Lord Beith
Main Page: Lord Beith (Liberal Democrat - Life peer)Department Debates - View all Lord Beith's debates with the Ministry of Defence
Investigatory Powers Bill
Lord Beith ExcerptsMonday 17th October 2016
(7 years, 6 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 62-III Third marshalled list for Report (PDF, 153KB) - (17 Oct 2016)
Lord Rosser (Lab)
This amendment relates to Clause 58, which some people, although not the noble Baroness, Lady Jones, have referred to in the context of a recent opinion by the ECJ Advocate-General in the case involving Tom Watson MP. We do not support the amendment but I want to make it clear that the fact that we are opposed to it does not mean that we have decided that the clause as it stands meets the opinion of the ECJ Advocate-General in the case now before the European Court of Justice involving Tom Watson MP and relating to retaining and accessing communications data, should that opinion be reflected in the judgment of the court when it is delivered. I want to make that statement as there may be those who, for some reason or another, have come to the conclusion that the fact that we have not tabled any amendments to Clause 58 means that we believe that the clause will cover the position of the Tom Watson case if the judgment of the court proves in line with that of the opinion of the ECJ Advocate-General.
Lord Beith (LD)
My Lords, I applaud any attempt to make the definitions precise but there comes a point when there is a negative consequence. I am slightly worried that the wording of the amendment—certainly as drafted—could inhibit the activities of law enforcement in establishing a pattern in the development of criminal behaviour and activity, particularly in the area of organised crime, if it were to be interpreted as strictly as its wording invites. Although the intention of the amendment is good, I am not yet persuaded that it can safely be included without an undesirable inhibition of a particularly important area of activity at the moment—namely, establishing whether groups with well-suspected criminal intent might be planning something worse.
Baroness Hamwee (LD)
My Lords, the noble Lord, Lord Rosser, has set perhaps the hardest task for the Minister today in asking him to comment on what was perhaps not a coded speech but simply one inviting speculation.
Turning to the amendment itself, as on the first day of Report we are sympathetic to where the noble Baroness is coming from. Indeed, I think we had an amendment on “reasonable suspicion” at an earlier stage. However, perhaps again I should phrase what I have to say as a request for confirmation, as my noble friend Lord Paddick did last week. Reasonable suspicion is encompassed by the necessity and proportionality test. The way the noble Baroness has expressed it is that there is a moderate-sized hurdle to be got over and then a higher hurdle to be surmounted, by having “reasonable suspicion” and then the necessity and proportionality test. To keep up the athletic metaphor, you will not get over the higher hurdle even if you get over the lower one, so it seems to us that you might as well just have the higher hurdle. Perhaps we can be given some more assurances about how the different criteria will bite.
Lord Beith
Main Page: Lord Beith (Liberal Democrat - Life peer)Department Debates - View all Lord Beith's debates with the Ministry of Defence
Investigatory Powers Bill
Lord Beith ExcerptsMonday 17th October 2016
(7 years, 6 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 62-III Third marshalled list for Report (PDF, 153KB) - (17 Oct 2016)
Lord Rooker
I submit that they could. The lawyers will find a way to fill the courts with challenges from the crooks and spivs we are trying to protect the British public from. But I will wait for the Minister’s technical answer, rather than the one I gave.
Lord Beith (LD)
To pose a legal challenge which is not based on any instance or evidence of the basis on which such a challenge could be made—I certainly cannot think of a basis on which someone could require the production of knowledge of the means used for interception, based on existing legislation.
Lord Keen of Elie
Amendment 137A seeks to insert a provision into the Bill that would require the Investigatory Powers Commissioner to notify the subject of a targeted interception or equipment interference warrant in certain circumstances. The amendment tries to tightly draw those circumstances, and I am grateful to the noble Lord, Lord Paddick, for recognising in drafting it that a significant number of factors should rightly preclude such notification from taking place. Nevertheless, I still think the amendment could threaten to undermine the capabilities that law enforcement and the security and intelligence agencies rely on to pursue the most serious wrongdoers. The amendment recognises that notifying a person that they have been the subject of surveillance may have an immediate impact on an investigation—or it may have damaging effects on the public interest or national security more broadly.
