Investigatory Powers (Amendment)Bill [Lords] Debate
Full Debate: Read Full DebateJeremy Wright
Main Page: Jeremy Wright (Conservative - Kenilworth and Southam)Department Debates - View all Jeremy Wright's debates with the Home Office
(8 months, 3 weeks ago)
Commons ChamberI would not have thought that the right hon. Gentleman could be seen as hardline on anything, pussycat that he normally is. He portrays himself as hardline, but I know from working with him very closely on the ISC that he cares about this information. He has referred to the Investigatory Powers Act as his baby. It has grown up a little bit and is now being brought into the modern age. I should put on the record again his dedication and work as a Minister to bring in the original Act, which was groundbreaking for this country. It has stood the test of time. We know that we will be back here, so the measures will change. I have no problem with that. It is just that, as technology changes, things will change.
May I finish by thanking the members of our security services for the work that they do? I also thank them for the way that they have engaged with the ISC on the Bill. Hopefully, with the changes that have been brought forward, we can reach agreement on the Bill and our security services will have the ability to face up to the challenge that is coming forward: the ever growing use of larger datasets, and the more sophisticated way in which state actors and non-state actors have access to technology. That will enable the security services to do what we all want to do, which is to keep individual citizens and, just as importantly, our democracy safe.
It is a pleasure to follow the right hon. Member for North Durham (Mr Jones), who is a fellow member of the Intelligence and Security Committee. As he mentioned, we work collegiately, and one of the many advantages of that collegiate approach is that I do not need to repeat everything that he has just said; I need only say that I agree with him. I realise that that is a radical approach in this place, but I will not say it all again. I will simply say that I agree with him; he is absolutely right. His point is that, when it comes to the consideration of warrants to authorise the interception of, or interference with, the communications of Members of Parliament, there is huge significance to such a decision. That is the reason the Prime Minister has had to be involved in it, and it is the reason we should not widen too far the pool of deputies who, for sensible and understandable reasons, as the right hon. Member explained, we now need to provide for.
That is why I hope that the next concession that the Minister will make will relate to the pool of deputies, and that in the language the ISC suggests that he adopts we ensure that it is a controlled group, based on either current responsibilities or previous experience. I am sure that we can discuss with him any changes to the wording that he thinks are necessary, but as the right hon. Member for North Durham explained, the current provisions allow for only one restriction: that the member of the Cabinet in question should receive a briefing on how to conduct their warrantry responsibilities. We do not think that that is restrictive enough, given the significance of this decision-making process. I am grateful to the Minister for what he has already said about notification of the Prime Minister in the process. That is a sensible change, which I welcome.
It is a pleasure to follow the right hon. and learned Member for Kenilworth and Southam (Sir Jeremy Wright), and to take part in what has already been a very thoughtful debate. We also had a very constructive Committee stage, so the amendments in my name and that of my hon. Friend the Member for Midlothian (Owen Thompson) are designed first to pose some further questions to the Minister, particularly in relation to the offence of unlawfully obtaining communications data, which we discussed in Committee. Secondly, and perhaps more significantly, we again seek to remedy some of the serious concerns that we continue to have about the Bill extending powers beyond what we regard as necessary and proportionate, and the absence of sufficient judicial oversight where such judicial oversight is really required.
First, and briefly, our amendment 13 builds on the discussion in Committee about the offence created by the 2016 Act that will be amended by clause 12. We argued in Committee that the so-called example of “lawful authority” for obtaining communications data in proposed new subsection (3A)(e) of the 2016 Act was an extension of the power rather than a restatement of it. The Minister countered that he was actually seeking only to put existing codes of practice into statute. There is obviously a line of argument that codes of practice do not always necessarily comply with the law, but having gone away to look at the codes of practice it seems that there is a difference between what is currently in the codes of practice and what is currently in the Bill. The wording of amendment 13 reflects the code; the wording of proposed new paragraph (e) seems potentially broader than that. The question for the Minister is why the wording is so different, and whether he can assure us that it is not meant to be interpreted any more broadly than the existing exception in the codes of practice.
