Lord Rooker
Main Page: Lord Rooker (Labour - Life peer)Department Debates - View all Lord Rooker's debates with the Ministry of Defence
(8 years ago)
Lords ChamberIf my noble friend wants me to be specific, I will, but I was trying not to take up too much time. Let us take the example of a piece of information, given to a security service, that people in possession of a bulk delivery of a certain type of telecommunications equipment, say a phone brand, are involved in the planning of a terrorist event. In order to find out quickly who these people are, the authorities would need to attack the bulk, so as to exclude all people who are not involved in the planned event. This is an absolutely routine technique that is used. I see one or two of my noble friends turning round in surprise. If they are surprised, they have not even read modern spy novels, let alone about the reality of what is being done by intelligence agencies all around the world.
The answer to my noble friend is as simple as that. I will just repeat my question, because I would like him to reply to it in due course. I take it that he has read the code of practice. What is missing from the code of practice that is required in order to provide the protection he wishes for? It is all in the code of practice; it is all in the statute. I apologise for repeating something I said on Monday, but these provisions, as drafted, are a careful and responsible response by a Government who wish to do no more than the state absolutely has to, safely, to protect their citizens.
I will answer that point. The Bill of course is not draconian in any way whatever. It is a modest response to the technology that exists today, and an attempt to look at the technology of tomorrow that we do not know about. That is part of the problem. I regret that I was a bit late and missed the first 20 seconds of the noble Lord’s introduction, so I may have this wrong, but he gave the impression that David Anderson supported his amendment. One only has to go to the report published in August, from which I want to put two sentences on the record. Paragraph 6.16 says:
“There is a clear value in the use of bulk powers to eliminate lines of enquiry, so that resources can be concentrated elsewhere and disruption to the public minimised”.
I do not think we should fetter the security services by this amendment. The other sentence from the report that I want to put on the record is in paragraph 6.47, at point (d):
“Even where alternatives might be available, they are frequently more intrusive than the use of bulk acquisition”.
Most of the bulk acquisition will never, ever be read. The vast majority—99.999%—will never be read or studied by anybody, and it gives a false impression when the noble Lord says that all our telephone calls, internet searches, and web browsing will be read by someone. That is simply not true. What is more, he has been briefed and knows that that is the case. I do not see why the opponents of the Bill, in this House or the other House, should try to give a false impression of what it is trying to do. I hope the noble Lord tests the opinion of the House, because I would like it clearly on the record that he probably has little or no support for his amendment.
I can be brief. I must begin of course by expressing my regret that I do not agree with my noble friend on the Front Bench. There is nothing more insulting than the expression, “If you could only see what passes across my desk, you would take a different view”. I do not use that expression, but I have to admit that I cannot expunge from my memory my experience as a member of the Intelligence and Security Committee and my contact during that period with the security services. Essentially, we are talking about a question of judgment. My judgment is legitimately assisted by the conclusions of the report from Mr David Anderson, who was, a bit like Moses, dispatched up the mountain and told to come back with tablets of stone. In particular he came back with case studies, and I defy anyone to read them and not be persuaded beyond all doubt of the necessity for the powers that we are discussing today. As my noble friend Lord Carlile has pointed out, Mr Anderson reached the proven conclusion of the operational purpose of three powers and made a further case in respect of the fourth.
Sometimes in the course of these deliberations we confine ourselves to the question of terrorism. As has been mentioned, I think in passing, we should always remember that these are powers that are apt to deal with the question of organised crime and, more particularly, in the rather febrile atmosphere that surrounds the matter, the question of child sexual abuse.
Mr Anderson made the observation, which I doubt anyone would wish to challenge, that the pace of technological change is frightening. We all carry a mobile phone in our pockets; if we think of the first one we ever got some 20 years ago and compare it with the capacity of the one that we now have, that is as powerful an illustration of technological change as one could imagine.
I suppose the question may arise as to whether what we are discussing is necessary and proportionate. I respectfully suggest that the nature of the threat—I noticed as soon as I came into the building that the threat level is still severe—and the experience across the Channel, plus the experience of the security services in dealing with plots, argues beyond peradventure that what is proposed here is both necessary and proportionate. For these reasons, I regret I will not be able to follow my noble friend Lord Paddick when he tests the opinion of the House.
