National Security Bill (Second sitting) Debate
Full Debate: Read Full DebateHolly Lynch
Main Page: Holly Lynch (Labour - Halifax)Department Debates - View all Holly Lynch's debates with the Home Office
(2 years, 4 months ago)
Public Bill CommitteesQ
Sam Armstrong: This Bill will do an awful lot to deal with it. There are some offences in the Bill that are drawn extremely broadly and will allow the security services to take a knife to whichever problems they would like.
The Bill does not do certain things that other countries have done. For example, Australia introduced the Foreign Relations Act, which allowed the central Government to terminate relationships that public authorities had entered into with foreign states where they were undermining Australia’s foreign policy position. That is a power that I know Australian officials have been keen to encourage the British Government to replicate.
In terms of assisting foreign intelligence services, which I think is by far and away the most broadly applicable offence in the Bill, and the trade secrets offence, there are broad powers there and the Government deserve commendation for bringing those powers before Parliament, although not before time. The security services have been keenly pushing for them and they will appreciate them in doing their work.
Q
Carl Miller: That is a great question. We can start by cleaning up the grubby world of spam. Often, when talking about online influence operations and disinformation, we descend into this kind of rarefied world of grand geopolitics, but it has as much to do with a very wide array of services and companies. If anyone googles “buy retweets now”, you will be able to see what I am talking about.
There are a tonne of companies that operate in plain sight, selling social media manipulation as “social media services”. You can buy fake followers; you can buy fake engagement. I looked it up on the way here; as of about 10 minutes ago, there was a company selling positive comments in Ukrainian on Instagram—mostly, they claim, by users from Ukraine—for $78 per 1,000. That is on the light net; we are not even talking about the services that are cryptographically secured or anonymised.
There is an array of these kinds of operations. An almost shadowy grey-area marketplace has emerged, which radically lowers the barriers to entry into doing those kinds of activities. That has always been there, but the consensus has emerged among researchers like me that, over the last year or two, the actual number, sophistication and variety of those services has increased quite dramatically. To be honest, if we were to really try to genuinely start increasing the cost and penalties for the actors that do that kind of thing, we would have to target that entire industry as participants in it.
Lastly, in pulling apart some of the operations regarding Ukraine, our hunch is that state-backed activities have likely made use of those exact same services. We will see states maybe rolling out capability outside of state, setting up as private companies, and selling those capabilities back into state.
Q
Carl Miller: I have spent 10 years saying the social media companies have not been doing enough on just about every matter of importance that I can possibly think of. They are doing a tremendous amount more now than before, but that has a couple of implications.
First, we have dramatically overfocused on Facebook and Twitter. There are reasons for that, and a lot of them are the fault of researchers like me. We research Facebook because it is big, and Twitter because it is easy to research. If you have a look at the journalistic stories that drive the awareness and debate, they are very often furnished by exposés and revelations about those two platforms.
If I were to point to one part of the internet that I am genuinely afraid about, it would be Wikipedia. If I were an information operation officer, I would have no idea why I was mucking around with Twitter. In Wikipedia, we have an open platform that is protected and serviced by an open community of people who can freely join. If I were a state, I would employ a phalanx of people to contribute completely legitimate edits to Wikipedia and build up their standing in the community, and then they could run for office within Wikipedia and start using the powers they would gain to change what is on Wikipedia and the policies that govern it.
There are lots of other such open-source communities, many of which, including Wikipedia, inform and drive the decisions that the tech giants make. They have not managed to build the kind of internal defensive teams that a Facebook or a Twitter can to try—often in the shadows and in secret; we do not know enough about what happens—to clear that kind of stuff off at scale.
Q
Sam Armstrong: The problem is that it is so broad, in that there are problems even in this building. The security services will tell you privately that—far beyond Christine Lee, who obviously was named—there are agents of the Chinese state here who are known to the security services and in whom they have taken an active interest.
