Dr Huppert

- Hansard -

Copy Link

-

There is definitely a strong case for it. I am pleased that those people will appear in public, as there has been a long tradition of reluctance about talking about such issues. A senior Home Office civil servant has even refused to give public evidence at the Home Affairs Committee; that, fortunately, is about to change.

When the Foreign Secretary spoke at the London conference on cyberspace in 2011, he championed freedom of expression and privacy online, and he specifically criticised Governments who incorporate surveillance tools into their internet infrastructure. I agree that that is a problem. He also said at that conference that

“it is increasingly clear that countries with weak cyber defences and capabilities will find themselves exposed over the long term”.

The Foreign Secretary is right. That is why it is a problem when people break encryption systems. If anyone—whether it is the US, the UK or anybody else—puts a back door in an otherwise secure system in order to access it for intelligence purposes, that makes it easier for anybody else to break the protections, whether they are from the intelligence community or cyber-criminals. It makes no sense to argue that we should defend cyber-security and simultaneously be part of the effort to break it. If that means that we can no longer rely on the encryption of financial transactions, for example, that would be catastrophic for the global economy.

Dr Huppert

- Hansard -

Copy Link

-

My hon. Friend makes a helpful point. Of course, I do not have a list of every single intelligence service. The difference is between trying to break encryption after things have been encrypted and trying to break the entire system, leaving a back door open, which fundamentally means that anybody can access it. That is different from brute-force methods or other techniques used.

My hon. Friend makes the good point that this is an international issue. How would we feel if it were not GCHQ or the American National Security Agency but the Chinese who were involved? How would we react if the Chinese admitted that they had been tapping the Prime Minister’s phone? Would we be annoyed and concerned, or would we say, “That’s fine; that’s business as usual”? Clearly, we do not take the situation seriously enough.

For example, we allow the Chinese company Huawei to supply a lot of the equipment that makes up the core of our infrastructure. I suspect that our intelligence agents would not miss the chance to install some equipment if we were given the chance to put in the backbone of the Chinese internet, so we should not assume that the Chinese would miss such an opportunity. That was criticised by the Intelligence and Security Committee, which highlighted the disconnect between the UK’s inward investment policy and its national security. If we can understand it sometimes, we should understand it more broadly.

A change is occurring. Individual surveillance is one thing, but the mass hoovering up of information enabled by new technologies has changed the system completely. It means that suspicion no longer comes first. I think that very few people think it inappropriate to target individuals where there is a serious suspicion of wrongdoing, but in the new approach, we are all suspects whose personal histories can be foraged through if ever there is interest in us later.

The Foreign Secretary spoke at the conference of his passionate conviction that all human rights should carry full force online—not just the right to privacy, but the right to freedom of expression. I agree. How we choose to respond to the challenge will define the age that we live in. As parliamentarians and as Parliament, we must be at the heart of this debate.

In America, Dianne Feinstein, the chair of the Senate Select Committee on Intelligence, has spoken out about the revelations that America has been spying on Angela Merkel in Germany and on 34 other world leaders. She said:

“Congress needs to know exactly what our intelligence community is doing.”

She then said:

“It is abundantly clear that a total review of all intelligence programs is necessary.”

She criticised the fact that her committee was not satisfactorily informed. I have not yet heard the Chair of our Intelligence and Security Committee being so outspoken. Perhaps we will hear from him later in the debate, but would he know whether he was not being told things in the way that Dianne Feinstein was not?

There are differences in the debate between the UK and the USA. The US Constitution and Bill of Rights sets out a contract between the state and its citizens with a bias towards favouring individual liberty and privacy. Perhaps that is one of the reasons why the debate is happening so loudly in the US but not here.

In Germany, too, there is a loud debate. It is deeply concerned about what has happened. It has the history of the Stasi, which operated within the law as it then stood, but well beyond the bounds of morality and ethics. I am sure that no member of our current intelligence agencies would dream of following the Stasi’s lead; I do not suggest that for a moment. Germany is aware of what can happen when such systems go wrong.

Dr Huppert

- Hansard -

Copy Link

-

The hon. Gentleman makes an interesting point, and there are a number of routes to that. For communications data, he will be aware that no warrant is required. He will also be aware that, with the sole exception of evidence collected by local councils under RIPA, there is no judicial oversight of any kind at any stage. I am not aware of exceptions to that, and that is a weakness. There is an internal process—I do not doubt the good intentions of the people who work on this—but there is no independent external oversight from a judicial process, which is what many of us would like to see.

Let me return to the ISC. It works extremely hard, but its reports are redacted by the security services and the Prime Minister, and it is hard to know whether that is done in the interests of national security and not just to avoid embarrassment. Sir Francis Richards, a former senior intelligence official, has said that it is

“not a very good idea”

for an ex-Minister to head it. There is the problem of people being asked to scrutinise the consequences of decisions that they made, and that makes it hard to develop the right sort of relationship.

The ISC is under-resourced and not properly accountable to Parliament. There is a real issue to understanding the detailed technological components of much of this. I am not certain whether there is enough support to ensure that members understand the consequences of fake secure socket layer certificates and how phishing or man-in-the-middle attacks work. I am sure that the right hon. Member for Salford and Eccles (Hazel Blears) will be happy to explain them when she speaks later.

