Read Bill Ministerial Extracts
Scott Mann
Main Page: Scott Mann (Conservative - North Cornwall)Department Debates - View all Scott Mann's debates with the Home Office
(2 years, 4 months ago)
Public Bill CommitteesWe will now hear oral evidence from Jonathan Hall QC, independent reviewer of terrorism legislation. Before calling the first Member to ask questions, I should like to remind all Members that questions should be limited to matters within the scope of the Bill, and that we must stick to the timings in the programme motion that the Committee has agreed. For this panel we have until 12 noon. Could you please introduce yourself for the record?
Jonathan Hall: My name is Jonathan Hall and I am the independent reviewer of terrorism legislation, a position that I have held since 2019.
Q
Do you agree that utilising the tools made available in the Bill will enhance our ability to deal with the current threats, and give us the flexibility to respond to the changing threat landscape?
Jonathan Hall: Yes, the measures in part 1 and part 2—I will talk about part 3 at some later stage—contain tools that are necessary. I am not a state threats specialist—I am terrorism specialist—but I have had a chance to interrogate officials, and it is clear that there are determined and well-resourced adversaries who will not be put off by a knock on the door to say, “We know what you are up to.” The agencies and the police need measures to prosecute and PIMs—prevention and investigation measures—which are special measures.
Q
Jonathan Hall: There are two things. First, the official who chairs the review group meetings, which are to decide whether to submit to the Secretary of State that a measure ought to be imposed, or the group which reviews whether they remain necessary and proportionate, needs to be really strong. This is what I have witnessed, I am glad to say, with terrorism prevention and investigation measures. That official has to be able to really hold the agencies in particular to account, and really test and probe what they are saying, both about the intelligence that is being given to the review group and about whether the measures remain appropriate. The first message from the TPIMs is that you need to have a strong chair of the TPIM review group, or the equivalent, the PIMs review group.
The second thing is that one of the experiences from TPIMs is that it is really difficult with connectedness. People who are under those measures can become very isolated, and I think that officials have struggled with whether to allow those people to have smartphones or access to the internet. These days it is very difficult to function as a normal member of society unless you have access to those. One of the lessons that will be learned from TPIMs is how to try to square the circle to ensure that people cannot do bad communications but while also allowing them to function normally in the world with access to normal communications technology.
Q
Jonathan Hall: First, it is being able to go to the room where it happens—the meetings where these decisions are taken. When I review TPIMs, I have a completely free hand. I am able to interrogate officials and able to see whatever I want. That is really important. I am not just looking at judgments in courts, or just reading documents; I am actually there able to interrogate, test and challenge. That is what I do. Also, I think it is important that Parliament and the public have a sense of what is going on. Regrettably, because legal aid has not been made available in all cases for TPIMs, there are now fewer court cases, so general information about how this important but serious power is being exercised is relatively cut off. The independent reviewer can provide a lot of transparency about how it is operating.
Q
Jonathan Hall: It has been tentatively mentioned. Obviously, because the legislation has not been passed, I have not been formally asked whether I would do it, but it has been tentatively asked. My answer is that I think it actually is quite a good fit for the reviewer’s job, and I think it probably is right that the person who does the independent review of terrorism legislation should also do the state threats legislation. The reason is that this new legislation is really modelled on terrorism legislation. In crude terms, the concept of the foreign power condition sits in place of the purposes or acts of terrorism, and then there is the same framework in terms of very strong arrest power, detention up to 14 days, strong powers of cordons and search and investigations, and, of course, the PIMs. There are so many learning points between the two regimes that it does make sense.
Q
Sir Alex Younger: Hello, my name is Alex Younger and I was chief of SIS from 2014 to 2020.
Professor Sir David Omand: I am David Omand. I am currently at the King’s College London war studies department as a professor. My previous career in the civil service involved being director of GCHQ, permanent secretary of the Home Office and UK security and intelligence co-ordinator.
Q
Sir Alex Younger: Yes. That is a huge question. To keep it brief, though, I think the predominant fact that developed during my career was the erosion of boundaries. When I started, the difference between peace and war, domestic and international, covert and overt, and virtual and real was reasonably clear, and we were organised along those boundaries. The threats that eventuated most powerfully were the ones that recognised that those boundaries had eroded and crossed them. What I would call grey threats eventuated and often presented us with real challenges, particularly when actors or states felt themselves at war with us and we did not feel ourselves at war with them, for good reason.
My career saw less emphasis on conventional threats and more on grey space. Most of my career was devoted to counter-terrorism, which was the dominant example, but subsequently we saw state actors working in sub-threshold space—operations short of conventional war—to harm us. That is broadly the situation we are in now, even if we have a very 20th-century example of conflict happening on our continent.
Q
Sir Alex Younger: It has risen. During my career, we were broadly in a situation where we had to focus on state threats or terrorist threats. I think that all of us, societally, were hubristically convinced of the end of history and the fact that liberal democracy had triumphed. Perhaps another answer to your earlier question is that that was demonstrated to be false. In fact, we are in a geopolitically contested world, just as we always were. That led to the increasing dominance of the state threat over time as the world diverged ideologically. Of course, with Russia and the UK specifically, we had some really acute examples of that, in terms of services demonstrating complete contempt for us and our democracy by attempting to murder people on our soil. In a sense, that got us, particularly in the national security community, to the hard truth quicker than many.
