Only a few days to go: We’re raising £25,000 to keep TheyWorkForYou running and make sure people across the UK can hold their elected representatives to account.Donate to our crowdfunder
[Relevant documents: The Fourteenth Report of the Trade and Industry Committee, Session 1998–99 on the draft Electronic Communications Bill, HC 862, insofar as it relates to Part III of that draft Bill, and the Government's response to that part of the Report, contained in HC 199, of Session 1999–2000.]
I beg to move, That the Bill be now read a Second time.
This is an important Bill, and represents a significant step forward for the protection of human rights in this country. Human rights considerations have dominated its drafting. None of the law enforcement activities specified in the Bill is new. What is new is that, for the first time, the use of these techniques will be properly regulated by law and externally supervised. That will serve to ensure that law enforcement and other operations are consistent with the duties imposed on public authorities by the European convention on human rights and by the Human Rights Act 1998.
The Bill is one of a series of measures aimed at securing a better balance between law enforcement and individual rights as set out in the convention. Over the years, these measures have included the Police and Criminal Evidence Act 1984, the Security Service Act 1989, the Intelligence Services Act 1994, the Criminal Procedure and Investigations Act 1996, and the Police Act 1997. In conjunction with existing legislation, the Bill will consolidate the law on the use of investigatory powers.
But there is one difference. Much of that previous legislation has been undertaken in response to rulings by the European Court of Human Rights. In one respect—and one only—the Bill follows that trend: that is in respect of the decision of the ECHR in the Halford case, with which the Bill seeks to deal. The rest of the Bill reflects a change in the United Kingdom's stance on human rights. We have sought in the Bill to put right our existing regime in advance, without the need for individuals to resort to the courts, and then for Parliament to correct matters retrospectively.
We are trying actively to ensure that our system protects individuals' convention rights, while recognising how vital such investigatory powers are to the protection of society as a whole. Striking the right balance in this area is an important responsibility of Government, and of the Home Office in particular. Throughout, this Bill reflects what I believe ought to be the correct balance, and we look forward to it being the subject of detailed scrutiny in Committee and during this debate.
This is an important Bill, but does the right hon. Gentleman know that its scope is so wide that, when the hon. Member for Brent, East (Mr. Livingstone) is thrown out of the Labour party, it will be an offence, punishable by two years' imprisonment, for him to read a message on his pager that was not intended for him?
I appreciate the hon. Gentleman's desire to jump on the Livingstone bandwagon, but I am not sure whether Conservative central office takes the same view. I do not begin to understand the gravamen of his question.
The Bill addresses the regulation of six investigatory powers, and it is narrow in scope and subject matter. Those powers are the interception of communications; the acquisition of communications data; intrusive surveillance; directed surveillance; the use of covert human intelligence sources; and demands for decryption. They are all powerful weapons in the armoury of law enforcement agencies. In 1998, 52 per cent. of all heroin seizures resulted directly from intelligence gained from interception. Throughout 1998, the total street value of drugs seized in that way was in excess of £185 million. That amounts to more than 10 per cent. of the estimated total spend on drugs in the UK each year. More details are included in the regulatory impact assessment that I have published alongside the Bill.
Drug trafficking is just one example. Some of the powers underpin vital national security operations. They are also key to tackling the serious and organised criminals involved in money laundering, human trafficking, paedophilia, tobacco smuggling and other serious offences. Precisely because those powers are so vital, they have the capacity to represent a potential threat to individual privacy, so we must ensure that regulation is tight.
The regime set out in the Bill will ensure that the regulation is compatible with the terms of the convention. Each of the six powers addressed in the Bill will set out, or will provide for subordinate legislation to set out, who—which agency—can use each technique described; for what purpose; who must authorise the use of each technique; what use can be made of certain of the material acquired; who will oversee proper use of each technique; and to which body aggrieved individuals may complain.
Law enforcement and other public authorities will benefit from clear guidance on the precise circumstances in which they can use particular techniques. Members of the public will benefit, because the circumstances in which the powers can be used will be clear to them. They will have access to an identifiable tribunal if they believe that the powers have been abused, and they will have the reassurance that the commissioners will publish their reports to the Prime Minister on the use of the powers every year.
Why should the House be content to allow a statutory instrument to prescribe which additional bodies should be given powers under clause 6 to intercept communications? Which body not specified in the Bill does the Home Secretary think might have such a power—the Child Support Agency, perhaps, or the Government Whips Office? The possibility of adding bodies is considerable; surely such powers should be granted in primary legislation.
I understand the right hon. Gentleman's point, which can be discussed in more detail in Committee, but the addition of bodies would be small, and would apply only to bodies with a law enforcement function.
Chapter I of part I deals with the interception of communications. We start from the regime established by the Interception of Communications Act 1985, and we have been faithful to many of its key tenets. Authorisation is to be at the same levels as now—in other words, by warrant of the Secretary of State. The purposes for which interception can be used will be tightly constrained, as they are now, and the safeguards relating to use of intercept material will be, if anything, even more tightly regulated and constrained than they are now.
There are, however, some significant changes. The criminal offence of unlawful interception is extended to private telephone and telecommunications networks. I hope that all hon. Members welcome that, because it is intended to take account of the judgment in United Kingdom v. Halford, in which the European Court of Human Rights found the existing regime in this country—where interception of private networks is not regulated at all—to be deficient.
We have established a criminal offence, and have also created a civil liability in respect of interception by a network controller. I fully accept that there may be legitimate reasons for someone controlling a network to engage in what effectively amounts to interception, but the Bill will create a civil liability in respect of employers and others who overstep the mark.
As for the warrants themselves, we have had to make some changes to reflect the diverse nature of modern communications networks; but warrants will still specify the communications to be intercepted and the target, and will continue to be personally authorised by the Secretary of State.
Can the Secretary of State explain two matters relating to the central proposition in the Bill? First, why was the opportunity not taken to bring all the different authorities to intercept under a common procedure, so that, instead of having nine different sets of powers and sets of authorities, we could have just one? Secondly, why was the opportunity not taken to do what many democratic countries have done, and transfer the authority power from politicians or officials to a judicial authority in the first instance?
Let me say in answer to the first question that we are not dealing with matters that are exactly similar. There is a world of difference between the interception of someone's telephone or telecommunications system and, for example, the planting of a covert microphone, and the use of directed surveillance, which currently takes place all the time in an unregulated way. We need a regime or set of regimes for regulation that are appropriate to the sort of investigatory powers that are used. It would be absurd and impractical if, every time the police wished to use directed surveillance, they had to approach the Secretary of State or a judge for a warrant. Equally, it would be inappropriate—I do not think that it is the subject of any argument in the House—if warrants for telephone interceptions were authorised at a lower level than they are now. Therefore, we have produced bespoke authorisation procedures that are fitted to the particular powers in the Bill.
May I first answer the other point that was raised by the hon. Member for Southwark, North and Bermondsey (Mr. Hughes)? That was whether we should have taken the opportunity to remove from the Secretary of State the power to grant intercept warrants from all law-enforcement agencies. I assume that he is talking also about the powers to grant intrusive surveillance warrants in respect of the intelligence agencies. That has been a long-running debate. The powers that are exercised by the Secretary of State—certainly by me and, I believe, by every one of my predecessors—have been exercised very carefully.
The hon. Gentleman says "Of course" but it is an important point to get on the record. There may not be an "of course" about it, but it happens to be the case. In addition—I greatly welcome it—the interception commissioner is someone of high judicial standing. Currently, the position is held by Lord Nolan. As I and my colleagues have witnessed, he properly scrutinises the warrants and is available for advice where there is an issue about whether an intercept application does, or does not, come within the Interception of Communications Act. I devote much time to checking applications and warrants before I sign them, and asking questions if I am not satisfied with the applications, so the system is judicially supervised. The initial decision is made by a Secretary of State.
It is a matter of practice and convenience, but not in any sense a diminution of people's human rights, that this country has that system. It works. There has been no overwhelming argument, or no substantial argument to change it.
If one looks at the practice in other countries, it does not necessarily follow that, just because a judicial warrant is required, there is a greater safeguard for the individual. Indeed, I suggest that, in quite a number of other countries, the fact that a judicial warrant is required lessens the protection that is offered to people because the judicial warrant acts as a fig leaf for people's human rights, and not as a serious safeguard.
As my hon. Friend knows from previous experience, I defer to her always and the hon. Member for Buckingham (Mr. Bercow) has deferred to her, too, indicating that she should intervene first.
An unlikely story, but, as always, I am humbly aware of the kindness of my right hon. Friend in giving way. May I ask him about a point that concerns me? With the increasing use of computers as a means of alternative communications, is he certain not only that the present system will be extended in a way that will maintain the proper procedures, but, equally, that the development of new electronic communications and their use in so many instances will be covered—or will surveillance increasingly be done using completely different methods and so be very difficult to check?
When it comes to humility, I always defer to my hon. Friend, as she knows only too well from the time we had almost adjoining rooms in Norman Shaw North. [Interruption.] Nothing happened apart from the fact that I used occasionally to clean her shoes. I reassure her that the Bill is partly designed to take account of the significant changes in technology in the 15 years since the 1985 Act was put on to the statute book. It is also designed to ensure that not only telephone calls, but—subject to proper procedures, when appropriate—data streams can be intercepted.
The fact is that—I shall deal with this in more detail when we discuss encryption—given the current vast scale of data traffic, which was unimagined even 15 years ago, the possibilities for law enforcement agencies to keep track of that traffic, except for very specific and targeted purposes, is very limited.
I am grateful to the Home Secretary for giving way. I am certainly not expecting him to clean my shoes, but I would appreciate an answer. How and when will he address the specific concerns about regulatory costs that have been expressed by the Alliance for Electronic Business? Given the fact, which he will not dispute, that the average British small business, employing fewer than 100 people, now faces an additional annual cost of £5,000 directly as a result of the Government's regulatory policies, to what figure will that increase rise as a result of the Bill?
I shall deal later in my speech with the burden. If the hon. Gentleman is not satisfied with the answer that I give, I shall be delighted to give way to him again.
May I perhaps rewind the tape, and deal with my right hon. Friend's earlier comment on the diligence and time that he himself personally devotes to checking to ensure that the warranting system works? I believe that that comment should be an assurance to many members of the public who write to Members of Parliament on the subject, but do not understand how he goes about his functions in that sphere.
I am extremely grateful to my hon. Friend. As a member of the Intelligence and Security Committee, he has reason to know more about the subject than most right. hon. and hon. Members possibly could. I think that all Secretaries of State have taken the responsibility very seriously indeed—and so they should, as should I. Interception is a patent invasion of individuals' privacy, and it should occur only when it is properly justified within the law and in all the circumstances.
If the hon. Gentleman will excuse me, I have to make some progress. If I have some time, I shall give way.
As I said to my hon. Friend the Member for Crewe and Nantwich (Mrs. Dunwoody), part of the Bill is designed to ensure that the intercept regime takes proper account of technological developments. One of those developments is that people change their telephones with a frequency that is sometimes astonishing, whereas, 15 years ago, it was a simple matter of one person, one line. We have sought to take account of that fact in the Bill.
The target of an intercept warrant will still have to be authorised by the Secretary of State. Some changes in telephone numbers—which, as I know to my cost, can happen at any time of the day or night—will be open to be authorised by senior officials at the relevant Departments. We are taking the opportunity to rationalise the time scales for renewal of warrants.
On the issue of burdens on industry, currently, public telecommunications operators are required to ensure that their network contains a basic intercept capability. The requirement is similar to that which applies in other countries. However, the requirement does not extend to other providers of publicly available communications services, such as internet service providers or international simple resale operators. The Bill proposes that a level playing field should apply across all types of industry, and it enshrines in statute the existing principle that service providers should maintain a reasonable intercept facility.
We are—to answer the question of the hon. Member for Buckingham—keen to minimise any additional burden on United Kingdom industry and to avoid damaging its international competitiveness. The Home Office is already engaged in detailed discussions with industry about what might constitute a reasonable interception capability for them.
Cost apportionment between Government and industry will be addressed during detailed consultations. The starting point is the existing framework, in which responsibility for meeting the costs of reasonable intercept capability lies with the public telecommunications operators. However, the Bill recognises—there is such provision in the Bill—that it would be appropriate for the Government to make a contribution to costs that would otherwise be unreasonable for communications service providers to bear.
I accept that there are complications in the techniques, but it is not impossible and a great deal of work is going on. Some parts of internet communications can be intercepted at the moment. The problem is that, under existing legislation, responsibilities apply only to public telecommunications operators. We are trying to relieve the burden which has fallen, by chance, on the large public telecommunications operators and ensure that it is properly spread.
Some of what the Home Secretary has said has been reassuring, but is he aware that businesses have complained frequently over the past three years that there is too little consultation and, too frequently, too little notice of their requirement to implement new regulations? If the Home Secretary is serious about reassuring business, as I hope he is, will he guarantee that businesses will be consulted for at least three months on any proposed new regulations, and that they will be granted at least three months' notice of any legal requirement to implement new regulations?
The concerns of business about the burden of Government regulation go back beyond May 1997—they are timeless. I happen to believe that it is almost certain that a similar regime to that proposed by the Bill would have been put in place had the Conservative party been in power now. We have consulted widely on this Bill, and I published a consultation document last year. Discussions are continuing. I will not be pinned down to a specific time frame but, so far as possible, we want to reach a consensus—it is in our interest to do so.
What we have achieved until now in terms of making this country a safer one has been achieved significantly through the voluntary co-operation of the public telecommunications operators. We cannot sing about this too often—for obvious reasons—but the operators have performed a significant public service. On communications data—to which I shall refer in a moment—what we are doing will relieve a burden on telecommunications operators, and not increase it.
