decade ago. For example, the amendment would ensure that we retained a reference to dial-up internet access in our legislation. That surely cannot be appropriate where broadband and mobile internet access are now the norm. The approach we have taken is to keep our definitions technologically neutral, as David Anderson recommended and as, indeed, is sensible in the drafting of any law that needs to apply across a range of technologies over time.
I hope that the noble Lord will recognise that it is not appropriate to tie our data retention regime to specific, and outdated, technological language. Those are the reasons why the Government cannot support the amendment.
Lord Rosser
Perhaps I may ask a question on that point. Not unfairly, the noble Earl made reference to regulations of some years ago, but presumably it is also accurate to say, and perhaps he could comment on this, that very recent legislation—namely, DRIPA 2014, as amended by the Counter-Terrorism and Security Act 2015—has also used the wording referred to in the amendment. Therefore, it also relates to legislation that is not particularly old and indeed is pretty recent. As I see it, we are making a change in wording from legislation that was passed only a year or two ago.
Earl Howe
The noble Lord makes what is, on the face of it, a fair point. We have language, as I have explained, that is out of date. But even where the language is not out of date in the kinds of instances that he refers to—for example, legislation refers to the “international mobile equipment identity” of devices—the rate at which telecommunications change means that that kind of language could become out of date very quickly. We try to read across the data descriptions that originated in the 2006 directive to the communications technologies of today, and do so in technology-neutral language. That is why we have departed from the approach that the noble Lord is advocating.
As the noble Lord will remember, DRIPA was emergency legislation. We simply replicated the existing language in that Bill. We now have an opportunity in the Bill before us to do rather better and try to future-proof the terms that the Bill contains.
Lord Rosser
I thank the Minister for that explanation. In the light of what he has said on behalf of the Government, I beg leave to withdraw the amendment.
“( ) The fact that additional relevant communications data which would be retained under a retention notice as varied relates to the activities in the British Islands of a trade union is not, of itself, sufficient to establish that the requirement to retain the data is necessary for one or more of the purposes falling within paragraphs (a) to (j) of section 58(7).”
Baroness Hayter of Kentish Town (Lab)
My Lords, I added my name to Amendments 159 and 160. Amendment 164 is in my name and that of my noble friend Lord Rosser. Our points are much the same as those made by my noble friend Lord Harris. I do not think there will be planting of evidence, for example. Our concern is much more about the risk to any public cybersecurity system, and we would want that to be taken into account. These amendments follow the recommendations of the Joint Committee. The idea is to minimise any potential risks. If, for example, the Secretary of State has to take into account any risk to the security and integrity of the networks, that by itself will ensure that any applicant sets that out in the form they submit. We hope the Government will respond, as my noble friend Lord Harris said, not necessarily by using these exact words but in the spirit of these amendments in order to retain overall security.
Earl Howe
My Lords, Amendments 159 and 160 would introduce new clauses requiring the person making an application for a warrant to make a detailed assessment of the risks of the proposed equipment interference activity to any critical national infrastructure, to the security and integrity of systems and networks, and to the privacy of those not targeted. Amendment 164 is linked to the requirement to produce risk assessments and would require the Secretary of State, when issuing warrants to the Chief of Defence Intelligence, to consider the content of these assessments when deciding whether the activity under the warrant would be proportionate. Amendment 169A would require a judicial commissioner to take into account a technical cyber risk assessment, conducted by the Investigatory Powers Commissioner, of the specific equipment interference proposed when deciding whether to approve a decision to issue a warrant.
I start by making an important general point. It seems these amendments are based on a fundamental misinterpretation of what GCHQ and others are here to do. Their role is to protect the public. That includes protecting cybersecurity. Indeed, the Government have invested very considerable resources into improving our cybersecurity efforts. Last November, the Chancellor announced the creation of a new national cyber centre led by GCHQ, with an additional £190 million of funding.
GCHQ has an excellent track record in identifying cyber vulnerabilities and making leading computer companies aware so they can improve their security. For example, in September 2015, Apple publicly credited CESG, the information assurance arm of GCHQ, with the detection of a vulnerability in its iOS operating system for iPhones and iPads, which could have been exploited to allow the unauthorised modification of software and to extract information from the devices. That vulnerability has now been patched.
I appreciate that the noble Lords’ amendments are intended to introduce safeguards, but I contend that sufficient safeguards are already contained in the Bill. Part 5 already requires the Secretary of State or law enforcement chief to consider whether the proposed conduct is necessary and proportionate before issuing a warrant. The Government have provided even more reassurance since the discussion of these same amendments in the other place. As we have frequently reflected, Clause 2 is a new provision that sets out overarching privacy duties. It includes a requirement to have regard to the public interest in the integrity and security of telecommunication systems. This requirement applies to any decision on whether to issue an equipment interference warrant.
The draft statutory code of practice also sets out, in detail, the factors that must be considered in respect of proportionality. The code states at paragraph 3.27 that one element of proportionality that should be considered is,
“explaining how and why the methods to be adopted will minimise the risk of intrusion on the subject and others”.
