Mark Field
Main Page: Mark Field (Conservative - Cities of London and Westminster)Department Debates - View all Mark Field's debates with the Home Office
(10 years ago)
Commons ChamberI am grateful for the right hon. Gentleman’s observations on amendment 5. As with the previous grouping, the amendment was tabled to give us the opportunity to look at the specifics of clause 17 and to understand fully the thinking behind the Minister’s approach. I take on board what the right hon. Gentleman has said, which may be correct, but the amendment allows us to debate what would be disclosed and what information would be available.
I have just bombarded the Minister with a whole range of questions and I know that, as usual, he will be very thorough and go through each in turn. However, I want to turn briefly to new clause 2, which seeks to move on from the retention of data to a review of whether the form of storing the data is allowing the key authorities to access it in a timely manner. I will say, so everyone understands where I am coming from, that this proposal aims to probe the Minister’s argument, and to look at the clause to see what more can be done and whether we need to be aware of any issues for companies.
My concern arises from the police’s apparent problems in pursuing the majority of suspected paedophiles identified through Operation Notarise. My understanding is that Operation Notarise identified between 20,000 and 30,000 individuals whom the communications data suggested were taking part in online abuse. From that, only 700 people have been named, investigated and arrested, so well in excess of 20,000 IP addresses have been identified, but that information has not been translated into named users. At this point, I am not even talking about arrests, but about identifying the users to enable effective safeguarding interventions.
Once a user is identified, even if it is just an address, the police can make several key checks: first, against the police national computer to see if there is a known sex offender living at the address; secondly, against the Disclosure and Barring Service database to identify anyone who might be working with or have access to children; and thirdly, against the Department for Work and Pensions database to see if a child is registered at the property for the purpose of claiming child benefit.
At the moment, the police do not know how many of the people they have identified are known sex offenders working with children or living with children. Most people would see that as unacceptable and would believe there should be a response. This could start with a review of the degree to which the difficulty of linking IP addresses to users is behind the police’s problems with moving this forward.
Finally, I turn to the amendments and new clauses tabled by my hon. Friends the Members for Hayes and Harlington (John McDonnell) and for Islington North (Jeremy Corbyn), and by the hon. Member for Brighton, Pavilion (Caroline Lucas), on the degree to which RIPA is being used to access the records of certain professionals, including journalists. They address a real concern that Members and the general public have about the use of RIPA to access the records particularly of journalists and those in the media.
As the shadow Home Secretary, my right hon. Friend the Member for Normanton, Pontefract and Castleford (Yvette Cooper), has said, this issue has to be addressed. Indeed, a key concession secured by the Opposition during the passage of the DRIP Bill was that a review of RIPA would be conducted by David Anderson QC, the independent reviewer of terrorism legislation, and that it would include the use of RIPA to look at the records of journalists. It is because we have confidence in that review that we do not feel amendment 11 is necessary.
However, that is also why the Opposition have a great deal of sympathy with the aims of new clause 1, which would require a court order before relevant authorities could access communications data that could be covered by a professional duty of confidentiality. The clause does not state whether the role of the court would be simply to ensure that due process is followed, or to apply some test of proportionality or necessity. However, the clause provides for the right of appeal for the individual. That means that an individual would have prior knowledge that their communications data were to be disclosed to law enforcement agencies. It is also important to note that the clause would apply not just to journalists but to doctors, lawyers and others, including Members of Parliament, when a professional duty of confidentiality could be construed.
The hon. Lady referred to journalists, but how broadly would she or her colleagues define “journalists”? We are living in a world of bloggers and of a whole range of individuals who would consider themselves to be part of the media overall, but presumably she would not necessarily want each and every one of those self-professed journalists and bloggers to be caught by these potentially restricting and constricting provisions, essentially watering down elements of RIPA?
I have the disadvantage of speaking first on this group of amendments, and obviously, this is not my amendment, so I am very much looking forward to hearing what the proposers feel would happen. However, the hon. Gentleman raises an important point, because we are not only talking about a limited group of people who describe themselves as journalists and who, in the past, we would have been able to identify clearly. Perhaps the proposers of the amendment would be able to address that when they speak to it.