There are huge problems in academia; China has made no secret of its interest in academia. When the Zhenhua database leak happened a couple of years ago—this was a database that China was using to identify potential targets of intelligence activity—it was no surprise that they had targeted think-tanks and academics very carefully.
The third and final area that China is very, very interested in is anything related to technology, and to the areas that it would like to obtain and that it set out in its “Made in China 2025” programme. Those areas are twofold. The first is universities and open research. There are researchers in the UK right now who are, frankly, working with branches of the Chinese navy to come up with devices to track nuclear submarines around the world. That is as dangerous as it comes to our national security, and that work is going on in the open. I am also aware of British companies that are making engines—or casings for engines in this case—that they have admitted are good for nothing other than for engines in tanks. There are grievous concerns about the whole level.
Where do you start first? Well, that is a choice between those that are dangerously undermining our national security and tech, and those that are dangerously undermining our democracy in accessing this building and in terms of the influence and space in which they are influencing our democratic process.
Q
Carl Miller: One suggestion that I was going to make today was that we have nothing like a comprehensive picture. This is often extremely sporadic project-based research, and it is usually platform-specific, even though we know that, in all likelihood, that is not how the campaigns work—they will work across tonnes of platforms all at once. We will see only certain kinds of campaigns. We are broadly better at seeing broad-based campaigns addressing quite large slices of a population, but again, if we were to put ourselves in the mind of an influence operator, there would be much more targeted campaigns directed towards—if you will—higher-value targets as well.
What we know about scale is that many more countries than those we talk about are doing it. I understand that in the last Indian election, accounts attributable to every single mainstream political party were taken down by Facebook during that campaign. It has emerged as an almost mainstream campaigning tactic.
Q
Louise Edwards: There is a key principle here, which is that you could hope there is a link between increasing the penalty that can be imposed for an offence and therefore disincentivising or deterring people from committing that offence. That seems like an in-principle link that you would want to see made. That is what perhaps the Bill is aimed at creating.
The measures in the Bill—the offences relevant to elections that are in it—are offences that the police will have to investigate and that will then go through the courts for prosecutions, so really key to making the provisions work effectively is to ensure that the police have the capability and capacity to take them forward, investigating them and passing them on to prosecutors when appropriate.
Q
Louise Edwards: Do you mean a potential problem in the sense of a foreign state interference issue?
Yes, foreign interference.
Louise Edwards: Okay. If we were made aware of that, it is likely that it would be from the intelligence community or the police, because they are likely to be the ones that would have that information.
If we think about the sorts of offences that are being considered in the Bill, they are broadly around, if we look at the political finance ones, for example, the people who put money into the political system. In political finance, you have the people who are making donations and the people who are receiving the donations, that being the political parties, campaigners and candidates. For donors—the people putting the money into the system—the regime as it currently stands has a set of criminal offences that broadly sit with law enforcement rather than with the commission.
We, as a civil regulatory body, have a set of sanctioning powers for political parties and campaigners, so if we were to be notified of an instance of foreign interference—money coming into the political system from a foreign state power, say—our first response would be to discuss the matter with law enforcement, which would then decide whether to pursue it.
Q
Louise Edwards: That is how the process would work. It is very common for civil regulators to have a route into law enforcement for anything that is a criminal matter. In fact, a number of offences in electoral law are both civil and criminal, so even now, before the Bill goes through, we would hand anything involving a foreign state power over to law enforcement to take forward. If the Bill goes through, we will have to hand that over to law enforcement anyway, because the offences listed in it will be investigated only by law enforcement, not by us.
We have a good, established process to notify police forces around the UK if we think that a matter is for them to look at and decide whether to investigate. We have very strong links with police around the UK through which we can do that.
Q
Louise Edwards: The answer to your first question is quite simple: we are not looking at any instances of foreign interference at the moment.
