Lord Paddick
Main Page: Lord Paddick (Non-affiliated - Life peer)Department Debates - View all Lord Paddick's debates with the Ministry of Defence
(8 years, 5 months ago)
Lords ChamberMy Lords, we recognised during the passage of the Bill thus far that care must be applied to the acquisition of internet connection records—in particular, that they should not be acquired for trivial purposes. Their value to law enforcement has been widely recognised, and the Bill, as introduced, already restricts access to four specific purposes. In addition, local authorities cannot acquire them for any purposes.
However, in response to a suggestion from the shadow Home Secretary in the House of Commons, the Government committed to consider further restrictions which would provide greater reassurance that the powers to acquire internet connection records would only ever be used proportionately. These amendments therefore apply a threshold to the acquisition of internet connection records when the statutory purpose is for the prevention and detection of crime. This means that they will be able to be acquired only for offences that are sufficiently serious that an offender can be sentenced to at least six months’ imprisonment.
In implementing this threshold, however, it is important that internet connection records can continue to be used for certain offences which, for whatever reasons, carry a lower sentencing limit. I am sure that noble Lords will agree that internet connection records should be available for these offences. These are: the investigation of any offence where the sending of a communication is an integral part of the offence: for example, offences related to stalking, cyberbullying and harassment which can, if not investigated, quickly escalate to more serious offences; offences relating to breach of a person’s privacy, such as stealing personal data, which recognises the importance of protecting privacy in the digital age and the need to fully investigate any suspected breaches; offences committed by corporate bodies—for example, corporate manslaughter, where a penalty of imprisonment cannot apply; and any offence meeting the serious crime threshold in the Bill for the most intrusive powers, ensuring that these powers can be used to investigate offences involving the use of violence, conduct that results in substantial financial gain and conduct by a large number of people in pursuit of a common purpose.
A number of consequential amendments are made as a result of this amendment. The Government and law enforcement are clear about the value and importance of accessing internet connection records to prevent and detect crime, and to keep the public safe. That has been recognised during the passage of this Bill thus far, including by noble Lords at Second Reading. The amendments build significantly on the safeguards that the Bill already applies to the acquisition of communications data. They are based on the amendments proposed by the Opposition in the House of Commons and they will ensure public trust in the use of these vital powers. I beg to move.
My Lords, the restrictions on using internet connection records set out in these amendments are welcome. However, we intend to propose the removal of internet connection records from the definition of communications data that the Secretary of State can require a telecommunications operator to retain when we come to debate Clause 83. The intended effect of that amendment would be to make it impossible to obtain internet connection records unless they were retained by the telecommunications provider for its own business purposes. I will leave any further comment on internet connection records until we reach Amendment 156A to Clause 83.
My Lords, I shall speak to Amendment 116 in my name and that of my noble friend Lady Hamwee. We also have our names to Amendments 154 and 235 in this group.
These amendments relate to a government commitment not to require telecommunications operators to retain third-party data. On 4 November 2015 in a Statement in the other place, the then Home Secretary said that the Bill,
“will not include powers to force UK companies to capture and retain third party internet traffic from companies based overseas”.—[Official Report, Commons, 4/11/15; col. 969.]
However, Clause 58(5)(c) states:
“An authorisation … may, in particular, require a telecommunications operator who controls or provides a telecommunication system to obtain or disclose data relating to the use of a telecommunications service provided by another telecommunications operator in relation to that system”.
Surely this means third-party data.
Amendment 116 would alter Clause 58(5)(c) to read, “may not require”. The key point here is that telecommunications companies should not be forced to obtain third-party data. The draft code of practice on communications data states at paragraph 2.61:
“A data retention notice can never require a CSP to retain the content of communications or third party data”.
Paragraph 2.66 states:
“A CSP cannot be required to retain third party data as part of an ICR”.
Amendment 154 would add a new subsection to Clause 83(2)—the clause headed “Powers to require retention of certain data”—to make explicit that a retention notice may,
“not require a telecommunications operator to retain any third party data, unless that data is retained by the telecommunications operator for its own business purposes”.
This is to distinguish between communications data that the telecommunications operator may have and being forced to acquire third-party data that it does not have.
Amendment 235 would restrict the definition of communications data in Clause 233(5) so that it relates to the provision of the service by that operator and not a third party. I beg to move Amendment 116.
My Lords, I have added my name to Amendment 154 and will not repeat what has been said about it. It simply asks the Government to make explicit what they have said—namely, that the retention of third-party data will not be required. It would be helpful to make that clear in the Bill.
My Lords, as the noble Lord, Lord Paddick, has explained, these three amendments all deal with the issue of third-party data. Amendment 116 seeks to prevent public authorities from acquiring third-party data, Amendment 154 seeks to put the Government’s commitment not to require retention of third-party data on to the face of the Bill and Amendment 235 seeks to amend the definition of communications data to exclude from it third-party data.
On the acquisition of third-party data, the Bill maintains the existing position under RIPA that public authorities can acquire third-party data where necessary and proportionate to do so. But I want to be clear here—a provider is required to comply with a request for communications data, including a request for third-party data, only where it is reasonably practicable for them to do so. It is absolutely right that, where a communications service provider holds, or is able to obtain, communications data, whether in relation to its own services or those provided by a third party, then the data should be available to public authorities for the statutory purposes in the Bill. Put simply, data that already exist, are already held and which could save a life, convict a criminal, prevent a terrorist attack or provide an alibi, should not be put out of reach of law enforcement based solely on which company it is that holds the information.
Amendment 154 deals with the retention of third-party data. As I am sure the noble Lord knows, this matter was considered in the Commons, where the Government gave a commitment to consider it further. I am grateful to the noble Lord and the noble Baroness for tabling this amendment and giving me an opportunity to update the Committee on those considerations. My right honourable friend the Home Secretary has given a clear commitment that we will not require a telecommunications operator to retain third-party data, and that commitment is given effect to in the Communications Data Draft Code of Practice. However, distilling that commitment into primary legislative drafting is complex. We do not want to include provisions in the Bill that are not entirely clear in scope or which put in place restrictions that are broader, or indeed narrower, than intended. But we have been making good progress and are close to a provision that we think achieves the desired outcome. Of course, we need to test that drafting with operational stakeholders and with those telecommunications operators likely to be affected by the legislation, but we hope to be able to return to this issue on Report.
Finally, on Amendment 235, the principle of what are communications data is clear. Changing that position so that the classification of data changes depending on which provider holds them would no doubt cause confusion among providers as to how the data should be handled. While I understand the concerns around third-party data, and hope that what I have said today lays some of those to rest, amending the definition of communications data is not the right way forward. I invite the noble Lord to withdraw Amendment 116.
