(9 years, 6 months ago)
Commons ChamberI thank the Home Secretary for her thoughtful speech and for scheduling the debate so swiftly after the publication of David Anderson’s report. I called for the debate in response to the statement two weeks ago and it has been swiftly delivered.
I should also apologise to the House, as I already have to the Home Secretary and to you, Mr Speaker, for the fact that I cannot be here for the closing speeches. It is my daughter’s school graduation, so I hope the House will forgive me for being there instead.
This will be a good debate and it is an opportunity to debate the right legal framework to protect our liberty and security in the digital age. I join the Home Secretary in paying tribute to the quiet heroism of our intelligence services, agents and counter-terror police. Their work is necessarily secret and their successes are rarely reported, but their success is measured, bluntly, by a lack of column inches and TV headlines. We are rightly all proud of them.
There is also no doubt that as the world becomes increasingly connected and as we increasingly rely on smartphones, tablets and other technology to communicate and organise our lives, that has repercussions for the fight against terrorism and serious and organised crime. David Anderson’s report contains the startling fact that in 1975 there were 1 billion connected places, that by 2010 there were 5 billion connected people and that by 2020 there will be 50 billion connected devices.
Our lives are increasingly online, and with that opportunity come great challenges. For example, we know that Twitter is a lot of fun for many people, including many Members of this House—although, perhaps, not yet the Home Secretary—but it has also been used to connect extremists and recruiters with young people in the United Kingdom, including the young girls who left for Syria from Bethnal Green earlier this year. New devices, mail services and apps are used to help us all keep in touch, build amazing new businesses and organise our lives, but also by some to commit crimes and abuse. Online crime has risen exponentially and we have also seen awful cases of online child abuse that we are still failing to address as a country.
We have also seen growing problems with organised cyber-attacks for major companies, infrastructure and the Government. The operations of the police and intelligence agencies need to be able to keep up with these new forms of crime and national security threats, but at the same time the checks and balances, safeguards and oversight that are needed must keep up with new technology. We have a long and proud tradition in Britain of having those checks, balances and safeguards for our liberty and our privacy. We must ensure that action by the state is proportionate, so those checks and balances must keep up with the fast-moving changing technology.
We have argued for some time that the legal framework is out of date. The Regulation of Investigatory Powers Act is, in David Anderson’s words,
“incomprehensible to all but a tiny band of initiates”
and in the long run that means that it is “intolerable”. Its interaction with previous legislation, including the Telecommunications Act 1984, is baffling, too, and even after being briefed on some of the work that the agencies do and having studied the legislation over seven years—often with a wet towel wrapped around my head, which was the only thing that enabled me to get my head around it even temporarily—I still find it hard to be clear about what is possible and what is not under the law as it stands and about the extent of existing safeguards. That is unsustainable as a framework for legitimacy for the vital work the agencies do, which is why we have called for some time for a review of RIPA, why we argued for it in the debates last summer and why we have welcomed the Government’s agreement to ask David Anderson to produce this report.
The report is extremely thorough and ranges from ideas of privacy in ancient Babylonia to what Facebook’s Mark Zuckerberg, the founder of a rather different kind of empire, thinks of the topic. It provides us with an opportunity for Parliament, civil society, the intelligence community, law enforcement, communication providers and, crucially, the public properly to consider the powers and safeguards we need.
As David Anderson recently said:
“The threat that I see of not accepting my recommendations, or recommendations along these lines is that people become disenchanted with the whole business of intelligence gathering. They believe some of the wilder allegations…that the state is reading into people’s emails the whole time when patently it isn’t. If this sense of disillusionment and disenchantment is perpetuated and spreads further then I think both law enforcement and intelligence lose the public confidence that they actually need if they are going to do an effective job.”
My right hon. Friend is making a good and comprehensive speech. Is it not appropriate that David Anderson’s report is entitled “A Question of Trust”? Surely that is one of the most important things in bringing the public with us on this issue.
My hon. Friend is exactly right. There is strong support for the work of the intelligence agencies and the work they do in Britain, which has historically always been the case, but we should never take that for granted. It would not be fair on the intelligence agencies to take it for granted, so maintaining that sense of trust and confidence across the whole of society and not simply across the majority of people is extremely important for the work that they do. If we are to protect both our liberty and security in a democracy, we need to achieve consent for and understanding of the law and it is not just those who are concerned about surveillance who value greater clarity. It is also an essential mission of our intelligence agencies as part of defending democracy and protecting liberty and security.
The Home Secretary has been clear that there is no doubt that investigatory powers are vital in confronting terrorism, child abuse and other serious and organised crime. During the Home Secretary’s statement two weeks ago, I mentioned the awful case cited in David Anderson’s report in which communications data were used, rightly, to stop the abuse of three children who were all less than four years old. There are other cases. For example, Operation Overt dealt with the largest and most serious terrorist plot we have ever faced. Between 2008 and 2010, 10 individuals were convicted of plotting to blow up multiple transatlantic airliners. A key part of the evidence that brought the plotters to justice was coded conversations by email between the conspirators and extremists abroad in which they discussed the preparation for their attacks and the selection of targets.
It is clear from the review and other evidence that the powers passed through the Data Retention and Investigatory Powers Act 2014 last summer are essential and must be renewed, and will need to be renewed in good time before the sunset clause at the end of next year. It is also right, however, that we ensure that the legal framework that governs them is updated so that it properly reflects the needs of security and the need for safeguards.
In 2012, the Home Secretary made proposals in the draft Communications Data Bill that would have gone much further than the current legislation. I argued at the time that there were serious problems with the Bill, because it put too much power in the hands of the Home Secretary. The Joint Committee set up to scrutinise the draft Bill also, rightly, raised substantial concerns. David Anderson’s report makes it clear that he does not think that the draft Bill was the right approach. He noted that the first clause was “excessively broad”. The important question of IP addresses, which was encompassed in the draft Bill, has now been dealt with in other legislation. On weblogs, which the Home Office said at the time it wanted to pursue, David Anderson concluded that he
“was not presented with a detailed or unified case”
on the viability, practicalities or legal considerations.
On perhaps the most significant and the most controversial measure in the draft Bill—requiring internet service providers to hold huge amounts of third-party data—he commented:
“I did not get the sense that this was judged to be the priority that it once was, even within law enforcement”,
and he concluded:
“Accordingly…there should be no question of progressing this element of the old draft Bill until such time as a compelling operational case has been made, there has been full consultation with CSPs and the various legal and technical issues have been fully bottomed out. None of those conditions appears to me to be currently satisfied.”
Experts have also expressed substantial concerns about encryption and the cost and proportionality of the proposals.
Where David Anderson and the agencies confirm that there is a problem is in ensuring that companies whose headquarters are overseas comply with UK law, particularly for data and communications that involve those who are living and operating in the UK and those who pose threats to the UK. The Home Secretary referred to the report by Nigel Sheinwald, whose work is vital because, as the agencies and the Home Secretary recognise, UK law is only part of the answer; legal and diplomatic arrangements with other countries are immensely important. In fact, there is a growing range of views that the proposals in the draft Communications Data Bill were not the right way to deal with that genuine and significant problem in relation to companies based overseas.
On that basis, I ask the Home Secretary to confirm that she has dropped the original draft Communications Data Bill and is starting with a fresh approach. I think it would help our debate in this place and the development of future proposals that should balance the appropriate powers and the appropriate safeguards. Will she confirm that that draft Bill has been dropped and a new approach will be taken?