Lord Coaker (Lab)

- View Speech - Hansard -

Copy Link

-

My Lords, I am sure the Minister was referring to me. But, seriously, I thank him for that helpful introduction and for the briefings that he and his officials have organised, including in buildings nearby later this week.

This is an important Bill, and we all need to ensure that it delivers effectively what we all wish for as we seek to defend our country and our freedoms against outside threats. I say to noble Lords including the Minister that we fully support the passage of the Bill, for the reasons that he outlined in his conclusions, and recognise the changed security environment that necessitates the need for this piece of legislation updating and improving the Investigatory Powers Act 2016.

There have clearly been significant changes to the threat picture, with developments that had perhaps not been fully foreseen over the last few years. Of course we have to remain vigilant against any terrorist threat, but even that has been overshadowed by other factors—in particular, the pace of geopolitical change and the extent of its impact on the UK and its people. The invasion of Ukraine, the weaponisation of energy and food supplies, artificial intelligence, the actions of Iran and the more aggressive stance with China in the South China Sea and beyond are just some of many examples. Importantly, this also manifests, as the Minister will know better than anyone, as threats such as economic espionage, the buying of influence, cyberattacks, disinformation and indeed, as we saw, the Salisbury poisoning. In the face of that hostile state activity, we have to change.

I join the Minister, and no doubt many others, in saying that we are very fortunate in having had the extremely helpful—and for me, I might add, understandable—report by the noble Lord, Lord Anderson, to guide us in this. It is also good to see other Members of your Lordships’ House who have extensive experience in this area to inform our debate. In congratulating the noble Lord, Lord Anderson, I shall raise some general points from his report and then deal with specifics as appropriate for a Second Reading debate.

It is of huge significance and importance that the noble Lord, Lord Anderson, did not produce a classified annex to his report. In an area of this importance and sensitivity, you obviously need secrecy and confidentiality, but there has to be as wide a public and parliamentary debate as possible. There are real issues of principle being discussed here, not least the right to privacy and the protection of an individual’s information or personal data. As I say, there is a need for the security services, law enforcement and others to act and to have the intelligence tools that they need, but the balance between national security, tackling serious crime and an individual’s privacy should and must, quite rightly, be a matter for public debate. When fundamental rights are at stake, that needs to be cautiously challenged, and this House will need to do that in Committee, while, as I say, fully supporting the overall passage of the Bill.

Chapter 10 of the report asks what comes next. Such is the pace of change and challenge, the noble Lord, Lord Anderson, recommends that, once this amending legislation is on the statute book, we need to move on very quickly to what comes next.

I shall turn to the Bill with some general comments, with the more specific questions coming in Committee. Bulk personal datasets are clearly important, and the Bill will allow a lighter-touch regulatory regime. The threshold will be where individuals have a low or no expectation of privacy in respect of that data. The Bill seeks to set out examples of the sorts of cases where such a regime would apply for the examination of material by the UK intelligence community. I believe there will need to be a careful debate about what such a threshold means. What does “low” mean? Would all such activity be subject to the approval of a judicial commissioner? Some have already expressed particular concern about new subsection (3A)(e), inserted into Section 11 by Clause 11(3), which says that communications data can be obtained

“where the communications data had been published before the relevant person obtained it”.

Does that mean it is available simply by having been published?

On a more general point, how does all this relate to the Data Protection Act, where personal data may be protected but is potentially not so by the new Bill? Big Brother Watch gives the example of the potential concern over Clearview, which has a mass of facial images—approaching 30 billion—harvested from social media. That could be considered a low-privacy database since the photos had been made public by the individuals, but the Information Commissioner’s Office found Clearview in breach of the Data Protection Act. This argument could therefore potentially be extended to many areas, such as Facebook posts, and will therefore need careful scrutiny, along with the more general point about the relationship between this Act and the Data Protection Act.

There are to be new proposals for internet connection records; they are clearly important, but changes are again being made. In particular, on the justification for target discovery—which, in essence, is a more generalised surveillance, if I have understood it correctly—is it the case therefore that there may not necessarily be a need for suspicion to lead to a particular form of surveillance? It is also interesting to note that, according to the report by the noble Lord, Lord Anderson, as I understand it, this extension or facilitation of target discovery for internet connection records should be limited to UK intelligence. So why have the Government extended this to the National Crime Agency as well as to the UK intelligence community? In other words, why has it gone beyond the recommendations of the noble Lord’s report?