We need better scrutiny generally and not just of the Intelligence and Security Committee. We keep hearing messages about the risk of “going dark”—we heard all about that in relation to the draft Communications Data Bill. It is simply not true. There is far more information available now to the intelligence and security community and to the police than at any time in the past. People now carry mobile phone devices that keep track of where they are almost constantly. I do not blame the agencies. Of course I can see the argument that there will always be for having more information, but we must provide a counterbalance. Dame Stella Rimington, former head of MI5, said:

“It’s very important for our intelligence services to have a kind of oversight which people have confidence in. I think that it may mean it is now the time to look again at the oversight.”

I agree with her.

We have seen further calls for even more information to be collected. The previous Government established the interception modernisation programme to create a vast database designed to log all details of text messages, phone calls and e-mails in the UK. In the interests of cross-party unity, I will not go on about other authoritarian measures: the drive for 90-day detention without charge, ID cards, control orders and allowing people to be forcibly relocated. They are all now things of the past, and I am pleased that that is the case.

Given such concerns, I was pleased with much of the coalition agreement. We Liberal Democrats insisted on a particular element, which was a commitment to ending

“the storage of internet and email records without good reason”.

That was accepted by both parts of the coalition. I am not sure whether the Home Secretary saw that, because she then pushed ahead with the draft Communications Data Bill, which would have required the storing of e-mail and internet records for everybody, which blows a hole through the idea of “without good reason”. It was envisaged that an extra £1.8 billion would be spent over 10 years to keep those extra records. That would have allowed the Home Secretary to require internet service providers to keep track of every website that everyone in the country goes to—everything that we do on Facebook or Google—with a huge growth in surveillance.

Dr Huppert

- Hansard -

Copy Link

-

I want to make a little more progress. I am sure Members will want to speak later.

The Deputy Prime Minister insisted that the draft Bill be scrutinised, and the Joint Committee that did so produced a damning report. It stated that the Bill paid

“insufficient attention to the duty to respect the right to privacy, and goes much further than it need or should for the purpose of providing necessary and justifiable official access to communications data.”

The report was a unanimous cross-House report, which described information provided by the Home Office as “fanciful and misleading”. I am pleased to say that that Bill is now dead.

We said that the information was misleading before we knew that the intelligence and security services already had access to much of the information that they claimed was missing. To quote the Chair of the Joint Committee, the former Conservative Home Office Minister, Lord Blencathra:

“Some people were very economical with the actuality. I think we would have regarded this as highly, highly relevant. I personally am annoyed we were not given this information.”

The Home Office needs to be clear with Parliament when asking for new powers.

Even our current laws are incredibly broad. Although we have very welcome reassurances from the Foreign Secretary that the agencies stick to the law—I absolutely credit that—the law is vague and broad. Section 94 of the Telecommunications Act 1984, for example, allows secret directions

“of a general character”

that are

“in the interests of national security or relations with the government of a country or territory outside the United Kingdom.”

So if the US asks for something, we are supposed to provide it. The information does not have to be provided to Parliament, and it gags whoever the directions are served on.

When the Joint Committee looked at this, we had to admit that we could not find any information about how the power was being used. There was no ability to have any oversight. RIPA has drawn lots of criticism for its widespread use. It was originally introduced to take account of technological change, but it is so broad that it led to serious abuses of privacy. It allowed council officials to put children and their parents under surveillance at home and in their daily movements to find out whether they lived in a particular school catchment area. Most of us would not think that that was in the same vein as counter-terrorism. That is clearly disproportionate.

So what now? Before we even consider new powers, whether explicitly granted or acquired through new technology, we need a pause. We need a proper and full investigation into the powers already available to the intelligence and security services, and it has to be done competently and with an element of independence. We should commission independent, post-legislative scrutiny of both RIPA and the Intelligence Services Act 1994, and other related legislation, to see how they interact with each other. We would then have a clear, open understanding of where we stand now.

As Lord Carlile, the former independent reviewer of terrorism legislation said:

“the current legislation, including the Regulation of Investigatory Powers Act 2000, should be re-examined and rewritten to fit the current situation.”

That is not a radical suggestion. In the US, the Obama Administration have realised that proper and competent oversight is needed, and he has established the Privacy and Civil Liberties Oversight Board, which includes those within the Washington system and those outside it. It includes people with experience of working for not-for-profit organisations. It is citizen engagement and shows trust. We could follow that model and create such a board.

We could do much more to fix the loss of trust and confidence. We could publish, as happens in the US, the legal opinions used to underpin the surveillance framework. We could provide a clearer account of such expenditure and lift the legal restrictions on British companies publishing transparency reports about the requests that they receive. We should proactively publish information about the surveillance requests made: in bulk, the broad purpose, with no identifying details.

In the long term, we should look at signing up to the international principles on the application of human rights to communications surveillance. The 13 principles are legality, legitimate aim, necessity, adequacy, proportionality, competent judicial authority, due process, transparency, public oversight, integrity of communications, safeguards for international co-operation and safeguards against illegitimate access.

We should absolutely defend the right of our intelligence and security services to go after the bad guys, to use the powers that they have to protect us and make the UK and the world a safer place. However, it should not be at a disproportionate cost to the liberty and privacy that form the very foundations of our society.

The work that our intelligence and security services carry out on behalf of us all is valued and important, but we should not give them carte blanche. We would not want that. We need to have an open debate about what the rules are, what is acceptable and what we consider goes too far. It has taken us too long to get into this debate, but now that we are here, with so many right hon. and hon. Members, I hope we are now firmly here to stay in this discussion.