The second question is a very good one. If I may be so bold, I do have an ask. One of the challenges when working with law enforcement is that we do not have effective information-sharing powers. One of the things that the Bill would achieve is to bring the police in particular further into the political finance enforcement regime by making the listed offences matters for them only, rather than for us at all. We need a more effective information-sharing power under which we can just hand evidence straight over to the police, unlike at the moment. Currently, it is like we have to say to the police, “Can you please ask us for the evidence information that we want to give you?” If we could cut through that with some decent information-sharing powers, it would make the process an awful lot more straightforward.
Q
Professor Ciaran Martin: One sees only the tip of the iceberg when there are major breaches. I will use a well-known example from the United States—a close ally that is perhaps easier to talk about because it does not involve disclosing sensitive things about the UK.
The hybrid operation against the United States in 2015, which the US Government at the time acknowledged formally was undertaken by the People’s Republic of China, involved the extraction of more than 20 million security clearance records from the United States Office of Personnel Management—effectively the civil service department of the US Federal Government. It was the security clearance application forms of everyone who had applied for security clearance from the US Federal Government in the first 14 years of the century. As a dataset, it is incredibly rich. For example, if you are part of a commercial data breach, it is likely to be just your name and email address—possibly a password, although perhaps not even that, and possibly the last four digits of a credit card. If you go through a Government security clearance process, it is everything.
Think of the current politics of the US and China, and think about the established fact that the Chinese Government have this dataset of US Government personnel, with lots of information about them. You can see the strategic impact that that can have. To the best of my knowledge, based on public scholarship and disclosures relating to that incident, it was a largely remote operation, but it did include some activity on the ground. You can see how the sort of legislation we are talking about here might be useful in at least deterring or being able to deal with that.
Q
Professor Ciaran Martin: I would say this, wouldn’t I, but there has been a reasonably decent trajectory of controlling it.
There is a challenge for defenders. If you are attacking—if you are Russia and you have a programme of destabilisation of the UK through these sorts of means—it is all the same programme to you. But if you are defending against it, the defence of the networks of a privately owned critical infrastructure company, such as the energy grid, is one problem, and the protection of sensitive Government networks—diplomatic cables and intelligence services—requires you to do something slightly different.
Disinformation is a different problem again, because historically under our laws, quite rightly, it has not been an offence to make up a lie and put it on the internet. That is different from a cyber-attack. Putting it under a single organisation is really quite hard.
Things were starting to get better around the time of the end of my Government service in 2020, although there is probably some way to go, on the synthesis of operational cohesion—the sharing of information—across these different parts. It is better than it is in quite a lot of other countries—it is less siloed—but I am sure, Ms Lynch, that there is plenty more that could be done to improve it.
Q
Professor Ciaran Martin: A lot of countries have struggled with it, and it goes beyond just legislation, if I am honest. In terms of things like disinformation, quite interesting were some of the things that the French did in 2017, when there was the Russian attempt to do something and they deliberately sort of cast doubt on the integrity of it. They knew the information was being, in effect, data dumped, but they are believed to have done some alterations so as to cast doubt on the authenticity of the whole thing.
In terms of civic society and discourse, in advance of the 2020 election the Washington Post editorial board did something really interesting. Although it did not come to pass in the way that it did in 2016, they issued a proactive statement to say that if they received very sensitive political information but from a suspect source that was likely to be a foreign intelligence service, they would treat it differently from, say, a leak from within the United States—they might sort of print it differently. There is a discussion about how we handle the outcomes of disinformation, on the assumption that it might happen. That is one idea.
On the other hand, on the duties to protect within Government, for example, we are not always very good at gradations of harm. When I started in the civil service at the end of the last century there was still this approach that any leak of any data was potentially quite serious. These days, there is far too much information to take that approach—things are going to leak all the time. We need to focus on an understanding of harm caused and the duty to protect the most sensitive information.
Q
Professor Ciaran Martin: It is for your detailed scrutiny to work out whether you think that activity that is clearly on behalf of a hostile state is adequately deterrable and punishable by this Bill. It is quite clear, from both my previous job and discussions and concerns in academia, that it is a target sector—of course it is—for hostile foreign powers, particularly China.