I want to make a further point about the broad definition of professional duty that concerns me, especially when combined with the right of appeal. As I have said, a large number of professionals have some form of duty of confidentiality, and in many cases it is not clear, particularly when discussing communications data, how that potential duty of confidentiality would be separated from other investigations about which we would not allow the individual to have prior knowledge. There is a clear case for preventing a journalist from being targeted for their sources unless there is an overwhelming need to do so. However, the case is less clear in respect of other professions, particularly as we may be investigating issues involving criminal misconduct. Let me give an example for the Committee to consider: the case of Myles Bradbury, the doctor recently convicted of a string of horrendous sexual assaults of boys in his care. As a doctor, he would potentially have been covered by the new clause, especially in respect of some of his communications, and the Committee would be concerned about that. If he had been alerted to the fact that the police were investigating him, he would have had some time to delete much of the evidence which was then used to lead to his prosecution. I just give that as an example of the care we have to take in considering these matters.
I hope the Minister will respond in detail—I am sure he will—to the issues I have raised on this group, particularly the need for the drafting of clause 17 to be made much clearer so that the general public can be reassured about exactly what it is attempting to do.
The hon. Gentleman has a strange desire, which he has expressed during a previous speech, to extend the debate beyond the bounds of clause 17 and the amendments to it. I do not think we should be drawn into that at the moment, except to make the general point that all processes involving intrusion into people’s private communications should have high levels of justification before they are used at all, and protections should be provided by various safeguards and authorisations. Finding the right balance for different levels of communication is a difficult task, and I expect a great deal of work will need to be done. Most of us in this House, and certainly most in my party, do not want, either by design or accidental discovery, a great deal of personal information about people to get in the hands of the state and its employees without any reasonable justification. On a matter that will be raised when the hon. Member for Hayes and Harlington (John McDonnell) speaks, nor do we want the processes of investigation by journalists to be impaired by a fear that sources will be compromised from the beginning. There are very good reasons for extreme caution in this area, but I believe the Government have exercised that caution and sought to devise a process to deal with a particular and recognisable difficulty.
The right hon. Gentleman is making a perfectly valid point. In the midst of the more hyperbolic phrases that get used, such as “snooper’s charter”, does he recognise that legislation such as this—and further legislation, which will inevitably be required whoever is in government in the years to come—should also be designed to protect the individual? It is not just about the state getting more powers; it is about codifying the rules and protections for the individual. It is very important that we have that in mind when looking at any new legislation that comes into play.
I agree with the hon. Gentleman’s observation, which points to part of the purpose of the process, of which this is only a part. The clauses we are talking about in RIPA—or DRIPA, as it has become known—are the subject of a sunset provision, because significant further review is to take place and new legislation will be required on the outcome of that review. So those who think that detailed discussion of matters that often feel technically beyond us is just an occasional thing in this House will have to recognise that we are going to be coming back to this issue. That does not apply to me, because I do not anticipate being a Member in the next Parliament, having announced that I am going to retire, but Members in the next Parliament will certainly be engaging with these issues.
I simply wished to place on the record that my view—and, I hope, that of my right hon. and hon. Friends—is that the Government have striven hard to find a sensible way to identify the instrument or apparatus that has been the point of communication. In many cases, that will enable them to identify the individual, but I stress that it does not guarantee that, any more than knowing a telephone number guarantees that the person who used the telephone—that instrument from that number—is the person who engaged in the criminal activity. It is more complicated than that, but this provision is a necessary aid to investigations ranging from the activities of paedophiles through to the serious threats we now face.
Had the hon. Gentleman waited a while longer, I was about to say what more could be done. It is right that we have a statutory provision, and, subject to the concerns that my hon. Friend the Member for Kingston upon Hull North highlighted being satisfied, the provisions contained in the Bill are appropriate. However, there is a problem that we cannot resolve within the context of our own domestic legislation. Many of the communications service providers are not based in the UK; they are based mostly in the United States. Increasingly, the Republic of Ireland is seen as a location of choice for some companies. Google and perhaps one other CSP have already relocated there. It is increasingly clear that whatever legislation we put in place, it will not, of itself, be enough to resolve the problem.
Does the right hon. Gentleman also accept that the increased knowledge of the general public and—dare I say it—of individuals who would do us harm about the techniques adopted by the security services and others have also helped to ensure that there is now much more sophisticated encryption in place, which also plays an important part in further reducing our capacity to know precisely what is happening on the internet?
The hon. Gentleman is quite right and he, like me, is a member of the Intelligence and Security Committee. We have good reason to believe that there are any number of encryption packages that can be bought quite openly on the internet. It is a matter not just of the communications service providers encrypting communications that take place but of individuals buying packages that enable them to do that themselves, which makes the situation even more difficult.