Clauses 16 and 17 replace section 9 of the 1985 Act. The provision rules out from legal proceedings the use of intercept material. The consultation exercise last summer asked for responses on this point, and more individual comments were received about it than any other. Of those who responded—this is never conclusive, but I give the information to the House—two thirds were in favour of retaining the provision. I have considered the matter long and hard, and our provision is unusual internationally. However, I believe that we should follow the balance of opinion. It is significant that section 9—which will become clauses 16 and 17—was recently approved by the European Court of Human Rights in the case of UK v. Jasper.
Chapter II of part I deals with the acquisition of communications data, which are normally provided to investigating bodies under a voluntary regime set up by the Telecommunications Act 1984 and the Data Protection Act 1998. This existing and loosely regulated regime is unacceptable in terms of human rights and because, in certain cases, it has led to unacceptably high demands on the public telecommunications operators.
The Bill sets out in statute precisely what hurdles law enforcement and other agencies must overcome before they can require the data from service providers. The Bill then puts an onus on service providers to provide the information, and allows for them to be compensated—a proper statutory regime which is much to their benefit. The House will recall that, in opposition, I undertook to make this change in a response to my hon. Friend the Member for Cynon Valley (Ann Clwyd) during proceedings on the Police Act 1997.
Part II of the Bill covers the use of intrusive surveillance, directed surveillance and covert human intelligence sources. Those are not new powers, but the provisions in this part of the Bill will put their use on a statutory basis. Part II does not create any illegality in the use of part II techniques, but it will ensure that the use of the powers is properly regulated. Where such actions are authorised properly under the provisions of the Bill, that will be an answer to any subsequent assertion based on article 8 of the European convention that a person's privacy has been invaded without justification.
I thank the Home Secretary for giving way on that point, because a constituent has raised it with me. Will there be any way after an interception, however long ago it was, for the person whose communication was intercepted to be informed of that fact, so that they could raise the issue and make a complaint if appropriate?
The short answer is no. I am sorry to disappoint the hon. Gentleman's constituent, but I regularly have to write to individuals who face no prospect whatever of being the subject of interception laboriously to explain that fact. I also explain to constituents at my surgeries that, given the weight of the threat from international crime and terrorism, the prospect is remote that we would devote resources to intercepting their telephone calls. However, I then provide no reassurance when I say that I cannot tell them whether their telephone is the subject of intercept because otherwise others who might be the subject of intercept could come along on fishing expeditions. It is logically a difficult position to explain to individuals, and it is difficult for people to understand that they may make a complaint to the tribunal—I shall come on to the changes we shall make in respect of the tribunal—that they may be being intercepted even though it is not possible to tell them whether they are being intercepted. Because it is secret, people are bound to be suspicious, but—to repeat the point made by my hon. Friend the Member for Workington (Mr. Campbell?Savours) and as I believed before I became Home Secretary, and have fully understood since—the powers are operated in a strong ethical and legal framework. That is as it should be.
Will the Home Secretary clear up the concerns of serious investigative journalists and researchers that some of those regulations might hamper their ability to cover themselves when they are talking on the telephone with people whom they are investigating and wish to keep a record of the conversation? I do not mean the interception by a third party of conversations between two other parties, but the ability of researchers to cover their backs in the course of investigations.
I am not entirely clear what the hon. Gentleman is asking. If he is asking whether journalists are routinely the subject of intercept, the answer is no. The only people subject to intercept are those who come within the terms of the Interception of Communications Act or the Bill. If he is talking about a journalist routinely recording his own telephone conversations, that is not remotely covered by the Bill, although it is a courtesy—to say the least—that if a journalist, or anybody else, is recording a telephone conversation, they should tell the person at the other end.
I believe that that is the case.
Decryption has aroused much interest. Part III of the Bill deals with demands to decrypt data. We consulted on similar provisions published as part of the draft Electronic Communications Bill last July. Encryption itself is vital to the success of the e-commerce revolution, and helps to prevent certain types of crime, such as fraud on the internet. However, encryption can also be used by criminals to frustrate law enforcement. That is happening already, and the problems will increase as the technology becomes more available.
The new decryption power is needed to maintain the effectiveness of existing statutory powers. The limit of what we propose is assisting law enforcement agencies in reading the contents of material they have already lawfully obtained. Where an investigating agency has reasonable grounds for believing that a key exists to decrypt lawfully acquired data, the Bill will introduce a power, with proper authorisation procedures and stringent safeguards, to allow them to require the decryption of that data.
The introduction of a new power was specifically recommended in last year's report on encryption and law enforcement by the performance and innovation unit of the Cabinet Office. The Select Committee on Trade and Industry report concluded that the power would be a useful addition to the law enforcement armoury.
My right hon. Friend will know that several businesses expressed unease when the Electronic Communications Bill was published that the measure would deter inward investment and e-commerce in this country. How has he tackled that problem?
My hon. Friend will know that before the Bill was published, there was a suggestion, in this and other Governments, that the measure should make provision for key escrow, so that keys could be vested with safe third parties and could therefore be available.
As the right hon. Member for Maidstone and The Weald (Miss Widdecombe) says, from a sedentary position, the idea was dropped. There is no harm in discussing an issue and then taking a different view, according to the balance of the argument. We were persuaded that key escrow could have disrupted e-commerce in this country, especially if other countries did not adopt the arrangement. We were proposing a quasi-voluntary regime, whereas France—as one might expect—was proposing a wholly dirigiste regime that would have made it compulsory in all circumstances to vest keys with a safe third party. However, even France went off the boil with regard to that proposal, and the French Government are reconsidering the matter.
Secondly, the Government took account of almost everything that the Select Committee said, and we have strengthened the safeguards in the offences relating to a failure to comply with the notice for key disclosure under clause 48. Those measures are set out in clauses 49 and 50.
I fully support the concept that, where they exist, keys should be capable of access, for instance in relation to the transfer of funds using credit cards. However, what about when a key is not in the public domain, so to speak? The Home Secretary will know that drug dealers use their own encryption tools when they communicate with each other. What does he have to say about e-mails that are encrypted and decrypted by drug dealers? The internet service providers will not be aware of what is happening, as the messages will be only a data stream to them.
A person who does not have possession of the key cannot be guilty of the offence. By definition, the keys are a secret confined to the people who have control of them. One half of the key—the part used by the person communicating data to a recipient—is public; by definition, the other half is private, and that is the part that interests law enforcement agencies.
Is not the remaining significant complaint about the proposals that they could penalise people who lose their encryption keys? The Bill places on such people the burden of proving either that they never had such a key in the first place, or that they are innocent. However, it offers a relatively light penalty for people who intentionally claim that they cannot find their method of decryption. Clearly, major criminals would rather accept a six-month punishment than a much more severe penalty. Would not that seem to them to be a price worth paying?
It is worth bearing in mind that the product of interception resulting from the use of such keys cannot be adduced in evidence. People will not be able to deny material of evidential value in court, as the Bill—like the Interception of Communications Act—is based on the premise that neither prosecution nor defence can adduce the product of intercept as evidence in court. If there is concern in the House about the balance of the penalties, which can be discussed in detail in Committee, I am happy to take representations about it. As I have said before, I have never put a Bill before the House that has not been improved as a result of the parliamentary process, and I hope that I never will, because that is the essence of what Parliament is here for.
We have had discussions about people who have lost their key. I find it slightly eccentric, although it is not impossible, that someone can lose a key that he needs to access a large amount of data. Such things happen, of course, and the person has a perfect defence if he has lost it and then forgotten it. I do not believe that a court would convict people in those circumstances if it believed them. If it did not, however, that would be a different matter. Whether the case went before a magistrates court or a Crown court, we have very high standards of justice in this country.
I should like to deal briefly with international comparisons and the role of the commissioners and the tribunal. Law enforcement worldwide is worried about the criminal use of encryption. I have discussed this on a number of occasions with colleague Ministers of Justice and the Interior, including the United States Attorney-General, Janet Reno. The United Kingdom and the United States are both putting in place a package of measures to tackle the problem.
In European terms, we are ahead of the game in e-commerce and law enforcement legislation. Our goal is to make the United Kingdom the best and safest place in the world to do e-commerce. The industry, too, wants a secure environment in which to conduct business.
The scheme of the Bill is aimed at trying to keep up with the advance of technology as best we can. The gloomy prognosis, though, is that whatever is done, law enforcement will take a hit over encryption. That is partly my answer to my hon. Friend the Member for Crewe and Nantwich. Introducing the measures in part III is the least that we can do to minimise the effect of that hit. They form an important part of the package of measures that we are putting in place if we are to have any hope of dealing successfully with the threat from the criminal use of encryption.
Part IV is in many ways the most important part of the Bill. It sets out who is to scrutinise the use of the six powers and it establishes a tribunal, which will be accessible to all. The existing commissioners for interception, the security service, intelligence services and surveillance will continue with their present roles and will add to some of them the powers in the Bill. One role of the commissioners will be to reassure Parliament and the public that the powers are being used properly. In addition, a new tribunal is established to consider complaints.
The hon. Member for Southwark, North and Bermondsey asked whether we could bring together all the separate regulation regimes. I did not think that that was appropriate, but I accept the argument that we should amalgamate the current plethora of tribunals and different avenues available for complaints. That is what we are doing in the Bill. We are abolishing the specific tribunals and establishing one all-embracing tribunal to replace those functions and any others that are relevant under the Bill. It will be a serious and powerful tribunal, and will be available as redress in respect of the use of a wide number of techniques by the investigating agencies.
The Bill sets out six conditions for the use of six law enforcement powers, used daily in the front line against some of the most serious threats to our society. We have previously regulated these powers on a piecemeal basis in response to judgments of the European Court of Human Rights. In this Bill, we are anticipating, on a comprehensive basis, the requirements of human rights legislation.
These are the principles. No doubt some of the more detailed provisions will lead to discussion here and in Committee. Meanwhile, I commend the Bill to the House.
This is an important Bill, dealing with very complex matters. Given the enormous advances in technology and the possibility of its lawful and unlawful use, we fully acknowledge that the time has come to look again at updating the Interception of Communications Act 1985. We are therefore broadly supportive of the principles behind the Bill. We will not be opposing Second Reading, but that does not mean that there are not areas of fairly serious concern that we will wish to examine in considerable detail during the Bill's passage.
The last time I told the Home Secretary that I did not oppose a Bill's Second Reading he evinced some displeasure when I chose to oppose it at further stages of its proceedings. The fact that we support Second Reading—or that, at any rate, we do not oppose it—should not be taken as indicative that, if our concerns are not met, we shall continue to support the Bill throughout its future stages. Perhaps, as I have put that on the record, the right hon. Gentleman will not be greatly disappointed later. However, I hope that it will not be necessary to oppose the Bill; I hope that he will allow us to improve it so as to meet our concerns.
We accept that the explosion in methods of communication has given rise to a similar explosion in new methods of committing crime. If we failed to update the legislation that we introduced in 1985, we should damage the capability of this country's law enforcement, security and intelligence services to do their job.
However, the Bill is like the curate's egg—it is good in parts. We accept the need both to widen the power of interception to cover modern communications methods and to regulate surveillance and covert human intelligence. However, it is important that the Bill should be effective and still strike a proper balance between the needs of the crime fighter, the legitimate concern of business to avoid overweening regulation and the interest of the citizen in respecting fundamental human rights.
In some ways, the Bill does not provide crime fighters with all that they need. For example, clause 6 deals with those persons who may apply for interception warrants. It lists the head of every major security service and provides for the Secretary of State to designate "any … other person", but one notable omission is any provision for a senior official responsible for the detection of serious benefit fraud to apply for an interception warrant. Given that such fraud is by far the most substantial crime by value committed in the United Kingdom, it seems a bit odd that no senior official at the Department of Social Security can apply for a warrant—even in the most serious cases of benefit fraud; for example, those involving international gangs.
The powers in the Bill need strengthening to ensure that law enforcement agencies can obtain the evidence they need when dealing with serious sex offenders, drug traffickers and those involved in organised and terrorist offences by intercepting their communications and being able to break the codes that are used. I shall deal with that matter more fully when I come to the use of encrypted communications.
One of the great successes of the past few years has been the UK's growing information technology industry. The industry realises that it is important that law enforcement agencies should be able to carry out their work and that there should be provision to allow the interception of communications.
I was checking whether my recollection of the matter was correct. Recently, there was a large case in Lancashire. In most cases of serious social security fraud, the police are involved. There is no problem in the police making an application through the National Criminal Intelligence Service—they do that through an intermediary. There would be no impediment to that system for applications in cases of serious benefit fraud.
I am grateful to the right hon. Gentleman for that attempt at elucidation, but the situation remains exactly as I described it. The head of social security cannot apply for an interception warrant. I invite the right hon. Gentleman to consider whether there are cases that might not necessarily be dealt with at one remove through the police and whether there might thus be some circumstances in which that individual should be able to apply for an interception warrant.
The Internet Services Providers Association believes that
in order to allow enforcement agencies to carry out their work, there should be provision to allow interception of communications.
The association is not against the Bill in principle. The Federation of the Electronics Industry has said:
FEI does not question the objectives or underlying reasons for the proposed legislative reforms.
The Alliance for Electronic Business has said that
the Alliance strongly supports the Government's objective in regulating the interception and monitoring of electronic communications.
Therefore, there appears to be general support for the principles, but that puts upon us an even greater responsibility to listen to what those bodies say about the improvements that are needed to the Bill.
Too many times during the Bill's consultation process, the views of industry have been overlooked. A balance has to be struck between allowing law enforcement to operate—as it must and the House would expect it to—allowing industry to deliver what the Bill asks of it and avoiding over-regulation.
Clause 12 will enable the Home Secretary to require communication services providers to have an interception capability and, by notice, to require certain technical steps to be taken to achieve that. The industry is concerned that the steps proposed by the Home Secretary may be either technically flawed or disproportionate. The technical difficulties involved should not be ignored.