I have to say that even before I went to work for a university I thought it was a very, very hard thing to leave to universities to police. I am not a legal expert, so I do not know how this is going to work on the ground, but the question is: does this Bill provide a sufficient legislative framework to deter some of the actions? There is plenty in the Bill that says that damaging foreign intelligence activity in this country is unlawful, and that would obviously include the academic sector. Whether that sufficiently captures activity is an interesting question.
I think it does help, but it is probably quite tricky to specify, if you like, academic institutions as distinct from general malevolent activity in whatever the sector may be. It is a question worth asking, though, because the sector that I work in now is clearly of significant interest to hostile intelligence services in all sorts of different ways, including in respect of people and individual areas of research. That is one of the key threats that legislation like this is designed to counter.
Q
Professor Penney Lewis: I am afraid that I will be less happy about that question. The Law Commission was asked to look at the Official Secrets Act. The project’s terms of reference focused on official Government data, so we have not looked at those matters. There are a number of matters contained in the Bill that were well outside the scope of our project, and I am afraid that we just cannot comment on them.
Q
Dr Nicholas Hoggard: Yes, I think we are. One of our concerns about the existing offences in the 1911 Act was that the existing prohibited places—though extensive; it is an extensive and complicated piece of drafting—have a strong military focus, and they do not necessarily reflect the way that critical national infrastructure, for example, or sensitive information is held by the Government.
There are some powers for the Secretary of State that exist under the 1911 Official Secrets Act, but they are quite restricted. What is good to see about the powers under this Bill is they are quite principled powers. The basis on which the Secretary of State can define something as a protected place is much more transparent. There are just three limbs that are easy to understand. That basis for affording the Secretary of the State the power is much more useful. It is more transparent, but it also enables us to capture within the offence places where there is actually a real risk of harm arising from hostile state activity.
On that front, I would say the power is good in so much as it aligns with the spirit of our recommendation. The fact that there will be parliamentary oversight of this process is important. It was a fundamental feature of our recommendations, and the negative resolution procedure is an important part of that process. The Secretary of State’s powers are more effective than is permitted under the current law, but also there is sufficient oversight.
Q
Dr Nicholas Hoggard: I do not think so. We gave some consideration to the differences throughout the project in many different parts of legislation between, say, national security and safety, and interests of the state. There is a risk that one ends up swimming in a sea of semantic exercises and trying to work out what the differences and permutations might be. The requirement to consider what might be necessary to designate a prohibited place in the context of the safety or interests of the state is an important power. I do not think it affords unlimited sweeping power to designate anything.
I think safety or interests of the state still make up a relatively confined subset of consideration. It does not enable somebody to start thinking about, in very broad terms, what might be necessary. I suppose the concern, which was raised by Government at the time and some of the stakeholders, was that if you frame these considerations in the context of national security alone, that might unnecessarily narrow the inquiry. Our position is that safety or interest of the state is consistent with a lot of the wording that already exists within the Official Secrets Act, it is consistent with the wording in some of the Bill and it avoids what might risk being an unduly narrow focus on national security.
Q
Professor Penney Lewis: The espionage offences here really do not fall into that category. The kinds of offences that you are talking about are the ones currently in the Official Secrets Act 1989 that are about unauthorised disclosure, where there is legitimate concern about information that is embarrassing. Indeed, we recommended a mechanism for authorised disclosures to an independent statutory commissioner, which would have appropriate investigatory powers to look into, for example, disclosures that might be embarrassing to the Government.
However, in relation to these offences, they have with them conditions that relate to the purpose of the person committing the offence that take them outside of someone who is leaking information, whether to embarrass the Government or not, and focus them squarely on someone who is acting to help a foreign power. I think we are in a slightly different realm here: the realm of espionage and not the realm of leaks.
Q
Professor Penney Lewis: Sadly, no. That was not within the scope of our project. It really exceeds the focus of our project on official Government data, so we did not make any recommendations in relation to those kinds of powers and we do not have a view.