Q
Sir Alex Younger: I think it is pressing, not least because, as I have said, many of the threats are ambiguous. This legislation, in seeking to dispel ambiguity—daylight is the best disinfectant—has my support. The reality is that the act of using deception on behalf of a foreign power to undermine our democracy, cause our citizens harm, sap our strategic advantage and undermine our economic advantage is essentially not criminalised at the moment, and that is odd. As you would expect, our adversaries have tonnes of legislation outlawing spying. That is what they do; it is part of how they engineer unity. There is a sense of an external and pernicious threat.
I am more struck by the fact that many of our allies, particularly in the Five Eyes, have seen fit, for many years in some cases, to have such measures in place. To that extent, I regard them as basically uncontentious and overdue. If I may be permitted a professional observation as someone who has worked in this area for 30 years, they will definitely make it harder for people who mean us harm to operate, in a way that they would not like and the public would like.
Q
Sir Alex Younger: Yes.
Q
Sir Alex Younger: First of all, I think it is a good idea, fundamentally, to require people to say if they are acting on behalf of a foreign power. I am supportive of that because I know how difficult it makes it for people intent on conducting operations against us to operate, and makes it much easier to prove. I am therefore instinctively supportive of that, and of a register, and I think that we should get on with that. I have talked to the Government about that; they are understandably cautious, given all the unintended consequences attached to it, and the fact that our adversaries use those techniques in a way that lacks good faith and is malicious. However, fundamentally, I am supportive of it.
I have to be honest; I am more ambivalent about the idea of distinguishing between nations. My view of legislation generally, but particularly when it comes to technology, is that it is a mistake to write things to the current circumstances. It is much better to write things to the principles that you are seeking to employ. I am not a lawyer or a member of the Government, but my recommendation would be that we go for a principles-based approach in so far as we can.
Q
Professor Sir David Omand: Probably not, but on the other hand you have to balance that against the risk that legislation would inadvertently catch, for example, academic activity in think-tanks. Alex Younger has referred to transparency and covertness. Where a foreign power is taking covert acts and dirty tricks in order to access our institutions, think-tanks and universities, that would be criminalised by the Bill.
Where a member of the embassy of any foreign state represented here attends, quite openly, think-tank meetings and so on—everybody knows who they are and they know they are on the guest list—that does not pose a direct harm. It would be a mistake to start to try to confuse those categories too much. However, what it comes down to is that this is a probabilistic business; this is doing things that increase the chances that we all protect the citizens and the interests of the state. This Bill alone is not going to prevent states from attempting harm against us, and it probably will not catch all those harms either, but it is a good start.
Q
Professor Sir David Omand: Well, there is a lot in the Bill. The move away from having to identify states as enemies, for example. States have interests of their own and they will promote those interests. If they are doing so openly through diplomatic and academic means, that is one thing, but if they are doing it, as some are, covertly, then although you might not categorise them as enemies, they are none the less conducting themselves in a way that causes harm. That is one of the examples where I think the Bill takes a more up-to-date view. It is not just nations with which we are at war or potentially could be at war.
Q
Paddy McGuinness: My name is Paddy McGuiness, and I am currently an adviser with a critical issues firm called Brunswick Group. I was previously a national security official, latterly as the deputy national security adviser for intelligence, security and resilience in the Cabinet Office from 2014 to 2018. In that role, I oversaw hazards and threats affecting the UK homeland, including some aspects of counter-terrorism, alongside Sir Alex, and cyber-security programmes, offensive and defensive. I began the work on hostile states, and I also dealt with questions of broader resilience to natural hazard. For much of that time, I was also the Government’s chief security officer, overseeing matters of vetting, classification, investigation, and disciplinary and criminal proceedings to protect classified information.
Q
Paddy McGuinness: I really welcome the way you framed that question, because when I thought to myself, “What am I going to say in front of this Committee?” that was absolutely at the centre of it. As the representative, in a policy sense, of the intelligence agency—Sir Alex and the others—and as a person trying to practise Government security and see through disciplinary and sometimes criminal investigations around compromise of classified material, my lived experience was that our legislation and regulations were, frankly, a Potemkin front, and that behind them there was not very much.
I would move in public or speak to Members of Parliament and Ministers, and they would say, “Ah, we have got the Official Secrets Act. We have got this and that,” and they would look at the terrorism powers, which Jonathan Hall described so fully, and the way they interplay with the powers proposed in the Bill, and they would assume we have similar powers, but as you see we had almost nothing. Where there were powers, very few of them crossed the serious crime threshold to engage the full range of intrusive investigative techniques and police time to pursue them. That was very disturbing at a time, certainly when I was deputy National Security Adviser and previously, when the impact on the digital age, as described by Sir David and Sir Alex, came to the fore, and when many states were messing, within the United Kingdom, with our institutions, corporate life and communities, over which they thought they had some share because those people came from that country of origin.