What more can we do? It is no use pretending that this problem is unique to the UK; it is a very difficult international problem. I know that the Home Secretary, the Foreign Secretary and others are in constant dialogue with their opposite numbers in the United States, but there needs to be a growing understanding between ourselves and the places where CSPs are located that there cannot be this ungoverned space within which criminal activity can take place unchecked on the basis that it is in another jurisdiction from where it is being perpetrated. That issue can only be properly resolved by states, either bilaterally or multilaterally, agreeing protocols and ways of dealing with these issues. Obviously, it is much more easy to do that with friendly states—states with which we share common values—than it is in some other areas where internet providers might decide to locate because there will not be many controls on them. Clearly, that is another matter that needs to be seriously avoided.
We need to have order in this ungoverned space. I am talking about legal compliance and there not being this free space in which crime, terrorism and other activities can illegally take place. It is also important that the CSPs take a more responsible view of what they are being used for. Like the hon. Member for Cities of London and Westminster (Mark Field), I have seen some CSPs washing their hands of such responsibilities, saying, “That is a matter of jurisdiction. We are not in that jurisdiction so we will comply with the laws where we are.” That might be good for their reputations with their customers, but it is a fairly cynical way of operating. I hope that, through the intervention of our own Government and Governments elsewhere, CSPs can be brought to the view that they should behave responsibly and in such a way that upholds the law right across the world—except in cases where the rule of law does not operate.
Is the right hon. Gentleman happy for me to put it on the record that it is also the case that many CSPs do a very good job of co-operating with the police and law enforcement agencies? Part of the difficulty has been that the revelations of the past 14 or 15 months have exposed what some would call an over-cosy relationship between those service providers and the state. I am talking about not so much here in the UK, but in mainland Europe and the United States of America, and it has been commercially damaging to many of those providers.
As always, the hon. Gentleman makes a good point. Sometimes the difficulty is that the amount of data and communications that providers store means that they are unable to know what is there. Very often, controls are triggered electronically, and so human eyes might not necessarily see the communication that relates to a terrorist plot, organised crime or even, in a hidden corner of it all, some kind of child abuse. Quite often, no human eyes see it, and it may be that only after an event—as in the case of Fusilier Lee Rigby—do people become aware that there was a communication that indicated that someone was about to or was likely to do something, and that knowing about it could have made a difference, as we concluded in our report the other week. Perhaps I have presented too cynical a picture of communications service providers. I know that, on occasion, they do co-operate constructively, but I believe that increasingly we need the space in which they operate to be better regulated, and that requires international controls agreed between responsible allies and CSPs themselves.
I very much agree that we should be proud of the traditions of a free press in this country. The hon. Gentleman has not yet answered on the extent of the definition of journalism. I accept that new clause 1(6) is not exhaustive, but he has not mentioned religious counsellors, whom many would consider to have a similar duty of care. Does the hon. Gentleman have any thoughts on that, though I accept that he has not made an exhaustive list at this stage? [Interruption.]
My right hon. Friend the Member for Knowsley says that my local parish priest rather optimistically describes me as a lapsed Catholic. The secrets of the confessional need to be included; otherwise, there might be an excommunication.
The hon. Member for Cities of London and Westminster (Mark Field) makes a good point about journalism. I would like the definition to be membership of the NUJ, but there you are. These days, I would have the widest interpretation, but if it is to be contested, I would like to see a court make the decision on the basis of the evidence before it.
We have had an interesting and informative debate focusing on the broader aspects of the ability of the law enforcement and intelligence agencies to do their job in a fast-moving environment where technology continues to change, and their ability to continue to protect us in those circumstances. I will argue that we have an eroding capability and although the measure will deal with one element, there is still more that we need to do. That is a point on which my hon. Friend the Member for Skipton and Ripon (Julian Smith) has intervened on other speakers in the debate and he is right to make the point. I will come on to the possible next steps in the context of the various reviews that are taking place.
The gap was highlighted by the right hon. Member for Knowsley (Mr Howarth). I know that his Committee is looking carefully at the issue of privacy versus security. The need to strike a balance between them and some of the issues arising from that have rightly been played out in the context of interception, data retention and communications data. I look forward to the publication of the Committee’s report, which I expect to be extremely informative in this regard.