Q
Rich Owen: We think the solicitors’ profession should be subjected to the scheme in just the same way as any other, although we would like an exception on grounds of legal professional privilege. This is an ancient common-law right going back 400 years or more. It is also regarded as a human right and as a corollary of everyone’s right to receive legal advice and assistance and we feel it plays a crucial role in the proper administration of justice.
To be clear on what we mean by legal professional privilege, it is communication between a client and lawyer whose dominant purpose is to seek legal advice, or a communication between a client and lawyer in anticipation of pending or actual litigation. We therefore think that if there is a foreign influence registration scheme without legal professional privilege, then solicitors acting for foreign states or foreign state-related actors, such as companies controlled by or influenced by foreign states, would have to disclose documents. We think that profoundly compromises the rule of law and the fairness of trials, and will affect the relationship between client and lawyer.
I think it is easy to forget that legal professional privilege is not a privilege for solicitors or lawyers; it is for the client. Of course, clients want to be open with their lawyers when they are seeking advice, and we think this scheme would inhibit that openness. Of course, very often, the reason why they want to be open with their lawyers is that they want to know how to comply with the law, rather than breach it. That is why an exemption is needed in any such scheme.
Q
Professor Penney Lewis: I am sorry but I am going to be very boring again. The offence in clause 3 is not the implementation of one of our recommendations. It is one of the offences that was outside the scope of our project. The main espionage offences that are in the existing Official Secrets Act, which implement our recommendations, are in clauses 1 and 4 of the Bill.
Dr Nicholas Hoggard: I will add to that without going outside our own remit, but thinking more broadly about the distinction between UK interests and Government interests. To re-emphasise a point that Penney made earlier, the essence of espionage offences lies in that purpose prejudicial. That is why we see in those offences that have the purpose prejudicial element—where your purpose is prejudicial to the safety or interests of the United Kingdom—that the sentence is so much greater.
The mens rea—the fault element—of those criminal offences lies in that purpose prejudicial. You need not only your purpose but to have known, or ought to have known, that your purpose was prejudicial to the safety or interests of the UK. Also, you must have known, or ought to have known, that you were acting to benefit a foreign power on behalf of a foreign power. Taken together, it is that essence that makes those offences substantively different from the sort of behaviours that might embarrass a Government—or a Government Minister. That sort of thing often falls for consideration within unauthorised disclosure offences, but it is not really the meat of an offence focused on the active interference with the proper safety or interests of a state.
Regularly throughout the project we met with a number of the UK intelligence community in Cobra with the Government security group. The evidence we heard of the nature of hostile state activity does not really have a bearing on the sort of material that sometimes gets disclosed that might embarrass Government Ministers. They are two quite different creatures.
Q
Professor Penney Lewis: Maybe I will start with the high level and then Nick can come in with a bit more detail. I should preface my answer with a slight caveat. This project started in 2015. Nick joined the Law Commission in February 2019 and I joined in January 2020, so while we were heavily involved in the final report, neither of us were involved in drafting the consultation paper or in the consultation period, which happened in 2017. None the less, we have read the consultation responses, and I can also talk slightly more generally about how we go about doing a consultation.
We were asked to take on this project. The way we work is that we undertake a pre-consultation investigative phase where we talk to stakeholders. That involved Government stakeholders, including Government security stakeholders. We talked to a lot of academics who work in this field. We talked to the media, because obviously they were particularly interested in the 1989 Act, and various organisations that are interested in freedom of expression and open government. We then drafted a consultation paper, which contained provisional proposals for reform. We put those out to public consultation. We had a three-month consultation period, and we had a number of consultation events during that. At the same time, we are continuing to talk to Government security colleagues, as Nick mentioned.
We eventually came to an agreement with Government security colleagues about how they would brief us about the details of the threat facing us without us then being in a position where we would have to say in our report, “Well, we have heard all this secret evidence. We can’t tell you what it is, but trust us that these are the recommendations we think will safeguard the security and interests of the UK”, and without also putting the security and interests of the UK at risk. We agreed a confidential briefing process that involved Nick and me. We then also agreed the disclosure by Government of hypothetical examples that they had drafted to represent the real threats that they told us about confidentially and securely.