My right hon. Friend is absolutely right to point out the practical difficulties of interception. Is she aware that up to 100 million e-mails are sent every day and that the routes that they take are quite extraordinary? If I were to e-mail her, it is quite probable that the message would go via California or Australia. What are the practical difficulties in intercepting such communications?
My hon. Friend also refers to the cost and he is right to do so. Cost is a significant consideration and I shall come to it shortly.
It will not be good enough simply to have the ability to intercept data. We must have the technical capability to read it and, as the Home Secretary has acknowledged, that is something completely different. Messages on the internet are split and sent by different routes, as my hon. Friend the Member for Lichfield (Mr. Fabricant) has just pointed out. It is also possible to hide messages in other signals. That raises technical issues about the nature and proportionality of what the Home Secretary can propose. There is a balance to be struck, therefore, between the possibility of substantial over-regulation and the practicalities of law enforcement. Through amendments that we shall table in Committee, we shall seek to try to redress that balance where we think that it has gone awry.
Clause 13 enables the Home Secretary to contribute to the cost of providing an interception capability, but it does not give us any clue as to what the Government's approach will be. It is important that the information technology industry has proportionate technical steps to take and that the costs are not so burdensome that they kill fledgling businesses at the cutting edge of technology. The Internet Services Providers Association has said:
if ISPs in the UK are made to carry the burden of the costs of interception, at best they will be at a disadvantage compared to their European and international competitors and at worst will be unable to operate. It does not seem that this position would help make the UK "the best place in the world for e-commerce".
I therefore want to ask the Government three questions. Are they committed to making payments to providers so as to obtain an interception capability? If so, on what basis will payments be made? Will they at least pledge that no communications services provider will be faced with such costs that it will simply be unable to continue?
There is also concern about over-regulation of communications data—for example, billing logs and other logs of communications traffic. Clause 21 will enable designated persons from security services, Customs and Excise and any other authority specified by the Home Secretary to obtain "communications data". Concern has been expressed by operators about the wide range of persons who will have access to that information and about the wide range of information involved.
Modern software enables a very detailed pattern of a person's communications to be obtained, detailing every aspect of life if sufficient communications data are made available. That is a massive invasion of privacy. Although that power could be justified in a serious case, it should be carefully restricted, and the Opposition will want to table amendments in Committee to make sure that it will be. We do not think that the power should be available simply to any public authority. To give an obvious example, it would not be justified to extend such a power to local authorities investigating council tax arrears.
There is also an important technical issue. Communications services providers could be required to build special software and hardware, and it is not at all clear what the extent or cost of that would be. Yet the penalty is a conviction for a criminal offence. The boundaries of what is proposed need to be clarified and they need to be proportionate.
There is a great deal of controversy surrounding clauses 46 to 49. Clause 46 enables authorities to require a person to provide either the key necessary to decode an encrypted message or the information in the message in an intelligible form. Clause 49 creates the offence of failing to comply with such a notice. Yet the nature of the offence is such that the burden of proving an innocent explanation for failure to provide the key is laid at the door of the accused; in other words, people are presumed guilty unless they can prove that they are innocent.
Is my right hon. Friend aware that approximately half the calls to the parliamentary video and data network, which controls the computers in this place, are from people who have forgotten their password, and there is a routine to get people back into the system? Surely that is one of the practical problems associated with what the Home Secretary is trying to achieve.
That shows that people can forget, but I think that it is fair to imagine that where we are talking about highly complex encrypted messages, some care will have been taken to look after the key.
The crucial point is that people will be presumed guilty until they can prove themselves innocent. That is questionable justice. The Home Secretary shakes his head, but British justice relies on people being presumed innocent until proved guilty. To put it in terms that he might prefer, the provision is probably in breach of the European convention on human rights. He might take that point seriously, if he will not take seriously the point about British justice.
There is no defence allowed where someone might demonstrate to a court that they have shown due diligence in storing the key that is being requested via a section 46 notice. Immediately after the debate, we intend to table a new clause to replace clause 49 which would introduce such a defence.
The offence, as drafted, does not meet the needs even of law enforcement because the penalty is modest: a maximum of two years' imprisonment. Once tightened up to allow the innocent to defend themselves, that could substantially rise. If it does not rise, a serious offender would be likely to refuse the key to encrypted information and hope that he could establish that he had either lost or forgotten it. If he failed to establish that, the relatively modest sentence would be more acceptable to him than the likely outcome if the evidence of serious wrongdoing were uncovered and led to prosecution for a more substantive offence.
The burden of proof should be the normal one of presumed innocent until proved guilty, but the penalty should then be vastly greater, so that it does not pay to lose a key in the hope of escaping a much more serious penalty for a more serious offence.
The Home Secretary has said that he cannot imagine an innocent person discarding the key, but the provisions will apply to anything that has happened in the past, and he will be aware that a common practice of encryption is frequent changing of the keys. The key being sought might therefore have been discarded. Under the guilty until proved innocent proposals, a person who had discarded a key might be at risk of an unsafe conviction.
When my right hon. Friend is carefully drafting amendments, will she consider one other point which I did not hear the Home Secretary specifically address? If the fear of penalties on businesses is such that they are concerned that they might start to lose their private key, it is likely that they will place such private keys in key escrow. If the key escrow system returns, it is possible that it will grow into one of trusted third parties and, therefore, the Home Office will be reintroducing by the back door what was abandoned in the Electronic Communications Bill. In his winding-up speech, will the Minister further assure the House that that is not the intention?
I am grateful to my hon. Friend, although in fairness—I do not want to do the Minister's job for him—[Interruption.] Well, I do eventually, yes; but perhaps not at this very moment. There is a distinction to be drawn between compelling a business to deposit a copy of its key, which was the original proposal, and businesses voluntarily deciding to keep copies of their key with a trusted third party. Many—certainly some—already do so for the safety of the key. Perhaps the Minister will nevertheless be able to give the assurance sought: there is no intention, either now or later, as far as he can see, of reintroducing the requirement that has been dropped.
The draft offence needs to be amended and targeted specifically at known offenders with a background of previous wrongdoing. Evidence of previous wrongdoing should be admissible to prove guilty intention. If the burden of proving guilty knowledge were on the prosecution, miscarriages of justice would be unlikely, but if evidence of previous wrongdoing were admissible to prove guilty knowledge, the guilty would be less likely to go free. If the offence were amended on those lines, we could set a tougher maximum sentence, which would actively discourage criminals from refusing to co-operate. It will be along those lines that we shall be proposing amendments to improve that aspect. Our view is that tough justice is better than rough justice. [Interruption.] The Home Secretary has proposed rough justice and very light penalties. If that is how he wants to be known, that is fair enough.
In many ways, the Bill is over-bureaucratic. Part IV, which deals with scrutiny, proposes that the Prime Minister should be able to appoint two new commissioners to review the performance of the Home Secretary in exercising his functions. That would involve a new interception of communications commissioner and a new covert investigations commissioner. We already have a Security Service Act commissioner, an intelligence Services Act commissioner, a chief surveillance commissioner and ordinary surveillance commissioners. None of those appears to have an independent investigatory team available to them. It seems that the Government believe that commissioning should be a growth industry. The question arises whether any of those important positions entail any real power, particularly as they lack a team of investigators to back up their role.
Will the right hon. Lady refresh my memory by telling me under which Government the commissioners were established? I believe that one set was established in 1989 and the other in 1994—under a Conservative Government.
The point is whether we should be adding to the number, whether adding to them will make for any greater effectiveness or whether we should be finding another way of doing things.
The question also arises, therefore, of whether there are simply too many commissioners. We shall investigate in Committee whether it would be better to have one unified commission with a proper staff of investigators to provide real and effective scrutiny. I am pleased to see the hon. Gentleman nodding. There we go; his conversion was very quick.
It is easy to forget that the information technology industry is one of the United Kingdom's great success stories. Many of the technologies that criminals use were developed for very good reasons. The encryption and other secure communications techniques were developed not to assist criminals in hiding their activities, but to provide a secure commercial environment in which proper confidentiality could be maintained. There are the highest public policy reasons for ensuring that that technology is not compromised by the Bill.
We live in a global marketplace and we should not forget that many of those working in the communications industry do not have to operate from the UK if they do not wish to do so. It is important that security services and regulators should not attempt to do more than is necessary in the interests of proper crime detection and prevention. This is the last area in which gold plating would be good idea. That brings us back to the balancing act that the Government must perform in relation to the Bill. The legislation must do what we all agree it needs to do, but it must not disadvantage the innocent or those caught in the crossfire.
Increased regulation under the current Government is already a cause of concern; it would have been made far worse by the Electronic Communications Bill, but for the efforts of the Opposition. As the House knows, the proposals contained in part III of the Bill were, in a different form, included in the original draft of the Electronic Communications Bill and were dropped only after the strongest representations from Opposition Members and from the industry. At this point, I pay tribute to the work of the Foundation for Information Policy Research. It is important that the Home Office recognises the important principle of not over-regulating or providing disincentives.
Many say that the Government are doomed to fail, that it will be impossible to detect the communications of serious criminals and that the innocent will be burdened with extra regulation. However, we are prepared to give the Government the benefit of the doubt: we shall try to improve the Bill in the belief that it can and will be made to work. Many involved in the communications industry have a choice of where they operate from, but it is strongly in the UK's interests that they remain here. The Government must keep that at the forefront of their mind when considering our amendments to their Bill.
The interception of communications has come a long way since my dad left school in 1935 and started work as a messenger boy at the Post Office. I hope that I do not get him in trouble by telling the following story. One of his jobs was to collect letters and take them by bicycle to a special building, where they were opened; later, he would collect them for delivery on his round. Interception of communications requires far more sophisticated techniques these days.
The Bill is necessary and overdue, but I, like hon. Members on both sides, am concerned that it may well become out of date very quickly. That is one of the problems of the technological changes that confront us. It does not mean that we should not legislate, but we must recognise that we may have to revisit this subject in two, three, five or 10 years' time, depending on how fast and how far these matters advance.
The use of interception of communications in combating drug trafficking has been mentioned, and my right hon. Friend the Home Secretary referred to heroin seizures. I wish to flag up one issue that should be taken into consideration: the way in which the criminal gangs involved in drugs smuggling are changing. A disturbing article, which appeared originally in the American magazine, Mother Jones, and was reprinted in The Editor section of The Guardian on 3 March, highlights the fact that
Law enforcement officials in Europe have suspected for years that ties existed between Kosovar rebels and Balkan drug smugglers. But since Washington enthroned the Kosovo Liberation Army in that Yugoslav province, KLA-associated drug traffickers have cemented their influence and used their new status to increase heroin trafficking and forge links with nationalist rebel groups and drug cartels.
According to the article, German police say that Kosovar Albanians import 80 per cent. of Europe's heroin. We must take that seriously. An organised group is bringing heroin, which originates in Afghanistan, through various conduits from Asia into Europe and spreading it around the world. The article also points out the links between that group and the Colombian drug cartels.
As incidents in many countries have shown, such groups operate through sophisticated money-laundering techniques and international communications, and use the most advanced technologies. Our organised anti-criminal activities must be equally sophisticated in order to intercept their communications, find out what they are doing and stop them bringing death and destruction to so many people in this country and throughout the world.
I was not aware of that allegation. It is extremely serious and I hope that the relevant authorities will look into it.
Another aspect of the Bill concerns effective measures to combat terrorism. Some of us in the Chamber served on the Standing Committee that recently considered the Terrorism Bill. I shall not rerun the arguments, but I notice that the hon. Member for Southwark, North and Bermondsey (Mr. Hughes) is present, and I expect that we may return to those issues.
Several international terrorist organisations clearly use sophisticated methods in their operations, with accountants, lawyers, newspapers and front organisations. They operate globally. They plan their crimes in one country, finance them in another, carry them out in a third country, and the perpetrators often live or seek refuge in a fourth country. We therefore need effective international measures to combat such organisations. I hope that the Bill will go some way towards supporting the vital work already undertaken by the intelligence and security organisations, the police through Europol and other bodies.
Concern has been expressed about the Bill's impact on internet service providers. I understand the concern of those in the information technology industry when they see measures that could, in a worst case scenario, lead to increased regulation or potential costs. However, it is not right that society should not take action against criminal organisations, paedophile gangs, terrorist groups and drug smugglers who are operating using that technology.
We must get the balance right, but it is a counsel of despair to argue that, because the internet is global and we must be at the centre of it, we should do nothing about such abuses. Constituents of mine whose children are suffering as a result of drugs, and people who themselves or whose relatives have been maimed or killed because of terrorist action will not think kindly of legislators who fail to take action leading to effective steps against the perpetrators of those crimes.
I understand the hon. Gentleman's point. I have read the Bill carefully, and any sensible criminal can take simple measures to avoid being caught by it. Why should all the honest people have to spend literally billions of pounds—thus possibly making Britain the wrong place in which to establish businesses—simply because some criminals can use encryption?
The hon. Gentleman is obviously an expert in criminal activity and avoiding the effects of legislation. Perhaps he will tell us how that can be done. I do not believe that it will be that easy. I suspect that people may try to avoid being caught by the measure, as they always do, because that is the nature of the criminal or terrorist mind. However, we must update our legislation.
One reason for updating legislation is to avoid the current position, in which all sorts of unregulated surveillance activities take place. If we do not regulate those activities, unauthorised, unregulated surveillance will occur because people regard it as necessary, but we shall lack the appropriate regulatory mechanism to bring people to account. That would be the worst of both worlds.
I want the Minister to clarify clause 6(j), which refers to
a person who, for the purposes of any international mutual assistance agreement, is the competent authority of a country or territory outside the United Kingdom.
I interpret that to mean that it allows our Government to give authority to someone in another Government or international organisation to undertake the interception on our behalf. However, I would be grateful for some exact clarification of that phrase and of whether it has a wider application than the interpretation that I have just given.
