Investigatory Powers Bill (First sitting) Debate
Full Debate: Read Full DebateKeir Starmer
Main Page: Keir Starmer (Labour - Holborn and St Pancras)Department Debates - View all Keir Starmer's debates with the Home Office
(8 years, 8 months ago)
Public Bill CommitteesWelcome, Mr Anderson. Before we start, do any Members wish to make a declaration of interest?
Thank you, Ms Dorries. May I make a declaration of interest in relation to this witness and a number of other witnesses generally? I know this witness and some others; I have worked with them both as a lawyer and as Director of Public Prosecutions. I therefore put that on the record—if I may make a general declaration, it applies to Mr Anderson and quite a number of the witnesses today.
Ditto. I know many of the witnesses as well.
Okay; that is all the interests out of the way. We will now hear oral evidence from David Anderson QC, independent reviewer of terrorism legislation. Before calling the first Member to ask a question, I remind all Members that questions should be limited to matters within the scope of the Bill, as always, and that we must stick to the timings in the programme motion that the Committee has agreed. For this session, we have until 12 noon. Could the witness please introduce himself for the record?
David Anderson: I am the independent reviewer of terrorism legislation and the author of the report “A Question of Trust”.
Q It is a pleasure to serve under your chairmanship, Ms Dorries. Good morning, Mr Anderson. There are obviously a lot of people around the table whom you know, going by the declarations of interest. May I go straight to one of the central issues in your report, which was the need for an operational case for the powers in the Bill, and particularly the bulk powers? Having now had the opportunity to see what has been published between the Joint Committee report and the publication of the Bill, are you satisfied with the operational cases that have been published?
David Anderson: I was pleased that the Joint Committee recommended that a detailed operational case should be served in relation to each of the bulk powers. I was a little sorry that it did not also recommend a detailed operational case in relation to the police use of targeted equipment interference. I do not think I have seen the case for why that should be necessary in addition to the powers they already have under the Police Act 1997 on property interference.
In terms of the case itself, I salute GCHQ and others for being able to produce a 47-page case in circumstances that are very much about not being fully transparent about exactly how the powers are going to be used. One needs to know what the powers are, and it seems to me that, for public consumption, they have done a pretty good job that should enable Parliament to debate whether those powers are necessary or not.
I also believe, because I have seen it, although not read it, that they produced a detailed secret annex to that operational case, which was provided to the Intelligence and Security Committee. I noticed that when Dominic Grieve, the Chair of that Committee, made his speech on Second Reading of the Bill, he said that he—and I think, by implication, the Committee—was satisfied that each of the powers sought was necessary and proportionate. If the Committee has satisfied itself of that by reference to the detailed operational case, including the secret annex, that is very reassuring for all of us. If it has not, no doubt it will wish to do as the Bill completes its passage.
Q May I follow up on that? First, so far as operational cases are concerned, do you think there is still a need for an operational case for the police use of equipment interference powers? Secondly, is your view that the ISC should formally indicate whether it has considered the material and is satisfied with what it has seen, rather than implying it in a speech? Thirdly, do you think there is a need for an independent assessment of the operational case? It is one thing to publish it and to put material before the ISC; it is another to have it independently assessed. Apologies for asking three questions, but should a case be made for police use of equipment interference powers; should the ISC be called upon to formally indicate its response to what it has seen; and do we need an independent assessment of the operational cases in full?
David Anderson: On your first question, I pointed out in my written evidence of January to the Joint Committee that, so far as I could see, there had been no detailed operational case on police use of equipment interference powers. From my point of view, I would like to see it. So far as the ISC is concerned, it is not for me to say what it should and should not do, but I am mindful not only of its duty to serve Parliament, but of the fact that when the courts, and particularly the European Courts, come to look at the bulk powers, as inevitably they will, it will be of great interest to them, one imagines, to see just how much evidence was put forward in relation to the necessity for the case and who considered that evidence.
As to whether there should be, as you put it, independent review in addition, I am not persuaded of the case for that. The ISC demonstrated its independence in the most dramatic way possible in its report of early February when it declared that it thought that there was no need for one of the bulk powers—bulk equipment interference. Now, it may be that there has been some rowing back from that position, judging again from the speech of Dominic Grieve on Second Reading, but I think that it would be very difficult to say that the ISC had not had an independent look at these issues.
Q Can I ask you about bulk powers? From your experience, could you start by giving the Committee an indication of the scope of some of the bulk powers and warrants, perhaps by reference to the equipment and interference bulk powers?
