Investigatory Powers Bill (Second sitting) Debate
Full Debate: Read Full DebateJohn Hayes
Main Page: John Hayes (Conservative - South Holland and The Deepings)Department Debates - View all John Hayes's debates with the Home Office
(8 years, 8 months ago)
Public Bill CommitteesQ Do you agree that we cannot compare what is proposed in the Bill with what was proposed in Denmark until you have got an agreed specification with the Home Office?
Mark Hughes: A pamphlet has been issued and we have been in discussion with the Home Office as recently as the last couple of days about this. More clarity is required, but broadly speaking there is a definition in the Bill, there are purposes in the Bill and we understand that there are options technically around it. We have been working that through with them, but yes we would like clarity as soon as we can.
Q Thank you, Mr Hughes, for coming, and thank you also for acknowledging the extent of the consultation with which you have been engaged with the Home Office. As a result of that, you will know that the codes of practice published at the time of the Bill reflect some of the arguments you have advanced previously and clarify some requirements.
Today you emphasised that as we move forward there will be ongoing discussion. How important do you therefore think it is to avoid rigidity by putting more on the face of the Bill rather than including that in codes of practice and in the ongoing discussions you described?
Mark Hughes: It is very important that we have words and definitions on the face of the Bill to deal with the really substantive points as far as this type of legislation is concerned—namely the level of intrusiveness, which is clearly where definitions help. A definition is only really a way of helping to establish the level of intrusiveness of the power that is being put in place.
There are needs to have something. One need, which I have said, is about ensuring that there is clarity around 100% cost recovery, for example. There is definitely a need for that and with 268 pages there is quite a lot in there. However, we also recognise that as technology changes—our world is an ever-changing one as we know, and that is the case specifically in our industry—there is need for flexibility of a discussion point around how consultation happens and how that manifests itself in a legal instrument for us to retain and disclose either content or other types of communication data.
It is a difficult balance to be had. I think there is a lot at the moment in the Bill that is very useful. There are purpose limitations, for example, which are very useful for us, as are, as I said already, the definitions.
The other point is that there does need to be flexibility in future about understanding how the new codes of practice will be formulated based on what was required, and the Bill is clear that the correct oversight is in place. That is a difference from the extant legislation. The consultation process is different from others there have been in the past, and we welcome that.
Q Presumably you also welcome the right to review a technical capability notice and the commitment that there will be further discussion with you before you are obliged to meet obligations.
Mark Hughes: Yes, indeed, and not only that, but there is now on the face of the Bill a right of appeal to the Home Secretary if a notice is issued to us and we disagree with it. That has not existed in the past. In the past, under other legislation, we have had occasion to make representation, but it is much clearer in this Bill than it has been in the past.
Q Under the terms of the Bill, you are being asked to collect a large amount of data, some of which will be quite personal and some private. How confident are you of BT’s capability in terms of maintaining the security of those data from hacking or theft, particularly bearing in mind the fact that other communications service providers have been hacked into? When you consider the rest of the industry more broadly—without naming names—do you think BT is in a stronger position than other CSPs to maintain security against hacking or theft where there might be vulnerabilities elsewhere?
Mark Hughes: The security of any data we hold and retain is clearly a matter that we take extremely seriously. That is of the utmost seriousness for our organisation for any type of data. The type of data that the Bill refers to specifically is, though, perhaps different from other types of data that need to be interfacing the public on a bigger scale, for example. This is not that type of data; it is going to be restricted and allowed to be viewed by only very few individuals who have the correct authority to be able to get to the data when they need to.
The level of security applied to this type of data is clearly factored into the type of data that is being retained, so we have to put very significant security measures around it to ensure that the access is controlled properly and that the data are very secure when stored. That absolutely has to be factored into the cost and the way we operate. It is not something new. We are currently subject to laws and regulations under which we have to make sensitive data available, so we are used to doing it, but that clearly has to be factor in for, for example, some of the new datasets we are potentially going to be asked to retain under the Bill.
That is an internal guarantee that you are giving us. There is nothing in the Bill to say that it would not be accessed, is there?
Richard Berry: Not that I have seen, no.
Q I will be mercifully brief. Given your very wide case experience, and the fact that an overwhelming number of serious crimes are now connected with both the technology and methods of modern media, can you envisage circumstances in which loss of life or severe injury might be prevented through equipment interference?
Chris Farrimond: Absolutely, yes.