The answer is that I was left very disturbed. That is why under the coalition Government, the Cameron Administration and the May Administration—I left during that—I was, if you like, an apolitical advocate of new powers to shore up what was a weakness or shortfall in our national security capability.
Q
Paddy McGuinness: Yes, and this is illustrative. In the other areas, as Sir Alex described and did fantastic service in countering terrorism, we have not had as much terrorist pressure on our societies and values as there might have been, because of the suppressive effect we have been able to have with our partners. That is because we had capabilities and powers. In the case of hostile state threats, we have some capabilities but perhaps not enough powers, and that is true in cyber. So we have left in front of people who wish to have purchase over our decision making, or to be able to influence us or possibly attack us, free space.
Inevitably, we concentrate on those that are most egregious. Sir David referred to the Lazarus Group in North Korea, and we might look at Iranian behaviours. Indeed, we might look at Russian or Chinese behaviours, particularly around intellectual property and technology, which are all very serious, but I refer you to the number of advanced persistent threats that are now listed because that gives you a description of the number of states that, unconstrained, are beginning to use these techniques for their policy purposes, whatever they are.
For me, almost the best example of this was in the covid pandemic, when there were intrusions and potentially damaging activity in the networks of international healthcare organisations that we needed to help us deal with the pandemic, such as the World Health Organisation. The APT—advanced persistent threat—identified was Vietnamese. I refer you to that list. We do not need to ask any former official to breach the confidentiality of high classification material to know that many states act in this space, and they have clear space in front of them in the cyber domain and in some of the techniques that are countered by the Bill.
National Security Bill (Second sitting) Debate
Full Debate: Read Full DebateScott Mann
Main Page: Scott Mann (Conservative - North Cornwall)Department Debates - View all Scott Mann's debates with the Home Office
(2 years, 4 months ago)
Public Bill CommitteesQ
Sam Armstrong: My fundamental answer is yes. There are a number of good powers in the Bill. It does not address every issue that some of our allies have wrestled with, but in so far as there are powers in it, all of them are in my view good and helpful powers, which will greatly aid the security services in their important work keeping us all safe.
Carl Miller: I will restrict myself from any broad observations and will keep to the one area that I actually know something about, which is to do with information warfare and influence operations, especially over the internet and social media, and how that might impact things. In so far as that is the case—I am sure we will dig into this more in a second—I do not see the Bill as doing any harm. In fact, strangely, as a centre-left think-tank, we have long been calling for more direct state activity in this area. We have deferred far too much and far too often to the tech giants to try to sort these kinds of problems out for us. My fear, though, is about how the Bill will be enforced and deployed. I do not think that in and of itself, as it stands, it alone will be enough to secure—digitally secure—elections and quite a lot of other important moments, themes and aspects of life against the kinds of online influence that we have seen.
Q
Carl Miller: If there is one thing to take away from any of my evidence it is probably this: we have completely misconceived—the Bill slightly, but generally in Government at the moment—the problem as one of disinformation. The problem is not overwhelmingly or primarily one of disinformation. When we pull apart these campaigns, ones that we know or highly suspect of being in one way or another sponsored or driven by, or of having interacted with, a foreign, usually autocratic state, we notice that disinformation is only one of a whole array of different methods that can be used to influence people. You can paint an extremely distorted picture of the world simply by amplifying some truths over others.
If we look at what is happening in Ukraine at the moment, it is as much about “Putin riding bear” memes as it is about explicit disinformation. Much of this interacts at the level of identity, belonging, kinship, friendship, reasons for getting up in the morning and the problems that people see in the world—hugely subtle. Even at the level of lying, it is less to do with the overt falsehood circulating on the internet and much more to do with the harnessing of false identities and false reasons for being involved in debates. I tend to view this as the emergence of a kind of shadowy tradecraft. It is one that can wrap together, yes, some disinformation, but also some black-hat search engine manipulation, the harnessing of outrage, things to do with identity, as I have been saying, and humour and comedy—all that is influential in different ways.
The way we often set up this problem is through a hyper-rationalist idea that there is this thing called disinformation that propagates online, people lacking digital literacy believe it, and that influences their behaviour and attitudes. I will shut up in a second. I rarely interview people, but I have interviewed some of the perpetrators that actually do these operations and they tell me one thing, time and time again. They say, “Carl, we don’t lie about the world to get people to change their minds. We tell people things they already think are true about the world and then guide that in a particular direction.”
The current influence operation in Ukraine is a brilliant example of that. What we are seeing is Russia or pro-invasion-linked influence operations targeting the global south, trying to portray the invasion as essentially being an anti-colonial gesture and tapping into deep-seated anti-western and anti-colonial attitudes within the audiences they are addressing.
Q
Sam Armstrong: Yes. In a sense, the threat is changing less so than our recognition of the change. Increasingly, we are waking up to the threat of the more all-encompassing nature of interference launched or directed by branches of the Chinese Communist party. Unlike traditional Russian or Soviet Union espionage, this is not 100 or 200 individuals in the UK at any time running a network of agents in a very organised way. This is something more full-throated and all-encompassing—they call it the united front—in which people who would not ordinarily be, or who would not see themselves as being, operatives of a foreign intelligence state are being brought into it or are acting in it.