David Anderson: The bulk powers, of course, are extraordinarily broad in scope, although the practical effect of that breadth is greatly limited by what happens after the line has been tapped or the device has been accessed. That is really the stage that makes it proportionate. My concern, particularly in relation to equipment interference, is that, if one looks at the so-called targeted power and, in particular, at its potential thematic use, it is quite extraordinarily broad. We are looking, I think, at clause 90 of the Bill. A so-called targeted equipment interference can be performed—devices may be subject to equipment interference if they are concerned in an operation or an investigation, or if they are in a location not defined.
The code of practice indicates that that power is very broad indeed—so broad that the ISC said:
“The so-called targeted power appears to be very broad. We are not quite sure what, in addition, you would get from the bulk power.”
I think that matters because the safeguards on the targeted power are less than the safeguards on bulk. For a start, you do not need to be aiming only at somebody outside the UK or people outside the UK. You can quite properly target it inside the UK. Secondly, you do not have the safeguard that you have with a bulk power that, if you are going to look in detail at one individual within the UK, you need a full individual warrant as well.
The commissioners have been very cautious in the past in allowing thematic powers to be too broad. One could say, “Let’s put it all on the commissioners. Let’s rely on them to make sure that the thematic power is not too broadly used.” I would feel a little more comfortable if there were more constriction in the statute.
Q One of the safeguards is the need for necessity in relation to bulk powers. From your experience, how easy or difficult is it to demonstrate necessity in relation to bulk powers? Give us an idea of the way the test actually operates in your experience.
David Anderson: I have seen the detailed warrant applications that currently go usually to the Foreign Secretary in relation to a bulk power. They currently have an extremely broad range of purposes that the bulk power is said to serve. I am sure that it is all very carefully considered by the warrant granting department at the Foreign Office and then by the Foreign Secretary. There will certainly be much stronger safeguards under the new Bill, and I welcome that.
Q Can I take you from bulk to internet connection records, which you dealt with in your report? There have been comments about and criticism of the definition—or lack of definition—of internet connection record. Looking at the version in the Bill now, do you have any concerns about the definition?
David Anderson: I last looked in detail at internet connection records almost a year ago now, and even an operational case had not been made. There certainly had not been the dialogue with communication service providers that would have been necessary to make it work. I am afraid that I have not followed in the same technical detail as the Joint Committee on the Draft Investigatory Powers Bill and the Select Committee on Science and Technology the arguments on the extent to which they have been properly defined, the extent to which it will be feasible to produce these records or, indeed, how much it would cost. Therefore, I cannot, I am afraid, raise any alarms on that or give you any reassurance, save to say that these would appear to remain live issues.
Q ICRs are obviously new and developing in real time, but there are a number of other novel and contentious areas in the Bill. Do you see any role for greater independent authorisation in relation to some of these new techniques or powers?
Order. Mr Starmer, can you make that your last question, please, because it is already 11.45 am and I think other people would like to ask some questions?
Yes, but as briefly as you could, please. If not, you can provide a written answer.
David Anderson: Internet connection records are a form of communications data. I said rather conservatively in my report that there were some forms of communications data that should be independently authorised, including novel and contentious ones. One of the respects in which the Bill did not really follow my report—I should add that in most respects it did—was in not providing for that outside the protected categories of journalists, lawyers and so on. I could well understand it if members of the Committee or others were to take the view that ICRs were of such a nature that to allow self-authorisation by the police might not be a sufficient safeguard.
Q We will now hear oral evidence from Don’t Spy On Us and Liberty. For this session we have until 12.30 pm.
Welcome, and thank you for coming. Will the witnesses please introduce themselves for the record?
Eric King: I am the director of Don’t Spy On Us, a coalition of non-governmental organisations in London who are concerned about surveillance.
Sara Ogilvie: I am a policy officer at Liberty, which is a UK-based human rights organisation.
Q Because we do not have much time, I would like to ask Eric King some questions about bulk powers and then Sara Ogilvie some questions about internet connection records.
Eric King, do you have any concerns about the definitions and scope of the bulk powers in the Bill?
Eric King: It is important to understand the level of interception that takes place by our agencies and that will continue to take place under the warrants. My view is that bulk interception as it is currently practised by GCHQ is not a proportionate act and is not strictly necessary. The reason why is that, at the moment, we know from the ISC that there are just 10 warrants, which are authorised every six months, that permit the interception of 50 billion pieces of communication every single day. As a lawyer looking at that, I struggle to be imaginative enough to understand how you could craft a warrant that would appropriately assess the proportionality equation at that moment, given the scope of what is taking place.