The Bill refers to interception of non-public networks, such as office switchboards. We are considering a complicated matter. When we started work years ago, most people had one switchboard, a couple of phone lines, and no sophisticated internal networking took place. Nowadays, however, most people work in environments where they can have conference calls, messages left on voice mails, and where all sorts of complex interrelationships exist between technologies. We must be careful that people are not inadvertently caught by the impact of the Bill through no fault of their own but because they had been used as a conduit for information that was intercepted by someone else. I hope that the Minister will clarify the way in which the measures will work in practice in the commercial and non-public sector, as defined by the Bill.
That is a question for the Minister; I shall not respond to it.
The Home Secretary said that we needed to keep up with the advance of technology as best we can. The Bill is necessary and probably overdue. However, I suspect that, in a few years' time, it will be out of date. I hope that it will not be left for too long on the statute book—that has happened to other measures—before we review it and update it if necessary. During the Bill's remaining stages, I hope that we will be able to explore some of those matters in more detail. I hope that the House will support it this afternoon.
It is one of the little ironies of life that, on the day that one Labour Member decides to stand against another for the Labour leadership—[Interruption]—all right, not quite the leadership, but they are both standing for mayor—in London, we are debating the Regulation of Investigatory Powers Bill. Some Labour Members may now be tempted to make the Bill as tough as they might ever dream of making it to deal with the latest developments. As we have said previously, the Bill—although complex—covers big issues. It is perfectly appropriate to examine it carefully because it takes us into areas where legislation has never gone before.
The crucial question is: what should be the balance between the powers and rights of the state and the powers and liberties of the individual? The Home Secretary argued that the Bill would achieve a better balance, and my colleagues and I accept the proposition that if the state or state agencies are to investigate people, intercept communications and undertake surveillance, that should be regulated by law. It is accepted across the House that many activities are not currently regulated by law; they are either regulated by codes of practice or not regulated at all. As the hon. Member for Ilford, South (Mr. Gapes) said, technology is moving quickly. Mobile telephones, pagers and electronic mail have come upon us in the past few years and we need a regulatory regime. He was also right that in the next few years other forms of communication may arrive for which regulation will also be needed. It is clearly right to establish a framework of regulation and legislation and we must ensure that that which happens without legal justification is put into a context in which legal justification is required. There is no dissent around the House about that. Like the right hon. Member for Maidstone and The Weald (Miss Widdecombe), who spoke for the Conservative party, we on the Liberal Democrat Benches will therefore vote for the Bill's Second Reading. We need a Bill and it is important that the legislation catches up with reality.
However, our view of the Bill as a whole is similar to that of the Conservatives: changes need to be made where, we believe, the Government have the balance wrong between the individual and the state, and we shall seek to amend the Bill. I was encouraged that the Home Secretary showed his open-mindedness—the Minister of State, Home Office, the hon. Member for Norwich, South (Mr. Clarke), has done that in other contexts—by agreeing to consider reasonable propositions reasonably and I hope that we can make improvements as a result. However, even before I listened to the right hon. Lady's speech, I had in my notes words to the effect that we must make it clear that we may not be able to support Third Reading unless improvements are made. I want to flag that up and hope that it helps the Government to realise that not only are there concerns among those on their own Benches and outside the House, but that both Opposition parties want changes to be made. To get the Bill right, we are willing to work with the Minister and each other.
The Minister tempts me. If the hon. Member for Brent, East (Mr. Livingstone) turned up at any of the debates on the Bill, no doubt we could work with him, too. Some of us did not stand for that particular election, not least because running a campaign out there and doing a job in the House seemed incompatible, but that is a separate debate.
I want to flag up a warning about the Bill's dangerous provisions, as those in which we think the Government are going too far in favour of the state and against the individual are part of a worrying trend. I occasionally crossed swords with the hon. Member for Ilford, South—who is not in his place, but was a moment ago—in Committee debates on the Terrorism Bill. The Minister was also a member of the Committee. Two of my complaints were that the definition of terrorism was too wide and that making the legislation permanent was not a good idea. There are the same underlying concerns about this Bill: that the definitions are too wide, that powers given to Ministers are too great—my right hon. Friend the Member for Berwick-upon-Tweed (Mr. Beith) referred to that and I shall come back to it later—and that the balance is wrong.
The House is also debating the Freedom of Information Bill, which does not give the citizen enough powers and does not take enough powers away from the Executive. Tomorrow, we shall discuss on the Floor of the House a Bill that will take more rights away from the individual and give more powers to the authorities. I must tell Ministers and Labour Members that the Government have got the balance wrong. They were not elected to take more and more rights away from individuals and to give them to the state, but they are doing just that. These measures may have a populist and popular short-term appeal, but if they continue down this road they will increasingly lose support not only in their heartlands, but in other places where people are concerned about these issues too.
The hon. Gentleman cannot have it both ways. He cannot say that the Bill will have to be updated in the light of new technologies, and then say that it is so broad that it encompasses all future technological possibilities.
Had I said that, the point made by the hon. Member for Rhondda (Mr. Rogers) may have been valid, but I did not say that. I said that we shall have to ensure that legislation encompasses the developments in technology, but the Bill is too broad because it gives the Secretary of State the power to designate, without coming back to Parliament with legislation, any body that has the right to intervene. Furthermore, definitions of the national interest in one form or another, that are not defined elsewhere in legislation, allow a wide interpretation. I did not suggest that the Bill was too wide in the way the hon. Member for Lichfield (Mr. Fabricant) implied.
My right hon. Friend the Member for Berwick-upon-Tweed and I are not persuaded by the argument for giving the Executive greater powers to interfere in the lives of individuals. The Secretary of State illustrated the point by saying that whenever he is asked whether someone has had his telephone tapped he is unable to give an answer. However, people would be less reassured to know that the decision is being made by a Minister, who is part of the Executive and in charge of the police or certain parts of the intelligence services, than they would be if it were taken by a member of the judiciary. The separation of powers is very important, not least because we do not have a written constitution.
I disagree with the Minister. I believe that the public would be more reassured if judges, who are not part of, and are free from, the Executive, made such decisions and not Ministers, however well they may carry out their responsibilities. Although Ministers have not been criticised for abusing their powers, that does not mean that they will not face temptation and will not give into it.
The right hon. Member for Maidstone and The Weald properly argued that we must get right the difficult balance between regulation and a liberal trading and commercial society. That is not easy. We want to ensure that there is maximum opportunity for global commerce, but clearly the internet, e-mail and other forms of communication allow transmission of illegal material—pornography is a good example. Such material is much more accessible now than ever before. Parents raise such concerns with us all the time. That material needs to be regulated, because people do not want their kids to be able to download it in their front room. Kids often play a double bluff with parents to find out the password and to access such material.
The Secretary of State may tell us that he is advised that the Bill complies with the European convention on human rights. As of October this year, that will be able to be tested in the courts. Having engaged in a couple of seminars and discussions, I do not think that this country has begun to understand the impact that the human rights legislation will have on people's lives, or to realise how many court proceedings will take place in magistrates courts, county courts, Crown courts and the High Court to test that legislation. The two main issues here are the right to fair trial and the right to privacy, both of which are enshrined in the convention and tested in this Bill.
Let me make a more general point. We are living in an age in which we must ensure that the individual can resist the requests made to all of us to give information all the time, often unnecessarily. I can give a practical, not very exciting example. When someone telephones one of the statutory undertakings to pay a gas, electricity or water bill, that person is often asked for all sorts of information beyond his or her postcode. More and more information is required from those who want a loan or bank overdraft.
The danger is that, in our present society, the information held on us is growing, while the information that we have about who is holding it diminishes in relative terms. The ability to keep up with who controls the information is a real issue in respect of the rights of the individual, not just against the public state but against private corporate society, nationally and internationally.
The other day, I visited a prison and saw how it monitors prisoners' activities. Obviously, the issue is different in prisons, but I was struck by the detailed computerised tables enabling those in authority to track connections, conversations, links and meetings. They can listen in to telephone calls, and play back calls made a month or two earlier. The police do the same on a regular basis. I have examined some of their activities as well. They can trace telephone calls, and can tell where they are being made from and to.
There is a huge collection of information, not all of it lawfully and properly obtained. As the Home Secretary reasonably said, the Bill is not just about discovering what is being said by intercepting communications, but about discovering what communication is taking place—who telephones whom and when they telephone, who visits whom and when they visit. That is a different issue, involving a whole different set of information—even if those concerned do not actually hear what is being said by sitting in or bugging conversations.
I believe—as do others who have written to all of us, including the organisation Justice, and as does the data protection commissioner—that it would have been better to have two general regimes rather than nine to deal with the different kinds of intervention and interception. There are nine—arguably more, but certainly nine—regimes of control, some of which have Secretary of State authorisation: that applies to interception of communications under part I, intrusive surveillance in the context of bugging and burglary, and intelligence and armed forces surveillance. Other regimes have circuit judge authorisation, commissioner authorisation, designated persons authorisation or self-authorisation in the case of, for instance, the police.
Although we have one tribunal, which is a good thing, we might well do better as legislators, in the interests of the citizen who wants to know what is going on, if there were only two methods of giving authority and two methods of judging.
There are various specific questions about definition. I hope that we will look at the definition in clause 25, whereby surveillance is regarded as intrusive if it involves residential premises or private vehicles, but business places, for example, are not mentioned. The definition of what is covert in clause 25(8) has been criticised, because it does not depend on whether someone believes that a surveillance operation may be in progress. The data protection commissioner, among others, argues that it should. Clearly, there are issues of definition as to what is a private telecommunication system and what is a public one in relation to being able to control people in the workplace. Several definition issues like these need to be resolved.
Bigger than that are the great powers that the Bill leaves to the Secretary of State to designate other bodies to do the interception, or surveillance. My right hon. Friend the Member for Berwick-upon-Tweed gave an example, which comes up in clauses 6, 27 and 29. The Child Support Agency, a Ministry of Agriculture, Fisheries and Food inspector and all sorts of people could be designated. We should put those in the Bill and not allow as yet unknown, relatively lowly officials to be able to have what are very wide powers. It may be proper to allow an official in the middle of the night to authorise that telephone bugging can change from one number to another when someone changes their phone number, but it should not necessarily go wider than that.
A much more worrying issue is the definition of the purpose for which one can intercept communication. I hope that we shall look at two definitions again. One is the definition of serious crime. Wider and more worrying is the definition—it comes up, for example, in clause 5(c)—that says that
a warrant is necessary on grounds falling within this subsection if it is necessary … for the purpose of safeguarding the economic well-being of the United Kingdom.
That is a very wide definition. As far as I am aware, it is unqualified elsewhere in the Bill. All sorts of things could be regarded as necessary to safeguard the economic well-being of the UK: ensuring that the stock exchange did not collapse, or that the pound was not affected. However, it could be much less significant than that.
I accept that. Like the right hon. Member for Bridgwater (Mr. King) and my right hon. Friend the Member for Berwick-upon-Tweed, the hon. Gentleman deals with these matters regularly. I still think that we should look at whether the definition is not too wide. As he knows, the Bill does two things: it replicates old legislation and adds new. I hope that he does not believe that, just because it is in the old Act, we should not review whether the definition is too wide.
There are also issues to do with the tribunal and how one deals with complaints. Of course, we are in a bizarre Alice in Wonderland situation: people do not know necessarily that they are having their communications intercepted, so how can they complain about it? None the less, people do complain about that fairly regularly. I think that, without exception, complaints have not been upheld so far; none has been upheld at all. I hope that that is because interceptions have all been done scrupulously and not just that we have presumed that they have been. I give the authorities the benefit of the doubt. It may not always remain the case.
Other countries and regimes—perfectly reasonable neighbour countries of ours—have a more open and accountable system for complaints and for registering what has happened, which allow decisions to have reasons attached to them and people to be able to see the reasons. I should like us to look again at how citizens can at least be informed better about any complaints that they have and the adjudication on them.
Another big point that was raised by the right hon. Member for Maidstone and The Weald and that has been raised widely with us is to do with encryption and, to use shorthand—it came up in the Terrorism Bill—what is called the reversal of the burden of proof. Big-deal criminals may be more likely to remember the passwords, code or key than hon. Members, who may have more than one password at any one time. I certainly do. The password for my mobile phone is different from the one that I use to send e-mails. Indeed, we cannot help having to change our passwords because the House of Commons system changes them regularly anyway, as do other systems, to ensure that they are not kept the same for too long. Yesterday, I went to my office to deal with some correspondence and was told that my old password had expired and that I had to change it. Not surprisingly, some people forget their passwords, whereas others do not. We shall have to deal with the fact that some people, perfectly reasonably, may not be able to remember or gain access to their password or code.
I shall not, as other hon. Members wish to speak and the hon. Gentleman has already intervened.
We cannot place on the accused a burden of proof as severe as that proposed in the Bill. I hope that we shall change the provision, and create a much more reasonable system governing the interception of encrypted material and the application of the balance of proof.
We should also address some more minor issues in the legislation, such as the failure to provide for privileged material. There are also some practical difficulties, such as how the Bill distinguishes between monitoring material and monitoring the contents of material. Another problem is the Bill's provision that interception would be lawful if only one of two communicating parties consented to it. One party's consent should not be sufficient to constitute a valid interception.
For most of those for whom we legislate, the Bill, at least superficially, seems neither relevant nor interesting. However, it is as important as anything that we do in this place, and we must get it right. I hope that we shall be able to adjust the balance that is struck in the Bill in favour of the citizen and against the state. I also hope that, by collaborative effort, we shall be able to improve the Bill, because it certainly needs to be improved.
I should like briefly to deal with chapter II, clauses 20 to 24, of the Bill. My objective is an assurance that the Bill will provide for proper safeguards for the privacy of individuals. I am concerned that, currently, the Bill seems to be deficient in providing for them.