That being the case, it is extremely difficult to envisage a scenario where notification could responsibly be allowed to occur. Notifying a person that their communications have been intercepted, irrespective of whether that notification included any further details about the methods used, would necessarily risk hindering a future investigation. For example, there will be circumstances where a terrorist or serious criminal who was previously the subject of a warrant will no longer be an active suspect in an investigation. Advising that individual that they have been the subject of interception may help them to evade detection if they were minded to return to or resume criminal activity.
On one reading, then, the amendment would not provide for disclosure other than where a person has been the subject of deliberate wrongdoing or a serious error. If that is the intention behind the amendment—and I fear it is not—it is redundant, because there is already provision in the Bill to notify people who have been the subject of serious errors.
The alternative, of course, is that the amendment should provide for individuals to be notified in a wider range of circumstances. I find that prospect troubling. As I say, it is never possible to know whether an individual will return to criminality in the future. Even if they do not, revealing the fact that they were the subject of a warrant may provide some small insight into the techniques and capabilities used by law enforcement and the security and intelligence agencies. That, in turn, would provide an avenue for the most determined and capable actors to piece together a picture of the agencies and how they work, handing an advantage to those we are working hard to pursue—let alone the prospect that they might seek disclosure by way of a review of the conduct of the authorities in order to determine exactly what methodology had been employed. For all these reasons, I hope the noble Lord will be prepared to withdraw this amendment.
I turn to Amendments 137B to 137F, which, as the noble Lord indicated, are in a sense consequential on his primary amendment, and which deal with error reporting as provided for in Clause 209. Clause 209 is of the utmost importance. It provides that if a person has been the subject of a serious error, and it would not be contrary to the public interest, the commissioner must inform that individual of the error and their right to apply to the Investigatory Powers Tribunal. The judicial commissioner must provide such details as considered necessary for the person to bring a claim.
Clause 209 seeks to maintain a very delicate balance between two important but competing interests. On one hand, there is the right of the individual who has suffered harm as a result of the error to seek some sort of redress. On the other, there is the long-standing security and intelligence agency principle of neither confirming nor denying that an individual has been the subject of investigatory powers. This principle is vital to the security and intelligence agencies, as it prevents those who would wish to do us harm launching spurious complaints and claims in order further to understand the agencies’ most sensitive capabilities. I hope the noble Lord will agree that, given the fine balance between these two principles, it is right that the decision be taken on a case-by-case basis by the commissioner, a senior member of the judiciary who will have full access to the facts on which to base their decision.
Amendments 137B and 137C would remove the commissioner’s discretion to make that judgment. He would no longer be able to consider how the wider public interest would be best served, and would instead be compelled to tell an individual if they had been the subject of a serious error, regardless of the consequences and the harm that might be caused. I do not think that is right. It is, for example, conceivable that an investigation into a dangerous criminal gang may result in action mistakenly being taken against an innocent associate of one of the gang members. That would be unfortunate, and the commissioner would undoubtedly want to ensure that remedial action was taken at an appropriate time. But before doing so, it is right that the commissioner should consider the public interest in informing the person, balanced against the risk of undermining an ongoing investigation, and that is what the clause as drafted provides for.
Amendment 137D seeks to require notification where the error has not caused serious harm or prejudice but may do so in the future. I do not think it necessary or appropriate, given the difficult balance that has to be struck here, for persons to be informed when there is such an error. This would put the commissioner in the difficult position of speculating on potential future consequences. Additionally, the commissioner does not get only one opportunity to assess the harm that has occurred. We would of course expect the commissioner to keep under review the consequences of an error and, if it resulted in harm at some point in the future, it would be open to the commissioner to inform the individual at that point. This seems a more sensible approach than putting the commissioner in the position of second-guessing what potential future consequences may one day occur or not occur.
Lord Beith
Main Page: Lord Beith (Liberal Democrat - Life peer)Department Debates - View all Lord Beith's debates with the Ministry of Defence
Investigatory Powers Bill
Lord Beith ExcerptsWednesday 19th October 2016
(7 years, 6 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 62-III Third marshalled list for Report (PDF, 153KB) - (17 Oct 2016)
Earl Howe
My Lords, Amendment 250A would define a technical capability notice as,
“specifying the distinct service or product to which the notice applies”.