I am grateful to the Minister for his explanation and am encouraged by the promise of government amendments on Report. I have to say that I am still a little confused. The former Home Secretary, in her commitment, said that third-party data of telecommunications operators from abroad would not be required to be retained by UK telecoms operators. If the third-party data are of a different UK telecoms operator, surely the Secretary of State can make an order to get the data from that operator. But I will read carefully in Hansard what the Minister has said. As he has made a commitment, we will come back to this on Report. For the moment I beg leave to withdraw the amendment.
My Lords, in moving Amendment 124 I shall speak also to Amendment 127. We consider the requirement for an authorising officer to be independent of the operation or investigation being worked on an important safeguard and intend the exceptions to be drawn as narrowly as possible. That is why we welcomed the Intelligence and Security Committee amendments on this in the House of Commons and why we have tabled these amendments, which fully reflect the substance of the ISC’s intention and more narrowly define the national security exceptions. I beg to move.
My Lords, my noble friend Lady Hamwee and I have Amendment 126 in this group. It attempts to challenge the fact that the size of the relevant public authority, which may make it difficult to find a senior officer independent of the investigation to which the authorisation relates, makes it an exceptional circumstance, which it would be if the Bill is accepted as drafted.
My Lords, Amendment 126, as the noble Lord, Lord Paddick, has just explained, concerns the independence of the authorising officer. As I mentioned a moment ago, the Bill provides for a very limited set of circumstances in which the designated senior officer need not be independent of the investigation or operation; for example, where delays in locating an independent officer may pose a threat to life, or in specific cases where the interests of national security prevent it. As we have heard, the intention behind the amendment is to ensure that an authorising officer is always, without any exceptions, independent of the investigation. I beg the noble Lord’s pardon.
I am grateful to the noble Earl for giving way. We entirely accept that some public authorities will be so small, or some investigations so important, that there cannot be someone independent of the investigation who can give the authority. As the Bill is drafted, however, simply the size of the public authority is seen as an exceptional circumstance. It is not an exceptional circumstance and the amendment attempts to allow the size of the authority to be a reason why an independent senior officer cannot give the authority without making it an exceptional circumstance.
I am very grateful to the noble Lord. He is right: in some small public authorities there will be only a small number of staff sufficiently senior to take on this important responsibility. Where he and I part company is over the question of whether the rank of the designated senior officer should be lowered to ensure that there are sufficient numbers of them to always be independent of the investigation. I do not feel able to agree to that, because to do so would lower the safeguards that form an integral part of the communications data regime. Equally, I am afraid the Government are not prepared to remove these powers from some of the smaller authorities. They may be small, but they often do vital work in keeping the public safe and investigating crime.
I would be happy to discuss this further outside the forum of Committee, if that would help the noble Lord. I understand where he is coming from, but we have a fundamental disagreement of view on this.
I would just add that we do not disagree that a public authority may be so small that there is no independent senior officer who can grant the authority; the problem is whether that situation would amount to an exceptional circumstance. However, I would be very happy to discuss that situation with the noble Earl between now and Report.
My Lords, in moving Amendment 134, which is in my name and that of my noble friend Lady Hamwee, I will also speak to Amendments 135, 142, 144 and 240 and on whether Clauses 63 to 65, relating to filtering arrangements, should stand part of the Bill.
Amendment 134 would amend Clause 63(1) to say that the Secretary of State “may by regulations establish” rather than simply “may establish”. Amendment 240 is consequent on that. Amendment 135 would amend Clause 63(1), so that while the Secretary of State may establish filtering arrangements, she would not “maintain and operate” them herself. In fact, my understanding is that the Government have no idea at this stage who might maintain or operate such arrangements.
I do not intend to speak to Amendment 138, which we will not be moving and do not consider worth debating. Amendment 140 would have added to the duties in connection with the operation of the filtering arrangements—that the Secretary of State shall, in exercising her powers under Clauses 63 to 68, have regard to the general duties in relation to privacy in Clause 2.
To the duty on the Secretary of State to provide a report to the Investigatory Powers Commissioner about the operation of the filter, Amendment 142 adds a duty to lay a report before each House of Parliament about the functioning of the filtering arrangements during the previous year. Amendment 144 requires the Secretary of State immediately to report to the Investigatory Powers Commissioner any processing errors—not just “significant” processing errors—giving rise to a contravention of the requirements of this part.
This feature of the Bill is almost identical to that proposed in the Communications Data Bill. The Joint Committee described it as a government-owned data mining device. I described it on Second Reading as a virtual national database. The noble and learned Lord, Lord Keen of Elie, said that it was not a database. I did not maintain that it was; I said it was a virtual database. My understanding is that this is a search engine that would have real-time direct access to communication databases held by every communication service provider, including, if the Bill is not amended, everyone’s internet connection records.
At the moment, the police and security services, through a single point of contact, make application to communication service providers, which assess the lawfulness of the request and, if satisfied, provide the information. The filter would bypass that important safety check and allow security services to self-authorise access to communication service providers’ data. It would allow complex queries that could provide detailed information about people’s private lives. As the noble Lord, Lord Lucas, said on Second Reading:
“We are producing a resource there that Francis Urquhart would have loved to have his fingers on: absolute knowledge of everyone’s private life”—[Official Report, 27/6/16; col1427.]
The request filter would make life for the police and the security services easier—I say the security services, but I think they have their own systems. Life without the filter would not be impossible for the police, just not easier than it is now. It is therefore not necessary, only desirable and, as such, fails the necessity and proportionality tests for the invasion of privacy.
The Government cannot say what it would look like, where it would be built, who would run it on their behalf or how it would be kept secure. It is a hypothetical virtual database. It would be a dangerous precedent for Parliament to authorise such a device without knowing who would run it and what the security implications would be. I beg to move.
My Lords, I have Amendments 141 and 143 in this group. I very much share the concern of the noble Lord, Lord Paddick, about the request filter. It is an exceptionally powerful system because it will make life so easy. A casual request for data on someone who might possibly be of interest can be done in a moment—you do not have to think about it—rather than tying up resources to such an extent that you probably do not do it.
We are all familiar with the fact that those in the police service are human; doubtless, the people who run this resource will be human. The potential for casual misuse or misuse suborned by journalists will be considerable. On top of that is potential misuse by government. Given that at the moment we do not have an effective Opposition and I suspect that the Bill will effectively pass on the nod, I very much hope that my noble friend will reassure us that not only will there be exact and complete record-keeping for the filter but that those records will be independently inspected, that the results of those inspections will be publicly available and that people who find themselves tied up in nastiness as a result of information which may well have come from the filter will be able to find out whether that has happened.
My Lords, I thank the Minister for his response. We were concerned that the privacy provision in Clause 2(1)(d) states that it relates to the grant, approval or cancellation of an authorisation rather than to the establishment of the filter. However, I accept that the use of the filter is covered by Clause 2. I am also concerned about what the noble and learned Lord said about significant processing errors. If even a minor processing error leads to a contravention of the requirements of this part of the Bill, it could be argued that that is a serious matter, whether the processing error is significant or not. However, at this stage I beg leave to withdraw the amendment.