It goes on to state at paragraph 3.30:
“Equipment interference activity must therefore be carried out in such a way as to appropriately minimise the risk that the activities of the equipment interference agency would result in any increase of the likelihood or severity of any unauthorised intrusion into the privacy, or risk to the security, of users of equipment or systems, whether or not that equipment is subject to the activities of the equipment interference agency”.
If noble Lords will allow me one last quote, paragraph 3.31 states:
“Any application for an equipment interference warrant should contain an assessment of any risk to the security or integrity of systems or networks that the proposed activity may involve including the steps taken to appropriately minimise such risk … The issuing authority should consider any such assessment when considering whether the proposed activity is proportionate”.
Lord Beith (LD)
An innocent citizen could be the subject of training or testing equipment interference under paragraphs (d) or (e). Are these not legitimate questions to ask on behalf of such a citizen? If it is established that there was a risk, albeit a relatively small one, who will make the judgment that it is reasonable to expose the person, his equipment and his privacy to that risk?
Earl Howe
My Lords, I hope the noble Lord will accept that, in the context of training and testing, those activities are essential if we are to have fully functioning services. It should not only be current investigations that are used for training as that could jeopardise operations. Current investigations may not give the full range of testing and training opportunities to prepare staff and equipment for all necessary eventualities. I will write to the noble Lord on the precise procedures involved in authorising testing and training as I do not have the information in front of me. However, appropriate safeguards will be built into those procedures.
I come back to the point I was making about these amendments in general. I contend that they are not necessary because the Bill and the draft statutory code of practice already require that the impact on people’s privacy, including in respect of collateral intrusion and cybersecurity, is properly considered in every single case. The draft codes will, of course, also be subject to parliamentary scrutiny and agreement before they come into force. I hope that those remarks are helpful in reassuring the noble Lord and that he will withdraw his amendment.
Lord Paddick
I thank the Minister for responding to these amendments. I have to say that I am a little sceptical. Yes, of course, as I think he just mentioned, one part of GCHQ is responsible for improving cybersecurity and identifying vulnerabilities around it. However, the role of another part of GCHQ is to breach cybersecurity in order to access information on terrorists’ and serious criminals’ devices. Indeed, when I was at GCHQ it was accepted that there was a tension between the two parts of that organisation as far as that is concerned.
I am also not convinced that it is absolutely clear and obvious in the Bill that there is a need to consider the unintended consequences of damage to networks or devices. I accept what the noble Earl says about collateral intrusion but not in terms of damage to devices or networks. However, at this stage—
Earl Howe
Before the noble Lord decides what to do with his amendment, it might be helpful if I amplify my earlier comments. It is perfectly right to say that some equipment interference operations involve taking advantage of weaknesses, generally in how users are interacting with the internet, but sometimes vulnerabilities in the software or hardware themselves. However, I also contend that the use of equipment interference does not in itself create those weaknesses. While the security and intelligence agencies might on occasion—as I say—exploit such capabilities, they are at the same time committed to making the internet as secure as possible. As I mentioned, the security and intelligence agencies regularly highlight such vulnerabilities to industry.
There is a simple point to be made here. To leave targets open to exploitation by others would increase the risk that their privacy would be unnecessarily intruded upon. It would also increase the risk of those who wish to know who our targets are identifying the security and intelligence agencies’ tools and techniques. Therefore, operations must be carried out in such a way as to minimise that risk. I come back to the point I made near the start of my remarks: the purpose of GCHQ is to protect the public in that sense.
“( ) The fact that the information which would be obtained under a warrant relates to the activities in the British Islands of a trade union is not, of itself, sufficient to establish that the warrant is necessary on grounds falling within subsection (5).”
“( ) The fact that the information which would be obtained under a warrant relates to the activities in the British Islands of a trade union is not, of itself, sufficient to establish that the warrant is necessary as mentioned in subsection (1)(b) or (2)(b).”
“( ) The fact that the information which would be obtained under a warrant relates to the activities in the British Islands of a trade union is not, of itself, sufficient to establish that the warrant is necessary as mentioned in subsection (1)(a).”
“( ) The fact that the information which would be obtained under a warrant relates to the activities in the British Islands of a trade union is not, of itself, sufficient to establish that the warrant is necessary as mentioned in subsection (1)(a).”
(a) ”
( ) consider the matters referred to in subsection (1) with a sufficient degree of care as to ensure that the Judicial Commissioner complies with the duties imposed by section 2 (general duties in relation to privacy).”
Lord Rosser
Since the issue of the Wilson doctrine has been raised, perhaps I could refer to the recent report from the Select Committee on the Constitution. It referred to the Wilson doctrine and made particular reference to a case decided last year, where,
“the Investigatory Powers Tribunal held that the Wilson Doctrine provided fewer safeguards for parliamentarians’ communications than had commonly been supposed”.
The Select Committee ended that section of its report by saying:
“We note that the surveillance of parliamentarians is a significant constitutional issue and would welcome clarification from the Government of its current understanding of the Wilson Doctrine”.