Q That is something the Joint Committee recommended and now forms part of the Bill. On internet connection records, can you give us a flavour, also from your case experience, of the kinds of crimes and circumstances in which they might be vital to an investigation and, ultimately, to catching and convicting people involved in serious crime?
Chris Farrimond: Let us just start with the fact that internet connection records are the new comms data; they are the modern equivalent of comms data, the normal itemised billing that we have had for years and years. Criminals are using internet communications even if they do not necessarily realise it—when they send an iMessage, for instance, in an internet communication, rather than a text message. That is happening the whole time, and it is happening right across the population, whether people are law-abiding or criminal, so internet connection records now feature in every type of criminality. They are featuring more in those types of crime where the internet plays a larger part—fraud, for instance. I can talk about child sexual exploitation, where the internet makes it so much easier to share images, so internet connection records would be extremely useful for us in those circumstances.
Simon Grunwell: HMRC’s business model going forward is to put more and more services online to enable taxpayers to do more themselves, a bit like an online bank account. We already have online frauds. We are quite attractive for fraudsters, in the sense that we collect £500 billion a year and we pay out £40 billion in benefits and credits. Comms data helps us directly prevent the loss of £2 billion in revenue. On the ICR point, in particular, we have already had online attacks against us. In one case alone we were able to prevent the loss of £100 million. ICRs can only help us in that regard.
Richard Berry: From a local policing point of view, it is not just about serious crime; it is also about—if I can use this phrase—policing the digital high street. So ICRs could be just as relevant for cases such as domestic abuse, stalking and harassment, to prove a particular case, or to help us deal with what might seem, in isolation, to be a minor issue, but can often be on a path of escalation to homicide or very serious assault.
Q You were just asked about anonymity and the perceived danger to anonymity—for example, in the Crimestoppers scenario—but that would apply if I telephoned Crimestoppers now, wouldn’t it?
Chris Farrimond: It would.
Q That was not really my question. My question was on whether you agree that the individual’s right to privacy justifies the time that is sometimes taken in inputting for a judicial approval.
Mark Astley: I understand the need for respect for privacy, but the necessity and proportionality aspect of every case will be considered, and if it is appropriate to do so, we would need to intrude on that privacy.
Q Obviously, your role is an additional safeguard. There are those who think that the Home Secretary and I are preoccupied with safeguards, checks and balances and the defence of privacy, but I think we have probably got this right. Can you tell me of the number—the frequency—of requests that you would consider to be an abuse of power in respect of applications for information? How often do you come across seedy requests that you would consider to be an abuse of the powers?
Mark Astley: In 2% of inquiries in the past two years, we have had applications rejected or cancelled through the input of our accredited SPOCs.
Q Is that common?
Mark Astley: It is actually going down because of the training and the accreditation that is provided by our staff—the figure has reduced every year—so that people are fully aware, fully trained and fully focused on what is appropriate, what is necessary and what is lawful.
Actually, on this occasion I did not ask you to be brief, but thank you for being brief in the spirit that that was offered.
Q At point 6 of your written evidence you expressed concern that in the draft Bill there were
“a number of clauses which provide exceptions for national security or which exempt the intelligence agencies from key safeguards”.
What is your view of the finalised Bill in relation to that concern?
Jo Cavan: Essentially there has been progress on one of the national security exemptions, which is around the acquisition of communications data to determine journalistic sources. The Government have amended clause 68 to remove the national security intelligence agency exemption. That was because that was picked up by the Intelligence and Security Committee and the Joint Committee.
However, there are still two broad exceptions in the Bill: clauses 54 and 67. One of them is really important, because it is around the independence of designated persons. This area was strengthened as a result of the Digital Rights Ireland case, and that is an area where we still find significant compliance issues within public authorities. Communications data is approved by designated persons—it will become designated senior officers in the Bill—who are from the same public authority. In almost half of the police forces, intelligence agencies and other bodies that we inspected last year, we made recommendations around that area because we were not satisfied with the independence.
The clauses as drafted seem to drive a horse and cart through the independence requirements for designated persons by exempting very broadly national security. The same is the case in the single point of contact provision in clause 67: that appears to exempt in national security cases the SPOC being consulted, and we see the SPOC as a key safeguard in the process. So the fact that the Government have already said that the exemption relating to journalistic sources was broad, and removed it, suggests that the same needs to happen to clauses 54 and 67.