Throughout the report, there are hypothetical vignettes that illustrate particular risks. Those are the Government and intelligence services’ creatures, but they were the way in which we were able to reflect the reality of the threat. We then considered the consultation responses and the information we had had from the Government security group. We actually changed a number of things we had said in our consultation paper, so in between the provisional proposals and the recommendations there are a number of significant differences, particularly in relation to the 1989 Act. We then published a report in 2020, which contained our final recommendations for reform.
Dr Nicholas Hoggard: I will go into some specifics of what we learned, which is generously open-ended. What Penney says is correct; there were a number of changes that followed the consultation paper, come the final report. One of the major reasons for that was our engagement more substantively with confidential material and representatives from the UK intelligence community—UKIC—and across a number of Departments. It became increasingly clear to us that the scale of the threat was of an order of magnitude that, even in relatively recent integrated reviews, had not really been reflected. That scale really comes from the cyber-threat. I do not want to repeat what far more sophisticated witnesses said earlier in respect of that, but it also became increasingly clear to us that the way in which very capable state actors were wielding that cyber-threat meant that certain of the original provisions we had made needed to be reconsidered.
One example of that would be the extraterritoriality provisions, both in relation to the espionage offences and the unauthorised disclosure offences. The nature of the way in which cyber-information is held—of course, cyber-information now basically means all information—has changed. The existing offences under the 1911 Act and its ancillary Acts are now almost quaint in the way that they perceive espionage as something that happens on our territory. Of course, that is simply not the case anymore. These extraterritoriality provisions, though relatively unusual for criminal offences, are none the less vital if we are to capture the sort of behaviour that we see now. I think the process we went through in engaging with UKIC was actually vital for the understanding of, and background to, some of the recommendations that we made.
Q
Poppy Wood: Obviously, you have heard from much greater experts than me about hack-and-leak operations et cetera, and I refer you to their remarks about that. In terms of co-ordinated disinformation campaigns, as I said we have seen that in the US election, with really targeted approaches to particular groups that people wanted to divide. When I mentioned that the US Senate said that African-American electors were being targeted, it was clear that the Russians wanted to stir up tensions within that group and between that group and white police. They would really push Ku Klux Klan narratives, false images and all sorts to make sure that those groups were infighting. I would absolutely expect to see that here as well.
Political ads are also a really big issue. I cannot work out whether they are dealt with in the Bill, but they are certainly not dealt with in the Online Safety Bill. The Cabinet Office seems to own the political ads regime, but we are seeing shell companies buying these ads purely to stoke division and tension, and we would expect to see that again. One of the problems with not having a grip of the issue, particularly as we could go into an election period in the UK at any point, is that we need someone to comprehensively pull this all together.
The Russians and the Iranians often leave quite a lot of fingerprints on their work, sometimes intentionally. I know that Ken McCallum, who is director general of MI5, and the FBI discussed the threat from China yesterday. They did not mention disinformation, which I thought was interesting, but the Chinese have historically been much better at not leaving their fingerprints on things, so I cannot really speak to some of their activity. However, we have seen it time and time again.
It is probably best not to talk about the Brexit referendum, but we all know what happened there with the engagement from foreign actors. We should not be surprised to see disinformation. We are vulnerable in the UK because of our role in supporting Ukraine, and we have to pull it all together. If the Online Safety Bill, combined with the National Security Bill, does not do so, I do not know what will.
Q
Poppy Wood: We have to be careful not to try to define disinformation. There is some language in the Bill about misrepresentation, and the idea of intentionally misrepresenting is important. We will never get a grip on exactly what disinformation is, because it is a shapeshifter.