The White Paper entitled "Interception of Communications in the United Kingdom", Command Paper 4368, was published in the summer of 1998. In Chapter 10, on the
provision of communications data to other bodies, the Government state:
the analysis of communications data can provide much information about the way in which people live their lives
and that access by the authorities to such data can provide valuable intelligence. However, the White Paper also recognises—and I agree—that
there is a balance to be struck between the privacy of the individual and the needs of society as a whole to be protected from crime.
The White Paper adds that access to communications data—for example, which telephone numbers have been called, for how long, and when they were called—will be subject to a code of practice. However, I note that in clauses 62 and 63 of the Bill, on codes of practice, there is no mention of involving the data protection commissioner. Some observers who are less charitable than I am might therefore draw the conclusion that the Government's intention is not to refer the code to the official who is tasked to protect individual privacy.
Will the Minister give a commitment that the code of practice will be approved only after full consultation with the data protection commissioner and that the DPC's recommendations will be included in the code? Will he also give a commitment that when a recommendation is not included in the code, the Government will give a full explanation on each detailed point?
In the White Paper, the Government propose that access will be legitimised in dealing with
the prevention or detection of crime; … the apprehension or prosecution of offenders; … the interests of national security; … the purpose of safeguarding the economic well-being of the United Kingdom; … the urgent prevention of injury or damage to health; and … the assessment or collection of any tax or duty or of any imposition of a similar nature.
Those factors of legitimation find expression in clause 21. I should like to focus on the last factor, on the collection of taxes.
In reply to a parliamentary question on the application of section 29 of the Data Protection Act 1998, I was told that
the assessment or collection of any tax or duty or of any imposition of a similar nature
meant that the phrase is
likely to include national insurance contributions and the council tax but not fines.—[Official Report, 8 April 1998; Vol. 310, c. 262W.]
It therefore follows that the "balance to be struck" in the Bill includes the possibility of the disclosure of communications data, if properly authorised, for purposes such as collecting national insurance contributions or road traffic tax. Given that these taxes are, at most, a few pounds a week—less than the cost of a cappuccino per day—some might find this wide-ranging power to be a disproportionate use of state power. There seems to have been a loss of balance here, and I hope that the Minister will explain that.
Do the Government need to modify the non-disclosure provisions in the Data Protection Act? For example, suppose the police could obtain communications or personal data about an individual. Is it the Minister's intention that such personal data could be communicated to local authorities for the collection of council tax under section 29 of the Bill, should the police decide to volunteer such data—perhaps even if the police were asked to do so by council officials? I would like the Minister to consider this matter and, if appropriate, write to me about it. I am not convinced that the collection of run-of-the-mill bills is a suitable justification for phone tapping, e-mail tapping and the general interception of communications. Again, I hope that the Minister will provide an explanation.
The major change proposed by the Bill is one of compulsion. Most disclosure categories identified in clause 21—for example, crime prevention—can already occur legitimately under the Data Protection Act without the need for new legislation. The only difference is that, under the Act, disclosures are legitimised on a case-by-case basis where the data controller—the telecommunications company—has to be satisfied with respect to the conditions. The controller always has the option to refuse to disclose.
Under the Bill, the data controller has no choice but to disclose if an official or officer claims that the demand for the personal data is justified under the criteria outlined in the Bill. In addition, it is not clear whether disclosures could be wider than the case-by-case disclosure of the Data Protection Act. For instance, instead of a disclosure relating to specific individuals, the provision could permit the disclosure of a database, so that the authorities could then select what might be useful.
Will the Minister state that requests will not relate to whole databases of information? Will requests be limited to case-by-case issues where the demand for information is limited to simple, precise circumstances? How will Minister stop these clauses being used for fishing expeditions, which would invariably breach privacy? I request clear answers to those questions before the Bill becomes law.
The Government have not yet presented evidence that the current voluntary arrangements under the Data Protection Act have failed, and that compulsion is therefore necessary. I ask the Minister a simple question—have some telecommunications operators not co-operated with the police and other authorities, if asked? Will the Minister provide the evidence that the current voluntary arrangements have failed and that compulsion is needed? If he cannot, why is this change being made?
On warrant signing, the latest report into the operation of the Interception of Communications Act 1985, Command Paper 4364, shows that, in the last full year of the previous Conservative Administration—under the then Home Secretary, the right hon. and learned Member for Folkestone and Hythe (Mr. Howard)—1,073 intercept warrants were signed. By contrast, in the first year of this Government, my right hon. Friend the Home Secretary presided over an increase of more than 50 per cent., and 1,646 warrants were signed. That is between six and seven a day. We need an explanation, if only to reassure hon. Members that my right hon. Friend is not suffering from repetitive strain injury.
We have an intelligence services commissioner, a security service commissioner, a parliamentary commissioner, a Police Complaints Authority and a data protection commissioner—the last two have expressed an interest in national security and policing issues. Now, two more commissioners are proposed by the Bill. In the House, national security issues are in the remit of the Home Secretary, the Foreign Secretary and the Intelligence and Security Committee established by the House. However, are any of them performing a proper scrutiny role, or are they merely rubber stamps in approving the security services' activities?
That was not the point made by the right hon. Member for Maidstone and The Weald (Miss Widdecombe), who referred directly to two commissioners. Perhaps the Minister will also clear up that point. In any case, there is still a proliferation of such commissioners and my point is whether any of them will perform a proper scrutiny role.
It is not a matter of the individuals, but the powers that they have and the systems that are in place. I have much confidence in the members of the Intelligence and Security Committee—my hon. Friend is one—but I am still not especially happy with the outcome of their reports, which have not had the level of scrutiny that I would have liked to have seen from such a committee.
That would be welcome.
I would like to see the whole system streamlined and given teeth and a degree of independence, so that it can give proper scrutiny. Does the system see only what the security services want it to see? Judging by the lack of critical reports, the security services seem to be perfect model organisations. We all know that that is not so. Until we get the scrutiny arrangements right, more legal powers for the security services to do what they like do not seem to be appropriate. Will any of the commissioners be given teeth for their powers of scrutiny?
The public want reassurance that the agencies that are given wide-ranging powers—which, I readily acknowledge, are often necessary—will not abuse those powers. However, the responsibilities of those who act as public watchdogs are spread thinly across an increasing number of organisations. Although the various commissioners probably try their hardest to wield their limited powers, the diverse regulatory structure weakens the protection afforded to individuals.
Will the Government ensure that the commissioners are at least under a statutory duty to communicate with each other to determine who has responsibility for investigating a complaint? I believe that much more fundamental change is necessary to ensure proper investigation of all complaints and to keep the short-cutting elements of the security services in check. I shall monitor the progress of the Bill in Committee and, if necessary, table suitable amendments on Report.
I am grateful for the chance to speak in a Home Office debate. It is not something that I have done often, but it is obviously an enlivening experience that I shall wish to repeat. My reason for doing so is that there has been a deft transfer of parts of the Bill from the Department of Trade and Industry, in which I was once a Minister, to the Home Office. In fact, the transfer is probably appropriate.
In March 1997, I issued a consultation document on some of the issues relating to the problems of encryption, and how the security services and the police would get access to decrypted plain text. That created a furore which, at the time, I disputed, but—as I said in debate on the Electronic Communications Bill—I have since recanted. It was clearly not appropriate to adopt a statutory trusted third-party system, with a key escrow structure. The Government have been right to listen to industry's demands and introduce this Bill.
The difficulty acknowledged by several hon. Members so far is that the matter is hugely complicated. Although I do not agree with everything that he said, the hon. Member for Leyton and Wanstead (Mr. Cohen) dealt perceptively with the human rights and individual liberty aspects of the Bill. I shall therefore focus on matters that I used to understand when I was a Minister.
The technology has progressed apace. There is now a proliferation of communications service providers, and they can communicate in a wide variety of ways. The old way used to be by fixed-link telephony. I hope that the Minister will tell the House whether some of the restrictions placed on the old BT-Mercury duopoly that operated until 1991 still apply. Is it still a requirement that the relevant companies' chairmen or chief executives must be British? I remember having to deal with the consequences of that requirement when there was a prospect of an American coming to take charge of Cable and Wireless. I had to ensure that the chairman remained British.
Those idiosyncrasies had a purpose at the time. The House understood that they were important, as my right hon. Friend the Member for Bridgwater (Mr. King), who chairs the Intelligence and Security Committee, will confirm. However, they have been well and truly bypassed. I recall signing 150 licences for international telecommunications, and hundreds of others for resale purposes. A multiplicity of companies have entered the sector. Some are small, some large, and some are subsidiaries of other companies. The result is that the old way of doing things, by gentleman's agreement almost, has long since gone.
I mentioned the wide variety of service delivery methods. As well as fixed-link telephony, wireless and mobile communications are also commonplace now. There will soon be fixed-link wireless telephony systems, and cable is increasingly taking over telephone and television transmission. It shows how long it takes to realise a good idea that today just happens to be the day of the auctions for the third-generation universal mobile telephone system, as I structured and devised that auction system in 1996. It is good to see one's baby born, but the process is elephantine.
Is the hon. Gentleman aware that the former Conservative Front-Bench spokesman on trade and industry matters, the right hon. Member for Wokingham (Mr. Redwood), claimed that the measure to which the hon. Gentleman referred should never have got past the civil servants, and that it was the worst piece of legislation that he had ever seen?
I cannot claim always to have given birth to beautiful babies, but the parliamentary draftsman must have got in the way of a brilliant idea.
The process is exciting, but it has taken time because of the need to achieve international standards. I do not want to get sidetracked by the specifics of the technology, but the important point is that full multi-media access will be available to users of mobile phones. That will cause problems for the services that are required to carry out interception.
The industry is international. The Bill contains provisions to determine where telecommunications services are located, and whether a service is known to be delivered from outside this country. However, those technical points can be revisited in Committee if necessary, and I believe that some points at least are worthy of clarification.
The state has an interest in protecting its citizens from criminals and transactions that are designed to undermine the legal framework. These matters can also be extended to terrorism, where it is important that the Government have powers to intercept on clearly stated grounds. The Bill will need to be evaluated carefully in Committee, but the process of stating clearly the terms on which a particular interception can be made should be set out. That is right and proper.
Part III of the Bill deals with the investigation of electronic data protected by encryption. Bearing in mind that the companies involved in the industry are very varied, my concern is that the proportionality of the burden placed on them is openly discussed and understood. Unless it is, there will be considerable industry opposition. There is no doubt that companies that have moved into this sector have not taken this into account. They may not have budgeted for it, or understood some of the technological changes that must be taken on board if they are to conform to these provisions.
It will be important to deal in Committee with matters on which I am sure the Home Office has consulted, but to which I have heard reactions from the industry. With regard to previous drafts of the Electronic Communications Bill, there were concerns in the banking and financial communities, which operate in the global market, about who was being given the powers to request the disclosure of keys. This Bill refers to any person with appropriate permission. I am not a lawyer, and I am sure that lawyers will have a field day in considering these matters. It is essential that the companies that are subject to these laws understand who they will be giving their private keys to because of the need to protect their confidentiality and commercial-in-confidence criteria. Are those fully understood by the people who will be asking to have private keys and decryption provided? I would be happier if the Home Office were more explicit in expressing its understanding of these matters. Perhaps someone in the Department of Trade and Industry, as I was, understands the importance of subjects such as commercial-in-confidence. I would be grateful if the Minister were more open about it.
The Home Secretary had an interesting exchange earlier about whether he could tell anyone that his telephone was being tapped. I quite understand his answer. Nevertheless, when it comes to confidence in the world of global commerce, it is important to know whether encryption has been entered into and looked at, and whether the private key has been sourced. The inability to tamper with a system is vital, as is confidence that, once encrypted, it is safe and not likely to lead to any commercial loss of security. The integrity of private keys must not be unreasonably jeopardised. If they are, companies will have to consider factors such as the need for global key revocation and change, which will be costly. Those factors are in addition to the existing cost element.
The Home Office stated that it might contribute to the costs of interception, heavily underlining the word "might". I am not quoting exactly from the Bill, but I am sure that the Minister knows what I am saying. There is no obligation for the Government to pay up. If those matters are left unclear during further discussions on the Bill, some companies will decide to locate offshore under regimes with less intrusive security measures.
Other hon. Members have put questions about definitions. In clause 52, a definition of "key" is provided that may be a little too vague for comfort. It states that
key", in relation to any electronic data, means any key, code, password, algorithm or other data the use of which—
and so on. That seems to be a pretty general definition, and unless it is tightened up it will cause considerable problems.
There are other problems of definition in the clause—for example, in subsection (4) reference is made to "intelligible" and to something
being put into an intelligible form.
That provision needs to be examined closely—although not necessarily redrafted—to test the full meaning so that people who may be subject to it know what they are being asked to do.
We must keep such matters separate from the Bill. The hon. Member for Southwark, North and Bermondsey (Mr. Hughes) made it clear that there are large distinctions between a private and a public telephone system. However, private telephone systems can now be global; they do not exist merely inside an organisation but within a building, where new technological breakthroughs such as Bluetooth mean that almost everything connects with everything else. Currently, it is virtually possible not only to communicate between one system and another within a building, but to do so globally through intranets and private network systems.
There will be problems if the Bill catches people who are doing things in a corporate environment that they had not realised would be subject to the scrutiny proposed by the Government. Industry needs to understand fully what the Government intend. As one would expect, the Government's intentions are fairly openly declared in the Bill. Nevertheless, the purpose behind them sometimes needs better explanation.
It is vital that the cost elements and the burdens on individuals are properly understood. When I intervened during the speech of my right hon. Friend the Member for Maidstone and The Weald (Miss Widdecombe), my purpose was to obtain reassurance from the Minister that the attempt to make the penalties as draconian as possible would not mean that almost every company would want to ensure that it placed its private keys with some trusted third party, so that are forced back to a key escrow system. I do not think that the Minister intends to do that, but I should like clarification on that point.
Such matters should be properly scrutinised in Committee. I wish the Bill well on Second Reading.
