All 3 Lord Strasburger contributions to the Investigatory Powers Act 2016

Read Bill Ministerial Extracts

Mon 17th Oct 2016
Investigatory Powers Bill
Lords Chamber

Report: 2nd sitting (Hansard - part one): House of Lords & Report: 2nd sitting (Hansard - part one): House of Lords
Wed 19th Oct 2016
Investigatory Powers Bill
Lords Chamber

Report: 3rd sitting (Hansard): House of Lords & Report: 3rd sitting (Hansard): House of Lords
Wed 2nd Nov 2016
Investigatory Powers Bill
Lords Chamber

Ping Pong (Hansard): House of Lords & Ping Pong (Hansard): House of Lords

Investigatory Powers Bill Debate

Full Debate: Read Full Debate
Department: Ministry of Defence

Investigatory Powers Bill

Lord Strasburger Excerpts
Report: 2nd sitting (Hansard - part one): House of Lords
Monday 17th October 2016

(8 years, 1 month ago)

Lords Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 62-III Third marshalled list for Report (PDF, 153KB) - (17 Oct 2016)
Lord Carlile of Berriew Portrait Lord Carlile of Berriew (LD)
- Hansard - - - Excerpts

My Lords, I regret that I cannot support my noble friends’ attempts to remove these clauses from the Bill. I say with great respect to them that it is a misconceived attempt and displays a misunderstanding of what the authorities do, have done and can do. In my judgment, for what it is worth, the removal of these clauses would reduce the capacity of the authorities legitimately to interdict what could be extremely serious crime and catch those guilty of it.

We have heard terms such as “limitless”, “monster” and “unfettered”. At the risk of repeating what has been said earlier on Report, it is grossly exaggerated to suggest that unfettered, monstrous or limitless power is being given to the authorities. There can never have been a Bill on subjects such as these that has had so many fetters on the authorities and that has placed so many limits on what they can do. Indeed, if it has created a monster at all, it is a monster of regulation, not of unregulated activity.

I saw a briefing on these amendments earlier today. They are founded on the proposition that the authorities—the police and the security services—have the time to go on fishing expeditions. If that is what is being said, I can think of at least two kinds of fishing expedition. One is the sort of fishing expedition where you stick a worm on the end of a line and dangle it into water not believing that there is anything in there, and the other involves casting a sprat to catch a mackerel. If there is a fishing expedition here, it is the kind in which the authorities would know that there is very likely to be a mackerel beneath the water into which they cast their well-fattened sprat.

These amendments would inhibit current practice in the courts and in investigations. I can think of two murder cases in which I appeared as leading counsel—one as a prosecutor, the other as a defender—in which a conviction resulted from exactly the kind of activity being permitted in the Bill. In each case, it is certainly possible—I do not want to exaggerate—that there would have been no conviction if not for the availability of this kind of activity. At the time of each of those cases, the activity was nothing like as well-controlled or scrutinised as is proposed in the Bill. The sort of activity that I am describing can and has been used to catch murderers, paedophiles and money launderers as well as terrorists. It is a necessary tool of a responsible state.

The issue is whether the Bill allows this information to be obtained in a responsible way by the state. I believe the Government have gone a very long way to ensure that everybody can be confident that in future such material will be obtained by a responsible state and that these clauses are a necessary part of that activity.

Lord Strasburger Portrait Lord Strasburger (LD)
- Hansard - -

My Lords, I rise to speak to Amendments 100C, 100D and 100E which have been very ably explained by my noble friend Lord Paddick.

When vague and non-specific legislation comes before us, it is perhaps because its authors are unable to be more precise because they have not thought it through or because they choose to not share the details with us. Whichever reason applies in the case of the request filter, there is no doubt that Clauses 64, 65 and 66 are notable more for what they do not say than for what they do. Despite the best efforts of both the Joint Committees on which I had the privilege of sitting—the one on this Bill and the one that examined the draft Communications Data Bill in 2012, in which the request filter first appeared—we are none the wiser about the request filter architecture, how it will work, who will develop it and who will operate it.

We have only to look at an obscure section in an elderly piece of legislation—the Telecommunications Act 1984—to see how overbroad drafting can lead to unintended consequences. Years ago, Section 94 of that Act was used by the Home Office secretly to create a brand new, highly intrusive power—namely, bulk acquisition of communications data—which the Government, to their credit, are now bringing in from the cold in this Bill. For a long time, however, the existence and use of this power carried on without the approval, or even the knowledge, of Parliament. Quite by chance, just a few hours ago, the Investigatory Powers Tribunal ruled that this very powerful secret power of bulk acquisition of communications data, which was created out of that vague section in the Telecommunications Act 1984, has been used illegally by the intelligence and security services for 10 years. We must guard against carelessly passing clauses so vague as to be open to misuse.