The remaining amendments set out our more fundamental concerns with the Bill. In particular, there are three areas where we question the strength of the oversight regime: in relation to bulk personal datasets, internet connection records, and Government notices to companies under clause 21. We regard advanced judicial oversight as important and reassuring not just for members of the public but for those who are exercising the powers. Clause 2 on bulk personal datasets is the first example of where we believe that oversight is being unnecessarily watered down. We are told that the system of advanced judicial authorisation is causing delays and stifling operational flexibility, but to us the answer is to fix those logjams in the oversight system, not to water that system of oversight down. The case for a lighter-touch system of category authorisations has not been made to our satisfaction. That is why we tabled amendment 7, which would take out clause 2.
At the very minimum, why not strengthen the ex post facto oversight beyond annual reviews and reports? Amendment 11 highlights one way to do that, so that the judicial commissioners are reviewing whether what is being done under category authorisations is lawful, cancelling authorisations where that is not found to be the case, and ensuring therefore that we have a clear picture of how the new powers are being used. I noted with interest what the Minister said about the role of IPCO, which we absolutely regard as helpful. However, it would be insufficient, and certainly less robust than our proposal in amendment 11.
As the hon. Gentleman set out, amendment 11 would strengthen the hand of the judicial commissioner, and I have some sympathy with that. My concern is that his proposed new subsection (4) says:
“The Judicial Commissioner, on reviewing any notifications received under subsection (2), must cancel the category authorisation if the Commissioner considers that section 226A no longer applies to any dataset that falls within the category of datasets”.
I wonder why he thinks that the wrongful inclusion of one individual dataset in the category would invalidate the category as a whole, because that seems to me to be the effect of what that part of his amendment would do.
I am grateful to the right hon. and learned Member for that intervention. He possibly makes a fair point. If I recall correctly, the wording of that proposed new subsection was borrowed from another part of the Bill. I might be wrong about that; I need to go away and have a look. I suppose the argument would simply be that if a category authorisation is to any extent being abused, it is right that the category authorisation is cancelled, and if somebody wants to come back with something similar, they can do so. However, I am not without sympathy to his point. I take it in the spirit in which it was intended, and will reflect upon it.
Let me move on from the question of oversight in relation to bulk personal datasets to the issue of “no” or “low” expectations of privacy in relation to such datasets, and how that test will operate in practice. Throughout the passage of the Bill, we have been repeatedly given some very easy examples of so-called “low/no” bulk personal datasets. For example, we have spoken about phone books, academic papers, public and official records, and other data that many people would have access to routinely. It was helpful that, in relation to what is now our amendment 9, the Minister said in Committee that Facebook posts and CCTV pictures would be considered sensitive and would not be caught by these provisions. It is very helpful to have that on the record.
None the less, it would to be useful to have greater precision in the Bill. Amendment 8 would take out reference to “low” expectations of privacy altogether, so that only “no” expectations would be covered by the new provisions. To us, “low” is such a difficult question to adjudicate—low expectations in particular. That is especially the case when we are dealing with datasets of potentially huge numbers of very different people with very different reasons for having very different expectations of privacy, particularly in how that would relate to different organisations. We cannot think of a single dataset example provided during the passage of the Bill that would not be adequately covered by “no reasonable expectation of privacy”. If that is the case, if that is really all the Bill will be used for, why not just accept the amendment? It would be useful to have an understanding of what “low” expectation of privacy is designed to cover.
Amendment 15 brings us to internet connection records. In 2016, the Government emphasised the very targeted nature of the ICR powers, but here we are being asked to incrementally expand those powers so that they are slightly less targeted. To us, that means that the independent assessment of proportionality and necessity is pivotal, so we think that it should be subject to advance judicial oversight. Even the explanatory notes accept that there are difficulties in formulating sufficiently targeted queries, noting that
“such queries are highly susceptible to imprecise construction”
and that “additional safeguards” are required.
For us, the required additional safeguard is judicial oversight. We were led to believe that the powers would be used only exceptionally, so it is hard to see how a judicial authorisation requirement would cause any significant problem. The Government argue that there may be times when warrants are needed on an emergency basis, but that could be dealt with by having emergency processes or very limited exceptions—it is not an argument against a general rule of advance judicial oversight.
I turn to the impact on technology companies of the Bill’s various provisions relating to notices—although the right hon. and learned Member for Kenilworth and Southam probably made more sensible and eloquent points than those I am about to make. The written evidence that the Bill Committee received shows that tech companies, academics and human rights and privacy campaigners are still a million miles away from the Government in their understanding of how the provisions will work and of the impact that they will have on products and services. Apple wrote to the Committee that these provisions
“would dramatically disrupt the global market for security technologies, putting users in the UK and around the world at greater risk.”