On the first part of your question, it is about the system of amplifying and the ease with which people with malicious intent can manipulate systems by creating fake accounts, not verifying IDs and exploiting the recommender algorithms so that they hook you with one piece of content. We see this time and time again. One piece of bad content is not the problem, but they hook you on it, which then leads you down a rabbit hole to something much darker and more radical. It does not even have to be radical; it can be the sort of stuff that we were talking about with the Scotland referendum. It can be innocuous, such as stories about what the royal family are doing. It is about sowing seeds and exploiting cognitive dissonance, which bad actors are very good at and which social media is absolutely weaponised to make the most of, because of the pace and amplification of the content.
The Online Safety Bill goes part of the way there; it is imperfect, partly because it is so hard to define disinformation. There is very little in the Online Safety Bill on disinformation. There is an advisory committee that is years down the road. It is ironic that the National Security Bill is about trying to rein in certain types of transparency. Transparency is a really big part of all this, so it is about trying to find out who is behind things and what the data patterns really look like, and building in researchers. I think that was something Ken McCallum said last year. A holistic approach is a cross-Government approach, but it also involves industry, civil society, journalists and researchers. Everyone has to focus on this. Both Bills could go further on systems and, as I say, the co-ordinated inauthentic behaviour language just is not there either.
Q
Poppy Wood: That is a brilliant idea. It goes back to the point about grip. We are seeing really good work being done by the Home Department and the Department for Digital, Culture, Media and Sport. I think the DCMS counter-disinformation unit is an important tool, but it is very small, as is DCMS, and it is lacking the transparency that such interventions require. It should probably be a body like the Intelligence and Security Committee—some kind of cross-party body, quasi-independent of Government, thinking about the issues, with input from expertise in the relevant services and relevant Departments. I know that the Home Department and DCMS work together closely on this, and I think the Cabinet Office also has a role to play. Instinctively, I feel that something like the ISC would be the best place for it, but I am sure that is to be worked out.
One of the issues with a lot of this stuff is the role of the Executive, and making sure that the body is that far removed from political interference.
Q
Poppy Wood: Absolutely. If you are suggesting that they respond to PR crises, I would agree with you on that one. Of course, this about brands. We have seen with revelations from Frances Haugen that Facebook is not understaffed but just not focusing them in the right direction on this stuff. There are only handfuls of people focusing on co-ordinated disinformation for the whole world within these big technology companies. It should be dozens, especially if they are hiring 10,000 engineers for the metaverse in Europe. They can put some of them on elections and tracking. They say that they go far, but they could go much further. When there is pressure on them, they respond, and so far that pressure has been PR because there has not been regulation.
Last but not least, we will now hear from Dr Nicholas Hoggard, lead lawyer for—I am so sorry; it is that time of day and the lack of coffee. [Laughter.] I should have confiscated my colleague’s coffee and had it for myself! Apologies; we are going to hear from Dan Dolan, the director of policy and advocacy at Reprieve. We have until 4.40 pm for the session. Could you introduce yourself for the record, Mr Dolan?
Dan Dolan: Thank you very much. My name is Dan Dolan, and I am the director of policy and advocacy at Reprieve, a legal action charity that seeks to uphold the rule of law and human rights around the word. Over the past 20 years, Reprieve has provided legal and investigative support to hundreds of prisoners on death row, the families of innocents killed in drone strikes, victims of torture and extraordinary rendition, and scores of prisoners in Guantanamo Bay. Thank you for the opportunity to give evidence.
Q
Dan Dolan: Absolutely. I should start by saying that we absolutely recognise that the country’s intelligence agencies do a difficult and often dangerous job to keep us safe, and we give our evidence in recognition of that. We think clause 23 is much more likely to protect Ministers and senior officials from criminal liability than anyone in the midst of an operation overseas.
The reason why we say that is because there is already a regime, under the Intelligence Services Act 1994, under which acts that could constitute a criminal offence overseas would be authorised by a Minister if they are in the furtherance of the agencies’ duties. That is well recognised. The Minister who took that Act through described offences such as bugging, bribery and burglary, which you can imagine an officer of the intelligence agencies may need to do overseas to keep the UK safe. That regime already exists in law, and it allows for authorisation of potentially criminal acts overseas.