Do the Government intend to give an indication of their current understanding of the Wilson doctrine, in line with the views expressed in that recent report from the Select Committee on the Constitution?
Earl Howe
My Lords, Amendment 169AA would remove the role of the Secretary of State and law enforcement chiefs from the warrant authorisation process, in circumstances where an equipment interference warrant is sought for the purposes of acquiring the communications or private information of a Member of a relevant legislature. This proposal reflects an earlier amendment discussed by this Committee in the context of interception. As I understood her, the noble Baroness, Lady Jones, is concerned that the safeguards contained in the Bill politicise the process of authorising a warrant. I do not share that perspective at all.
As my noble and learned friend Lord Keen said when we first discussed this matter, this amendment would in fact reduce the safeguards for parliamentarians. In line with the commitment given by the previous Prime Minister last November, the Bill provides a triple lock where warrants concern a parliamentarian’s communications or private information: they must be issued by the Secretary of State; approved by the Prime Minister; and authorised by a judicial commissioner. The Bill goes even further in the context of equipment interference warrants issued to law enforcement agencies, which are issued by a law enforcement chief and must be approved by the Secretary of State, the Prime Minister and an independent judicial commissioner.
I will not rehearse the arguments for the double lock at this point, but it is important to remember, as the noble Lord, Lord Murphy, reminded us, that it was endorsed by the Joint Committee of Parliament that scrutinised the draft Bill and, following amendments made in the other place, enjoyed cross-party support. The additional safeguards provided for parliamentarians add an extra layer of checks to the process. I do not share the perception of the noble Baroness, Lady Jones, that the process introduces the risk of political bias. In fact, I find it difficult to see what possible benefit would accrue from removing one of the checks that we now propose—that regarding the Secretary of State or law enforcement chief. In view of that, I respectfully invite the noble Baroness to withdraw her amendment.
I will move on briefly to the amendment tabled by the Government. Amendment 173 is—this answers the question from the noble Baroness, Lady Hamwee—a small, technical amendment that simply corrects the omission of a definition from Clause 114. The amendment adds the appropriate definition of a “designated senior official” to the clause, informing the reader of the persons to whom the provision applies. We do not think that there is any need to revisit the relative definitions in other parts of the Bill, and the amendment does not change how the equipment interference regime operates in any way.
The noble Lord, Lord Rosser, asked about the Government’s view of the Wilson doctrine. As he will be aware, in its judgment of 14 October the IPT comprehensively rejected the claim brought by a number of parliamentarians that their communications were improperly intercepted and found that all activity was within the law. The IPT also found that MPs’ communications with their constituents and others are protected by RIPA, the statutory legal regime, and that the regime governing the interception of MPs’ communications is compliant with the European Convention on Human Rights.
In February 2015, the Government published an updated draft code of practice on the interception of communications, which explicitly recognised the importance of communications between constituents and their elected representatives. In consequence, the Bill now provides for this in statute by setting out a role for the Prime Minister in authorising warrants which target a parliamentarian. I hope that that is helpful.
Lord Beith
I have to ask the Minister to address the Wilson doctrine just to this extent. Given the statutory provision which he and I both now support, what kind of statement does he envisage would be made by a Prime Minister to the House of Commons on the lines first envisaged by Harold Wilson so long ago? How can that possibly be a relevant proceeding now that these statutory provisions will be in place?
Earl Howe
My Lords, as I understand it, the Wilson doctrine committed the then Government to returning to Parliament if there was a change of policy. Clearly, now that we are enshrining what I think by common consent is a good formula for protecting parliamentarians, the need for a Government to come back to Parliament to announce a change in policy would have to be followed up, if it were done, by further primary legislation. I cannot envisage that and simply do not foresee that contingency. Through the Bill, we are now in a stronger and clearer position on the protection of parliamentarians and their communications with constituents than we were before.
Baroness Jones of Moulsecoomb
I thank the noble Lords who have made kind comments, even if they disagreed with me. We are not going to agree on the double or treble lock because, quite honestly, if you have two people from the same background or discipline agreeing with and corroborating each other—whether police chiefs or politicians—I think that there is the possibility of bias and that people outside this Chamber will see that as well.
I have heard several times in our debates the idea that we have to give the security or intelligence services the tools that they need to do the job. Personally, I heard that quite a lot with reference to the Met Police when I was on the Met Police Authority. In fact, while the Met and the intelligence services can be somewhat like a greedy child at Christmas, wanting more and more toys, it was the current Prime Minister who said “Enough” to the police. When the previous Mayor of London, Boris Johnson, wanted water cannon to be used on the streets of London, Theresa May MP said that, no, she would not authorise it. So sometimes you have to say no because it is not the right thing—the right powers or toys to give to a department.
This is a monstrous Bill which, in essence, means the end of privacy for us all. It is very important that we get these things right, so I welcome all the debate that we are having. I beg leave to withdraw the amendment.
““designated senior official” means a senior official who has been designated by the Secretary of State or (in the case of warrants issued by the Scottish Ministers) the Scottish Ministers for the purposes of this section.”