Dr Huppert

- Hansard -

Copy Link

- - Excerpts

There is definitely a strong case for it. I am pleased that those people will appear in public, as there has been a long tradition of reluctance about talking about such issues. A senior Home Office civil servant has even refused to give public evidence at the Home Affairs Committee; that, fortunately, is about to change.

When the Foreign Secretary spoke at the London conference on cyberspace in 2011, he championed freedom of expression and privacy online, and he specifically criticised Governments who incorporate surveillance tools into their internet infrastructure. I agree that that is a problem. He also said at that conference that

“it is increasingly clear that countries with weak cyber defences and capabilities will find themselves exposed over the long term”.

The Foreign Secretary is right. That is why it is a problem when people break encryption systems. If anyone—whether it is the US, the UK or anybody else—puts a back door in an otherwise secure system in order to access it for intelligence purposes, that makes it easier for anybody else to break the protections, whether they are from the intelligence community or cyber-criminals. It makes no sense to argue that we should defend cyber-security and simultaneously be part of the effort to break it. If that means that we can no longer rely on the encryption of financial transactions, for example, that would be catastrophic for the global economy.

Dr Huppert

- Hansard -

Copy Link

- - Excerpts

My hon. Friend makes a helpful point. Of course, I do not have a list of every single intelligence service. The difference is between trying to break encryption after things have been encrypted and trying to break the entire system, leaving a back door open, which fundamentally means that anybody can access it. That is different from brute-force methods or other techniques used.

My hon. Friend makes the good point that this is an international issue. How would we feel if it were not GCHQ or the American National Security Agency but the Chinese who were involved? How would we react if the Chinese admitted that they had been tapping the Prime Minister’s phone? Would we be annoyed and concerned, or would we say, “That’s fine; that’s business as usual”? Clearly, we do not take the situation seriously enough.

For example, we allow the Chinese company Huawei to supply a lot of the equipment that makes up the core of our infrastructure. I suspect that our intelligence agents would not miss the chance to install some equipment if we were given the chance to put in the backbone of the Chinese internet, so we should not assume that the Chinese would miss such an opportunity. That was criticised by the Intelligence and Security Committee, which highlighted the disconnect between the UK’s inward investment policy and its national security. If we can understand it sometimes, we should understand it more broadly.

A change is occurring. Individual surveillance is one thing, but the mass hoovering up of information enabled by new technologies has changed the system completely. It means that suspicion no longer comes first. I think that very few people think it inappropriate to target individuals where there is a serious suspicion of wrongdoing, but in the new approach, we are all suspects whose personal histories can be foraged through if ever there is interest in us later.

The Foreign Secretary spoke at the conference of his passionate conviction that all human rights should carry full force online—not just the right to privacy, but the right to freedom of expression. I agree. How we choose to respond to the challenge will define the age that we live in. As parliamentarians and as Parliament, we must be at the heart of this debate.

In America, Dianne Feinstein, the chair of the Senate Select Committee on Intelligence, has spoken out about the revelations that America has been spying on Angela Merkel in Germany and on 34 other world leaders. She said:

“Congress needs to know exactly what our intelligence community is doing.”

She then said:

“It is abundantly clear that a total review of all intelligence programs is necessary.”

She criticised the fact that her committee was not satisfactorily informed. I have not yet heard the Chair of our Intelligence and Security Committee being so outspoken. Perhaps we will hear from him later in the debate, but would he know whether he was not being told things in the way that Dianne Feinstein was not?

There are differences in the debate between the UK and the USA. The US Constitution and Bill of Rights sets out a contract between the state and its citizens with a bias towards favouring individual liberty and privacy. Perhaps that is one of the reasons why the debate is happening so loudly in the US but not here.

In Germany, too, there is a loud debate. It is deeply concerned about what has happened. It has the history of the Stasi, which operated within the law as it then stood, but well beyond the bounds of morality and ethics. I am sure that no member of our current intelligence agencies would dream of following the Stasi’s lead; I do not suggest that for a moment. Germany is aware of what can happen when such systems go wrong.

Dr Huppert

- Hansard -

Copy Link

- - Excerpts

The hon. Gentleman makes an interesting point, and there are a number of routes to that. For communications data, he will be aware that no warrant is required. He will also be aware that, with the sole exception of evidence collected by local councils under RIPA, there is no judicial oversight of any kind at any stage. I am not aware of exceptions to that, and that is a weakness. There is an internal process—I do not doubt the good intentions of the people who work on this—but there is no independent external oversight from a judicial process, which is what many of us would like to see.