My Lords, Amendments 146 and 147 in this group are also in my name and the name of my noble friend Lady Hamwee. Much concern has been expressed about the number of public authorities that can intrude into people’s privacy, and as a result, restrictions have been put in the Bill. If the Bill is enacted there will be fewer public bodies with that ability, and that is to be welcomed. We therefore do not think it is right that under Clause 67 the Secretary of State should be allowed by regulation to add a public authority. Amendment 145 would delete this power from Clause 67(2)(a) and Amendment 146 would make a similar change to subsection (3).
Amendment 147 would impose a duty on the Secretary of State to consult representatives of local authorities—for example, the Local Government Association—if she intends to make regulations to change a local authority-designated senior officer to someone of lower office, rank or position, in addition to consulting each of the local authorities concerned, as set out in Clause 69(5). I beg to move.
My Lords, these amendments all concern the public authorities that are able to acquire communications data. I should take this opportunity to mention a document which we published last week and which is available in the Printed Paper Office: Operational Case for the Use of Communications Data by Public Authorities. It sets out why it is essential that the authorities listed in Schedule 4 to the Bill are able to acquire communications data. It is important to recognise that the crimes they investigate are not trivial. They include offences such as bribery and corruption, defrauding vulnerable people of their life savings, stealing sensitive personal information and supplying dangerous counterfeit medicines. That document is pertinent to this group of amendments, because Amendments 145 and 146 would remove the ability of the Secretary of State to add public authorities to Schedule 4 by regulations.
I recognise the well-intentioned purpose of the amendments. However, it is not something that the Government can support because it goes against our stated aim of ensuring that the Bill is future-proofed. Although we have no plans to use the regulation-making power, and, indeed, we think it unlikely that any additional authorities will be identified, it would not be good policy to specifically rule it out. That is because communications data are an essential investigative tool for numerous investigations and they are used by a number of different authorities. As I said, we have published the operational case demonstrating why it is so essential that the authorities listed in Schedule 4 continue to be able to use these powers.
As that operational case demonstrates, the authorities that acquire communications data, including the so-called “minor users”, often do so to investigate serious crime and, in some cases, save lives. Should a new investigative body be established—for example, with a remit to investigate a specific type of serious crime—we would want the flexibility to give it the powers that it needed. Similarly, we need to be able to adapt the list if changes in the roles and responsibilities of public bodies mean that it falls out of date.
Of course, there should be full and proper scrutiny of any decisions to provide powers to an additional body. The Government will consider giving powers only where a public authority can make a robust case and, perhaps more importantly, the Bill allows a public authority to be added to Schedule 4 only under the enhanced affirmative procedure. This procedure requires additional consultation above and beyond the affirmative procedure and ensures that a parliamentary committee is provided with an opportunity to consider the draft regulations.
This power has been considered by the Delegated Powers and Regulatory Reform Committee. In her letter to the Joint Committee that scrutinised the draft Bill, my noble friend Lady Fookes reported that the committee accepted the need for the delegated power and welcomed the strengthening of scrutiny procedures under the Bill. She said that,
“the enhanced affirmative procedure ... provides an appropriate level of Parliamentary scrutiny”.
I hope that that reassures the Committee that sufficient scrutiny is already built into the process to ensure that an additional public authority would be added to Schedule 4 only where it had a robust and compelling need for the powers.
My Lords, I was referring to the procedure relating to the enhanced affirmative process. That procedure is set out in Clause 239 of the Bill. Importantly, it provides for a relevant parliamentary committee to report on the regulations. I do not think that I can be more specific at this stage. The enhanced affirmative procedure has been used in the past, albeit not very frequently, and is there as an additional safeguard. I endorse everything that my noble friend said in support of my remarks. He is absolutely right that we cannot foresee at this stage the need to add to the list, but we must and should provide for the circumstances where that becomes necessary.
I am grateful for the noble Earl’s explanation. The noble Lord, Lord King of Bridgwater, raised this important concern that people have about the range of public authorities that will be able to access this data. There is a real concern that the Secretary of State by regulation can simply add to the list included in the Bill. As a general principle, to have provisions in a Bill in order—to quote the noble Earl —to future-proof it, even if those are unlikely to be used, is not the ideal way forward. However, the enhanced affirmative procedure does give some reassurance on that issue.
On the other matters, I will read carefully what the noble Earl has said, but at this point I beg leave to withdraw the amendment.
My Lords, I rise to speak to Amendment 147A in my name and that of my noble friend Lord Paddick. My noble friend also has Amendment 156A in this group and he will speak to that amendment; I may have something to add on it after he has spoken.
Amendment 147A requires a judicial commissioner to authorise requests to obtain data from internet connection records. As it happens, this is a very hot topic because only this morning an Advocate-General of the European Court of Justice issued his opinion in the case brought by Tom Watson and, before his appointment to the Cabinet, David Davis. Of course this is not the final judgment of the court, but it is usual for it to confirm an Advocate-General’s opinion. This case concerns the Data Retention and Investigatory Powers Act 2014, one of the Acts that this Investigatory Powers Bill seeks to replace.
In particular, the ruling addresses the legality and the safeguards around the speculative retention of communications data. As such, it is of direct relevance to the provisions in this Bill regarding the retention of communications data and the retention of internet connection records. So I have discarded most of my speech and instead I will let the Advocate-General’s words speak for Amendment 147A on my behalf. At paragraph 236 of his ruling he states:
“Lastly, I would add that, from a practical point of view, none of the three parties concerned by a request for access is in a position to carry out an effective review in connection with access to the retained data. Competent law enforcement authorities have every interest in requesting the broadest possible access. Service providers, who will be ignorant of the content of any investigation file, are incapable of checking that requests for access are limited to what is strictly necessary and persons whose data are consulted have no way of knowing that they are under investigation, even if their data is used abusively or unlawfully … Given the nature of the various interests involved, the intervention of an independent body prior to the consultation of retained data, with a view to protecting persons whose data are retained from abusive access by the competent authorities, is to my mind imperative”.
So the Advocate-General is saying that, because the police have a strong interest in the request for the data, and because the service providers cannot judge the merits of the request, and because the subject of the request does not know that it exists, it is imperative, in his words, that an independent body should decide. Incidentally, he goes on to suggest that there could be exceptions in cases of “extreme urgency”.
To my mind, that independent body he speaks of can only be the judicial commissioner, which is precisely what Amendment 147A stipulates. If the Government believe that the independent body could be something other than the judicial commissioner, perhaps the Minister can inform the Committee when he responds, and say how the Government intend to incorporate the Advocate-General’s opinion, should it be confirmed by the court, into this Bill. I beg to move.
My Lords, I wish to speak to Amendment 156A in my name and that of my noble friend Lady Hamwee. Before doing so, I endorse wholeheartedly what my noble friend Lord Strasburger has just said. The decision of the Advocate-General released today appears very much to add considerable weight to the arguments in favour of Amendment 147A.