I am grateful to the Minister and to other noble Lords who have contributed to this debate. As regards the comments of my noble friend Lord Carlile of Berriew, despite my request that he specifically address the issue of internet connection records, I did not hear him do so. We are not against the bulk acquisition of communications data in general or per se. We oppose only the bulk acquisition of internet connection records as part of those data.
On the question my noble friend Lord Carlile raised about the codes of practice, of course they are comprehensive. However, through this amendment we are trying to prevent internet connection records being acquired in bulk, which is allowed for in the codes of practice.
The noble Lord, Lord Rooker, was of a different opinion from the one that I quoted—that the Bill was draconian. I am grateful to him for giving me the opportunity to emphasise to the House that it was the current Labour shadow Home Secretary, Diane Abbott, who described the Bill as draconian.
I did not suggest in any way that David Anderson agreed with this amendment, or that the lists of everybody’s websites would be read, as the noble Lord, Lord Rooker, suggested.
As regards the comments made by my noble friend Lord Campbell of Pittenweem, he referred to case studies in the David Anderson report on bulk data. I cannot emphasise this enough to noble Lords: internet connection records do not currently exist. The telecommunications companies will have to create them. Therefore any case studies in David Anderson’s report do not relate to the bulk collection of internet connection records. Internet connection records do not exist, so they cannot be collected in bulk at the moment.
I acknowledge the great experience of the noble Lord, Lord King of Bridgwater, and his passion about these issues. He emphasised that everything needs to be done to prevent a terrorist attack, and I agree with him 100%. The point that I made in my opening speech when I quoted David Anderson directly, saying that it was a direct quote from him, was that GCHQ, MI5 and MI6—the agencies responsible for keeping us safe from terrorism—say that they do not need internet connection records. Even the Minister said that at present there is no anticipated need to collect internet connection records to prevent a terrorist attack.
I am very grateful to the right reverend Prelate the Bishop of Chester for saying that we are making a fundamental point here. The difference between today’s debate and Monday’s debate is that requiring individuals’ internet connection records has to be based on reasonable suspicion. Thanks to the intervention of the Labour Front Bench, the level of the seriousness of the crime that needs to be suspected before those records can be handed over is higher than the Government first suggested. However, this power would allow everybody’s internet connection records to be acquired in bulk by the security agencies with no reasonable suspicion at all.
My Lords, Amendments 250A and 251A, in my name and that of my noble friend Lady Hamwee, relate to technical capability notices through which the Secretary of State can require an operator to have a capacity to provide any assistance necessary that might be required to give effect to the powers under the Bill. We have received representations on behalf of operators asking that those notices should be specific about the distinct service or product to which the notice applies, rather than a blanket, “You must have the capability to do anything we may require you to do under the powers contained in legislation”. Amendment 250A is intended to have that effect, while Amendment 251A tries to limit the scope of technical capability notices. The power to issue a technical capability notice applies to any provider capable of being considered a telecommunications provider under the very broad definitions in the Bill. It would not be proportionate or necessary for this power to be so broad. The amendment aims to narrow the definition to exclude services that are not primarily communications services, even when there may be a communications element. Whether the wording of our amendment achieves that is a matter for debate, but that is what is intended. I beg to move.
I can certainly tell the noble Lord that Yahoo! was one of the operators, but I do not have a list to hand.
My Lords, if I could be convinced that the same rules applied everywhere on the globe—because we are talking about a global function—in respect of the rule of law, freedom, transparency and privacy protection, then I might have a bit of sympathy with the business operators, as we will call them.
I had the privilege of being among those serving on the RUSI panel. We had a discussion with the providers, but they did not all want to come and sit round the table at the same time—I recall two or three sessions—because they are competitors. We put it to them—it was not original; it had come up elsewhere—that not one of these companies, whether Apple, Google, Facebook, Twitter, Yahoo or Microsoft, would ever have been able to start what is now their global business in countries such as Russia, Iran and China. Yet they have become global and make enormous profits, although I will not go into the issue of them paying their taxes.