In addition, the nature of the way that we have woken up to this threat means that there are individuals acting on behalf of the Chinese state quite explicitly and openly who are also employed concurrently, and declaredly so, by public authorities in the United Kingdom, most particularly at British universities, where we have Confucius centres. That is one well known example. They are a branch of the Chinese state and they often take money directly from the Chinese state for their operations. People are double-hatting in roles in the academy there and in the university. That means there is the bizarre case of the British Government—not the British Government as in Her Majesty’s Government, but public authorities at their largest—employing Chinese spies. The British state is certainly knowingly employing agents of the Chinese state.
Q
Sam Armstrong: This Bill will do an awful lot to deal with it. There are some offences in the Bill that are drawn extremely broadly and will allow the security services to take a knife to whichever problems they would like.
The Bill does not do certain things that other countries have done. For example, Australia introduced the Foreign Relations Act, which allowed the central Government to terminate relationships that public authorities had entered into with foreign states where they were undermining Australia’s foreign policy position. That is a power that I know Australian officials have been keen to encourage the British Government to replicate.
In terms of assisting foreign intelligence services, which I think is by far and away the most broadly applicable offence in the Bill, and the trade secrets offence, there are broad powers there and the Government deserve commendation for bringing those powers before Parliament, although not before time. The security services have been keenly pushing for them and they will appreciate them in doing their work.
Q
Carl Miller: That is a great question. We can start by cleaning up the grubby world of spam. Often, when talking about online influence operations and disinformation, we descend into this kind of rarefied world of grand geopolitics, but it has as much to do with a very wide array of services and companies. If anyone googles “buy retweets now”, you will be able to see what I am talking about.
There are a tonne of companies that operate in plain sight, selling social media manipulation as “social media services”. You can buy fake followers; you can buy fake engagement. I looked it up on the way here; as of about 10 minutes ago, there was a company selling positive comments in Ukrainian on Instagram—mostly, they claim, by users from Ukraine—for $78 per 1,000. That is on the light net; we are not even talking about the services that are cryptographically secured or anonymised.
There is an array of these kinds of operations. An almost shadowy grey-area marketplace has emerged, which radically lowers the barriers to entry into doing those kinds of activities. That has always been there, but the consensus has emerged among researchers like me that, over the last year or two, the actual number, sophistication and variety of those services has increased quite dramatically. To be honest, if we were to really try to genuinely start increasing the cost and penalties for the actors that do that kind of thing, we would have to target that entire industry as participants in it.
Lastly, in pulling apart some of the operations regarding Ukraine, our hunch is that state-backed activities have likely made use of those exact same services. We will see states maybe rolling out capability outside of state, setting up as private companies, and selling those capabilities back into state.
Q
Louise Edwards: Of course. We are, fundamentally, an organisation that oversees the running of elections in the UK. We also have a role as the civil enforcement and regulator body for political finance in the UK. For foreign interference, that means that we are the experts on electoral law, electoral finance and the running of elections, and we offer that advice to law enforcement and indeed to the security services, on request. We are not a national security body per se. We do not have an intelligence function per se. It is really a question of working with the intelligence services or law enforcement where we can to offer them that advice.
Q
Louise Edwards: As I said, we are not a national security body, so our knowledge of the threat of foreign interference in the UK is very much based on what law enforcement and the police tell us, essentially. If you think about elections in the UK, we have not been notified by the security services of any successful attempts at foreign interference in UK elections, and I think we take some confidence from that.
On the political finance side—the money that is going in and out of political parties, campaigners and others involved in our democracy—I caught the end of the previous session and there was reference to one notification from MI5 in that area. That is the only one that we are aware of. However, I would say that it is not a matter to be complacent about. There are things that could be done, particularly on the political finance side, to really modernise and improve the safeguards in the system, not just for foreign interference but for any kind of abuse or interference in the political finance regime.
Q
Louise Edwards: There is a key principle here, which is that you could hope there is a link between increasing the penalty that can be imposed for an offence and therefore disincentivising or deterring people from committing that offence. That seems like an in-principle link that you would want to see made. That is what perhaps the Bill is aimed at creating.
The measures in the Bill—the offences relevant to elections that are in it—are offences that the police will have to investigate and that will then go through the courts for prosecutions, so really key to making the provisions work effectively is to ensure that the police have the capability and capacity to take them forward, investigating them and passing them on to prosecutors when appropriate.
Q
Louise Edwards: Do you mean a potential problem in the sense of a foreign state interference issue?
We will now start our next session and hear from Professor Ciaran Martin, professor of practice in the management of public organisations at the Blavatnik School of Government at the University of Oxford. We have until 3.20 pm, so if colleagues could keep the questions succinct, I would be very grateful—then we can get in as many of you as possible. Could you introduce yourself for our records, Professor?
Professor Ciaran Martin: Thanks very much, Chair. My name is Ciaran Martin. As you say, I work at the Blavatnik School of Government at the University of Oxford. From 2014 to 2020, I served on the board of GCHQ, and I was the first chief executive of its National Cyber Security Centre.