The House is familiar with the considerable technical and ministerial experience that my hon. Friend the Member for Esher and Walton (Mr. Taylor) has in this subject. He raised serious issues that our consideration of the Bill will need to address.
I am the Chairman of the Intelligence and Security Committee, which the House charges with responsibility for the intelligence agencies. The Bill is of direct interest to the agencies and to the Committee because it deals with several matters that go to the heart of their activities. Other hon. Members, including the hon. Member for Southwark, North and Bermondsey (Mr. Hughes), referred to the knowledge that I and members of my Committee have in this subject and the Committee suggested that I should intervene in the debate to make certain comments about the Bill. In doing that, I do not wish to frustrate other members of the Committee who wish to take part in it.
The Committee is familiar with the challenges that the intelligence agencies face with issues of national security. We are aware of the threats that we face from different terrorist organisations and the technological skills that are available to them. Some of those skills enable them to avoid more conventional methods of surveillance and interception, so the issues raised by the Bill are important.
The Committee would be the first to say that our familiarity with the gravity of the threats to our national security and from serious organised crime does not in any way breed contempt for the need to strike a proper balance. Human rights and the proper protection of the privacy of the individual are important considerations. It is a particular duty of members of the Committee to take account of that balance because we are privy to information on activities and threats that cannot be made available to hon. Members and to the wider public. Sometimes those threats are referred to in lurid and anecdotal terms by those who seek to justify legislation in one form or another, so the Committee has a particular responsibility to be sensitive to the need to protect human rights. We must examine seriously whether the balance is being maintained, how great the threats are and how far the Government and Parliament should go to ensure that proper protections exist.
The word "balance" has been used in every speech in the debate. We must take account of that in the procedures that are adapted to the new and major challenges that we face. It is a time of massive technological change and questions have been asked whether interception, in its traditional form, is possible for the new means of communication that are available.
Private networks are often referred to as though they are head office or internal telephone systems. However, my hon. Friend the Member for Esher and Walton made the interesting point that such networks can operate globally. The development of so many systems and providers presents a major challenge in how we approach interception.
My hon. Friend pointed out—I did not know this—that the chairmen of British Telecommunications and of Cable and Wireless once had to be British citizens. I doubt whether anyone, even the Minister, knows the nationality of the chairmen of the various companies that now provide communications networks in this country. Perhaps between now and the wind-up speeches we should try to establish all their different nationalities.
If we are to have different providers, all of whom have to provide an intercept capability, there is not only a question about the cost of that provision, but a great sensitivity about the fact that interception is even taking place. From my experience in previous incarnations, I know of the serious concerns about the security of information, and from my time in Northern Ireland, I know of the sensitivity that exists about what interceptions are taking place.
We are to have a host of different providers of different nationalities. It is difficult to identify where some companies are based, where their head office is or what legislation they are covered by. Those issues will need to be examined carefully in Committee and we shall have to consider how workable the legislation is. We are no longer dealing only with good old BT. The establishment of Mercury seemed, at the time, a radical innovation, but now we have a host of other providers.
The second issue, which the Intelligence and Security Committee has considered and which the Home Secretary referred to, is whether we should have judicial or executive authority for warrants. The issue by a Secretary of State of warrants for interception or covert intrusion legalises illegal acts, because without a warrant such interception is illegal, as the Bill makes clear. This country has been under fire for a considerable time for not placing the issue of such warrants on a judicial basis.
I hope that this remark will not seem too offensive to some people, but I am conscious that in some countries it would be extremely difficult to operate the system for issuing warrants on a political basis. I can think of a number of countries, including even fellow members of our great union, in which certain members of the Government have been accused of organising the interception of communications to other members of the Government. I remember a Government that fell over that issue, when it was found that the Prime Minister had arranged with the Attorney-General to intercept communications to members of the Opposition. It is understandable that public sentiment in several countries is that there must be a judicial system for the issue of warrants.
I agree with the Home Secretary, however, that a judicial system is not always the best protection for the rights of the individual. I recall that in Northern Ireland we were attacked because we held people without charge for as long as seven days. That was considered a major breach of their human and legal rights, and we have reduced the maximum period to five days.
I have mentioned before in the House the Eksund, a ship that had come from Libya loaded with arms on their way to the IRA, which was intercepted by the French authorities. That was a very fortunate interception, as the armaments in the shipment would have caused huge suffering. The people who were arrested and held in France under the order of an examining magistrate—that made the order judicial—were held for two years without charge. That would be absolutely unthinkable under the British system, where we were criticised for holding people for seven days. We need to think more carefully before we move to a judicial system, which people say is bound to be fairer and to provide better protection for the rights of the individual.
I certainly endorse the present system, although doing so is, in a sense, special pleading because I had responsibility for such warrants. They were very carefully examined, and one was extremely conscious of the need to ensure that scrupulous attention was paid to them and of the fact that they would be examined—as they were by the predecessor to Lord Nolan, whose name I forget. The hon. Member for Southwark, North and Bermondsey said that the tribunal never found in favour of a complainant, but I certainly rejected certain applications for warrants because I knew that I had a duty and could be held to account for their issue.
I am following what the right hon. Gentleman is saying. Does either he or his Committee have a view on whether there would be a case for treating differently interception on the grounds of national security and of crime? The data protection commissioner argues that we could reasonably justify judicial control over crime and security matters while retaining administrative ministerial control over national security matters.
I can answer that very quickly: the Committee has not discussed that matter. I would need to reflect on it, but I am not instinctively attracted to such a suggestion. However, we have a problem; there is no doubt that the system is under fire. I happen to believe that our system of Executive action is absolutely justifiable and defensible. As an Opposition Member, I have confidence that the present Home Secretary will discharge such responsibilities fairly. Although the system is a perfectly good one, it will be very hard to sustain.
Would it not be true to say that the three aspects with which the Committee is concerned—terrorism and criminal activity, national security and economic well being—often overlap and that we cannot separate terrorism from, for example, drug activity? In fact, one often funds the other, so it would not be easy to split up warranting in the simplistic way suggested by the hon. Member for Southwark, North and Bermondsey (Mr. Hughes).
I am grateful to the hon. Gentleman, who is a very experienced member of the Intelligence and Security Committee. His point is valid and an important consideration.
There is an obvious and initial attraction in referring to a judicial authority as apparently quite separate from Executive political action, but the tradition in this country of a non-political civil service serving Ministers who have statutory duties has stood the test of time. I am not aware of any allegation at any time of political motivation in the signing of a warrant, but I am afraid that the same cannot be said for certain other countries where different systems operate.
The Committee sees the merit in the unification of tribunals. The establishment of a single tribunal seems to be a sensible step. The effectiveness of tribunals is certainly not helped by there being different ones or by adding to confusion. A single one should be more helpful to people who are trying to identify their point of reference when making a complaint.
The Committee has not commented on—and has discussed only briefly—what might be seen as a proliferation of commissioners and whether it is necessary to have so many. On the point about their effectiveness, I am grateful for the alertness of my hon. Friend the Member for North-East Hertfordshire (Mr. Heald) in respect of having an investigative arm in support of commissioners. On the concern of the hon. Member for Leyton and Wanstead (Mr. Cohen), we have indeed appointed an investigator. We have enhanced our capacity in that sense, which the Committee believes to be important. It will add to the effectiveness of the Committee's work.
I turn to encryption—a matter on which the Committee has taken evidence and has considered. The House will be familiar with its most recent report, in which it says in paragraph 73:
The Home Office stated that 'It is, however, the potential use of encryption rather than its current application which gives rise to the greatest concern. Communications technologies are converging around common digital protocols in a way which will soon allow new encryption methods to be applied equally to voice as to Internet data traffic. When that happens, if nothing were done, the valuable interception capability would be progressively lost to the law enforcement services and to the Agencies'.
Being mindful, and having some knowledge, of the importance of some of the interception that has taken place, the Committee concludes:
We therefore welcome the Government's proposals under the Electronic Commerce Bill to include powers to issue orders for the production of keys held by any person where they are required in order to decrypt material which has been, or is being, lawfully acquired. We understand that this will include interceptions under the Interception of Communications Act 1985 which is currently also under review.
That comment was in anticipation of the production of this Bill.
I have seen outside comment on these matters, to which my right hon. Friend the Member for Maidstone and The Weald (Miss Widdecombe) referred. The report of the Foundation for Information Policy Research was written by an extremely experienced civil servant who—I think—worked in the Ministry of Defence for 30 years and held a very senior position before recently leaving to become a consultant. He made three points.
First, is there really a need for such provision? I speak on behalf of the Committee when I say that there is a need for some such facility. Secondly, the foundation recommended that access and provision of keys should not at all times be required but that at least a transcript should be made available. In that connection—the point seems to be extremely relevant to the question of the key—how many people are we talking about? How many companies, providers and encryption service providers will have to be approached at one time or another? Who will be doing the transcribing of what might be extremely secret or sensitive information? What control will there be over that? Thirdly, if keys are to be provided, there must be proper protection of them, as they are extremely sensitive.
The author of the report said that, if we went by the cost to the Ministry of Defence and GCHQ, ensuring the security of such keys for some companies could cost hundreds of millions of pounds. That may be special pleading, although the figure is substantial regardless of whether we divide it by two, 10 or whatever. The Minister might like to comment on that, and hon. Members may want to discuss it in Committee.
In general, the Committee believes that this is a necessary and sensible Bill. It modernises the Interception of Communications Act 1985, moving it into the 21st century. It seeks to take account of some of the developments in this rapidly changing world. As the hon. Member for Ilford, South (Mr. Gapes) said, the speed with which the world is changing gives us the clearest guidance that it will continue to do so rapidly. If interception is to continue to be an effective aid to the protection of national security and the national interest, we shall have to discuss, in five or 10 years' time, things that have not yet been invented. Against that background, the need to modernise now is clear, but as that modernisation occurs and the challenges become greater, we must at all times bear in mind the proper protection of the citizen, his privacy and his rights.
Although the Bill's Second Reading is not likely to be opposed, major difficulties and challenges will be thrown up in Committee. However, on behalf of the Intelligence and Security Committee, I welcome the introduction of the Bill. I shall watch its passage with great interest.
Given that my wife used to work at Bletchley Park, it is appropriate for me to contribute to the debate on the Bill. Before I commence, I should declare that Caspar Bowden, who is a director of the Foundation for Information Policy Research, is a researcher of mine. However, the comments and views he has advanced under the FIPR banner are his own and have nothing to do with me. I shall not detain the House long, but I want to raise a couple of points that cause me concern. In part, they echo points raised by the hon. Member for Esher and Walton (Mr. Taylor). However, I should make it clear that I support the principle of the Bill.
The Bill started life as part III of the Electronic Communications Bill. At that time, I wrote to my right hon. Friend the Home Secretary expressing my concern. Despite his reply to that letter and his response to my intervention earlier today, I still have doubts. My main concern about the Bill's construction is that it will be impractical because of technological change, and unfair because innocent parties who happen to operate the technology will be caught by it, not criminals. It has the potential to damage e-commerce in this country, although that is because of the perception it will create, not the reality. Finally, the Bill does not really address e-crime. However, I hope that my hon. Friend the Minister shares my belief that amendments in Committee will alleviate my concerns and turn the Bill into a good one.
Does the hon. Gentleman accept the analysis by Caspar Bowden of the FIPR of clause 12, which deals with interception capability on the internet? He says that it will be extremely difficult to find a way to intercept communications sent using split-packet technology, which sends many messages in small parts in many different directions at once.
I would not say that it is impossible, but it will be extremely difficult. One of my concerns is that changing technology means that the armoury available to law enforcement agencies will not be up to the job.
Before addressing part III, I have one comment to make on part II. The data protection commissioner has regularly criticised blanket national security exemptions that preclude any inspection or enforcement. The Bill does not rectify that problem, as I hope Ministers have noted.
Under the Bill as currently constructed, an individual is presumed guilty if he is properly served with a notice with which he does not comply. I accept that some improvements have been made since similar proposals were made under the Electronic Communications Bill, but the basic problem remains. The Minister will say that there is a statutory defence, whereby that individual demonstrates that he does not have possession of the key. The difficulty is that, even among computer professionals, it is a frequent and almost inevitable occurrence that keys are lost, forgotten or destroyed, either inadvertently or deliberately.
My right hon. Friend the Home Secretary appears to think that loss of keys is rare, but I have lost count of the number of internet services to which I have subscribed but subsequently forgotten my password. I regularly visit Amazon.com, but the last time I did so, I found that I had forgotten my password, so I had to go through the rigmarole of re-establishing myself. How am Ito convince a judge, who might not even have heard of a PC, let alone the newer technologies, that I am not lying—that I cannot remember my key and that I am not deliberately concealing it? A criminal who is prepared to risk a six-month jail sentence to conceal a key will be in a better position than an innocent person who is faced with having to try to prove a negative—that he has a sieve-like memory and that he is not deliberately concealing a key.
The Bill will change people's habits. Most people remember their keys by making them a word or a date that is easy for them to recall, but such keys are easy to crack. To make them harder to crack, people are advised to use random sets of numbers and letters, but such combinations are much easier to forget. I recently participated in an online discussion which included some sensitive material. I cannot now remember the password, although it is probably written down somewhere and I might be able to recover it. However, if the police start to investigate the matter, suspecting subversion, how am I to prove that I have a defective memory and that I am not deliberately withholding anything?
I do not want to get into a debate about whether the burden of proof is the wrong way around, but we should not lose sight of the fact that a sensible honest business will not lose its keys, which are the secret of its commercial success, and that the people who have "lost" their key might well be those who have something to hide.
My argument is about people's defence in such circumstances, but the hon. Gentleman makes a valid point: businesses will treat the key like they do a spare safe key and deposit it with a trusted third party.