Sir Stanley Burnton: I would just like to add that it is far from obvious that the interests of national security, which is a ground for the grant of a warrant, is itself an exceptional circumstance. It is very difficult to see what the logic behind that formulation is.
Q Good. How often have you encountered a Bill that before its publication in draft had been preceded by three reports, and which was subsequently considered by three Committees of the House before embarking on the normal process of scrutiny? Can you think of another Bill in the last 10 years like that? How many can you list?
Jo Cavan: I am afraid I cannot think of any off the top of my head, but I will say the reviews—
Q You said it had been hurried; that is what I was trying to get at.
Jo Cavan: Yes, absolutely. The reviews were comprehensive in their own right. However, the three reviews that you talk about were specifically focused on certain areas. David Anderson was specifically focused around interception and communications data, so he did not look at equipment interference, for example. Some of the capabilities had not been avowed at that stage, so they are seen for the first time in the Bill. I think it is a challenging timeline, and a number of the witnesses have talked about their concerns.
Q But I just wanted to establish, just to be clear, that in my 20 years I cannot think of a Bill that has had quite such extended scrutiny. I am sure there must be some, but they do not spring to my mind and they clearly do not spring to yours, either.
Jo Cavan: No, that is right.
Q On a second point of fact, you talked about the number of cases in which judicial approval is involved. That is the double lock. The double lock applies where a Minister—the Secretary of State for Northern Ireland, the Foreign Secretary or the Home Secretary—issues a warrant. The double lock applies where one of those people is involved. That is right, is it not?
Jo Cavan: That is right.
Q You would hardly expect the second part of the lock to apply where a Minister is not involved, would you?
Jo Cavan: The figures from last year that were published by all three commissioner bodies show that only about 7,000 out of 290,000 applications actually have judicial approval.
Q On a separate point, it has been said that the judicial commissioner—this is a question for any of you, but I am thinking of the two gentlemen in the middle in particular—will not be sufficiently independent, and that they will be deferential towards the politicians involved. Is that your view? Are they likely to be deferential, or are they likely to act independently?
Lord Judge: I think you should ask the last 10 Secretaries of State whether they had an easy time when judges have had to consider whether they are acting lawfully. You will find, I suspect, that many of them feel fairly scarred by the experience. There is no danger whatever.
Q I have known a number of Home Secretaries, and none of them has suggested that the judiciary is deferential. I take your point. Finally, in terms of the appointment of the judicial commissioners, would the Judicial Appointments Commission be a better place to appoint them, or do you rather like the model we have come up with?
Lord Judge: No, I much prefer the model you have come up with. The Judicial Appointment Commission appoints judges usually from people who have not been judges. This is an appointment system that will work for people who have already been through the process, have acted as judges, have been appointed at whatever level they have eventually ended up, and are then exercising a new function. There is no point whatever in involving the Judicial Appointments Commission, ignoring the fact that it has got far too much to do anyway and not enough people to do the work.
My concern about the appointments is the speed with which all this is going to happen. We are going to have, under clause 233(3), a new investigatory powers commissioner within two months of the Bill becoming an Act. Where is this wonderful individual, male or female, going to come from within two months? The processes of appointments that I have had anything to do with take a very long time. I announced my retirement in November 2011 to be replaced by October 2013, and nobody knew who the next Lord Chief Justice was until the end of July. I am very worried about that. It is a very serious point. It is not a big point, but it is serious.
Q Sir Stanley, in response to Sir Keir’s question, you said that you felt that judges would be compelled to give weight to the person applying. Will judges, considering that it has been signed off by the Home Secretary, feel compelled to give weight to the fact that the Home Secretary has already authorised the warrant?
Sir Stanley Burnton: Well, you give weight to it, but you none the less look at the material to see whether she was entitled to come to the decision she came to.
Q I was not asking about targeted interception, I was asking about the current Home Secretary’s specific avowal of that fact that for many years section 94 of the Telecommunications Act 1984 has been used to collect the phone records of everyone in Britain into a single national database. I am simply interested to know whether either of you gentlemen, as former Home Secretaries, could tell us whether you had authorised that.
Charles Clarke: No, I cannot, for the reasons I have stated.
Lord Reid: You would have to ask the Secretary of State that.