Amendment 156A is an amendment to Clause 83, headed, “Powers to require retention of certain data”. It would exclude internet connection records from the types of data that telecommunications operators can be required to store, and, as such, would effectively remove the only new provision—the use of internet connection records—from the Bill.
We believe that such an amendment is necessary for several reasons. Internet connection records do not do what the Government claim they do. They do not provide the police and security services with the internet equivalent of the communications data they already have—for example, access to mobile phone provider data. It is far more complex than that. At best, internet connection records provide only details of which communications platforms have been used, most of which are based in the United States.
Whether useful communications data can be accessed depends on voluntary co-operation by the American companies, which is unlikely in all but serious cases—for which there is an alternative. Internet connection records may provide leads, but they are difficult, complex and time-consuming to follow up. They fail the necessity test. The security services—MI5, MI6 and GCHQ—say that they do not need internet connection to be stored by telecommunications operators because they have other ways of securing the data that they need. In serious crime cases, GCHQ can, does and will help law enforcement to secure the communications data that the police need without recourse to internet connection records.
Indeed, there is a co-located joint operations cell in which the National Crime Agency and GCHQ have joined forces to tackle online crime—initially child sexual exploitation, but in the future other online crime as well. This information is in the public domain. At Second Reading, when I suggested that law enforcement could use security service powers instead of ICRs, the Minister said:
“But of course that is neither practical nor effective because many of the powers of the security services produce investigative material that is not admissible as evidence in a court of law”.—[Official Report, 27/6/16; cols. 1459-60.]
It would appear that the National Crime Agency and GCHQ agree with me rather than with the noble and learned Lord. Indeed, case studies that I was shown when I visited GCHQ tend to undermine the Minister’s assertion.
We began Committee stage by looking at RUSI’s 10 principles for the intrusion on privacy. I will quote just one, on “necessity”, which states that,
“there should be no other practicable means of achieving the objective”.
Internet connection records fail the necessity test. The National Crime Agency and GCHQ co-operation shows that there is a practical alternative.
I understand the importance of safeguards, but the noble Lord’s thrust is that he is against the retention of internet connection records in total. He therefore totally disagrees with the impressive Joint Committee of both Houses, which considered the matter at some length. It said:
“We consider that, on balance, there is a case for Internet Connection Records as an important tool for law enforcement”.
Does he disagree?
I am grateful for the chance to clarify my position. That is my position: we disagree with the conclusions of the Joint Committee. We believe, on balance, that the retention of internet connection records is disproportionate and unnecessary.
Technology experts recommend that companies should plan on the basis of their security measures having been breached, not just plan for the security of their databases. This makes highly intrusive personal data potentially available to criminals and hostile foreign powers. If a criminal establishes that a married man is accessing gay websites, or a hostile foreign Government establish that an intelligence officer is accessing lonely hearts websites, that could increase the risk of blackmail or entrapment. Knowing from ICRs when someone is not at home can increase the risk of burglary.
Internet connection records are hugely expensive to analyse and store. Based on estimates from Denmark, where the storage of internet connection records has already been explored extensively, the set-up costs alone in the UK could be around £1 billion. As in the UK, the cost estimates provided by the Government and telecommunications providers in Denmark varied widely. The Government therefore asked independent management consultants to establish the true cost, which confirmed that the telecommunications service providers’ estimates were the correct ones. Extrapolating from the independently verified Danish costs using the relative populations of both countries would take the set-up costs alone for internet connection records in the UK to more than £1 billion.
For those who think that this cannot be right, I should say that 80% of all the data ever created since the beginning of time has been created in the last two years. That is the rate of increase, and, with more and more devices being connected to the internet, such as those controlling our central heating, and with even refrigerators and ovens being connected to the so-called internet of things, the number of internet connection records is set to increase exponentially. Apart from not being able to see communications in among all these other internet connections, the storage costs alone will be enormous.
Taking all these arguments together, the storage of the internet connection records of everyone in the UK for 12 months, whether they are suspected of wrongdoing or not, fails the proportionality test. I quote the RUSI report again, this time on proportionality. It states:
“Intrusion must be judged as proportionate to the advantages gained, not just in cost or resource terms but also through a judgement that the degree of intrusion is matched by the seriousness of the harm to be prevented”.
The advantages gained through the storage of internet connection records are limited, the costs are prohibitive, the degree of intrusion is huge and serious harm can be prevented through other means.
My Lords, the noble Lord, Lord King, touched on the issue of the Joint Committee. It may be useful for your Lordships to hear what it said about ICRs. The noble Lord, Lord King, was quite right in that regard. The Joint Committee said:
“While we recognise that ICRs could prove a desirable tool for law enforcement agencies, the Government must address the significant concerns outlined by our witnesses if their inclusion within the Bill is to command the necessary support”.
The Joint Committee also said:
“We recommend that the definition of Internet Connection Records should be made consistent throughout the Bill and that the Government should give consideration to defining terms such as ‘internet service’ and ‘internet communications service’. We recommend that more effort should be made to reflect not only the policy aims but also the practical realities of how the internet works on a technical level”.
The Joint Committee also recommended that,
“the Government should publish in a Code of Practice alongside the Bill advice on how data controllers should seek to minimise the privacy risks of subject access requests for ICRs under the Data Protection Act 1998”.
The Government accepted the recommendation on a code of practice—and, indeed, on the definitions. However, in general, the majority of members of the committee believed that ICRs are absolutely necessary to protect our citizens and give the security agencies and the law enforcement agencies the tools they need.
My Lords, I was slightly puzzled by the comments from the noble Lord, Lord Paddick, suggesting that the National Crime Agency did not support these powers. The implication was—
I did not say that. Perhaps I can assist the Committee. What I said was that the security services—MI5, MI6 and GCHQ—have told me, in my visits to those agencies, that they do not require the retention of internet connection records for them to carry out their very important work around national security and serious crime. It is not the case, nor did I state, that the National Crime Agency does not support this measure. The National Crime Agency has supported it in its presentations to me. I have been to the National Crime Agency twice, because it failed to convince me the first time, and I am sad to say that it did not convince me the second time either.
I apologise if I misunderstood the reference to GCHQ and the National Crime Agency and the way in which that was phrased. I ought to declare that I am a former non-executive director of the National Crime Agency. I have been very affected in my thinking on this by the extent to which every law enforcement agency that I have spoken to, in particular the National Crime Agency, seems to believe that this is a very necessary power to enable it to have the evidential ability to pursue serious crime. That is where the distinction lies between the intelligence agencies, which are not seeking this as an evidential tool, and the National Crime Agency and other law enforcement bodies, which see it as an evidential necessity. Depending on a relationship between the NCA and GCHQ within the National Crime Agency seems an unlikely way around this. If there is an evidential requirement, we should put that in the Bill and provide it to law enforcement, rather than relying on GCHQ to provide it by some particular piece of machinery within the NCA, because that would not then be available to all those who might need it within law enforcement.