That brings me to my main concern. If depositing a key with a trusted third party to avoid such problems becomes the norm, the Government will have effectively reintroduced voluntary key escrow by using subtle pressure and exploiting human nature. That subject was debated a year ago and my right hon. Friend the Prime Minister said that voluntary key escrow—not mandatory key escrow, as the Conservatives had originally proposed—was wrong and that the Government would not return to it. If I were cynical, I would argue that that will be the outcome of the Bill being enacted. My hon. Friend the Minister has the chance tonight to state clearly that key escrow, whether voluntary or not, is not on the agenda; and that the fact that trusted third parties may be used to ensure compliance with the provisions of the Bill will not be exploited to reintroduce the concept.
The Confederation of British Industry parliamentary briefing states that the Bill will
impose impractical and unacceptable burdens on business.
I do not necessarily accept that, but the CBI may be right. Those burdens can easily be alleviated by a company moving offshore—to Ireland, Holland or various other countries. The hon. Member for Esher and Walton spoke about global interconnections: a company need only relocate its communications headquarters to a different country. Such actions would be damaging to this country.
Along with other hon. Members now present, I am a member of EURIM—the European Informatics Market—which exists to provide advice to parliamentarians. It says in respect of part III:
There are also real technical concerns that the intentions of this Part are not achievable in the real world. The user may enter a passphrase … to enable encryption … but that will not mean they have access to the actual keys. Possession of a key is itself a questionable concept—
especially where the nature of the communications technology used means that no record of the keys is kept. The password allows the individual to access the information, but the encryption key is never seen. EURIM advises that, often, it will be extremely difficult to recreate the technical environment in which the key was originally used, adding that
Decryption may only be possible on the originating system, which may belong to an innocent party caught up in an investigation by the nature of the technology.
I am concerned that an understanding of the technologies that may be involved is not fully reflected in part III. I would appreciate the Minister giving that matter serious consideration in Committee.
Has the hon. Gentleman, like me, seen many spy films in which a single key is used to get into the message and promptly burned? Surely anyone who wanted to avoid the possibility of the surveillance services taking the key would do that?
I am not sure that the best way to avoid the security services is to watch James Bond, but the point about one-off keys is a serious one, to which I shall return.
It is critical to achieve the right balance between privacy and investigation. We need the law to tackle criminals, not ordinary businesses. I am worried that the way in which the Bill is phrased will allow criminals to make use of the loophole which still permits encryption at source. Investigation will focus on the end of the process.
There is a case in the United States involving a guy called, I think, David Smith. If I have got the name wrong, I apologise. He sent pornographic material to the first 50 e-mail addresses on various servers. That material is for ever on the recipients' hard disks. If the matter were investigated, action would be taken against them, and not necessarily against the sender, who caused the problem. I understand that he is awaiting sentence. The example illustrates some of the problems of which we should be aware.
Liberty considers that the Bill
will enable serious infringements of privacy for no worthwhile gain.
That is a danger, and we need to demonstrate the gains that will be made through such infringement.
The Police and Criminal Evidence Act 1984 requires
disclosure of information to be supplied in a legible and usable form.
That does not preclude key disclosure, and would be a better way of alleviating my concern.
I am worried about the practicalities and the technology change. We run the risk of alienating companies that want to do business in the UK. I know of at least three banks that relocated their internet operations—one to Singapore, one to New York and one to Ireland—as a result of the original measure in the Electronic Communications Bill. That was done last summer, mainly from fear of the provision.
My hon. Friend the Minister may say that I am overreacting, that business is sanguine about the measure and that he has not received many complaints. If that is the case and I am wrong, I have made an idiot of myself, which does not matter. However, if I am right and there is a real danger, it is a serious matter, which I urge him to reconsider.
Improvements could be made to the Bill. We have heard reference to clause 49(1) and the burden of proof. The present wording should be changed to make it a requirement to take all practical steps to disclose a key or plaintext in a person's possession. Clause 50, dealing with the tipping-off offence, should be rewritten. I shall return to the matter.
The right hon. Member for Bridgwater (Mr. King) postulated a situation in which someone receives sensitive information which is then disclosed. The consequences can be severe, and the Bill should make provision for that.
The Government have underestimated the cost of protecting sensitive data, as is made clear in the report that was mentioned. The data may be commercially sensitive, or it may consist of intercepted discussions between freedom fighters or exiled politicians and people back home. Interception of such communications could endanger the lives of those people.
We are not dealing merely with a floppy disk in the Home Secretary's drawer or in a police station. I know how easy it is to hack into the files of the police and Customs. When I worked for Customs, a superb security system was installed, and every file was protected, except one. That was the security file, which someone had forgotten to password-protect, and all the codes were available.
I should hate to be part of an authority that had to ask the Home Secretary for extra money in its budget to put in extra protection for the commercial data in its systems, or a member of staff of the first authority to leak such information.
I spoke earlier of my concern that the Bill does not recognise the changing technologies. Embedded encryption will become the standard. The latest version of Microsoft addresses that key issue and has stronger security provisions than Microsoft has ever had.
We seem to be concentrating on cryptography, rather than on other security devices that may come on to the market. WAP—the wireless application protocol—technology used in third-generation mobile phones already has an encrypted message, although the user may not know where it comes from. Mobile phones are already changed frequently, and that will soon become common. By means of transitory encryption, the user does not know that a message has been encrypted, and the key is lost the moment the message is received. None of that is reflected in the Bill, and it is important for the Standing Committee to deal with it.
I said that I would return to clause 50 and the tipping-off provision. If someone knows that the security of his business has been breached, the first thing that he does is to change the password and the security system, yet the Bill prevents him from doing that. Perhaps I have misread the Bill, but the provision raises numerous concerns, particularly when we consider the global implications and whether or not we change the codes in this country, in accordance with the provisions of the Bill. The Bill can be altered to meet those concerns.
Shifting the balance of some of the clauses in part III would help to encourage e-commerce, rather than giving rise to the perception that a danger exists. I emphasise that it is a perception, rather than reality, but it could still drive business away.
It is widely recognised in other countries that a problem exists and that change is needed. As the right hon. Member for Bridgwater observed, if we do not change now, we will have to do so further down the line. Some countries are doing nothing, but that is not a valid option for us. There is a case for going along the route that we have chosen, with legislation that is way ahead of that in other countries.
Most other countries are adopting less onerous legislation. Germany will require disclosure of the information, rather than of the key itself. The United States is concentrating on international co-operation. Those are the approaches that we should consider. I am worried that in our efforts to get it right, we may shoot ourselves in the foot by creating unforeseen problems that damage our commercial interests, which should be at the heart of part III.
We are all aware of e-crime. I have raised with the Home Office the problem of companies being flooded with e-mail—so-called smurfing. It would be useful if the Bill tackled e-crime, viruses and so on. That would enhance the protection available to companies that use e-commerce.
In conclusion, I welcome the Bill. Although I have highlighted my concerns, I support the thrust of its provisions, which are needed to update previous legislation. I hope that the Government will address those concerns and perceptions, to turn the Bill into a vehicle that will permit e-commerce to continue to flourish in the UK. From the discussions that I have already had with my hon. Friend the Minister, I know that he is well aware of those issues. The Bill will be improved by the amendments that will follow.
I speak as a member of the Intelligence and Security Committee, but not on its behalf. The Bill has two roots. One is the need to comply with the European convention on human rights. That means that the Bill brings within its ambit many activities that are currently unregulated. Anyone who is interested in civil liberties is bound to welcome the Bill because, whatever its defects, it greatly broadens the scope of regulation. The Bill's second root is new technology and the ready commercial availability of the most sophisticated devices and systems, such as encryption and reusable mobile phones.
My hon. Friend the Member for Southwark, North and Bermondsey (Mr. Hughes) referred to two general provisions, which reproduce those in previous legislation. Several hon. Members have questioned whether Executive approval for the powers that the Bill grants is the right method, or whether a judicial mechanism for approval would be preferable.
My instinct is for a judicial mechanism. I am not comfortable in leaving such a serious incursion into civil liberties in the hands of the Executive. I appreciate that there is a rigorous system, which is exercised with great care. However, under it, the Executive authorises Executive interference in the lives of individuals. I therefore support a move towards a good system of judicial approval. We made substantial strides in that direction when we insisted on the approvals that are required under the Police Act 1997. The previous Government introduced that Act, and Ministers may claim that it provides for judicial review of Executive approval, rather than judicial approval. However, it was a substantial and valuable step in the right direction.
The second general issue that we could reconsider, because the Bill covers it, is the justification or grounds for incursions into civil liberties. Clause 5(3) contains a familiar litany, which includes
national security … preventing or detecting serious crime … safeguarding the economic well-being of the United Kingdom.
Those grounds are very broad, especially the third. Unlike other broad definitions, they are not refined by case law or a process of judicial review. Cases in which judges review whether definitions are appropriate and whether a reasonable man might make them do not come to court. We rely heavily on the willingness of Secretaries of State to exercise great restraint in using the powers. They exercise such restraint, but their view of what is justified might not always be shared by everyone else; their perception is not necessarily that of the public.
It is unfortunate that it is not always possible to expose matters to scrutiny. To reveal a specific purpose often makes it impossible to continue a line of investigation and would destroy the investigative process. There cannot therefore be public discussion of such matters. However, from time to time, we should reconsider the breadth of the definitions and the wide range of issues that they could theoretically cover.
I want to concentrate on matters that appear in a new form rather than the two examples that I have considered. A new and worrying aspect of the Bill is the Secretary of State's ability to add a range of other persons or bodies to those who already have the power to intercept communications. Clauses 6 and 29 provide that further bodies can be authorised to carry out covert investigations. That can be effected by negative resolution; the Secretary of State can simply make an order. We all know the total inadequacy of the House's procedures for challenging such processes. It is not right in principle that new bodies should be added to the list of those that engage in interception without primary legislation.
If the Government believe that the Child Support Agency should have the power to intercept communications, primary legislation should effect that. I mention the CSA, but, as I suggested earlier, all sorts of bodies could be legally defined under the Bill. They could include the rebuttal unit, the Government Whips Office, Mr. Alastair Campbell. Who knows who could be listed under the extraordinarily open-ended provisions?
I do not accept the Opposition Front Bench view that it would be appropriate to give Departments that have important responsibilities the duty of pursuing those who break the law under the Bill. The right hon. Member for Maidstone and The Weald (Miss Widdecombe) suggested that the Department of Social Security should be a telephone intercepting body so that it could tackle benefit fraud. Large-scale, criminal benefit fraud is a job for the police, who have experience, discipline and accountability, and are engaged in such cases.
The bodies that exercise rare and limited powers of intercepting telephone conversations should be limited. It should not be commonly assumed that every Department has the power or can apply for a warrant to tap one's telephone. Proper law enforcement bodies can apply for such a warrant to cover those who are engaged in criminal activity. The police are the obvious people to do that in the circumstances that we are considering.
Some bodies appear to cross the line, but are designated as law enforcement bodies. The most obvious is Customs and Excise, which applies for warrants. However, my instinct is not to extend the range of bodies that can intercept communications, but to leave the job to proper law enforcement bodies, to which Departments can turn.
I apply the case less strongly to covert surveillance, simply because it covers a wider range of activities. An almost identical provision allows Ministers to specify additional bodies in that case. Government briefing notes suggest that a wider range of bodies, for example, local authorities, is envisaged. We are considering powers that can be used on public health grounds or to deal with the imposition of a tax.
I believe that we are considering activities that already take place and are being brought within the ambit of regulation. For example, a body that dealt with public health might have to undertake some covert surveillance to check whether assurances about a specific product were soundly based. A body that dealt with tax collection might have to make covert inquiries to establish whether someone was stashing money away. For that purpose, methods are used that people do not regard as public surveillance. For example, the officer who goes undercover to ascertain whether someone is carrying out an illegal money laundering activity would come within the Bill's ambit. However, the procedure for adding bodies to the list should be more stringent than that for which the Bill provides.
A body that does not need to be added to the list because it is already covered is the Ministry of Defence, which is specified as a new body for the purposes of interception of communications. I am slightly puzzled by its appearance in the Bill. I presume that it does not appear as a cover for Ministry of Defence police; the Bill provides for them elsewhere. Is it intended to extend the use of interception by services units? Is it assumed that the Ministry of Defence will regularly apply for warrants? The way in which the Ministry of Defence has been brought into the Bill's ambit needs clarification.
Two new powers have been added to regulation. They do not relate to activities that do not happen; they regulate those activities. The Bill assumes that the activities constitute a lower level of intrusion on the citizen. I understand that assumption. They are directed surveillance and communications data.
Directed surveillance includes using devices outside a building that are normally less effective than those that are used inside a building. The latter would count as intrusive surveillance and are more rigorously controlled.
Communications data cover the acquisition of information about telephone numbers that are being dialled from a specific telephone and the location from which a mobile telephone is being used. That is not the same as listening to the conversation on those phones. I can accept that that represents a lower level of intrusion and it has rightly been brought into the Bill's ambit to provide some protection and regulation. However, in Committee we must consider whether the lower levels of authorisation are adequate for citizen protection and, indeed, whether they meet the European convention on human rights requirement, which is the basis of much of the Bill. If not, we are wasting our time enacting them in this form.
I can accept the principle that there is a difference between intrusive surveillance and some of the other kinds that are mentioned as directed surveillance and that there is a difference between listening to telephone communications and establishing that a person has telephoned a particular number on many occasions or—through his use of a mobile phone—that he frequents a particular area where he is thought to associate with other criminals.
The computer enthusiasts will have a field day with part III and those of us who are less proficient will be a little quieter, but we are bound to ask whether it will work and whether it is right to put the burden of proof on the computer user, who must show that he or she has not lost the encryption. I regularly lose the passwords to which I have access and, although I am perhaps not a good example, that raises questions about the burden of proof. Perhaps more important is the question whether there is a better route by which to achieve that. Hon. Members have described how readily other aspects of the Bill could be undermined by the ease with which people can hack into systems and I wonder whether there is a bugging or hacking route that might be more effective than the Bill's cumbersome and very public requirement to produce a key. That will no doubt be considered at length in Committee.