Without giving a preview of anything in the Committee report, I think it is important, for the benefit of the House and those Members who take the matter very seriously, that we should remember that privacy and security are not a zero sum game. Although my hon. Friend uses the word “balance”, as many of us do from time to time, there is also a sense that these are important safeguards individually and in their own right. One of the broader recommendations that we make from the evidence we took from a wide range of people is that the notion that there is a balance and a zero sum game should be dispelled.
I appreciate the comments of my hon. Friend. As a member of the Intelligence and Security Committee, he will recognise the challenges. He is right to underline the significance and to reiterate what I said on Second Reading—that security and liberty should be mutually reinforcing. His point about it not being a zero sum game is well made.
The hon. Member for Kingston upon Hull North (Diana Johnson), who speaks for the Opposition, identified a list of 10 points, and I will do my best to respond to some of them. The hon. Member for Hayes and Harlington (John McDonnell) underlined the role of sensitive categories of person and additional safeguards that may be provided in respect of them when we consider communications data and the ability of the police to request such data. As my right hon. Friend the Member for Berwick-upon-Tweed (Sir Alan Beith) pointed out, we are looking at metadata—who said what to whom, when and where—rather than the content.
It is clear from the contributions that we have heard that gaps in communications data capability have a serious impact on the ability of law enforcement and intelligence agencies to carry out their functions—the point that was made clearly by the right hon. Member for Knowsley (Mr Howarth) and the shadow Minister. One such gap is internet protocol address resolution. The Data Retention and Investigatory Powers Act 2014 maintained our lawful data retention regime. It did not create any additional powers, nor did it address any of the gaps in capability. To respond to the point made by the hon. Lady, we remain confident about the manner in which it did that in seeking to address the points raised by the European Court of Justice.
Clause 17 amends that Act—DRIPA—to ensure that communications service providers can be required to retain the data necessary to link the unique attributes of an internet connection to the person or device using it at any given time. Every internet user is assigned an IP address to ensure that communications service providers know which data should go to which customer and route it accordingly. Addresses are sometimes assigned to a specific device, such as a broadband router located in a home or within the work environment, but they are usually shared between multiple users—hundreds or even thousands—and allocated automatically by the provider’s systems. Many providers currently have no business reason for keeping a log of who has used each address. It is therefore not always possible for law enforcement agencies accessing the data to identify who was using an IP address at any specific point in time.
The provision would ensure that these data are available to law enforcement. It would improve the ability of the police and other agencies to identify terror suspects who may be communicating with each other via the internet and plotting attacks. It would also help to identify and prosecute paedophiles, organised criminals, cyber-bullies and computer hackers, and to protect vulnerable people. For example, it could be used to identify a child who has threatened over social media to commit suicide. The IP address has direct relevance to all these issues and it is evidence that can be brought before the court. In the context of the previous debate, it is often instrumental in bringing prosecutions. Communications data are used in about 95% of all serious crime prosecutions, so they have a direct utility.
This issue is not going away, and we need to make further changes. I can see the eroding capability of our law enforcement and security agencies. While this plugs an element, there is still more to be done to ensure that our police and security services are able to protect us, and that there is evidence that can be presented in court. On these issues relating to communications data, we are talking about evidence, not merely intelligence. These are hard pieces of information that can be presented in court to secure prosecutions. This is really essential because of the underpinning that it provides to our prosecutorial system.
The Bill does not incorporate provisions on weblogs, but apps and weblogs can be directly instructive in this respect, and the House will need to confront that in, I hope, an informed way. The reviews that the Intelligence and Security Committee and David Anderson are undertaking will inform that debate rather than its being completely informed by belief or emotion, important as those elements are to ensure that it is properly reflective of the view of our communities and the public. We must ensure that the facts are there as we examine the picture, in order to provide the basis for a rational debate when the House considers the legislation it will need to pass before December 2016.
Does my hon. Friend accept that another issue, which was skilfully outlined by the hon. Member for Hayes and Harlington (John McDonnell), is arbitrage, in the sense of authorities being able to choose one piece of legislation rather than another—for example, as he said, RIPA rather than PACE? Given the complications arising from there being more and more legislation in this area, is it not almost essential to move towards a consolidation to ensure that we entirely understand our rights and responsibilities?
I am sure that that issue will be presented in representations made to David Anderson as part of his examination. Clearly, none of us will wish in any way to prejudge the way in which that evidence is presented. He intends to report back by May. That is the right timing to ensure that the new Parliament after the next general election has the benefit of seeing his report, which will have examined these issues in close and careful detail.