This is also relevant in terms of why, or the extent to which, other countries have not gone down this road. There is plenty of evidence that the United Kingdom has been considerably more successful, particularly in the pursuit and prosecution of paedophile crime online, than a number of other jurisdictions. That is partly because we have provided appropriate powers to law enforcement to be able to pursue this. The UK has been much more successful in terms of prosecution figures for very similar situations to those facing some European countries. We should continue to provide the powers that enable the UK to pursue those sorts of crimes, which are at the moment an absolute wave hitting the law enforcement community. If we do not provide it with the powers, we will leave a situation where very many people who have committed online paedophile crime are not prosecuted. From my point of view, that certainly does not seem a satisfactory way forward.
I am also slightly cautious about the argument that people can always get round this and that anyone applying their best security would not get caught. Almost all investigation, whether intelligence or criminal, relies on those who are criminals or threats to our security not being as good at what they are doing as they hoped. To say that we should not introduce powers because they are not infallible and that if someone applied all security measures they might be able to get around them would mean that we would provide very few powers to either the intelligence services or law enforcement agencies, because someone somewhere might be able to avoid them. Most people, most of the time, do not apply all the security that they could when they are undertaking either national security threats or crime. That is why we can catch them. We should provide as many powers as we can to catch these people before they damage us, and prosecute them afterwards.
I invite the noble Lord to have a little more confidence in the parliamentary procedures in the UK, in the scrutiny that is being given by our institutions to the provisions of the Bill, and even in the Committee procedures of this House. We have looked with care at these matters repeatedly and have come to a view regarding ICRs.
Not just yet. The fact that other jurisdictions may have taken a different view is to be noticed but is not necessarily of any great moment in this context.
I want to deal with the suggestion by the noble Lord, Lord Paddick, that somehow GCHQ could provide the alternative route into all this material, and that somehow the security services would be there at the beck and call of the police authorities in order to in-gather and provide the appropriate information by different means. He asserted that the security services said, “We do not need”. That is far too hard-edged. They have other means but they did not say, “We do not need” in that context.
The noble Lord suggested that I had made an assertion on a previous occasion about the admissibility of certain intelligence acquired by the security services. I did not make an assertion; I made a statement of fact. Intelligence acquired through interception cannot be used as evidence in court. That is the factual position.
This Committee is part of the process of the scrutiny of legislation, and therefore this House should have respect for noble Lords who wish to use it to challenge what the Government are proposing. With regard to the greater success that the UK has had compared with, say, Germany in the prosecution of paedophiles, will the Minister confirm that that is using existing legislation without the use of internet connection records?
On the question of an evidential basis, why, in the operational case for internet connection records, is the need for evidential material not included in any of the examples provided by the National Crime Agency? Why, when I visited the NCA on a couple of occasions, was none of the examples that it gave of a need for evidence that could be presented in court? Indeed, the case studies presented to me at GCHQ confirmed that the work done by GCHQ in conjunction with the NCA was sufficient for the NCA to bring successful prosecutions, notwithstanding that the interception of content is not acceptable in giving evidence in court.
I am most obliged to the noble Lord for his intervention. Of course, I did not accompany him to the NCA, so I do not know what examples he was or was not given, and nor did I prepare or draft the operational examples that he referred to earlier. Of course, there are other means by which evidence may be gathered for the purpose of prosecution, but we are looking to the most effective means of doing this going forward, remembering that people are moving away from telephonic communication—using mobiles and telephone systems—and into the use of internet connection by way of such examples as WhatsApp. Our police forces will be blinded if we allow that development and do not attempt to keep up with such developing technology.
On the question of whether there is an evidential requirement, I note that the noble Lord now acknowledges that there is an evidential requirement in the sense that intelligence gathered by way of interception is not admissible as evidence in court.
The question of the cost of carrying out this exercise was raised. The figure of £1 billion has been put about repeatedly, and the experience in Denmark has been referred to on many occasions. However, one has to look at this from the perspective of the United Kingdom and its approach to this matter. We do not accept the estimate of £1 billion that has been given, and indeed—in response to the inquiry from the right reverend Prelate the Bishop of Chester—the current estimate of costs is about £175 million. Our figures factor in the existing infrastructure and the requirements already placed on individual communications service providers, as well as the technical complexity of their networks in this context.
One has to bear in mind that, for example, the Data Retention and Investigatory Powers Act 2014 and the Counter-Terrorism and Security Act 2015 already provide for the retention of source IP addresses and port numbers, which make up part of an internet connection record. So I cannot accept the assertion from the noble Lord, Lord Strasburger, that none of these records are provided for under existing legislation. Furthermore, the Bill allows the Government to require the retention of communications data, including internet connection records, only when necessary and proportionate. One must not lose sight of that test in this context.
So we consider that a case was made in the reports regarding internet connection records. We entirely agree with the view arrived at by the Joint Committee. The noble Lord, Lord King, has already quoted from its report that,
“on balance, there is a case for Internet Connection Records as an important tool for law enforcement”.
That has been clearly established by the work that has been done. I acknowledge that of course the Committee of this House wishes to scrutinise this legislation, and it is right that it does so, but it is helpful if it does so against the background and with an understanding of the pre-legislative scrutiny that has already taken place, with regard to the three reports and indeed the recommendations of the Joint Committee. So we submit that the ability to require the retention of internet connection records is a fundamental power that will provide substantial benefits to law enforcement and indeed to the security and intelligence agencies. It is in these circumstances that I say that we cannot support Amendment 156A.
I turn for a moment to Amendment 147A, which seeks to require judicial commissioner approval for applications to acquire internet connection records. I hope that I can persuade noble Lords that the amendment is not needed because we already have a stringent authorisation regime in place that protects against the abuse of applications for communications data. Indeed, the noble Lord, Lord Carlile, alluded to the suggestion that somehow our security agencies and police would have such time on their hands that they would simply roam around such communications data for their own amusement. One is entitled, surely, to discount such a proposition.
The Bill contains robust safeguards for every stage of the acquisition of any form of communications data. This includes requiring the use of an expert single point of contact; authorisation by a designated senior officer who is independent of the investigation and who must be of a rank approved by Parliament; comprehensive oversight by the new Investigatory Powers Commissioner; and the new offence of unlawfully acquiring communications data from a telecommunications operator.
On top of those general requirements, there are extra, specific safeguards for the acquisition of internet connection records. So internet connection records will be able to be acquired only if they are needed for one of the four specified investigative purposes—and local authorities, for example, will be barred from acquiring internet connection records in any form. As well as these protections, we have also tabled an amendment that provides for a crime threshold that must be met before internet connection records can be acquired. We addressed this issue earlier. This will prevent their use for low-level crimes.