I do not believe this amendment is necessary. The safeguards that apply to the giving of a notice under the Bill already ensure that a technical capability notice cannot be of a generic nature. I will not go into detail here about the lengthy process that must be undertaken before a notice can be given; we have discussed them at length previously and we will undoubtedly review them again shortly during our discussions on encryption. But it might be helpful for me to summarise.
Before giving a notice, the Secretary of State must consult the company concerned. This process will ensure that the company is fully aware of which services the notice applies to. The decision to issue a notice must be approved by the Secretary of State and a judicial commissioner. The obligations set out in the notice must be clear so that the Secretary of State and judicial commissioner can take a view as to the necessity and proportionality of the conduct required. As I have already mentioned, we propose a similar role for the judicial commissioner when a notice is varied. The operator may raise any concerns about the requirements to be set out in the notice, including any lack of clarity regarding their scope, during the consultation process. The operator may also seek a formal review of their obligations, as provided for in Clause 233. The safeguards which apply to the giving of a notice have been strengthened during the Bill’s passage through Parliament, and will ensure that the regime provided for under the Bill will be more targeted than that under existing legislation. It is for these reasons that I consider the amendment unnecessary.
Amendment 251A seeks to narrow the category of operators to whom a technical capability notice could be given. This change would exclude operators that provide services that have a communications element but are not primarily a communication service. This amendment, which has already been discussed in the Commons, is also unnecessary and, in my view, risks dangerously limiting the capabilities of law enforcement and the security and intelligence agencies. We are aware that the manner in which criminals and terrorists communicate is diversifying, as they attempt to find new ways to evade detection. We cannot be in a situation where terrorists, paedophiles and other criminals can use technology to escape justice. As David Anderson said,
“no-go areas for law enforcement should be minimised as far as possible, whether in the physical or the digital world”.
It is important that the Government can continue to impose obligations relating to technical capabilities on a range of operators to ensure that law enforcement and the security and intelligence agencies can access, in a timely manner, communications of criminals and terrorists using less conventional services, such as those offered by gaming service providers and online marketplaces. It may be appropriate to exclude certain categories of operators from obligations under this clause, such as small businesses, but it is our intention to use secondary legislation to do so. It would not be appropriate to impose blanket exemptions on services that have a communications element but are primarily not a communication service, since to do so would make it clear to terrorists and criminals that communications over such systems could not be monitored.
For all the reasons I have set out, I hope that the noble Lord, Lord Paddick, will feel able to withdraw his amendment.
Lord Beith (LD)
Before the noble Earl sits down, I refer to a point which at least needs to be borne in mind in drafting regulations. In most circumstances, if the Government impose upon a business an obligation of some kind, and behave totally unreasonably in doing so—or the business thinks that the Government are behaving unreasonably—the matter will end up in public discussion and the company has the weapon of saying to the public at large, “The Government are asking us to do something unreasonable”. That must not happen in these circumstances because clearly secrecy must be maintained. Therefore, the company is in a weaker position than it would be in the normal exchange between government and business. I hope that Ministers will recognise that fact.
Earl Howe
With the leave of the House, I am grateful to the noble Lord for raising that point, which I think will come up in the next group of amendments when we discuss encryption because it is centre stage in that issue. He is absolutely right and I hope that I can assuage his concerns in the next debate.
Earl Howe
My Lords, I hope that the House will allow me to speak at somewhat greater length than usual in responding to these amendments. I recognise the concern that lies behind them and I also recognise that, although we debated the Bill’s provisions on encryption in Committee, there is a need to correct a number of misconceptions that have been expressed and to set out the reality of the Government’s position on encryption. I would also like to make clear what the provisions in the Bill do and, crucially, what they do not do, and to explain why these provisions are so important to our law enforcement and intelligence agencies. I hope that by, setting this out, I can reassure noble Lords that the amendments are not necessary.