The reality of how our signals intelligence agencies work is that, once those 50 billion communications are intercepted, the vast majority of GCHQ’s expertise is in automatically processing that and analysing it into what it calls query-focused datasets. We do not necessarily need to understand all that, but it suffices to know that GCHQ touches it in such a way that it results in significant intrusion on those communications.
Q Can I press you on that? To some extent, we are proceeding on the basis that there are two exercises involved when it comes to bulk powers. The first is the acquisition or holding of the data, and the second is, at some subsequent time, the accessing of those data, subject to different thresholds. Is it as simple as two distinct exercises, or is there more to it than that?
Eric King: There is considerably more to it than that. The intermediary stage—the point at which you have collected the material—is really just the first assessment. From that point, GCHQ’s computers begin processing the material and providing analytics on it—for example, voice transcription or keyword analysis, or they might be doing facial recognition on certain imagery.
There is one programme that we know about called Optic Nerve that resulted in GCHQ intercepting 50 million pieces of webcam traffic, which included 3% to 11% of material that was undesirable nudity. Once that was collected, GCHQ deployed facial recognition on it. There is no warrantry stage at that point. It has already been collected under those 10 warrants. All the processing is done without any authorisation. It is only at that final bit that you highlighted, when an analyst may wish to look at it, that we have an additional safeguard.
Q Given your concerns, do you have alternatives that you think would serve the same purpose as some of the bulk powers?
Eric King: My starting point is that there needs to be formidable intrusive powers for our agencies to operate, but they must be targeted. When you are targeting it can be difficult and you can have some additional collateral around the targets you are seeking to obtain communications about, but it has to be proportionate collateral. At the moment, I just do not see how we can put our hands on our hearts and say that we are doing that properly.
I think there are a number of different models we could be looking at. In the US they have judicial authorisation of selectors that are put in place, all of which focuses on warrants being targeted at individuals, rather than on infrastructure or cables, which I think is not proportionate.
Q When you refer to selectors, I think you are referring to what happens in that middle period, between initial acquisition and later access.
Eric King: That is exactly right. We know that GCHQ has 50 billion targeting identifiers—these are the selectors. A simple one would be an email address or a phone number; a more complicated one might be an email signature or something like that. That is the reality of how the systems are genuinely processed, and those are the sort of places our law should be constructed around. It should be constructed around the technical and operational reality of how our agencies work, to ensure that our law is constraining how our agencies operate, rather than the technical ingenuity of the engineers at that point.
Q Your evidence is that much of this happens before the final access thresholds apply.
Eric King: Absolutely. GCHQ analysts do not wish to look at most material themselves. The main reason for that is that it is time consuming. If you can programme a computer to do the heavy lifting, to do the intrusion, the processing and the analysis, that is to their advantage, and that is where they have put that. The problem with that is that our legal framework does not recognise that shift in massive computing power intruding on those communications in a very sophisticated way.
Q Can I turn to you, Sara Ogilvie, on internet connection records, in particular? I know that Liberty has got a number of concerns about the powers in the Bill in relation to internet connection records. Could you give us a brief summary of the main headline issues from your point of view?
Sara Ogilvie: The problem with internet connection records, from what we have seen, is that they do both more than they are supposed to and less than they are supposed to.
In terms of doing more, it is clear that they will create a database of the internet connections that take place day in, day out of every person across the country. That is a terrifying amount of information to store either in one place or across a number of different databases. It creates a clear impression of what you are doing, with whom you are communicating, what issues you have in your life. That can involve some very confidential and private information. I have real concerns about that.
In terms of doing less, I am not as technologically minded as Eric but it has been made clear to me that what these powers are supposed to do is deliver certain information that can be used by law enforcement or the security services, perhaps to deal with paedophiles and undercover unlawful internet site usages. It seems clear that, given the bulk nature of these powers, they will not deliver that kind of information in a helpful manner. If anything, it seems more likely to drive criminals to use bits of the internet that will not be captured by the service. On the one hand, we have clear evidence of the things that law-abiding citizens are doing, but on the other hand, we do not have evidence on what criminals are likely to be doing.
Q To be clear, Mr King, is your evidence in relation to bulk interception and collection of data that there is intrusion and analysis of them by computer programs prior to any warrant being applied for?
Eric King: No. There will be warrants at the collection stage but at the moment it is simply 10. Those 10 warrants that are authorised every six months permit the agencies to intercept at an extraordinarily large scale: 50 billion connections every single day, and growing. We know that, in the past five years, that has increased by 7,000%. I say that those 10 warrants do not appropriately assess the proportionality requirements, and I do not think they are necessary in the current climate.