Q
Professor Ciaran Martin: Thank you for your kind words. I broadly welcome this Bill. There are a serious of fairly antiquated pieces of legislation that—sometimes at the margin, sometimes a little more profoundly—inhibit the pursuit of hostile-state threats, because they are, in effect, pre-digital legislative frameworks, very simply. With some of the language, you are replacing words like “maps” with words like “data”, or at least adding words like “data” to words like “maps”. You are dealing with things such as the flying of unmanned drones over sensitive sites. Despite my previous experience on the inside of the national security side of Government, when I read the explanatory notes, it was a bit of a double-take to be reminded that we had to explicitly criminalise assisting a foreign intelligence service in this country.
I think it is a very sensible piece of legislation, with the modernisation and some of the tidying up. From listening to your exchanges with the Electoral Commission, I think the provisions around disinformation and interference in political and democratic processes are really difficult to get right, so I welcome this sort of process. I think the intent is obviously cross-party and commands widespread support. The intent and basic provisions should be uncontentious, but I think some of the detail is going to be quite tricky.
Q
Professor Ciaran Martin: When I say scale, I actually mean scale in its very precise meaning about volume. Digital espionage involves the extraction of information on a scale that was hitherto inconceivable, and that has, therefore, extended the scope of that. For example, there are specific references in the legislation to commercial and trade; we have seen that.
One of the changes that digitisation has brought, in terms of hostile foreign intelligence, is that it is possible to inflict large-scale strategic damage on the UK remotely, but it is not always done remotely. There are hybrid elements—there can be activity on the ground in the UK that assists digital espionage and digital penetration of the UK. Our existing legislative framework does not allow for that to be prosecuted. Even when it is done entirely remotely—for example, the People’s Republic of China has done some of its operations entirely remotely—we have seen from the United States that, although it is not transformative, it is a useful policy lever to have a framework of criminal law that criminalises activity even in eventualities where you will not realistically be able to apprehend a named human being.
To be a bit more succinct, the large-scale extraction of and interference with data is essentially the risk. The willingness of nation states—principally Russia and China, to a lesser extent Iran, previously but not so much recently North Korea, and a bunch of up-and-coming potentially hostile states—to do that has been a very significant feature of the national security landscape over the past decade, as the head of MI5 and so forth emphasised.
Q
Professor Ciaran Martin: One sees only the tip of the iceberg when there are major breaches. I will use a well-known example from the United States—a close ally that is perhaps easier to talk about because it does not involve disclosing sensitive things about the UK.
The hybrid operation against the United States in 2015, which the US Government at the time acknowledged formally was undertaken by the People’s Republic of China, involved the extraction of more than 20 million security clearance records from the United States Office of Personnel Management—effectively the civil service department of the US Federal Government. It was the security clearance application forms of everyone who had applied for security clearance from the US Federal Government in the first 14 years of the century. As a dataset, it is incredibly rich. For example, if you are part of a commercial data breach, it is likely to be just your name and email address—possibly a password, although perhaps not even that, and possibly the last four digits of a credit card. If you go through a Government security clearance process, it is everything.
Think of the current politics of the US and China, and think about the established fact that the Chinese Government have this dataset of US Government personnel, with lots of information about them. You can see the strategic impact that that can have. To the best of my knowledge, based on public scholarship and disclosures relating to that incident, it was a largely remote operation, but it did include some activity on the ground. You can see how the sort of legislation we are talking about here might be useful in at least deterring or being able to deal with that.
Q
Professor Ciaran Martin: I would say this, wouldn’t I, but there has been a reasonably decent trajectory of controlling it.
There is a challenge for defenders. If you are attacking—if you are Russia and you have a programme of destabilisation of the UK through these sorts of means—it is all the same programme to you. But if you are defending against it, the defence of the networks of a privately owned critical infrastructure company, such as the energy grid, is one problem, and the protection of sensitive Government networks—diplomatic cables and intelligence services—requires you to do something slightly different.
Disinformation is a different problem again, because historically under our laws, quite rightly, it has not been an offence to make up a lie and put it on the internet. That is different from a cyber-attack. Putting it under a single organisation is really quite hard.
Things were starting to get better around the time of the end of my Government service in 2020, although there is probably some way to go, on the synthesis of operational cohesion—the sharing of information—across these different parts. It is better than it is in quite a lot of other countries—it is less siloed—but I am sure, Ms Lynch, that there is plenty more that could be done to improve it.
We will now hear from Dr Nicholas Hoggard, Professor Penney Lewis and Mr Rich Owen. We have until 4 o’clock for this session. I would be very grateful if the witnesses introduced themselves for the record.
Dr Nicholas Hoggard: Hello, I am Dr Nick Hoggard. I was the lead lawyer for the Protection of Official Data project at the Law Commission, which was the project referred to us by the Cabinet Office. It informs a number of the offences in part 1 of the National Security Bill.
Professor Penney Lewis: I am Professor Penney Lewis. I am the criminal law commissioner at the Law Commission, so I led that project in its latter stages.
Rich Owen: I am Rich Owen. I am here today in my capacity as the chair of the access to justice committee for the Law Society. I am also director of a pro bono law clinic, the Swansea Law Clinic, which is part of Swansea University, and the chair of a regional advice network for Swansea, Neath and Port Talbot, which was set up by the Welsh Government.