So while we recognise that there are sensitivities concerning internet connection records, they will, among other things, be fundamental in resolving IP addresses in certain cases. For example, where the telecommunications operator uses technology that allocates the same IP address to a number of different customers, the internet connection record will help to determine the specific individual in whom law enforcement is interested. There has been cross-party agreement that we need to solve the problem of IP address resolution and I cannot see how it would make sense to require judicial authorisation for some types of IP address resolution but not for others, simply because of the technology that a telecommunications operator uses.
If a public authority were considering acquiring internet connection records in a way that was novel or contentious, it would certainly be right for additional safeguards to apply. That is why the draft communications data code of practice requires any novel or contentious application for communications data to be referred to the judicial commissioner. The Government believe that it is absolutely right that novel or contentious cases are referred to the commissioner, but we do not believe that the tried and trusted authorisation system for communications data should be fundamentally changed when there is no evidence that it is not working. Furthermore, none of the three independent reports that we have referred to and which informed the drafting of this Bill—from David Anderson, the ISC and RUSI—suggested or recommended any changes to the authorisation regime for communications data.
Finally, the noble Lord, Lord Strasburger, referred to the recent opinion of the Advocate-General in the case of Watson in the CJEU, which came out this morning. We note what was said in a fairly lengthy opinion. Your Lordships will be aware that that is the opinion of the Advocate-General, not the judgment of the court; a final judgment is anticipated in the autumn of this year. The Government maintain that the existing regime for the acquisition of communications data and the proposals in the Investigatory Powers Bill are compatible with EU law, and clearly it would not be appropriate to comment further while legal proceedings are ongoing. In these circumstances, I invite the noble Lord to withdraw his amendment.
My Lords, perhaps this is a bit of light relief. Clause 77(1) defines what conduct is lawful when it comes to obtaining communications data, and Clause 77(2)(a) goes on to say that someone cannot be sued if what they do,
“is incidental to, or is reasonably undertaken in connection with”,
the lawful conduct defined in subsection (1). So far, so good. Clause 77(2)(b) goes on to say that someone cannot be subject to any civil liability in respect of conduct that,
“is not itself conduct for which an authorisation or warrant … is capable of being granted”,
under various acts set out in subsection (3) and,
“might reasonably have been expected to have been sought in the case in question”.
If I understand this correctly—and I am sure I have not—if that conduct could and should have been authorised but was not, they can be sued, but if it was not something that could or should have been authorised, no civil liability arises. Either that cannot be right, or it is capable of misunderstanding and should be changed. Can the Minister put the provision in plain English? Our amendment is probing to ensure that we know what we are dealing with. I beg to move.
My Lords, the provisions on the lawfulness of conduct authorised by Part 3 replicate those that apply currently in the Regulation of Investigatory Powers Act 2000. As we made clear in response to an identical amendment in the other place, the Bill goes no further as regards providing indemnity from civil liability for conduct that is incidental to, or reasonably undertaken in connection with, a communications data authorisation.
The provision as drafted ensures that a person who engages in conduct only in connection with an authorisation cannot be subject to civil liability unless that activity could itself have been authorised separately under a relevant power. That, we submit, must be right. The amendment would remove that provision entirely, which, in effect, would mean that a person acting lawfully under an authorisation that had properly been granted under the Bill would be at risk of civil liability if some incidental or reasonably connected conduct were not expressly covered by the authorisation.
I notice that it is a probing amendment. In those circumstances, I invite the noble Lord to withdraw it.
I thank the noble and learned Lord for what he has said. However, we tabled this probing amendment in order to understand what the provision means. Unfortunately, simply saying that it replicates legislation that is already on the statute book does not really help our understanding. Perhaps the noble and learned Lord can say whether the provision has been applied in the past under the Regulation of Investigatory Powers Act.
I am not in a position to give a specific answer to that question, but I am content to write to the noble Lord on the point.
I am very grateful to the noble and learned Lord for his promise to write on this issue. My question is genuine. Perhaps it is because I am not a lawyer and my brain is not very big, but I contend that the provision is impenetrable. At this stage, I beg leave to withdraw the amendment.
My Lords, this amendment is one of several in this group in my name and that of my noble friend Lady Hamwee. Amendment 158A probes what is meant by the term “any other information” in terms of the purpose of an equipment interference warrant. Clause 93(2) states that an “equipment interference warrant”,
“requires the person to whom it is addressed to secure interference … for the purpose of obtaining—(a) communications”,
which is defined in Section 126(1); “(b) equipment data”, defined in Section 94; and “(c) any other information”, which is not defined. Can the Minister at least give some examples of what “any other information” means? Amendments 185B and 185C cover the same point in other subsections of Clause 93.
Amendments 158D to 158M and Amendments 169B to 169T make a different point—to try to ensure greater targeting of equipment interference warrants. Clause 95 sets out the subject matter of targeted equipment interference warrants. Clause 95(1)(b) states that the warrant may relate to,
“equipment belonging to, used by or in the possession of a group … who share a common purpose or who carry on, or may carry on, a particular activity”.
Such a broad and potentially large group of people can only in the loosest sense be described as targeted.
Amendment 158J applies the same arguments to targeted examination warrants in Clause 95(2)(b). Similar arguments of not being too broad and not being sufficiently focused apply to Clause 95(1)(f):
“equipment which is being, or may be, used for the purposes of a particular activity or activities of a particular description”.
Instead, Amendment 158H would insert:
“A targeted equipment interference warrant may be issued only if the persons or equipment to which the warrant relates are named or specifically identified using a unique identifier”,
which could, for example, be the IP address for a particular device. Similar wording in Amendment 158M would apply to targeted examination warrants.
It is worth remembering what targeted examination warrants are for. If, as a result of the bulk collection of the content of overseas communications, the security services discover UK-based communications that they want to examine the content of, they must first have a targeted examination warrant. This is to prevent the bulk collection of the content of communications of UK citizens. How then can it be right that such a targeted examination warrant applies to such a broad range of communications as,
“a group of persons who share a common purpose or who carry on, or may carry on, a particular activity”?
If the security services know that the communication is UK-based, they must also know whose communication it is and can therefore specify that in the warrant.
Subsections (1)(g) and (h) and (2)(d) and (e) of Clause 95 make provision for the issuing of targeted equipment interference warrants and targeted examination warrants for the purposes of testing, maintenance of equipment and the training of people. Amendments 158F, 158G, 158K and 158L would leave out those provisions.
In the first Committee sitting we discussed the issuing of interception warrants for the purposes of testing equipment and training agents, and the noble and learned Lord responded to the debate at cols. 105 and 106. In response to the Minister’s explanation, I said that I was still puzzled about training and testing warrants. I accepted that new equipment required testing and individuals needed to be trained in real-life situations but said that I was concerned about who the individuals or organisations were that might be targeted in these training exercises, bearing in mind that the normal provisions regarding proportionality and necessity in terms of suspicions that these individuals were up to no good would presumably not apply in training and testing situations. If they were real bad guys, a non-testing and training warrant could be issued. The noble and learned Lord failed to convince me then, but perhaps he can try again now.