These providers hide behind the fact that the countries where they are able to start and function have the rule of law and are democracies where you can challenge Governments in the courts and get redress, yet they then go and operate in countries where they cannot do that. If they all said, “When we operate in China, we’re going to produce all our phones fully encrypted, exactly as we do for everybody else. The Chinese Government are allowing us to close end to end. They don’t want to know what their citizens are saying”, then fine, but I do not believe that that is the case, and that is part of the problem.
My noble friend Lord Harris touched on the issue of other Governments, but we can legislate only for the UK. I fully understand that, yet half of an email sent from my office upstairs to a colleague here might be split and end up travelling through the rest of Europe or America or half-way round the world. That is how the system works. Just because you are emailing someone in this country from within this country, you cannot guarantee that the entire message will stay in this country while it is being whizzed round the world. The system does not work as I originally thought it did. So we can legislate only for this country and messages get split up around the world.
The fact is that the business plans and business operations of these companies depend on open, transparent and democratic countries with the rule of law, yet they are willing to work in countries where there is no rule of law and where there are corrupt regimes, such as in Russia, or undemocratic regimes, as in China. These are countries with huge populations and the companies can do business there according to a different business plan from the one that applies here. From the point of view of those who are there to protect us, that has to lead to a suspicion that at some point we might need a bit more information than we have and that we might need to ask for that to be provided.
I take second place to no one on the protection of privacy, but the fact is that you cannot discuss this issue just in the context of the UK or Europe; it is global, and the rules do not apply equally across the globe. If we take that on board, I think we ought to have a fair degree of sympathy with how the Government will operate these measures.
I have listened to other people and have read more about this matter since finishing our work on the RUSI panel, and the fact is that there is a great reluctance to have these powers. In a democracy there is an incredible reluctance for private information to be treated in this way, but at the end of the day there will be proportionality and our people will be tested on the need for these powers. One of the raisons d’être of the Bill is to put in second and third checks, so those with the powers will be watched and the watchers will be watched, and that is how we can give the public confidence. I do not think that we ought to write the Bill to suit the business operators’ original business plans, because they are not implementing them on an equal basis across the globe. Therefore, I hope that the Government will reject these amendments.
Before my noble friend sits down, to be honest I think that he has slightly misunderstood the point that has been made. I am not putting this forward because of the business models of particular companies; I am proposing it because of the inherent weakness that could conceivably be created. His argument, if I understood what he just said, is that because Russia or China may require, or may force because the business there is so valuable, a communications service provider to put in one of these back doors, therefore we need to have the same facility. The point is that, because it is a global provision, if a back door is built in—because Russia or China or wherever else has demanded it—then a technical capability notice would operate because the operator would have that existing facility. That is precisely the circumstance in which a technical capability notice could be served. This amendment seeks to exclude a requirement from our Government that it should be created at our behest, which other people would then use.
I take on board what my noble friend is saying. I fully accept the distinction he makes but, basically, although I am a customer of some of these companies, I do not trust them—they will tell us that this has been built in and is secure, but do deals with those other regimes.
My Lords, there have not been very many points in the course of this legislation on which I have agreed with the noble Lord, Lord Strasburger, but on this point I do. Amendment 252A raises a very interesting and important point.
Although I am absolutely in favour, as you would imagine, of the Government having the opportunity to access the communications of anybody who is a threat to us—due to terrorism, criminal activities or anything of that sort—there is a competing national security issue here of this country having effective cybersecurity. We have seen the way in which hostile Governments have been seeking to intervene in the American elections, and we have seen all sorts of attempts by hostile states, criminal groups and others to use cyber weaknesses to take forward hostile agendas. Therefore, there is a genuine national security interest in ensuring that, as far as we can, our citizens can communicate securely and privately when they are not going about mischievous business.
The idea that we should take into consideration the requirement not to place non-targeted customers or others at additional security risk is an entirely legitimate one, and I am very interested to hear how the Minister would want to interpret this. We have competing national security issues here and it is a point well made.