Q
Professor Penney Lewis: That is a great question. This Bill implements the first part of our report, which was concerned with the espionage offences. I think it is worth saying that we did not envisage that any one statute would implement all the recommendations that we made in that report, even were the Government minded to accept them all.
The second and third parts of the report concern unauthorised disclosure and the role of the public interest in relation to unauthorised disclosures. We understand that the Government are still considering those recommendations. But in relation to the espionage recommendations, yes, this Bill implements our recommendations. There are minor differences, which is to be expected as part of the parliamentary drafting process, but we are very pleased that the Government have accepted those recommendations.
We had several concerns about the existing offences; as the previous witness mentioned, they were not fit for the current threat. The focus, for example, on enemies was unhelpful. It did not—does not—fully reflect the nature of the threat against the UK. It also risks causing offence to states with which we are not at war. We had concerns about the territorial ambit of the offences, which are addressed by this Bill—the offences in part 1. We were also concerned that there were not sufficient culpability thresholds, such that individuals might be prosecuted for the existing offences without being sufficiently culpable. We are pleased to see that those thresholds have been raised in the offences in the Bill.
Dr Nicholas Hoggard: As a matter of generality, I think Penney has it absolutely right: the offences reflect well the recommendations that we made. As Penney said, there are some differences that will arise naturally in the course of drafting and negotiating with parliamentary counsel, but our view is that the spirit of our recommendations has very much been carried through. There is probably not much more I need to add at this point.
Q
Professor Penney Lewis: I am afraid that I will be less happy about that question. The Law Commission was asked to look at the Official Secrets Act. The project’s terms of reference focused on official Government data, so we have not looked at those matters. There are a number of matters contained in the Bill that were well outside the scope of our project, and I am afraid that we just cannot comment on them.
Q
Dr Nicholas Hoggard: Yes, I think we are. One of our concerns about the existing offences in the 1911 Act was that the existing prohibited places—though extensive; it is an extensive and complicated piece of drafting—have a strong military focus, and they do not necessarily reflect the way that critical national infrastructure, for example, or sensitive information is held by the Government.
There are some powers for the Secretary of State that exist under the 1911 Official Secrets Act, but they are quite restricted. What is good to see about the powers under this Bill is they are quite principled powers. The basis on which the Secretary of State can define something as a protected place is much more transparent. There are just three limbs that are easy to understand. That basis for affording the Secretary of the State the power is much more useful. It is more transparent, but it also enables us to capture within the offence places where there is actually a real risk of harm arising from hostile state activity.
On that front, I would say the power is good in so much as it aligns with the spirit of our recommendation. The fact that there will be parliamentary oversight of this process is important. It was a fundamental feature of our recommendations, and the negative resolution procedure is an important part of that process. The Secretary of State’s powers are more effective than is permitted under the current law, but also there is sufficient oversight.
Q
Poppy Wood: Good afternoon, everyone. My name is Poppy Wood, and I lead on UK public policy for an organisation called Reset. We are a philanthropic organisation that focuses on digital threats to democracy. We have a particular interest in disinformation. I was a civil servant about 10 years ago, and have worked in tech and, at times, in cyber-security over the past decade. I am pleased to be here today to talk about some of our work as it relates to the Bill, particularly our research on disinformation and state actors.
Q
Poppy Wood: That is a good question, and one I hope is being asked every time that we are looking at new versions and new clauses of the Bill. When the consultation came out last year, those of us who had worked in state-backed disinformation for a while were delighted to see some of the questions being asked, at least in the first instance, about the role of state actors and about foreign interference.
When Ken McCallum said last year in his annual threat report that our adversaries are really good at using co-ordinated behaviour to probe UK vulnerabilities, and that we in return really need a holistic response to that—that was about a year ago—a lot of us thought, “But we’re not. It’s great that they are, but we certainly aren’t. No one is really gripping this.” That echoed language from the ISC report in 2020—the Russia report, which said that co-ordinated disinformation and state-backed interference is a really hot potato. No one wants to grip it—not GCHQ, not DCMS, not the other security services. It is too difficult, so we were really relieved to see the Bill come forward, and the consultation late last year.
We were even more relieved earlier this week to see that there will be a link between this Bill and the Online Safety Bill. I have not yet seen that amendment brought forward by the Government; I am hoping that is happening now, because we expected to see it yesterday—I hear the Government have been quite busy this week. That is really about saying that the Home Office and DCMS recognise the role of social media in pushing these co-ordinated campaigns, that electoral interference and foreign state interference is a priority, and that we are seeing platforms being weaponised in order to push the sort of disinformation you mentioned in your question.
We have seen that time and again. In the Scottish referendum in 2014, the Free Scotland 2014 campaign turned out to be backed by Russian and Iranian actors. They were massively weaponising social media by putting up inauthentic accounts and Facebook pages, with mocked-up pictures of the royal family, saying they wanted to take all the money from Scotland and buy new houses. It was complete nonsense, the aim of which was to destabilise the Union.