Let me return to the ISC. It works extremely hard, but its reports are redacted by the security services and the Prime Minister, and it is hard to know whether that is done in the interests of national security and not just to avoid embarrassment. Sir Francis Richards, a former senior intelligence official, has said that it is

“not a very good idea”

for an ex-Minister to head it. There is the problem of people being asked to scrutinise the consequences of decisions that they made, and that makes it hard to develop the right sort of relationship.

The ISC is under-resourced and not properly accountable to Parliament. There is a real issue to understanding the detailed technological components of much of this. I am not certain whether there is enough support to ensure that members understand the consequences of fake secure socket layer certificates and how phishing or man-in-the-middle attacks work. I am sure that the right hon. Member for Salford and Eccles (Hazel Blears) will be happy to explain them when she speaks later.

We need better scrutiny generally and not just of the Intelligence and Security Committee. We keep hearing messages about the risk of “going dark”—we heard all about that in relation to the draft Communications Data Bill. It is simply not true. There is far more information available now to the intelligence and security community and to the police than at any time in the past. People now carry mobile phone devices that keep track of where they are almost constantly. I do not blame the agencies. Of course I can see the argument that there will always be for having more information, but we must provide a counterbalance. Dame Stella Rimington, former head of MI5, said:

“It’s very important for our intelligence services to have a kind of oversight which people have confidence in. I think that it may mean it is now the time to look again at the oversight.”

I agree with her.

We have seen further calls for even more information to be collected. The previous Government established the interception modernisation programme to create a vast database designed to log all details of text messages, phone calls and e-mails in the UK. In the interests of cross-party unity, I will not go on about other authoritarian measures: the drive for 90-day detention without charge, ID cards, control orders and allowing people to be forcibly relocated. They are all now things of the past, and I am pleased that that is the case.

Given such concerns, I was pleased with much of the coalition agreement. We Liberal Democrats insisted on a particular element, which was a commitment to ending

“the storage of internet and email records without good reason”.

That was accepted by both parts of the coalition. I am not sure whether the Home Secretary saw that, because she then pushed ahead with the draft Communications Data Bill, which would have required the storing of e-mail and internet records for everybody, which blows a hole through the idea of “without good reason”. It was envisaged that an extra £1.8 billion would be spent over 10 years to keep those extra records. That would have allowed the Home Secretary to require internet service providers to keep track of every website that everyone in the country goes to—everything that we do on Facebook or Google—with a huge growth in surveillance.

Dr Huppert

- Hansard -

Copy Link

- - Excerpts

I want to make a little more progress. I am sure Members will want to speak later.

The Deputy Prime Minister insisted that the draft Bill be scrutinised, and the Joint Committee that did so produced a damning report. It stated that the Bill paid

“insufficient attention to the duty to respect the right to privacy, and goes much further than it need or should for the purpose of providing necessary and justifiable official access to communications data.”

The report was a unanimous cross-House report, which described information provided by the Home Office as “fanciful and misleading”. I am pleased to say that that Bill is now dead.

We said that the information was misleading before we knew that the intelligence and security services already had access to much of the information that they claimed was missing. To quote the Chair of the Joint Committee, the former Conservative Home Office Minister, Lord Blencathra:

“Some people were very economical with the actuality. I think we would have regarded this as highly, highly relevant. I personally am annoyed we were not given this information.”

The Home Office needs to be clear with Parliament when asking for new powers.

Even our current laws are incredibly broad. Although we have very welcome reassurances from the Foreign Secretary that the agencies stick to the law—I absolutely credit that—the law is vague and broad. Section 94 of the Telecommunications Act 1984, for example, allows secret directions

“of a general character”

that are

“in the interests of national security or relations with the government of a country or territory outside the United Kingdom.”

So if the US asks for something, we are supposed to provide it. The information does not have to be provided to Parliament, and it gags whoever the directions are served on.

When the Joint Committee looked at this, we had to admit that we could not find any information about how the power was being used. There was no ability to have any oversight. RIPA has drawn lots of criticism for its widespread use. It was originally introduced to take account of technological change, but it is so broad that it led to serious abuses of privacy. It allowed council officials to put children and their parents under surveillance at home and in their daily movements to find out whether they lived in a particular school catchment area. Most of us would not think that that was in the same vein as counter-terrorism. That is clearly disproportionate.

So what now? Before we even consider new powers, whether explicitly granted or acquired through new technology, we need a pause. We need a proper and full investigation into the powers already available to the intelligence and security services, and it has to be done competently and with an element of independence. We should commission independent, post-legislative scrutiny of both RIPA and the Intelligence Services Act 1994, and other related legislation, to see how they interact with each other. We would then have a clear, open understanding of where we stand now.