The need for the communications of legislators to be secure and confidential—say, in discussing matters with constituents or other bodies—except in the most exceptional circumstances, is of real importance. Following the IPT case in 2015, there was legislation in the 2016 Act that tried to protect this principle by allowing any interception or obtaining of any communication to be allowed only with the so-called triple lock—in other words, after Prime Ministerial authority was given. The question this Bill seeks to answer is: what happens if the PM is, in the Minister’s words, “unavailable”? This seems to me to be a reasonable question to ask. We need to probe Clause 21 carefully and ask whether the inclusion of any Secretary of State is too broad a definition, what the involvement should be of senior officials, as laid out in the clause, and whether the proposed definition is correct. For example, would it not be better to specify the Secretaries of State as the Home Secretary or the Defence Secretary, or other senior Secretaries of State, rather than the broad blanket of any Secretary of State? The senior officials are explained, to an extent, but we need to explore in Committee whether we need to be more circumspect with what we mean by that.

We have also received a briefing from Apple, and it is important for us to reflect on its concerns. As I have made clear, we support the passage of the Bill, subject to proper scrutiny, which we and others will give in Committee, but Apple’s concerns need to be addressed by the Government in a public forum, to ensure trust and confidence in the new system we seek to introduce. Why is Apple wrong to have concerns about pre-clearance requirements?

On extraterritoriality, the noble Lord, Lord Anderson, says on page 57 of his report that he makes “no recommendation” on a policy issue for DRNs or the importance of end-to-end encryption. End-to-end encryption is a key security tool for us all, but it is also one that can be used, and is used, by malicious actors. We understand that, so how do we strike a balance between the necessity for the privacy and protection of an individual’s data and the need for security services and others to have potential access to that data to uncover serious crime or terrorist activity? In Committee, we need to discuss where that balance should be made and where that line should be drawn; it is an important area of discussion.

Throughout the report by the noble Lord, Lord Anderson, and the subsequent Bill before us, we see various adaptions of warrant processes, judicial oversight and the role of the commissioner, with many proposals. While we are generally supportive, we will need to examine these in more detail in Committee, but I have a few general points to raise now. For example, does the Bill help to sort out confusion in government? Incredibly, on page 28 of the noble Lord’s report, the MoD cannot, even when co-located in a hostile environment, transfer some data to the UKIC. Does the Bill sort that out? That is an important question that I put on the table for an answer—not necessarily now, but certainly in Committee.

Domestically, on the same page, we are told that it was a revelation to UK intelligence community officers to see how easily other government departments subject only to normal data protection requirements could access, retain and process bulk personal data. This Bill should not go through without the corresponding changes to policy and practice, highlighted by the above two apparent anomalies. No doubt there are many more. It would be a wasted opportunity were we not to address some of those examples which seem to draw attention to anomalies within the existing system which many of us would expect a Bill such as this to sort out.

Co-operating should not be as difficult as it seems to be. Openness and transparency are crucial so that we can be sure that, as far as possible, the number of various warrants applied for and refused is made public. More generally, what role is there for parliamentary oversight as well as the intelligence commissioner and so on? The Intelligence and Security Committee is our important eyes and ears on this matter. What part will it play in all this? Are its terms of reference, which I have said in other debates are in need of review, sufficient to allow the necessary level of scrutiny? If it is not appropriate for the committee to be involved, where is the parliamentary scrutiny? Where is the mechanism for reporting to Parliament? It would be interesting to hear that from the Minister. Yes, there are various commissioners and there is senior ministerial involvement, but what of Parliament? Parliament cannot be seen in areas as important as this as an afterthought or an irritant. It should be a proper custodian of our values in this difficult area.

I have laid out some of the key issues, although there are many more. I conclude by saying that, as the noble Lord, Lord Anderson, pointed out in his report, we cannot allow the debate to be characterised as being between those who stand up for security, for our country, and who understand what needs to be done, versus a privacy lobby that does not live in the real world. Of course, operational security cannot be compromised and changed threats require policy to be developed. We support the Government in this through the changes which are needed in this Bill. The challenge is to do so in a way that is consistent with our principles of democracy and human rights. Sensible debate and discussion surely will help us towards something that we all want—to build a consensus as far as possible over protecting our nation and allies against those who would do us harm, and not to undermine privacy or freedoms unless it is essential to do so.