Investigatory Powers Bill
Debate between Mark Spencer and Nick Clegg(8 years, 6 months ago)
Commons ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Mr Nick Clegg (Sheffield, Hallam) (LD)
I associate myself with the remarks by the Home Secretary and others, and join in sending heartfelt condolences to the family and friends of the prison officer who tragically lost his life in Northern Ireland.
I shall start with the positive. Of course, my colleagues and I acknowledge that this Bill represents progress in some important respects. It is far more comprehensive than any previous piece of legislation and now covers all the powers that were previously unavowed. It contains important improvements in oversight and accountability, and compared with its predecessor, RIPA, it is easier to understand. However, as the Home Secretary, who alas has just departed, will know, she and I discussed the Bill yesterday. I am not a supporter of it, not for technical reasons but for reasons of principle, which I will come to. We feel that her Department has not responded in full to the criticisms of the three parliamentary Committees and that the Bill is, therefore, not yet in a fit state.
There are many problems, but I would like to highlight two in particular. First, as the former Attorney General, the right hon. and learned Member for Beaconsfield (Mr Grieve), said, the Intelligence and Security Committee was heavily critical of the way in which privacy protections were articulated in the draft Bill. In responding to the ISC’s request for a new part dedicated wholly to privacy, the Government have in effect done little more than change one word in a title. They have demonstrated precisely the point that the Committee made when it described the privacy protections in the Bill as an “add-on”.
I share the Committee’s concerns. The powers authorised by this Bill are formidable and capable of misuse. In the absence of a written constitution, it is only the subjective tests of necessity and proportionality that stand in the way of that misuse. The Bill should be far, far more explicit than it currently is that these powers are the exception from standing principles of privacy and must never become the norm.
The Home Office appears, unfortunately, to be institutionally insensitive to the importance that should be attached to privacy. A Department that cared about privacy would offer more than a one-word response to the ISC. A Department that cared about privacy would not have quietly shelved the privacy and civil liberties board, which this House voted to establish just last year. A Department that cared about privacy would have examined more proportionate alternatives to storing every click on every device of every citizen, instead of leaping to the most intrusive solution available.
Mark Spencer
What would the right hon. Gentleman say about privacy when it came to a victim of child abuse who was unable to find the perpetrator because of some of the restrictions he wants to put in the Bill?
Mr Clegg
As I know from my time in government, one of the greatest tools in going after precisely the perpetrators of such heinous crimes is matching the devices they use to them through IP addresses. That is why we passed legislation—the unfortunately acronymed DRIPA—which is being challenged in court by other Members of this House right now. It is also why, as I will explain in a minute, there are much more effective ways of achieving that objective than having a great dragnet, which is being advocated in the Bill.
Internet connection records, or ICRs, are my principal concern. We have been here so many times before—in 2008, 2009 and 2012. I cannot think of another proposal in Whitehall that has been so consistently championed, not, I should stress, by the police and the intelligence services, whose punctiliousness, scrupulousness and expertise I admire as much as anyone else, but by the Home Office, despite its failing to convince successive Governments. That is not the way that policy ought to be made.
The Home Secretary said that ICRs are significantly different from weblogs. The only differences that I can see are the exclusion of third-party data, welcome though that is, and the addition of some restrictions on the purposes for which the data can be accessed, although I note that some of those restrictions have now been relaxed again in clause 54 of the new Bill.
In terms of collection and retention, the scheme is the same—the name might be different, but the scheme is the same. Service providers will be required to keep records of every communication that takes place on their networks, and of potentially every click and swipe where there is an exchange of data between someone’s device and a remote server, for 12 months. It is the equivalent to someone in the days of steaming open letters keeping every front cover of every envelope from across the whole country stored in some great warehouse somewhere for 12 full months. It did not happen then, and it should not happen now.
The implication of this is very big indeed: it is that the Government believe, as a matter of principle, that every innocent act of communication online must leave a trace for future possible interrogation by the state. No other country in the world feels the need to do this, apart from Russia. Denmark tried something similar, as was referred to earlier, but abandoned it because the authorities were drowning, of course, in useless data, as they would have drowned in useless envelopes many years ago if they had tried this then. Australia considered it, but the police themselves said it was disproportionate. Many European countries, interestingly, have recently gone exactly the other way, relinquishing data retention powers following the ruling of the European Court of Justice in the so-called Digital Rights Ireland case in 2014.
At the request of David Anderson, QC, the Home Office has produced a so-called operational case for internet connection records, which we can all read. I would suggest that students of politics and government would do well to study that document, which is a model exercise in retro-fitting evidence to a predetermined policy. Naturally, it sets out how these data could be useful to the police and intelligence agencies. What it does not do, but should do, is to start from the operational need, where a lack of data is obstructing criminal investigations, and explore different options for meeting that need, while balancing the twin requirements of security and privacy.
It is simply false to claim that this dragnet approach is the only way to provide the Government with better tools to go after criminals and terrorists online. For example, as I said earlier, we could incentivise companies to move to the new industry standard for IP addresses at a much faster rate. That might sound terribly technical, but it is important, because our doing so would, at a stroke, go a long way towards solving the key problem of how to tie IP addresses on individual devices to suspects, which is one of the principal purposes of this Bill.
During my time in government, I saw very little sign that the Home Office had devoted any serious consideration to alternatives to ICRs. As the operational case illustrates, that is because this is a case not of evidence-based policy but of policy-based evidence. On top of that, we still do not know how it will actually work and how it would be defined. The Internet Services Providers Association states in its briefing for this debate:
“In its attempt to future-proof the Bill, the Home Office has opted to define many of the key areas in such a way that our members”—
these are the experts—
“still find it difficult to understand what the implications would be for them.”
The costs of ICRs are also unclear. The Government’s estimate is just over £170 million over 10 years, but the Internet Services Providers Association says that it does “not recognise” that figure, and BT has said that it believes the costs will be significantly higher.
Internet connection records are at the heart of this Bill. They are not just a technicality: they are principally at the heart of what information is stored on all of us for long periods by the Government in our name. This dragnet approach will put us completely out of step with the international community, there are practical problems with the proposal, and the terms used in the Bill are still unclear. That is why I urge Members in all parts of the House to scrutinise properly this far-reaching and poorly evidenced proposal, and to withhold parliamentary consent for such a sweeping power until the questions that I and others have raised are properly addressed.