--- Later in debate ---
Lord Harris of Haringey Portrait Lord Harris of Haringey (Lab)
- Hansard - - - Excerpts

My Lords, I am sure that the entire House is grateful to the noble Lord, Lord Paddick, for giving us a comprehensive list of ways in which we can try to keep our communications secret and away from prying eyes. I am sure that every Member of the House is grateful for that tutorial, but the noble Lord does rather elide the question of those people who perhaps have not had the benefit of his tutorial. I realise that the whole world of terrorism and organised crime is listening with intent to every word that he says on these matters, but there will be such. He gave a specific example, saying that communications data in the past would have demonstrated that X had contact at a travel agent. When I book train tickets, I usually do not use WhatsApp or a VPN—I simply go online and connect to the relevant train company. So if somebody wanted to find out whether I had been booking a train ticket, my internet connection record would provide that information. I therefore do not quite understand the argument that, because there are ways that you can avoid the state knowing what you have done if you are really determined, you should therefore prevent it knowing what you have done if you are not really determined.

My understanding is that not all terrorists and not all organised criminals are terribly good with this stuff—that they make mistakes—so the horrifying consequences that the noble Lord describes therefore might not actually occur, and instead, a lot of very nasty people will be caught, because they do not have the noble Lord’s encyclopaedic grasp of ways of keeping communications secret.

Lord Strasburger Portrait Lord Strasburger
- Hansard - -

Amendment 118A seeks to prevent the creation and collection of internet connection records. My noble friend Lord Paddick has explained why ICRs are of little security value, and that they would be very difficult and expensive to collect and make use of. The only democracy to try was Denmark, which gave up after years of fruitless effort. It tried again at the beginning of this year with a project almost identical to the one planned by the Home Office, but quickly abandoned it when independent auditors confirmed that it would be prohibitively expensive.

I wish to draw the House’s attention to two other serious drawbacks that would arise from creating and storing internet connection records. The first is the serious impact on the privacy of every user of the internet in this country. We must remember that internet connection records do not currently exist, and until quite recently—say, 25 years ago—all the electronic data that would have to be collected together to create ICRs did not exist, either. In those days, our private interactions with those close to us left no trace. A conversation over lunch, a cash purchase at a shop, a visit to a library to do some research, attendance at a political meeting, a romantic assignation—all left no record of having happened. They were ephemeral. What happened between your four walls was between you and your God.

Fast forward to today, and we find that all the interactions I have just mentioned now leave an electronic trail behind them. A combination of credit card records, location services on our phones, our emails and text messages and records of every website we visit will give the whole game away—including the identity of whom we met at our assignation. If internet connection records are created and kept by our service provider, all these electronic trails will be available to hundreds of public authorities, not just the police and security services, on demand and simply by self-authorisation.

The Government have given this data the name “internet connection records”, which is technically accurate, but what they really are is private activity records: a log of everything we do and when and where we do it. The problem is not that the surveillance can occur at all, but that it happens indiscriminately to all of us, all the time. My second topic is the ironic fact that ICRs will actually reduce our security, rather than improve it, because of the virtual certainty of thefts of some of that private and personal data about every internet user in the country. If you do not believe me, consider just a few of the thousands—and I mean thousands—of recent data thefts from high-security establishments. I mentioned in Committee that SWIFT, the fulcrum of the global financial payments system, has had $81 million stolen from it by hackers. Last week, it emerged that it has been penetrated a second time. A gang of five eastern Europeans is believed to be behind the theft of 3 billion sets of customer data worldwide from many of the world’s leading tech companies, including the data of 500 million Yahoo! customers. As I mentioned earlier, powerful hacking tools belonging to the NSA, the American equivalent of GCHQ, suddenly appeared on the internet in August having been stolen from it, and two Israelis and an American stole 100 million people’s records from 12 US financial institutions. Those are just a few examples—as I say, there are many more—of thefts from sites which, dare I say it, were seemingly far more secure than those of UK service providers.