Charles Clarke: I do think that the related point is future-proofing. In an area where technological change is taking place so rapidly—where you have a state of affairs on the balance between security on the one hand and liberty on the other, and where we need to keep the capacity to surveille threats to society—how do we future-proof that? That was the issue I faced with RIPA in 1999-2000, and I think it is the issue that this Committee faces in thinking about this particular piece of legislation too.
Q I have many favourites.
The only question I really want to ask is whether you ever felt that the test of necessity and proportionality was insufficient to allow you to make a judgment of the kind you describe? You have said that you could call for more information and that you could qualify what you had on that basis, but in your judgment, did you ever, at any point, not feel confident to make a judgment on the basis of that prevailing test of necessity and proportionality?
Charles Clarke: For myself, I can recall only one case where I felt that. In that case, I decided not to authorise the warrant that I had been requested to authorise, for exactly the reason you suggested. There was an issue in my mind about whether the proportionality issues had been properly weighed up. I think that the proportionality issues were a constant theme of any of the warrants that were sent. You had to try to make a judgment.
I cannot recall whether there were specific guidelines on this, but when I first became Home Secretary I certainly had a couple of briefing meetings about the issues in general—not about particular warrants—to try to go through some of the principles that applied. I am sure other colleagues did much the same. I do not recall a written-down document that tried to explain the proportionality judgment in general, because obviously in reality you are always making the proportionality judgment in particular cases. My approach was that if I did not feel it was satisfactory, I would not agree the warrant.
Lord Reid: I take it that you are asking, “Were there occasions on which you refused a warrant because you didn’t think it was either proportionate, sufficient or necessary?”
Q Yes. Obviously you know, as you are very familiar with it, that that is the kind of baseline requirement. I presume that the case that was made to you was mindful of that requirement and that, for the most part, you felt it met the requirement. I just wanted confirmation of that.
Lord Reid: To give you a straight answer, yes. When I was Home Secretary, I refused a warrant. On other occasions, I refused to renew a warrant. I cannot remember specific cases in Northern Ireland, but I did it there as well. In the first instance, when a warrant is put to you, you are exercising a degree of judgment. And very often you are exercising a judgment based on other people’s judgment, and their judgment is often based on fragmentary evidence. That is the problem with all intelligence, as we know to our cost in some cases. You exercise a judgment, and that judgment is hopefully exercised diligently on the criteria: “Is this proportionate? Is it necessary? Is it reasonable? What is being asked here?” There were occasions on which the answer was no. Before you said no, the normal process would be to call in the various officials—the people who put the submission to you—if necessary, and to go through it orally and ask them questions. The answer to your question of whether I ever refused a warrant is yes.
Q You have answered the main question I was going to ask, but this is carrying on from that. Times have moved on since your days in the Home Office in terms of technology, with smartphones, et cetera. If you were sat in the Home Office now, would you be looking at introducing this Bill?
Lord Reid: I don’t think it is entirely up to the Home Secretary to introduce it. There are two countervailing pressures. One is the development of cyber, which is something that, having stepped down from the Cabinet, I have voluntarily spent a lot of time working on. By the time you get this Bill through, in whatever form, we will no doubt be faced with artificial intelligence and a whole new era of communication. Yes, it would be necessary to take into account the changes, as I was saying to Ms Cherry earlier, in the world of cyber, and particularly the global nature of communications.
Secondly, there are undoubted pressures from the other end, not just the wish from the intelligence services and the policing side. I don’t think their motives and objectives have changed; what has changed is the world around them. Therefore, to meet the same objectives, they have to employ different methods on the old principles. However, at the same time, I am well aware that there has been widespread—“discussion” is a very light word—controversy about access to people’s information. Sometimes it is a paradox, because people are willing to supply all sorts of information to all sorts of private companies. That information is not only being put in a databank but is being mined, matched, sold and used for commercial reasons. Nevertheless, whatever the paradox, the concern is there, and I think the Bill tries to meet the needs of addressing technological change on the side of security at the same time as giving the reassurances necessary because of the public’s concerns about the new world in which we live and about intervention into it. That is against a background where, as the Committee will know, one of the constant characteristics of the world of cyber and communications is constant entrepreneurial innovation by black hats and white hats. It is literally changing every day. Therefore, the equivalent of today’s microdot, where we used to put secret messages, can be a webpage—an apparently innocent webpage that can be sending all sorts of instructions, propaganda or whatever. There are very bright people in both the black hats and the white hats who are constantly inventing things, vis-à-vis each other.