Clause 23 disapplies provisions of the separate Serious Crime Act 2007 relating to encouraging or assisting the commission of a crime—specifically, schedule 4, which relates to extra-territoriality, meaning crimes that would be encouraged in the UK but committed overseas. There is already a regime that protects officers of the UK who are involved in operations overseas and do things that may be criminal by giving them insulation from criminal liability.
Clause 23 insulates people from criminal liability for acts undertaken in the UK to encourage or assist offences overseas. Realistically, we are talking about conduct that might take place, for example, behind a desk in Whitehall, but would ultimately result in what would be a criminal offence overseas. There is an existing legal regime to cover offences of those who undertake them outside the country; this is about actions taken within the country, if that makes sense.
Q
Dan Dolan: Yes, it would be. Effectively, clause 23 looks a lot like an effort to protect Ministers from criminal liability for actions that they encourage or assist in the UK that could constitute a crime overseas. This is not a hypothetical idea. There have been instances that were extensively documented in the Intelligence and Security Committee’s detainee report, where UK Ministers and officials authorised intelligence sharing that led to appalling torture and mistreatment of people overseas. The ISC has documented that extensively.
A good example is the case of Abdul Hakim Belhaj and his wife Fatima Boudchar, who in 2004 were rendered to Libya where they faced appalling mistreatment, both in Libya and in the course of their rendition by the US CIA. Subsequently, it emerged that the UK Government had provided the tip-off to enable that extraordinary rendition. The couple ultimately received an apology from Theresa May’s Government, recognising that the UK had shared intelligence that had contributed to the couple’s absolutely appalling mistreatment.
That is not an isolated case. During the war on terror era, there were many instances where the UK shared intelligence that contributed to torture. That has been recognised. The then Prime Minister recognised that in her response to the ISC’s report, and pledged never to do that again. What this clause would do is effectively to insulate Ministers from criminal responsibility for those kinds of offences.
Q
Dan Dolan: That touches, importantly, on the point about whether clause 23 would protect officers acting overseas in the UK’s national interest, or whether it would protect politicians and officials taking actions in Whitehall, like sharing intelligence. In response to your question, I want to read a quote given by MI6 to the ISC’s detainee inquiry—quoted in the report—with respect to section 7 authorisations under the 1994 Act. The Secret Intelligence Service said that, in the cases they were talking about,
“we are … always going to go for a section 7 authorisation. Because, you know, why should my officers carry the risks on behalf of the Government personally? Why should they? So, you know, as we have already discussed, serious risk is…a subjective judgement. So we will go for belt and braces on this.”
I think that “belt and braces” is the important phrase to think about, because that is MI6 describing the separate 1994 section 7 authorisations as a belt-and-braces approach to protecting officers from criminal liability. That regime exists already, under the Intelligence Services Act 1994, so why do we need clause 23? It relates to actions taking place here in the UK—not people operating abroad on operations, but people acting in the UK—so what kind of actions are we talking about? The area that is not covered under existing legislation is the authorisation of acts or the sharing of intelligence that happens here in England or Wales.
We are therefore not of the opinion that the clause would offer additional protection over and above the 1994 Act. The clause covers a different category of offence, and that would be the encouragement or assistance of a crime from within the United Kingdom. We are talking about Ministers and officials approving things here, not people on operations overseas.
My final point—I know this was made on Second Reading—is that the Serious Crime Act 2015, sections of which would be disapplied by clause 23, already includes, in section 50, a reasonableness defence. Even if you imagine a case in which the Government argue that a Minister needs to order something that might be a crime overseas in the national interest—they would have to make a strong case for that—they would have a legal defence under reasonableness to say that their action was reasonable under section 50 of the Serious Crime Act. What we are talking about here is clause 23 disapplying legislation that would hold Ministers to account were they to encourage or assist a crime overseas.
Q
Dan Dolan: I am sorry to be unhelpful, but Reprieve’s evidence largely covers the provisions under clauses 23 and 57 to 61. I can pass it on to somebody.