Internet connection records, or private activity records, will be stolen and the consequences will range from embarrassment to blackmail and fraud for the unfortunate victims. In the case of people in positions of responsibility, including government officials, the consequences could be catastrophic. Far from making us safer, ICRs would compromise our security and, as I have explained, seriously intrude on our citizens’ privacy. We should have nothing to do with them.

Baroness Harding of Winscombe Portrait Baroness Harding of Winscombe
- Hansard - - - Excerpts

My Lords, I rise to speak against this amendment. As the chief executive of a telecoms company, I clearly cannot profess a lack of understanding of the technology. I am a little confused by noble Lords’ concern that internet connection records can be got round and are not perfect because telephony is exactly the same. If I make a telephone call and am really smart, I know how to make sure that you do not know what number or where in the world I am calling from. Without needing to be that smart, I can buy a temporary SIM card and throw the phone away as soon as I have made the call. Organised crime and nation states have been able to use plenty of ways to obfuscate the existing ability for us to track telephony. That does not mean we think it a bad idea to be able to track people’s telephone calls.

I argue that exactly the same is true of internet connection records and their use by law enforcement agencies. It would not be perfect; no piece of technology ever is. It needs very careful scrutiny, which the Bill has had in both Houses. But I want to live in not just a civilised physical world but a civilised digital world, and when all our law enforcement agencies say that their ability to hunt down criminals is seriously hampered by the world moving to the digital space, we should take that very seriously and make sure that we arm them with the best possible tools. I believe that access to internet connection records is practically possible and desirable to create a civilised digital world.

Investigatory Powers Bill Debate

Full Debate: Read Full Debate
Department: Ministry of Defence

Investigatory Powers Bill

Lord Strasburger Excerpts
Report: 3rd sitting (Hansard): House of Lords
Wednesday 19th October 2016

(8 years, 1 month ago)

Lords Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 62-III Third marshalled list for Report (PDF, 153KB) - (17 Oct 2016)
Lord Paddick Portrait Lord Paddick
- Hansard - - - Excerpts

My Lords, I will speak to our Amendments 252 to 254 and the other amendments in this group. To save the noble Lord, Lord Rooker, having to get to his feet, this one is from Apple.

As the noble Lord, Lord Harris of Haringey, just outlined, it is essential that end-to-end encryption is not compromised by technical capability notices. I anticipate that the Minister might say that Clause 231(3)(c) covers this in that it would not be technically feasible for the operator to remove electronic protection of this nature, but we support this amendment and believe that it needs to be explicit in the Bill. However, we do not believe that this amendment covers other forms of encryption. Our Amendment 252 is intended to protect UK operators from the real or perceived disadvantage they would be placed under if technical capability notices required them to make modifications that would make their product or service less secure than overseas operators, who may not be subject to or may refuse to comply with a similar technical capability notice.

Similarly, Amendment 253 is intended to prevent a technical capability notice stopping UK operators from innovating to improve the levels of security or encryption provided by their products and services in a way that would disadvantage them against overseas operators, which may not be subject to or refuse to comply with a similar technical capability notice.

Amendment 254 is intended to deal with the criticism of our amendment in Committee by the Minister, who said that he believed that it,

“would remove the Government’s ability to give a technical capability notice to telecommunications operators requiring them to remove encryption from the communications of criminals, terrorists and foreign spies”.—[Official Report, 13/7/16; cols. 272-73.]

This new amendment makes it clear that technical assistance can be given to enable interpretation and deciphering provided that it does not open the door to unauthorised access to encrypted materials by criminals, terrorists and foreign spies—essentially, what the noble Lord, Lord Harris, just said.

Amendment 252A, in the name of my noble friend Lord Strasburger, is an attempt to combine all the other amendments in this group into a much better-worded amendment. I look forward to hearing from him why this might be the case.

Lord Strasburger Portrait Lord Strasburger (LD)
- Hansard - -

My Lords, I shall rise to that opportunity. Amendment 251, in the name of the noble Lord, Lord Harris, and my noble friends Lord Paddick and Lady Hamwee, addresses one particular kind of encryption—namely end-to-end encryption—and it is very good as far as it goes, which is end-to-end encryption. My own Amendment 252A is also in this group and is complementary to Amendment 251. It is, in my humble opinion, a neater way of dealing with encryption that is not end-to-end encrypted than the combination of the other amendments in this group: Amendments 252, 253 and 254. It is an alternative to them.

We have been around the block many times on the subject of encryption in the context of Clauses 229 to 231. It has come up several times in our debates on the Bill, as well as in questions in this House and in the Joint Committee on the Bill. Yet we are no closer to a clear and unambiguous understanding of the Government’s position on this vital issue, as the noble Lord, Lord Harris, has so eloquently said.