As Lord Carlile, the former independent reviewer of terrorism legislation said:

“the current legislation, including the Regulation of Investigatory Powers Act 2000, should be re-examined and rewritten to fit the current situation.”

That is not a radical suggestion. In the US, the Obama Administration have realised that proper and competent oversight is needed, and he has established the Privacy and Civil Liberties Oversight Board, which includes those within the Washington system and those outside it. It includes people with experience of working for not-for-profit organisations. It is citizen engagement and shows trust. We could follow that model and create such a board.

We could do much more to fix the loss of trust and confidence. We could publish, as happens in the US, the legal opinions used to underpin the surveillance framework. We could provide a clearer account of such expenditure and lift the legal restrictions on British companies publishing transparency reports about the requests that they receive. We should proactively publish information about the surveillance requests made: in bulk, the broad purpose, with no identifying details.

In the long term, we should look at signing up to the international principles on the application of human rights to communications surveillance. The 13 principles are legality, legitimate aim, necessity, adequacy, proportionality, competent judicial authority, due process, transparency, public oversight, integrity of communications, safeguards for international co-operation and safeguards against illegitimate access.

We should absolutely defend the right of our intelligence and security services to go after the bad guys, to use the powers that they have to protect us and make the UK and the world a safer place. However, it should not be at a disproportionate cost to the liberty and privacy that form the very foundations of our society.

The work that our intelligence and security services carry out on behalf of us all is valued and important, but we should not give them carte blanche. We would not want that. We need to have an open debate about what the rules are, what is acceptable and what we consider goes too far. It has taken us too long to get into this debate, but now that we are here, with so many right hon. and hon. Members, I hope we are now firmly here to stay in this discussion.

Mr Tom Watson (West Bromwich East) (Lab)

- Hansard -

Copy Link

- - Excerpts

Information can be the most powerful thing in the world. It has changed everything more quickly and universally than ever before. The internet is all about information. The power of the internet is the power of information. Data can do almost anything. That is why it is so important that they do not end up in the wrong hands, and so important that our data, which we as individuals own, and which are our stake in the data galaxy, just as our vote is our stake in our democracy, are not unnecessarily taken without our consent.

I ask colleagues to remember in the rest of this debate that an individual’s data are just like his or her vote: almost insignificant by itself, privately expressed; but massively powerful when aggregated. We should no more unnecessarily tamper with our citizens’ data than we should impede their ability to vote. The capacity to deduce human behaviour and activity in the modern world of big data is impacting on our daily lives, from insurance premiums and health prevention through to online advertising and traffic management. Corporations are crunching data to learn about the way we live our lives.

At the heart of this cross-party debate today is GCHQ’s own big data programme—Tempora—and its impact on our citizens’ fundamental rights. It is a new and profoundly challenging issue for policy makers. We have to answer questions about the nature, scale and depth of surveillance that should be tolerated in our democracy. My concern about this area of public policy in the UK is that the question has not yet been put. We have avoided discussing this matter in all but whispered tones, while the legislatures of the US, Brazil and Europe have been rocked by the Snowden revelations. Yet in the UK, the main parties have paid scant attention to the issue.

The problem is this: the GCHQ Tempora programme has been mining our internet communications data without public knowledge on a colossal scale. There has been little public and parliamentary debate about whether that conforms to article 8 of the European convention on human rights, which protects the right to private and family life and correspondence. Nor has there been sufficient public or parliamentary debate on whether RIPA legally permits the mass collection of our citizens’ internet data.

Mr Watson

- Hansard -

Copy Link

- - Excerpts

I can’t. I have no time.

Nor has there been sufficient public or parliamentary debate on whether Tempora is authorised by any other pieces of legislation. In fact, we only know of the existence of the Tempora programme because of the actions of Edward Snowden and The Guardian newspaper. I think that they have acted courageously in the public interest to uncover and reveal a secret Government programme that has gained access to the private communications of millions of individuals without their knowledge. A brave whistleblower and a courageous newspaper have enabled us only now to start to have a full and proper debate about whether such surveillance is proportionate and, indeed, legal under our existing legislation, treaties and agreements. That is the secret state laid bare: the Government acting without the knowledge or permission of their citizens, which is a flagrant breach of individuals’ moral and, probably, legal rights, for what they believe is the common good. Just like when they take away the votes of the misguided, the common good is not a defence. Our basic rights as individuals have to be sacrosanct.