Q Lord Evans, I think this one is for you. The bulk powers in the Bill are used differently by different agencies. Some are relied on by the security and intelligence agencies more than others. There is a notion that the bulk powers operate in the sense that there is a power to acquire or hold a great deal of data and then, at some later stage, there is targeted access on a different threshold, and that those are different safeguards. The reality is that quite a lot happens between those two stages, whether one calls it analytics or anything else. Can you tell us from your experience what happens in practice in that middle bit between first hold and later access?
Lord Evans: This is not a real example, but it might exemplify how one might use the power, certainly from a counter-terrorism point of view and from MI5’s point of view. If you look at the current situation, we are obviously very concerned about what has happened in Belgium and we are very concerned that there might be other IS active units in the UK. We do not want any of them to attack here, but we may not know who they are. In a sense, we are therefore trying to find individuals who might be members of IS and who might threaten us, but we do not necessarily have much information about who they are in specific terms.
For instance, although this is not a real example, using bulk access you might say, “Let’s have a look at all individuals from the UK who are known to have travelled into or out of the middle east and the area around Syria over the past six months. Let’s look at everybody who has a mobile telephone and has been in Syria or northern Iraq, and it’s pinged so we know that there is a telephone in that area.” We might say, “Let’s look for data on individuals who have been in Molenbeek,” because it looks as though quite a lot of the problems have emerged from that particular part of Brussels.
Put all those elements of data together and you will end up with perhaps a few dozen, some scores or one or two hundred individuals or, at least, telephones or something that might be relevant. You might then say, “Let’s take all those phones and see which of those telephones has been in first or second-order contact with known extremists.” Either they have been in touch directly with someone known to be a violent extremist, or they have been in touch with somebody who in turn is in touch with violent extremists. That might refine it down from 150 to half a dozen. Then you might start to think, “Actually, there’s quite a high likelihood, although one cannot be certain, that these half a dozen might be people of security interest in their own right.”
At that point, having gone through those various layers of putting different sorts of data together, comparing, contrasting and seeing what comes out, you might say, “Perhaps for those half a dozen, some more targeted form of surveillance is justified, so we can see who they are.” Once you have done that, if you get the appropriate authorisations, you might then find that some of them are self-evidently not, because they are BBC journalists who have been following the story or similar, so you can put them aside. But you might find that you have one or two who look as though they might be IS activists who have been in touch with the relevant people, so you put some resource into establishing what they are doing and who they are associating with.
That sort of process is very much the way in which MI5 has used these sorts of capability over the last 10 years or so, and it has been an absolutely central part of how we have identified individuals who have been involved in terrorist planning. That is then fed through into more intensive investigations, enabling us with the police to prevent attacks from taking place.
Q In a sense, what you have described is a stripping away of the bits you do not want to look at so that you can focus on the bits you do want to look at, in the particular context that you gave.
Lord Evans: Correct.
Q Is there any general analysis done to data in order to assist that? All data must be put through a level of analysis to make it easier to carry out the sort of exercise you have just described.
Lord Evans: I cannot think that there is that sort of general analysis. You could imagine starting from lots and lots of data and trying to work your way through a general process to identifying unknown terrorists. That is something that books and so on have talked about, and we have looked at it, but in general, in a non-specific sense, trying to identify patterns that in themselves indicate that somebody is a national security threat is very difficult, because you will have so many false positives. It tends to be used to answer specific operational questions rather than a wholesale review of data ab initio, because if you do that, the chances of finding somebody that you are really concerned about are very low.
In terms of operational reality, the problem for MI5—it certainly was during my time as director general, and I suspect it is still the case—is not finding people with no known connections who have ill intentions; it is finding out more about people who are already associated in some way with violent extremism. It tends to be in support of particular operational requirements and particular investigations, rather than a much more generalised process.
Q Can I turn briefly to equipment interference bulk powers? I do not think you were here when David Anderson gave his evidence—this may apply to you as well, Mr Inkster—but he raised a concern about the breadth of those powers. In particular, I think he said that what is called targeted is in fact so wide that it does not really fit with the notion of targeting. That chimes with the suggestion that it is very difficult to define necessity and proportionality in relation to those particular bulk powers. Can you assist the Committee with why, with those bulk powers, there is that problem of definition that David Anderson is concerned about?
Nigel Inkster: I will do my best to assist the Committee, but I should emphasise that I do not have a signals intelligence background and we are talking about capabilities that were in their infancy when I was still part of the intelligence community, so I am looking at this more from an academic perspective and with no privileged access—I no longer have any security clearances.