It might help if we start from common ground. I doubt that any noble Lord, myself included, would deny the authorities the option of requiring an operator to decrypt a communication where: the operator already possesses the capability to do so; the sender or receiver of the communication is genuinely suspected of committing or planning a serious crime; and the appropriate process has been followed and the action has been judged necessary and proportionate by a judicial commissioner. I do not think that anybody would argue about that.

I believe there is more common ground. Ministers have repeatedly confirmed that the Government fully accept that many uses of the internet that are now an essential part of everyday life, both for individuals and for large organisations, cannot possibly continue to happen without the security provided by unbreakable encryption.

If we take those two points as read, we are left with two questions about what happens if the operator is not able to decrypt the communication. The first is: should the Secretary of State be able to force an operator to redesign its product so that in future its encryption has a weakness that permits the operator, or perhaps GCHQ, to read a suspect’s messages? The other question is: should the Secretary of State have the power to prevent an operator introducing new or modified encryption services which neither the authorities nor the operator can break? The answer to both those questions is an unequivocal, “No, the Secretary of State should not have those powers”, and noble Lords will be hard pressed to find a single cryptography specialist who has a different view. If the Government concur, as I hope they do, they should have no problem accepting Amendments 251 and 252A, which would remove the ambiguity in the current drafting.

--- Later in debate ---
So for all the reasons I have outlined, these amendments are unnecessary and in some cases dangerous. They would undermine the important principle that there should be no guaranteed safe spaces online for terrorists and criminals to communicate. I hope that the noble Lord opposite is sufficiently reassured by what I have said to withdraw his amendment.
Lord Strasburger Portrait Lord Strasburger
- Hansard - -

My Lords, if the noble Earl is so confident that none of the unintended consequences listed in Amendment 252A can occur, and that the Government do not want them to occur, what is his objection to putting them into the Bill?

Earl Howe Portrait Earl Howe
- Hansard - - - Excerpts

We already have a wide range of safeguards which I have listed. I do not see that it is necessary to go down the road the noble Lord is advocating because of the dangers that I have pointed out. These amendments would create safe spaces which I am sure that neither he nor any noble Lord would desire to occur.

Investigatory Powers Bill Debate

Full Debate: Read Full Debate
Department: Ministry of Defence

Investigatory Powers Bill

Lord Strasburger Excerpts
Ping Pong (Hansard): House of Lords
Wednesday 2nd November 2016

(8 years, 1 month ago)

Lords Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 68-I Marshalled list for consideration of Commons reasons (PDF, 78KB) - (1 Nov 2016)
Earl Howe Portrait Earl Howe
- Hansard - - - Excerpts

My Lords, I first say to those who have supported the amendments in the name of the noble Baroness that I acknowledge the strength of feeling in the House on this emotive issue. As I said in my opening remarks, the Government know how important these matters are to everybody. We need a robust and workable system for media self-regulation, and resolving that is in everybody’s interest. However, I am afraid that I remain of the opinion that the Bill is not the means to achieve that. Of course I agree with the noble Lord, Lord Paddick, that the noble Baroness’s amendments are procedurally in order; that has never been in question. However, first, the scope of the Bill means it cannot do this subject justice. The amendments we are considering today concern only interception of communications and would not necessarily sit well with whatever broader solution is to follow. Secondly, and more importantly, the public consultation which the Secretary of State for Culture, Media and Sport announced yesterday provides a means for a reasoned, informed and considered public debate—

Lord Strasburger Portrait Lord Strasburger (LD)
- Hansard - -

I thank the noble Earl for giving way. I would like to share with him a direct quotation from one of the six members of the Leveson inquiry—someone with whom I spoke this morning. He said, “The consultation announced this week is just a shabby stunt, probably concocted by Paul Dacre, to defer the betrayal of the victims of press abuse—past and future—until this Bill has been safely put to bed”. I would like to offer the noble Earl an opportunity to refute that charge.

Earl Howe Portrait Earl Howe
- Hansard - - - Excerpts

My Lords, I repudiate it completely. The Government have been clear about the timescale of the consultation and have committed to respond in a timely manner. We are taking this matter with proper seriousness. It is important that everyone has an opportunity to take on board and reflect on the changes that have occurred in the years since Lord Justice Leveson made his recommendations. I say again to the noble Lord, Lord Paddick—