The Free Scotland 2014 campaign was called out by Twitter and Facebook in 2018. So four years later they said, “Hey, we’ve just found all these accounts that were trying to destabilise the Union four years ago”, and we were going, “But what did you do about that four years ago?” I think we are going to see that again in Northern Ireland, we saw it in the US elections in 2016 and 2020, when the US Senate said that Russia was targeting African- American electors as a priority, to drive division in the States, and we will see that in any election we have in the UK.
I am really pleased to see that the Government are trying to link the two Bills. I think there are three words missing from both the Bills, and they are “co-ordinated inauthentic behaviour”. This Bill and the Online Safety Bill might be getting towards those words, but one of them has to say them, because we are talking about individuals and organisations in this Bill and social media in the Online Safety Bill, but the examples I have just given are absolutely about co-ordination.
It will be hard to find one person. The extra-territoriality provisions in this Bill are good, but we should not be measuring the success of this Bill as people in prison. This is all about troll armies abroad, so the link is important, but I think it needs to go further on specifically calling out co-ordinated inauthentic behaviour in either or both of these pieces of legislation.
There are some questions about case law linked to the Online Safety Bill and the National Security Bill. In the amendments, we are expecting, hopefully today, for foreign interference to be listed as a priority harm in the Online Safety Bill. The question arises of how social media platforms, which will now effectively be given the power to police these kinds of things, will catch foreign interference when, as the Online Safety Bill says, the
“content amounts to an offence”.
How can a social media platform judge how content would amount to a criminal offence?
We need to think about some of the language around how people identify that criminal offence. I think Carnegie UK, or another group, has suggested something along the lines of illegal content meaning content that the provider has “reasonable grounds to believe” amounts to a relevant offence. I do not think that “amounts to” has the precedent, and it is going to be hard, particularly in content law, to catch that.
The other thing about the Online Safety Bill and the National Security Bill is that we may end up seeing the case law being made in the civil courts, because we will see Ofcom taking a case against a platform, that platform appealing and the case being handled in the civil court, even if it involves foreign interference and a criminal offence. That needs to be thought about. I certainly do not have a solution, but I just want to flag it as a risk of linking these two Bills but not thinking about how they are fully linked.
However, going back to my first point, we were delighted to see that the Government are taking this really seriously.
Q
Poppy Wood: Obviously, you have heard from much greater experts than me about hack-and-leak operations et cetera, and I refer you to their remarks about that. In terms of co-ordinated disinformation campaigns, as I said we have seen that in the US election, with really targeted approaches to particular groups that people wanted to divide. When I mentioned that the US Senate said that African-American electors were being targeted, it was clear that the Russians wanted to stir up tensions within that group and between that group and white police. They would really push Ku Klux Klan narratives, false images and all sorts to make sure that those groups were infighting. I would absolutely expect to see that here as well.
Political ads are also a really big issue. I cannot work out whether they are dealt with in the Bill, but they are certainly not dealt with in the Online Safety Bill. The Cabinet Office seems to own the political ads regime, but we are seeing shell companies buying these ads purely to stoke division and tension, and we would expect to see that again. One of the problems with not having a grip of the issue, particularly as we could go into an election period in the UK at any point, is that we need someone to comprehensively pull this all together.
The Russians and the Iranians often leave quite a lot of fingerprints on their work, sometimes intentionally. I know that Ken McCallum, who is director general of MI5, and the FBI discussed the threat from China yesterday. They did not mention disinformation, which I thought was interesting, but the Chinese have historically been much better at not leaving their fingerprints on things, so I cannot really speak to some of their activity. However, we have seen it time and time again.
It is probably best not to talk about the Brexit referendum, but we all know what happened there with the engagement from foreign actors. We should not be surprised to see disinformation. We are vulnerable in the UK because of our role in supporting Ukraine, and we have to pull it all together. If the Online Safety Bill, combined with the National Security Bill, does not do so, I do not know what will.
Q
Poppy Wood: We have to be careful not to try to define disinformation. There is some language in the Bill about misrepresentation, and the idea of intentionally misrepresenting is important. We will never get a grip on exactly what disinformation is, because it is a shapeshifter.
On the first part of your question, it is about the system of amplifying and the ease with which people with malicious intent can manipulate systems by creating fake accounts, not verifying IDs and exploiting the recommender algorithms so that they hook you with one piece of content. We see this time and time again. One piece of bad content is not the problem, but they hook you on it, which then leads you down a rabbit hole to something much darker and more radical. It does not even have to be radical; it can be the sort of stuff that we were talking about with the Scotland referendum. It can be innocuous, such as stories about what the royal family are doing. It is about sowing seeds and exploiting cognitive dissonance, which bad actors are very good at and which social media is absolutely weaponised to make the most of, because of the pace and amplification of the content.
The Online Safety Bill goes part of the way there; it is imperfect, partly because it is so hard to define disinformation. There is very little in the Online Safety Bill on disinformation. There is an advisory committee that is years down the road. It is ironic that the National Security Bill is about trying to rein in certain types of transparency. Transparency is a really big part of all this, so it is about trying to find out who is behind things and what the data patterns really look like, and building in researchers. I think that was something Ken McCallum said last year. A holistic approach is a cross-Government approach, but it also involves industry, civil society, journalists and researchers. Everyone has to focus on this. Both Bills could go further on systems and, as I say, the co-ordinated inauthentic behaviour language just is not there either.
