John Hayes
Main Page: John Hayes (Conservative - South Holland and The Deepings)Department Debates - View all John Hayes's debates with the Home Office
(8 years, 9 months ago)
Commons ChamberI am not quite sure about the hon. Gentleman’s point because no one is suggesting that we would not want to access such information. My point is that, from a technical perspective, separating contact data from content data is much more difficult than the Home Secretary suggests. That means that we need more honesty about the powers we are proposing that our police and investigatory authorities should have.
For example, if someone can get information about my use of an electricity meter, they might want to look at the contact between me and that meter. If I were accessing it a lot, they might wonder what I was doing in my home that required so much heat. Drug enforcement agencies might look at such contact patterns, and inevitably that brings with it content about what someone is doing. That does not mean that we do not need methods to access that information; it means that one thing missing from this debate to date is an honesty about the technological complications that will come with this Bill, and we must address those concerns.
Perhaps I can reassure the hon. Lady. The Home Secretary emphasised that we continue to have discussions with the providers for exactly the reasons she has described. It is essential that they can do what we oblige them to do, and we are determined to put those mechanisms in place. The right hon. Member for Sheffield, Hallam (Mr Clegg) gave the game away because he said that repeatedly, over time, security services and the police have requested the ability to carry out such work, for the simple reason that they need to do that in order to protect us all.
I am grateful to the Minister for acknowledging that the idea that one can always separate contact from content data is not viable. We need a much more honest debate about who will be able to access that information and under what circumstances. I hope that that will be discussed in Committee, because as the Bill is currently drafted, we cannot justify to our constituents the fact that their content data may be accessed—however inadvertently—because of the nature of technology. We must address that.
Let me move on to the question of honesty about encryption. A lot of technology companies and the technology industry in our economy are concerned about how the Bill may affect encryption. The Bill gives the Secretary of State the power to serve technical capability notices, and to require companies to remove their electronic protection. Again, it is not yet clear what that means, what protection exists in terms of encryption technologies, and what that might mean for other consumers of services. That is a real concern for many.
We know that encryption is a vital part of security for services. Constituents will mention Ashley Madison and TalkTalk, or they may be aware of hospitals that did not have security measures in place and had their systems hacked. We are talking about whether the Government will require those companies to bring in those backdoor opportunities for accessing information. We need much stronger scrutiny of the Bill and of what the encryption process means, not least because removing some of the encryption requirements would create a security risk. The Government are making that choice in return for the ability to do some of the things they are talking about doing, and we need to be honest with the public about that.
There is also a question relating to the security of data. In 2009, the Conservatives made great play of turning back the “surveillance state”, but it seems to me that they are seeking to privatise the databases they told us they did not want to see developed. The Bill asks companies to hold the data, but the security of that data is not clear. We know that having to hold everybody’s internet records for a whole year will be a honeypot to hackers. That will be a massive security risk unless security processes are in place—even if data are held by private companies. The fact that the Government have not clarified who will pay for that security, what a reasonable cost is and how to resolve disputes about what a reasonable cost will be, leaves open a gap that not just hackers but consumers will be deeply interested in. The Government must be much clearer about how they will make sure they protect consumers from having their information hacked as a result of requiring companies to gather data.
There are similar concerns about bulk interference and encryption data, but my central point is this: there are questions about the proportionality and the judicial extent of the Bill and working overseas, but there are also concerns about technology. We have to be able to answer questions on all three issues to be satisfied that the Bill is appropriate for the 21st century. I hope those issues will be addressed by amendments in Committee. I believe that many members of the Science and Technology Committee share concerns about whether our technology industry is comfortable with the proposed legislation.
For the Government to fail to act on any one of those questions will compromise the others. If we do not get the technology right and do not work with our overseas partners, we will not keep anybody safe. We could, in fact, create more problems. I hope Ministers will listen to those concerns and I hope they will recognise the spirit of what they said in 2009 about the importance of rolling back the surveillance state. I also hope they will be digital natives, not digital refugees. I will not support the Bill on Third Reading if they do not change it.