Let us be clear. If the Minister is telling us that the law permits such fundamental abuse of liberty, the law is wrong and must be changed. I suspect that he may point to section 16 of RIPA to suggest that the Tempora programme is legal. Interpreting that section requires the unravelling of a triple-nested inversion of meanings across six cross-referenced subsections linked to a dozen other cross-linked definitions, which are all dependent on a highly ambiguous “notwithstanding.” The section is probably the single most confusing and complex drafting ever put on the statute book, and I have heard that a former GCHQ director said it was drafted in that way intentionally; it is what a computer programme would call “spaghetti code.” There is not a snowball’s chance on a hot day in Strasbourg that the section would pass the tests of foreseeability and quality of law required by the European convention on human rights. The UK already lost a critical test of the case on those grounds in 2008. One thing is abundantly clear: they are not extra safeguards, as is falsely claimed in the section heading; they are intended to allow GCHQ to trawl inside the UK, as Lord Lucas observed in another place on 12 July 2000.

This week we saw a major shift in the policy of the United States when the chair of the Senate intelligence committee, Dianne Feinstein, criticised the National Security Agency’s monitoring of the calls of world leaders. She said:

“With respect to NSA collection of intelligence on leaders of US allies—including France, Spain, Mexico…—let me state unequivocally: I am totally opposed.”

I am sure that the Prime Minister will be relieved that his phone is not the subject of surveillance by an ally, but is the Deputy Prime Minister exempt from surveillance? Will the Minister or Members who have put their necks on the block by taking part in this debate be exempt? What about their researchers or families? The assurance is not good enough for me.

We know that the “five eyes” co-operate closely and that UK data are available to the USA. Can the Minister give us any reassurance today that UK phone records are not routinely handed en masse by companies to GCHQ and, by implication, to the NSA? We know that basic internet logs are also held by Virgin, Sky, BT, TalkTalk and other internet service providers. Will the Government reassure us that those data are not routinely handed over in bulk to British intelligence and the NSA?

Parliament has a right to know what records are handed over and why. Yesterday, The Washington Post claimed that the NSA and GCHQ were tapping into the fibre-optic cables used to supply the data centres of Google and Yahoo! To achieve that, the telecoms companies that provide infrastructure to those organisations had to have knowledge of, and probably collaborated with, the procedure. Was any member of the UK Government aware of that facility?

To make it clear, The Washington Post is saying that telecoms companies have been illicitly aiding the security services to tap into data being processed by internet companies with which they have a commercial relationship. Those telecoms companies, which are the backbone of this wonderful thing called the internet that has allowed two decades of free expression and creativity to explode into the lives of our citizens, have been operating in the shadows to allow our security services to tap all of it.

The security services have clearly made the trade-off that the intelligence obtained is worth the invasion of privacy. They are judged on the quality of the intelligence they obtain and little else. Of course they are going to make that trade-off 100% of the time. I want to know whether the telecoms companies have voluntarily entered into that agreement, or whether they have been obliged to do so under UK or US law.

Before I conclude, I draw the Minister’s attention to a submission to the Select Committee on Defence—I draw hon. Members’ attention to my entry in the register—by the all-party group on drones, which I chair. The submission examines the idea of citizenship stripping in detail. The Bureau of Investigative Journalism has highlighted the uneasy relationship between the deprivation of citizenship, intelligence sharing with the US and the targeting of former British citizens in drone strikes in Somalia.

The concern is that citizenship may remove one obstacle to information sharing for the purposes of targeting British people. In particular, one former UK citizen, Berjawi, was targeted immediately following a telephone call to his wife in London, who had just given birth and was recovering in hospital. Perhaps unsurprisingly, the family allege that Berjawi and his wife’s mobile telephones were tapped and location data were shared with the CIA to target him.

David Omand, the ex-head of GCHQ, in his submission to the Select Committee on Home Affairs wrote about the likely intensification of tension between nations that unilaterally defend their interests with military means, including targeted killings, and those that seek collective security under international human rights law. He mentioned the “ethically ambiguous” position of the British public because they had benefited from the US drone programme, even though it would not be permitted in the UK. That cannot be right. The British public would surely be alarmed to hear that data collected in the UK might end up being used to implement the US targeted killing programme described as a “war crime” by Amnesty International.

I have other questions, but I must wrap up now.

John McDonnell

- Hansard -

Copy Link

- - Excerpts

Would the hon. Gentleman be surprised at this morning’s reports that the Pope was bugged as well? Is that a venial or a mortal sin?

Mr Winnick

- Hansard -

Copy Link

- - Excerpts

Does the hon. Gentleman recollect what happened in the 1970s, when Daniel Ellsberg released papers relating to the Vietnam war? He was described as a traitor at the time by some in the United States—certainly in the Nixon Administration—but he is now considered to be a hero who did a great service for his country.