As we have made clear before, the Government recognise the importance of encryption. It keeps people’s personal data and intellectual property secure and ensures safe online commerce. The Government work closely with industry and businesses to improve their cybersecurity. For example, GCHQ plays a vital information assurance role, providing advice and guidance to enable government, industry and the public to protect their IT systems and use the internet safely. Indeed, the director of GCHQ said in March that he is accountable to the Prime Minister just as much, if not more, for the state of cybersecurity in the UK as he is for intelligence collection.
In the past two years, the security and intelligence agencies have disclosed vulnerabilities in every major mobile and desktop platform, including the big names that underpin British business. You do not have to take the Government’s word for that. In September 2015, Apple publicly credited the information assurance arm of GCHQ with the detection of a vulnerability in its operating system for iPhones and iPads, which could otherwise have been exploited by criminals to disrupt devices and extract information from them. As a result, this vulnerability could be fixed.
The assertion that the Government are opposed to encryption or would legislate to undermine it is fanciful. However, the Government and Parliament also have a responsibility to ensure that our security and intelligence services and law enforcement agencies have the capabilities necessary to keep our citizens safe. Encryption is now almost ubiquitous and is the default setting for most IT products and online services. While this technology is primarily used by law-abiding citizens, it can also be used—easily and cheaply—by terrorists and other criminals. Therefore, it can only be right that we retain the ability, as currently exists in legislation, to require a telecommunications operator to remove encryption in limited circumstances, subject to strong controls and safeguards. If we do not provide for this ability, then we must simply accept that there can be areas online beyond the reach of the law where criminals can go about their business unimpeded and without the risk of detection. That would be both irresponsible and wrong.
That is our starting principle, and it is one that we share with David Anderson QC. I have quoted this before, but he stated in his investigatory powers review, A Question of Trust:
“My first principle is that no-go areas for law enforcement should be minimised as far as possible, whether in the physical or digital world”.
This principle was also shared by the Joint Committee on the draft Bill and the Science and Technology Committee, both of which recognised that, in tightly prescribed circumstances, it should remain possible for our law enforcement agencies and security and intelligence services to be able to access unencrypted communications or data. That is exactly what Clauses 229 to 234 of the Bill provide for: strong safeguards to ensure that obligations to remove encryption can be imposed only in limited circumstances and subject to rigorous controls.
Clause 229 enables the Secretary of State to give a technical capability notice to a telecommunications operator in relation to interception, communications data or equipment interference. As part of maintaining a technical capability, the Bill makes clear at Clause 229(5)(c) that the obligations that may be imposed on an operator by the Secretary of State can include the removal of encryption. Before a technical capability notice is given, the Secretary of State must specifically consider the technical feasibility and likely cost of complying with it. Clause 231(4) provides that this consideration must explicitly take account of any obligations to remove encryption.
The Secretary of State must also consult the relevant operator before a notice is given. The draft codes of practice, which were published on 4 October, make clear that should the telecommunications operator have concerns about the reasonableness, cost or technical feasibility of any requirements to be set out in the notice, which of course includes any obligations relating to the removal of encryption, it should raise these concerns during the consultation process.
We have also amended the Bill to make clear that the Secretary of State may give a technical capability notice only where he or she considers that it is necessary and proportionate to do so, and, under Clause 230, that decision must also now be approved by a judicial commissioner, placing the stringent safeguard of the double lock on to any giving of a notice to require the removal of encryption. Clause 2 of the Bill, the privacy clause, also makes explicit that, before the Secretary of State may decide to give a notice, he or she must have regard to the public interest in the integrity and security of telecommunications systems.
In addition, a telecommunications operator that is given a technical capability notice may refer any aspect of the notice, including obligations relating to the removal of encryption, back to the Secretary of State for a review. In undertaking such a review, the Secretary of State must consult the Technical Advisory Board in relation to the technical and financial requirements of the notice, as well as a judicial commissioner in relation to its proportionality. We have amended the review clauses in the Bill to strengthen these provisions further. Where the Secretary of State decides that the outcome of the review should be to vary or confirm the effect of the notice, rather than to revoke it, that decision must be approved by the Investigatory Powers Commissioner.