The hon. Member for Kingston upon Hull North asked about the role of the interception of communications commissioner. He will oversee the acquisition of data retained under clause 17, just as he oversees the acquisition of all communications data retained under DRIPA. The Home Office will ensure that he has the necessary resources to discharge his function.
The hon. Lady referred to multiple requests for traffic and subscriber data. Public authorities can request communications data only when it is considered necessary and proportionate for one of the purposes set out in DRIPA. A communications service provider could disclose only data that have been requested. It is an operational matter for the public authority as to how it makes such requests for data. Where it holds limited information at the outset of the investigation, it is likely that it will need to make more than one request, which means there may be multiple requests relating to a particular criminal inquiry.
The hon. Lady highlighted the issue of costs. The totals that were put into the impact assessment published alongside the Bill were based on studies of IP resolution conducted by the industry and prior work with service providers and the industry on similar projects. This has been an informed process in which there has been consultation with individual service providers likely to be most affected by the provisions of the Bill.
I am grateful to the hon. Lady for tabling new clause 2 to highlight the oversight of the acquisition of communications data retained under these provisions. The data retention regulations passed earlier this year specifically require communications service providers, subject to a data retention notice, to retain data in such a way as to ensure that they are available without undue delay in response to requests. I assure the Committee that in the vast majority of cases, data retained under this obligation are disclosed in a timely fashion. Of course, things may not always work perfectly, but there are systems in place that seek to resolve such issues should they arise. Indeed, there are industry groups that work on precisely that. The law enforcement community works closely with the communications service providers, and the Home Office seeks to establish the best technical solutions to support that.
The issue that we hear about more often than that highlighted by the hon. Lady is the broader one of key categories of communications data which communication service providers do not currently retain and which are therefore unavailable to the law enforcement and security agencies that require them. The hon. Lady raised the issue of additional regulations. The provision amends the definition of “relevant communications data”. The regulations use that definition, so there is no need to amend further or to put it in other regulations, because the intention is that they will follow the change being made to this Bill.
On deep packet inspection, no solution will provide for the retention of or access to the content of a communication. Obviously, it is for the companies themselves to decide how best to implement the legal requirements that would be put upon them, but I wanted to make that point clear.
On compatibility with the European Court judgment, we are confident that the legislation passed by Parliament this summer, and this Bill, are fully compliant with all relevant legal provisions.
Although I share the Opposition’s wish to see the most efficient and timely provision of data, I do not believe that the special review proposed by new clause 2 is required. Indeed, if there are concerns they can be referred to David Anderson as part of his review. With that assurance, I hope the hon. Lady will be minded to withdraw her amendment.
In new clause 1, the hon. Member for Hayes and Harlington raises the specific and important issue of the position of journalists and others in relation to sensitive provision. He and I debated the issue when the Data Retention and Investigatory Powers Act 2014 made its way through Parliament this summer. Let me be clear that a free press is fundamental to a free society, and the Government are determined that nothing be done to put that at risk. Although most of the focus in the debate has been on journalists, the same issues arise equally in respect of other sensitive occupations, as Members have highlighted. Individuals should be able to speak freely and frankly to their lawyers if we are to have justice in this country. Similarly, patients must be able to speak freely to doctors, and constituents to their Members of Parliament.
I do not believe that anyone would question that those are important principles, but equally I hope that no one would take issue with the proposition that our law enforcement and intelligence agencies need the tools to carry out their vital roles. They carry out a difficult job day in, day out, protecting the public from crime and from terrorism. The Regulation of Investigatory Powers Act 2000 provides a clear legal basis for many of their critical investigative powers, including the acquisition and disclosure of communications data. The current process is clear and accountable and includes a strong and rigorous system of oversight. I have already explained what communications data are, but they do not contain the content of the communication.
I should like to point out that the interception of communications commissioner has said that communications data
“do not contain any details of what was said or written by the sender or the recipient of the communication. As such, the communications data retained by CSPs do not contain any material that may be said to be of professional or legal privilege—the fact that a communication took place does not provide what was discussed or considered or advised.”
The point that the data do not attract any form of legal or professional privilege is important. Nevertheless, the Government recognise that they are sensitive data that need to be protected accordingly.
The process of acquiring communications data requires a designated person—a senior officer of a rank stipulated by Parliament—to examine applications for such data, which can be authorised only when the officer is fully satisfied that it is both necessary and proportionate to acquire those data. The applications are facilitated by individuals known as single points of contact, who are trained in this area and can provide expert advice and support to the designated person.