The issue is that the technologies are evolving so fast and in so many different directions that it can be very difficult to start from a clear perspective of what represents a proportional approach in certain cases. It seems to me that, in this particular set of circumstances, we have to make some allowance for a degree of trial and error—to see whether certain things actually deliver the kind of outcomes that were hoped for, but to be ready to cease using them and move elsewhere if they do not deliver the sort of results that would justify the kind of level of intrusion that we are talking about.
It is very context-specific. For example, if you are looking to try to thwart the attempts by a particular regime to illicitly acquire nuclear weapons capability, your target set defines itself relatively more easily than in certain other cases—transnational terrorism would be one of those where it is much more difficult.
Q I have one final question for either or both of you. Am I right in thinking that, as far as internet connection records are concerned, although the security and intelligence services would not say, “There are no circumstances in which we’d really need them,” in reality, they are relied on much less by the security and intelligence agencies than by law enforcement, as a separate component?
Lord Evans: It is not impossible that they could be of value in an intelligence sense, but I think the principal driver for using them or for obtaining them is for evidential purposes, and that is made clear publicly. It is principally a law enforcement and evidential issue to inform cases coming before the courts more often than it is an intelligence issue. You could construct a scenario in which it might be of value, but the purpose of putting them in the Bill, as I understand it, is law enforcement and providing criminal evidence.
Q Lord Evans, I want to ask you about the savage murder of Fusilier Lee Rigby and the Intelligence and Security Committee investigation into that. It reported to Parliament that his killers had previously come to the attention of the Security Service on multiple occasions and that, in its view, intelligence reports were mishandled. I think I am right in saying that its inquiry suggested that, if the Security Service had more resources to cover more and lower-priority level targets, the outcome could or would have been different. Would you like to comment on that?
Lord Evans: The Lee Rigby murder took place after my time as director general—not that there is any connection between those two—so I am not very close to the actual facts. In general, one of the critical decisions—certainly for MI5, but it applies by logic to other people on counter-terrorism—is what you do not do. We have more leads which might connect to possible terrorist attack or to violent extremism than we can thoroughly investigate at any one time, so the service has created a quite rigorous triage process that ranks the seriousness of the available information, which is updated on a regular basis, and that drives therefore the allocation of resources.
The difficulty here is self-evident: obviously, sometimes you are working on the basis of fragmentary intelligence or unclear intelligence, so you have to make the judgment as to whether you put resources in to pursuing that or whether you put the resources in to something else. The fact is that sometimes you make a judgment on the available best evidence and then find out later that, actually, the situation was more serious than was apparent. That appears to have been the case with Lee Rigby.
Exactly the same issue came out after the 7 July bombings in London. Mohammad Sidique Khan had appeared in the context of Security Service investigations and police investigations a couple of years before. At that stage, he was assessed to be not a very serious threat and therefore he was put aside so that we could come back to him later while we did other things that were more immediately pressing, but in the interim his activities developed.
It is a problem. The question of course is: how do you get around that problem? The first thing is to use the best quality information available. The second is that the more resources you have, the more yesses you can give as to whether we investigate any one individual, but then you get into a judgment about how many people we think it is proportionate and necessary to investigate. If you doubled the resources of the Security Service again, there would still be cases where you might say, “We don’t have the resources to pursue that.” You ultimately get into a political judgment as to how much resource you want put into this and how much intrusion you have into the activities of people who might not be quite as threatening as others. That is a judgment that has to be made.
Q I have just a short supplementary question on bulk datasets. There is a great sensitivity about some datasets. People might not mind if their flight details are kept, but they do mind a great deal if, for example, their mental health records are collected. If there was some extra provision in the Bill for sensitive or highly sensitive data, would that cause you any concern, assuming that in any given case you can get over the threshold?
Lord Evans: Our internal processes when we were going down this path did take these issues into consideration. As you say, health records are extremely sensitive, so you would need an extraordinarily high level of justification. If you wanted to externalise that into the process—I have not talked to anybody about this so this is my feeling on it—then as long as you are really talking about very, very intrusive datasets, I would not have thought that having an additional safeguard would be a showstopper.
Q So if it was to externalise what was internal practice, which is obviously based on experience, that would not be a showstopper.
Lord Evans: I would not have thought it was a showstopper. You are going to hit definitional issues. It is a bit like journalists and politicians kind of stuff.
I am afraid that brings us to the end of the time allotted for the Committee to ask questions. On behalf of the Committee, I thank our witnesses for their evidence.