It is frustrating and disappointing that we did not have the opportunity to explore those differences in detail through witness testimony. The Minister did his best to reassure us, and he made some important arguments about extraterritoriality and conflicts of laws, but given the serious concerns that have been raised, it is worth again asking the Minister to explain why those witnesses are wrong and he is correct. In particular, the Government’s explanation that the new pre-notification requirement in clause 21 is
“not intended as an approval mechanism”
has not dampened concerns. Apple argued in evidence to the Committee that
“Once a company is compelled to provide notice of a new security technology to the SoS, the SoS can immediately seek a Technical Capability Notice to block the technology.”
Other provisions in the Bill around maintaining the status quo during notice review periods work in tandem with these provisions to deliver what Apple and others see as a de facto block on adoption of new technology—that is the risk that they are highlighting, and it is what the Minister must address in his speech. It is why we have tabled amendments to take out some of those provisions. It is also why we have tabled amendment 19: an alternative that would introduce advance judicial oversight and, hopefully, a degree of reassurance that the new notification notice regime under clause 21 will not deliver the unintended effects that many fear.
Finally, I put on the record our support for the amendments tabled by members of the Intelligence and Security Committee, whose work on the Bill has been as helpful as ever—I congratulate them on their one-and-a-half victories so far. As is often the case when it comes to Bills of this type, we also put on record our support for several of the amendments tabled by the right hon. Member for Haltemprice and Howden (Sir David Davis), some of which are similar to amendments that we tabled in Committee, while others are similar to amendments that we supported during the passage of other Bills, including the National Security Act 2023. In particular, new clause 3, which is designed to place an absolute prohibition on the UK sharing intelligence with foreign Governments where there is a real risk of torture or cruel, inhuman or degrading treatment, is long overdue and would close a serious gap in the law. For us, that is self-evidently the right thing to do.
Right hon. and hon. Members will be delighted to hear that, having answered colleagues as we went along, I have only a few short words to conclude. [Hon. Members: “Hear, hear!”] I know how to keep them happy.
Amendments 3 to 6 to clause 14 concern the restoration of specified public authorities’ general information powers to secure the disclosure of communications data from a telecommunications operator by compulsion. I pay tribute and thanks to my right hon. Friend the Member for South Holland and The Deepings (Sir John Hayes). I hope that Members will have noticed that I have listened carefully to Members across the House, and I believe that this Bill has been pulled together carefully alongside the Intelligence and Security Committee. It is a slight shame I cannot thank the right hon. Member for New Forest East (Sir Julian Lewis) in person, who is sadly at a funeral today. He has played an important role in contributing to and leading the engagement of which I have had the advantage in preparing this Bill.
Let me quickly touch on one or two points. My right hon. and learned Friend the Member for Kenilworth and Southam (Sir Jeremy Wright) spoke about notices. It is important to note that the notices do not block innovation. They do not stop a technical patch or infringe on companies’ ability to update their systems. All they do is make sure that the existing level of access remains while that is being looked at. That is a reasonable element to ensure that the British people are kept safe by the British law enforcement authorities.
I understand what my right hon. Friend is saying, but the practical consequence of issuing such a notice is that the development of the product about which concern has been expressed has to stop. Therefore, the infringement on commercial liberty, in practice, is exactly what I have described, is it not?
If my right hon. and learned Friend will forgive me, I will be able discuss that in a more secure environment, but I can only say, “Not necessarily.” I will be able to describe why that is in a different environment, but I cannot do it here.
The reason for not accepting amendments 22 and 23 —I understand the points made by right hon. and hon. Friends and Members across the House—is that we are talking about a very limited number of people. One Secretary of State is already used to do the initial request. The second person on the triple lock is a judicial commissioner—a judge. The third therefore has to be one of the four Secretaries of State left. Therefore, it is important that we make sure that it is somebody in whom the Prime Minister has confidence. Given that we are about to have a new Government—I hope the new Conservative Government, but still a new one—it is entirely possible that there will be a new Cabinet and that the routine explanation will not be satisfactory. As routine duties do not have legal clarity, we will not use them.