Amendments 169B and 169T make the necessary consequential changes to the requirements that must be met by warrants in terms of the details that must be included in equipment interference warrants. I beg to move.
My Lords, I listened very carefully to the noble Lord, Lord Paddick, and his explanation of his amendments, but I was not at all convinced. If we believe that there is a need for the Bill, which I do, but have reservations about some of the issues around encryption, we have to ensure that the relevant agencies have some tools in their kit box. One of those tools has to be the ability to interfere with or look at the specific equipment. What the noble Lord is trying to do is to restrict the availability of that power to such an extent that it would effectively become almost useless. It would simply be available if you have one named individual. Therefore surely it is right that a significantly broader power should be available to engage here.
The question that the Minister who is going to respond needs to answer is this: how will the test of proportionality be applied in such cases? Presumably it is not proportionate to have such a broad sweep contained within the authorisation that it is inappropriate and overly onerous. The mechanism is therefore this: how is it determined that this is a proportionate and proper use of the power, and can we and the public be reassured that the mechanisms exist to ensure that that proportionality is adhered to?
I am very grateful for the lengthy explanation that the noble and learned Lord has provided. However, I still have questions. One of the examples he gave was to be able to interfere with equipment of a group of people who are accessing a particular website. I guess that you would need to know the IP addresses of the devices that were accessing that website to interfere with them, and that would be within the terms of our amendment. I may have lost concentration, and apologise to the Minister if so, but I cannot remember him addressing targeted examination warrants, where presumably the security services—the only ones who would apply for such a warrant—would know the identity of the people. I am still not clear about the need for thematic targeted examination warrants.
The big question that I have around testing and training is: who are the poor innocent people targeted by the warrants used for testing and training purposes? How is it decided who should be targeted? Will the Minister say what that other information is that needs to be specified in the warrant?
I accept that the withdrawal of these powers would be a mistake but, as the Minister acknowledged to begin with, these are probing amendments. I am grateful for the explanations he has given so far. Perhaps he might write to me to deal with my further and more difficult questions, but at this stage I beg leave to withdraw the amendment.
I shall be happy to write to the noble Lord on the three particular points. I do not think that they were the more difficult questions but they may be the ones that I did not fully answer, and I am content to write to him.
My Lords, while my noble friend searches for his notes, would it be appropriate for me to make my short speech on this matter? No? I was just trying to help.
That gave me sufficient time. I apologise to the Committee; it has been a long day already. My noble friend Lady Hamwee and I also have Amendments 160 and 169A in this group.
Equipment interference can involve hacking into telecommunication systems or a network by deploying software that could compromise the security or integrity of that system or network, making them vulnerable to attack by not only the forces of good but the forces of evil. It can also expose the communications of everyone using that system or network.
Equipment interference can also involve hacking into someone’s phone or computer so that any communication can be seen by the police or the security services, including messages that are end-to-end encrypted. As the noble Lord, Lord Harris of Haringey, mentioned, that is crucial, particularly as more and more communication is encrypted. Basically, anything that the person sees on the screen of their phone or computer and any information contained on the device, the police or the security services can see as well. This may, however, make the device vulnerable to hacking by others.
Amendments 159 and 160 would include in the Bill safeguards to protect systems and networks, reduce collateral intrusion and ensure that critical national infrastructure is safeguarded by requiring those applying for equipment interference warrants to make a detailed assessment of the risks involved. Amendment 169A is intended to require the judicial commissioner who is asked to approve the warrant to also consider an assessment of the risks, although I am not sure that the wording is entirely right for that amendment. I beg to move.
My Lords, the Committee will get a feeling of déjà vu.
I rise to speak to Amendment 159 and others, and start by acknowledging that equipment interference—hacking, in common parlance—with a person’s computer or phone can be justified by known or suspected threats or by an actual incidence of serious crime. However, I still have two concerns. Some types of hacking pose a risk of serious unintended consequences for the target device and collateral damage to devices connected to it or even whole networks, right up to the national level. My other concern is that in the case of hacking by the police rather than by the security agencies there is a danger that a defence lawyer could, rightly or wrongly, claim that vital evidence located on the target device had been tampered with, so putting a successful prosecution at risk.
There are several known examples of large-scale unintended consequences of hacking by the authorities, and no doubt many more that we do not know about. One example is GCHQ’s attack on Belgacom, Belgium’s largest telecoms company, during 2010 and 2011. It involved infiltrating the home computers of several Belgacom staff to acquire their company passwords. Then highly sophisticated malware was installed on Belgacom’s systems to allow GCHQ to acquire large amounts of data. It cost Belgacom many millions of pounds and a lot of time to clean up its systems. Another example is a test by GCHQ that accidentally closed down an entire mobile network in a major city in this country for half a day. So there is a good case for the extra safeguards in Amendments 159 and 160, which are intended to reduce the risk of equipment interference going out of control, and I support them.
On the subject of the danger of allegations, accurate or otherwise, that the police had contaminated evidence in the device that they subjected to equipment interference, I would be interested to hear the Minister’s views. In the Joint Committee, my concerns were brushed aside by the police witnesses, but surely there is a serious danger that the police will be accused of planting, deleting or amending evidence just as they used to be about slipping incriminating evidence into the defendant’s pocket.
My Lords, I hope the noble Lord will accept that, in the context of training and testing, those activities are essential if we are to have fully functioning services. It should not only be current investigations that are used for training as that could jeopardise operations. Current investigations may not give the full range of testing and training opportunities to prepare staff and equipment for all necessary eventualities. I will write to the noble Lord on the precise procedures involved in authorising testing and training as I do not have the information in front of me. However, appropriate safeguards will be built into those procedures.
I come back to the point I was making about these amendments in general. I contend that they are not necessary because the Bill and the draft statutory code of practice already require that the impact on people’s privacy, including in respect of collateral intrusion and cybersecurity, is properly considered in every single case. The draft codes will, of course, also be subject to parliamentary scrutiny and agreement before they come into force. I hope that those remarks are helpful in reassuring the noble Lord and that he will withdraw his amendment.
I thank the Minister for responding to these amendments. I have to say that I am a little sceptical. Yes, of course, as I think he just mentioned, one part of GCHQ is responsible for improving cybersecurity and identifying vulnerabilities around it. However, the role of another part of GCHQ is to breach cybersecurity in order to access information on terrorists’ and serious criminals’ devices. Indeed, when I was at GCHQ it was accepted that there was a tension between the two parts of that organisation as far as that is concerned.