The Bill also makes absolutely clear that, in line with current practice, obligations imposed on telecommunications operators to remove encryption may relate only to encryption applied by or on behalf of the company on whom the obligation is being placed. That ensures that such an obligation cannot require a telecommunications operator to remove encryption applied by other companies to data transiting their network. As we have already outlined, we have also now tabled a government amendment that would further strengthen the Bill’s provisions on technical capability notices. This amendment makes clear that the Secretary of State may vary a notice only where they consider that it is necessary and proportionate to do so. The amendment also makes clear that, in circumstances where a notice is being varied in such a way that would impose new obligations on the operator, the variation must be approved by a judicial commissioner.
Furthermore, obligations imposed under a technical capability notice to remove encryption require the relevant operator to maintain the capability to remove encryption when it is subsequently served with a warrant, notice or authorisation, rather than requiring it to remove encryption per se. That means that companies will not be forced to hand over encryption keys to the Government. Such a warrant, notice or authorisation will be subject to the double lock of Secretary of State and judicial commissioner approval, and the company on whom the warrant is served will not be required to take any steps, such as the removal of encryption, if they are not reasonably practicable steps for that company to take. So a technical capability notice could not, in itself, authorise an interference with privacy. It would simply require a capability to be maintained that would allow a telecommunications operator to give effect to a warrant quickly and securely including, where applicable, the ability to remove encryption.
That is an enormously long list of safeguards. Indeed, it is difficult to think what more the Government could do. These safeguards ensure that an obligation to remove encryption under Clause 229 of the Bill will be subject to very strict controls and may be imposed only where it is necessary and proportionate, technically feasible and reasonably practicable for the relevant operator to comply. Let me be clear: the Bill’s provisions on encryption simply maintain and clarify the current legal position, and apply strengthened safeguards to those provisions. They will mean that our law enforcement and security and intelligence agencies maintain the ability to require telecommunications operators to remove encryption in very tightly defined circumstances.
I would also like to make absolutely clear what the Bill does not provide for on encryption.
Lord Beith
Could the Minister help those of us who are not deeply technical in these matters? We fear that circumstances by their nature cannot be technical and defined. In at least some cases, the consequences of serving a notice would be that the operator would have to create a significant weakness, which would apply far beyond the objective for which the notice was being served, and the operator would have to say in future to its customers, “This system is not as strong as we would like it to be”.
Earl Howe
We come back to the test of reasonable practicability here. I am about to come on to what the Bill does not provide for on encryption and I hope that this will help the noble Lord.
The Bill does not ban encryption or do anything to limit its use. The Bill will not be used to force providers to undermine their business models, to create so-called back doors or to compromise encryption keys. It will not be used to prevent new encrypted products or services from being launched and it will not undermine internet security.
Lord Beith
Main Page: Lord Beith (Liberal Democrat - Life peer)Department Debates - View all Lord Beith's debates with the Ministry of Defence
Investigatory Powers Bill
Lord Beith ExcerptsWednesday 2nd November 2016
(7 years, 6 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 68-I Marshalled list for consideration of Commons reasons (PDF, 78KB) - (1 Nov 2016)
Earl Howe
My Lords, I repudiate it completely. The Government have been clear about the timescale of the consultation and have committed to respond in a timely manner. We are taking this matter with proper seriousness. It is important that everyone has an opportunity to take on board and reflect on the changes that have occurred in the years since Lord Justice Leveson made his recommendations. I say again to the noble Lord, Lord Paddick—
Lord Beith (LD)
Just to clarify this matter, can the Minister tell us when he was told that the Government were launching a consultation on Section 40?
Earl Howe
I was made aware of it at the beginning of the week, but I am also aware that it was in gestation long before that.
I say to the noble Lord, Lord Paddick, that there is no mandatory period for a public consultation. The Cabinet Office guidelines say that there must be a proportionate amount of time, and I think 10 weeks gives everybody time to look properly at the issues and to submit their views to government. In that light, and for all the reasons I rehearsed earlier, I respectfully ask your Lordships to allow the Bill to pass without these amendments.