Scott Mann
Main Page: Scott Mann (Conservative - North Cornwall)(2 years, 2 months ago)
Public Bill CommitteesThat is an important point. I was looking at this merely in terms of courtesy to the Committee, proper scrutiny and the way in which Bill Committees ought to and do work, but of course the Security Minister has other duties outside this House. One would not want a discontinuity between one Security Minister and the next, which I expect is why, when the Minister sent his letter to the previous Prime Minister, he said in his last sentence that he would continue until his successor was appointed. However, we now seem to be in a position where he has not continued until his successor is appointed.
When I was a Minister, Mr Gray—no doubt you will recall your own experience of these things—duties in the House took precedence over all other duties that one might have as a Minister, as stated in the ministerial code. As such, if the hon. Member for Stevenage is still the Security Minister, it is extraordinary that he is not here. There are two explanations: either he has decided to stay away himself, in which case it is a dereliction of duty, or he has been asked to stay away by the business managers, in which case this Committee and the House deserve an explanation.
I do not wish to put too much pressure on the hon. Member for North Cornwall, because I realise that he is doing his job and may or may not have had an answer in the time between this morning’s adjournment and the resumption at 2 pm, but we do require an answer. I hope he will be able to give it now, but if he cannot I hope he will undertake to ensure that all members of the Committee get that answer.
I have heard the points made by Opposition Members loud and clear, and I heard their points of order in the Chamber this afternoon. The Chief Whip and the officials are aware of the requests that hon. Members have made around additional timing. The hon. Member for Garston and Halewood made a point about the Minister for Security. I have not had a chance to get an answer to that question yet, but I will seek reassurances on that point.
I will not; I have almost finished. It will not surprise the Committee to know that I have very little to say. I am absolutely convinced that the appointment of the new Security Minister will be made very soon, given its seriousness, and I look forward to that Minister taking on the Bill and delivering this very important piece of legislation for the Government.
On a point of order, Mr Gray. The Whip has had time to clarify whether we still have a Security Minister—yes or no. My hon. Friend the Member for Garston and Halewood was clear that if he could not give an answer, he should write to the Committee with an explanation of what has happened. Do we have a Security Minister in post: yes or no?
Scott Mann
Main Page: Scott Mann (Conservative - North Cornwall)(2 years, 2 months ago)
Public Bill CommitteesI welcome the Committee back to consideration of the National Security Bill. I understand that the Government Whip wishes to move a motion to vary the terms of the Order of the Committee of 7 July.
I beg to move,
That the Order of the Committee of 7 July 2022 be varied by the omission from paragraph 1(e) of the words “and 2.00pm”.
May I put on the record my great sense of regret and disappointment that the Committee is not progressing today? There is a great deal of support for the Bill, because we all recognise that our security services need the new measures to keep our country safe. At every opportunity, we the Opposition have sought to be constructive and to undertake our due diligence in providing the level of scrutiny that should come with the powers in a Bill such as this.
We have sought to work with the Government, but it is disappointing that we will now have a fourth person acting as Minister in a Bill Committee on the matter of national security. We very much look forward to meeting again on Thursday so that we have the appropriate opportunity to scrutinise and debate every last bit of the Bill and the new clauses, ensuring that the security services have what they need from us. Despite a real sense of disappointment, we look forward to ensuring that we meet again on Thursday to progress without any delay.
I think he is a man of honour, so I will fire out the questions anyway. On whether we should go ahead and whether the Minister could be found somewhere in this building, where I am certain that he is, and pick up his very capable and able management of the Bill as he has done throughout, the fundamental question is: what faith are we meant to have that, on this very detailed and far-reaching—in some places, too far-reaching—Bill, the person who arrives on Thursday morning, who may have just been given their job, will be across that detail? Will they be able to answer my questions, as the Minister did and I hope the Whip will in his stead? What hope is there that a new Minister will be able to answer the intricate questions that, certainly, I have about issues largely in part 3?
It feels like giving in to say that we should not carry on examining the Bill, in all honesty, but we will return on Thursday as a lesser Committee. That is, in essence, what will happen, unless—I do not know because anything could happen these days: perhaps one of the civil servants who wrote the Bill will become the Security Minister, having been put in the House of Lords. They might stay in post for three months and resign afterwards. Stranger things have happened—in fact, that has happened.
Would we tolerate what has happened today from any of the services that we are debating? If they said, “Sorry, the head of counter-terrorism police has been dealing with a case and we’re just going to give it to Alan. He’s in court this morning and he’s picking up the case, but he doesn’t have any of the details”, we would not tolerate that. Yet that is what we are being asked to tolerate. This is very important legislation. It is greatly regrettable that it has been so poorly managed from beginning to end.
I have listened intently to the points made from the Opposition Benches. My first port of call after this will be the Chief Whip’s office to discuss the arrangements for the programming of the Bill and the sittings that we currently have. That is what I will do after I have sat down, and I hope we can now adjourn.
There can be no Division on this motion. If any Committee member were to object, the motion would lapse and the Committee would sit this afternoon at 2 o’ clock.