I am also not convinced that it is absolutely clear and obvious in the Bill that there is a need to consider the unintended consequences of damage to networks or devices. I accept what the noble Earl says about collateral intrusion but not in terms of damage to devices or networks. However, at this stage—
Before the noble Lord decides what to do with his amendment, it might be helpful if I amplify my earlier comments. It is perfectly right to say that some equipment interference operations involve taking advantage of weaknesses, generally in how users are interacting with the internet, but sometimes vulnerabilities in the software or hardware themselves. However, I also contend that the use of equipment interference does not in itself create those weaknesses. While the security and intelligence agencies might on occasion—as I say—exploit such capabilities, they are at the same time committed to making the internet as secure as possible. As I mentioned, the security and intelligence agencies regularly highlight such vulnerabilities to industry.
There is a simple point to be made here. To leave targets open to exploitation by others would increase the risk that their privacy would be unnecessarily intruded upon. It would also increase the risk of those who wish to know who our targets are identifying the security and intelligence agencies’ tools and techniques. Therefore, operations must be carried out in such a way as to minimise that risk. I come back to the point I made near the start of my remarks: the purpose of GCHQ is to protect the public in that sense.
I am grateful to the Minister. While there may be a convoluted route to get to what is proposed in these amendments, if it amounts to the same thing and does the same job with regard to protections around ensuring that privacy is not unnecessarily intruded upon, I see no reason why the Government would resist these amendments. However, at this stage, I beg leave to withdraw the amendment.
My Lords, Amendment 176 is in my name and that of my noble friend Lady Hamwee. It would insert an additional clause after Clause 125, giving the Secretary of State power to amend the Police Act 1997 in relation to the authority given to law enforcement to place, use, maintain or retrieve,
“any equipment, apparatus or device which would enable the interception of any communication”,
so that such authority is in line with equivalent warrants under this Bill. The wording does not entirely do its job but it is a start. The intention of the amendment is to draw attention to anomalies in the granting of authority to law enforcement officers to intrude into people’s privacy and the need to bring all law enforcement surveillance authorities up to the same standard, as provided by the majority of the Bill.
The reason for there being no double lock involving a Secretary of State in Clause 100 is that the legislation currently used by law enforcement to carry out equipment interference—the Police Act 1997—does not require authorisation by the Secretary of State. This amendment allows the Secretary of State to amend the Police Act 1997 to ensure that similar authority levels apply across law enforcement and the security services, and to other types of intrusive surveillance not covered by the Bill.
As I have said, the Police Act 1997 is the legislation currently used by the police to conduct equipment interference. As the amendment suggests, the powers in the Police Act allow the police to plant tracking devices in cars, for example, and covert transmitting and recording equipment in people’s homes and offices. Under these current powers, a police chief can, without your knowledge or consent, plant a concealed camera or microphone in your home or office without a warrant, without judicial oversight and with no Secretary of State authority. Not only is that unacceptable, it is inconsistent with the Bill.
Noble Lords will be aware that equipment interference warrants issued to the security services are subject to the so-called double lock—the Secretary of State and the judicial commissioner. Clauses 96 and 97, on the power to issue equipment interference warrants to intelligence services, and Clause 98, on the power to issue equipment interference warrants to the Chief of Defence Intelligence, all require Secretary of State and judicial commissioner double-lock authority. Indeed, noble Lords have argued in previous debates on the Bill—and the Government have not demurred—that it is a constitutional necessity that politicians who can be held to account by Parliament authorise warrants. We disagree but the Government cannot have it both ways.
I am obliged to the noble Lord for his suggestion that this is essentially a probing amendment, which he directs at what he perceives as anomalies in the Bill. For reasons that I shall expand on, those anomalies do not exist.
Amendment 176 seeks to introduce a clause that would enable the Secretary of State to make regulations requiring that the authorisation of property interference under the Police Act 1997, where the purpose is to enable the interception of communications, should be subject to the equivalent approval processes as set out under Part 5 of this Bill, including double-lock review by a judicial commissioner. That is how I understand the amendment and the noble Lord indicates his agreement.
It is worth being clear that interception warrants are not issued under the Police Act 1997, but are currently issued by the Secretary of State under Part 1 of the Regulation of Investigatory Powers Act. However, sometimes it may be necessary for intercepting authorities to carry out property interference to enable interception to take place. In these circumstances, the intercepting authority would need to ensure that appropriate property interference authorisation is obtained in addition to an interception warrant.
Clause 14 will restrict the ability of law enforcement agencies to authorise this type of equipment interference under the Police Act 1997. The restriction will mean that where the purpose of the interference is to enable the acquisition of communications, private information or equipment data, the activity can no longer be authorised under the Police Act 1997. As a result, the amendment in question is not required, as it will not be possible to authorise the type of activity it envisages under the Police Act 1997.
In future, if it is necessary to interfere with property to enable interception to take place, the interference with equipment will need to be authorised under Part 5 of the Bill. The Bill and its associated codes of practice make it clear that an equipment interference warrant cannot authorise activity which would constitute live interception of communication in the course of its transmission. As a result, both an equipment interference warrant and an interception warrant will be required.
In practice, this activity is likely to be authorised as a combined equipment interference and interception warrant. Paragraph 3 of Schedule 8 to the Bill enables the Secretary of State to issue such a combined warrant to the relevant intercepting authorities, such as the NCA. This reflects the fact that the Secretary of State is responsible for issuing targeted interception warrants, and the Bill ensures that combined warrants always default to the most senior level of authorisation. Any such warrant would always also go through the double lock of judicial commissioner authorisation.
I hope that reassures the noble Lord that the amendment is not necessary and I accordingly invite him to withdraw it
I thank the noble and learned Lord for what he has said, but I did ask whether he would be prepared to offer an opinion about the deployment of a covert camera into somebody’s home without the need for either Secretary of State or judicial commissioner approval and what, in the Government’s opinion, is the right level of authority. I accept what he says about an interception warrant being required if equipment interference is for the purpose of intercepting communication. However, if it is for the purpose of observing what is going on inside an office or a home, I do not believe that that amounts to interception of communication as such, even though the people who are present in the room are communicating with each other. I do not think that amounts to interception of communication as intended by the Bill.
The other issue that I was hoping the noble and learned Lord could enlighten the Committee on is that equipment interference warrants issued to the security services require the double lock of the Secretary of State and a judicial commissioner, but equipment interference warrants issued to law enforcement do not require that double lock, because a police chief can self-authorise the issuing of such a warrant to such agencies. We have to bear in mind how intrusive that can be. We have already discussed that the equipment interference may not necessarily be in order to intercept communication, and the noble and learned Lord gave the example earlier of looking for a pornographic image on a computer. Despite what he said, it still seems an anomaly that the security services require a double-lock authority and the police do not.
I am not sure to what extent I can respond before the noble Lord sits down, but let me be clear that I do not accept that there is an anomaly, because we are dealing here with two entirely different circumstances that are not directed to the present amendment. As regards a camera being placed in someone’s room, I undertake to write to the noble Lord on that if that will assist him, although it does not appear to me to assist with this amendment.
I am grateful to the noble and learned Lord, who has all the time in the world to add comments until I finally withdraw the amendment. However, I beg leave to withdraw it at this stage.