Intrusive surveillance is necessary to protect our security and the integrity of public service and to combat serious crime, but we do not want a society that is characterised by state intrusiveness and we do not want a nosey parker state. We must therefore ensure that we have the most effective regulation of such powers and that they are confined to purposes for which they are essential and no reasonable alternatives are available. Intrusive surveillance should be limited and carried out by a limited range of accountable and well-disciplined bodies.
There must also be, within the restraints of secrecy, an appeal mechanism. The Bill extends that mechanism so that it applies much more widely than at present and, to an extent, tidies it up. That extension is welcome, but it has an inherent illogicality or perversity. The limited information that the tribunal can give an individual is the subject of much jest—he can be told only that nothing unlawful has occurred. However, there are, unfortunately, compelling security reasons for that as we must prevent mere fishing expeditions to elicit information useful to the criminal from the system of protection. Those protections are essential and it will be the duty of the Committee to make sure that they are effective.
I support the Second Reading of the Bill, which represents a significant step forward for the protection of human rights. Much expertise has been shown today—although I must own up to not having expertise in many of the fields that have been covered—and as a relatively new Member, I think that we have had a fine debate that has done the House a service.
I welcome the closer regulation of covert surveillance and interception of communications by our law enforcement and security agencies. We must aim to create a robust and comprehensive framework for regulating the use of all the techniques. The Bill is timely and represents the up-to-date legislation that is needed in an age of rapid communications developments and because of the consequences of the Human Rights Act 1998. It must be sensitive and, as many other hon. Members have said, must strike a balance between the rights of the individual and the needs of the state. We have heard many measured contributions, which augurs well for the Committee. I trust that it will deliver good legislation that has all-party support. I strongly agreed with the right hon. Member for Bridgwater (Mr. King), save on one point. He said that the House would return to this subject in five or six years, but the pace of change in telecoms and other communications suggests that we might do so in six to 12 months.
The Bill contains no new law enforcement activities and covert surveillance by police and other law enforcement officers is not new. I recognise the overwhelming need to detect and prevent crime, particularly serious crime in respect of which such surveillance is most commonly used. One is always conscious of the dividing line between these sometimes conflicting issues, so I welcome the proper regulation by law and external supervision—for the first time—of covert surveillance and other techniques. Among other things, that will ensure that law enforcement operations are consistent with the duties imposed on public authorities by the ECHR and the 1998 Act.
The first interception legislation was the Interception of Communications Act 1985. In the comparatively short time since its enactment, the world of communications has changed beyond most people's belief. Parliament and the legislation that we enact must try to keep up with those changes, otherwise criminals will find ways to thwart law enforcement and serious criminals will have the advantage. That is a challenge for us all, but we must also protect the privacy of the individual and not overburden fledgling businesses.
The Bill goes a long way to achieving the balance that most Members of the House require. It is a fundamental reform that places police, law enforcement and intelligence and security agencies on a properly regulated statutory basis. Enacting such legislation is not a new departure and, in many ways, the Bill marks the completion of a 15 or 20-year reform programme that started with the Police and Criminal Evidence Act 1984. It was followed by the Security Service Act 1989, the Intelligence Services Act 1994 and the Police Act 1997, which introduced a code of practice on intrusive surveillance.
The Bill will supplement those measures and provide a statutory framework that will give individuals better protection and ensure that there will be no reduction in the ability to wage war on those who perpetrate terrorism or are involved in the narcotics trade. Interestingly, my research showed that 52 per cent. of all heroin seizures in 1998 resulted directly from intelligence interception and it is estimated that the total value of drugs seized in that way was more than £185 million. There is a clear need to ensure that interception and the fight against crime are not undermined. At the same time, protection of the individual must be uppermost in our minds. That is the challenge for the Committee, which I am sure will come to the right conclusions. I welcome the Bill.
The hon. Member for Upminster (Mr. Darvill) is absolutely right: we have had an intelligent debate. As one who has little knowledge of intelligence operations, I shall be cautious and approach only one aspect of part III. Since the Bill's publication, I have been listening to a number of police inspectors and chief inspectors who will want to use its provisions, and they particularly like certain aspects of it. One recently gave me the example of a known paedophile with whom the police had been dealing. He was a member of a ring and the sort of gentleman who believes that there is nothing wrong in his activities. Most, if not all, the members of the ring were arrested and convicted, but this individual was not because he successfully protected all his electronic information so that neither the police nor the security forces were able to break the code or the key. That individual did not go to court, and has disappeared for the moment.
The police feel that this aspect of part III is desirable. They have asked for it, and they are looking forward to it. However, their difficulty is that, despite the promises, good words and good intentions of part III, it collapses when we come to clause 49(5), to which my right hon. Friend the Member for Maidstone and The Weald (Miss Widdecombe) referred, because the punishment does not fit the crime.
Lightheartedly, I should like to ask the Minister to put himself in the shoes of a well-known paedophile—perhaps we could call him Gary, and imagine a little more hair and some high-heeled shoes to add some character. As a paedophile, Gary believes that it is acceptable to have sex with children. He thinks that the bulk of society is completely out of step. He belongs to a group called the paedophile information exchange, and he and his disgusting friends use the internet to exchange data, ideas, names, photographs and even films related to their paedophile activities. That is all stored electronically, and protected by a sophisticated encryption system.
Our imaginary friend Gary is under investigation by the police for suspected paedophile activities. As part of the investigation, the police have collected our Gary, along with his computers, floppy disks, CD-ROMS and his full action DVDs. Gary is somewhat relaxed, because all his data are protected and the police have failed to get into his files in the past. He anticipates that he will be all right, until his solicitor explains that the Bill provides new powers that enable the police to insist that he produces the key to unlock the evidence.
Our imaginary paedophile Gary knows that if the police had access to that information they could arrest him and many of his paedophile colleagues. It is hoped that they could also locate and arrange help and protection for the many children that he and his friends have abused. He also realises that he will be charged and almost certainly convicted for a range of offences, starting with possession of indecent photographs and pseudo-photographs of children through to rape and buggery of children. He would face a sentence of 10 years or life for many of those offences.
Gary realises that there is ample evidence that he, and he alone, has regular access to much of this information. His solicitor advises him that, if he refuses to produce the key, on summary conviction he would face a term of six months and perhaps a fine, and on conviction on indictment he would face two years and a fine, of which he would probably serve a few months. His choice is obvious.
Obviously, I am not accusing the Minister of being a paedophile. But I am asking him to put himself in the shoes of someone accused of either paedophilia, theft with a maximum penalty of 10 years, obtaining property by deception with a maximum penalty of 10 years, false accounting with a maximum penalty of seven years, forgery and counterfeiting with a maximum penalty of 10 years, or robbery with a maximum penalty of life.
I hope that the Minister, when he winds up, will note the points made by my right hon. Friend the Member for Maidstone and The Weald. Assuming that the first part of that clause is satisfactory to the Committee, it would be right and proper to include an appropriate sentence. In the eyes of the policemen who will put this measure into action, it will not work unless the penalties are considerably stronger.
My hon. Friend the Member for Mole Valley (Sir P. Beresford) is to be congratulated on the excellence and brevity of his speech. Brevity is what we should all seek to achieve. However, I am afraid that I shall be a little longer than my hon. Friend, but I shall try to give as good value.
First, I must put on the record the fact that I am a professional adviser to the Telecommunications Managers Association, and I have a reasonable—certainly from my poor pocket's point of view—shareholding in Cable and Wireless and British Telecom. I am also the unpaid vice-chairman of the parliamentary information technology committee in the House, and the unpaid vice-chairman of the European informatics Market group.
I also want to boast a little, because I have had a good year in Bills—it has been far better than when I supported the Government. Being in opposition has something to be said for it. When the draft of the Electronic Communications Bill was first published, my hon. Friends on the Opposition Front Bench were kind enough to show me a copy. They and I felt that it contained some objectionable elements, especially on key escrow. We had detailed discussions with Ministers, and to their credit they decided not to go ahead with those objectionable parts of that Bill. The Department of Trade and Industry sensibly passed on those difficult issues to the Home Office, which was not quite so sanguine about doing away with those objectionable aspects.
I recently served on the Committee considering the Utilities Bill. Unfortunately, I was unable to attend the Second Reading debate. Immediately I was put on the Committee, I spoke to DTI officials—my reaction to the inclusion in the Bill of the telecoms industry was to ask, why? The Government have a manifesto commitment to change the regulation of communications, and the White Paper that was published in the autumn proposed just that. In my first speech on that Committee, I told the Government that that part of the Bill was nonsense and should be changed. The Government said that there was no problem, but last week they decided to withdraw the telecommunications aspects—for which they gave a lame excuse—and the water provisions, but we still do not know why they did that.
Perhaps the Minister would be so kind as to take notice of what I am saying. My advice to my Front-Bench colleagues was that we should vote against this Bill. It is the most appalling legislation that I have ever seen. It could probably be amended in Committee, but it needs an enormous amount of amendment. The great advantage of terrible legislation is that it often never gets used. We stay up all night, put legislation on the statute book, but the courts and the police never use it. I am reminded of the Computer Misuse Act 1990, which gives various people powers to protect data. There has hardly been a successful prosecution under that Act. It was aimed at hackers, but has been more or less ignored.
When I first read the Bill, I was directed to the technical clauses, but I thought that if I was to understand it, I might as well start at the beginning. Clauses 1, 2 and 3 are extraordinary. If we let the Bill go through in its present state, what will be the position of those who have transferred from one party to another with their pagers intact? Having been told by the Whips that they are no longer authorised to receive messages, doing so will be a criminal offence punishable by two years in prison. That may seem a minor issue, but one ex-member of the Conservative party still uses his pager to the benefit of the Labour party. The hon. Member for Brent, East (Mr. Livingstone) may very soon leave the Labour party, and he no doubt still has his pager.
We are being told that the Bill is necessary to upgrade and modernise the regulation of the internet. However, it contains nothing that will assist people in getting information that is passed over by package switching, which uses many different routes. If that is to be done effectively, one has to put the tap on the end of the wire from which one is trying to get the information. That has always been done in exactly the same way. I shall go into more detail about how we could help the police to catch criminals.
What about temporary files? I discovered on the parliamentary data video network that our system captures temporary files when someone is using a remote access to this place. Someone who is authorised to use the system but not to see someone else's e-mails can access them. I printed some off to show that it can be done. I understand from my reading of the Bill that it is still possible to do that without being caught by the legislation. The only problem is that the Officers of the House who set up the system will be caught by it. We shall have only a few people working for us shortly, because they, too, will end up in prison for two years.
What about the interception of postal packages? When I am opening the hundreds of letters that I regularly receive, I often look at one and say to myself, "Hang on a minute, this is not for me; it is for my namesake, my hon. Friend the Member for Gordon (Mr. Bruce)." I shove the letter back in its envelope, write on it "Sorry, Malcolm—opened in error", and send it to him. The Bill is so badly drafted, however, that under it I will have committed an offence that could put me in prison for two years. I will not just have read what is written on the envelope, which I am entitled to do to help the letter to reach its correct destination, but I have intercepted some postal system illegally. Hon. Members shake their heads, but I have read the Bill carefully, and I suspect that others should also be concerned.
That may well be true, but I do not think that, if it is true, we should perpetuate the system. We should think carefully about exactly what could happen, especially in view of the penalties provided for in the Bill.
In any event, I am not sure that my hon. Friend is right because I have not read all the Acts involved. In general, we assume that, once the Post Office has delivered something, what happens to it is not subject to legislation. Let us assume that my wife decides to open my post. Under the Bill, if I have not authorised her to do so she, too, could end up in prison. What if post arrives for one's children and one thinks, "This looks important: I had better open it to find out what it is"? If the contents prove embarrassing to the children and they are over the age of consent, they may well have grounds for an action against their parents. Packages are often delivered to tenants who have done a flit, having not paid the bills. What if a landlord opens such a package, either to readdress it or to find out what has been going on?
As for the telecommunications aspect, I am a little worried about the implications of even answering the telephone in the event of a wrong number. I suspect that one could not be caught for doing that, but what if a "wrong number" telephone call was recorded on my answerphone, and was then available to me? I might well be committing an offence.
Under the Bill, an existing private system will become attached to a public system. Nowadays, almost every household contains a telephone extension; certainly, every business has extensions. The change in the law means that anyone listening to anyone else's conversation will be committing an offence punishable by two years in prison. Cordless telephones often pick up other people's conversations; again, someone listening might inadvertently commit an offence. I am not sure that the House wants to introduce such a provision, but the Bill introduces it.
I have received e-mail that was sent to me because someone had forgotten that the copies were being forwarded to the wrong people. Someone whom I threatened to sue wrote to a friend with copies of my e-mails, asking for an opinion. When the friend sent the e-mails back to that individual, I received copies of both the original correspondence that the guy had sent and the stuff sent to me. According to my interpretation, the Bill would make that an offence.
What about employers who record telephone conversations? That is done in most spheres of financial services. I hope that the Minister has worked out how it will be dealt with. People are often not told that conversations are being recorded, although it is normal practice in many businesses, so that there is no dispute about what was said by a customer or by someone involved in the business. Frequently, such recorded calls catch information from people who are engaging in personal conversations that are nothing to do with the business.
I had intended to talk only about the technical side, but what really worries me is the fact that we seem to be tying the hands and legs of our police officers. So complex are the arrangements for the issuing of warrants that I fear that the police will constantly fall foul of the rules. They will try to keep to the rules, but if they have got some detail wrong they may find that they have done something illegal under those rules, and that, as a result of their acting on criminal intelligence on that basis, the case is thrown out of court.
Someone may believe that the police are going to impose surveillance on a particular named person, only to discover after the issue of the warrant that a different person is involved. If the right information was not given to the magistrates in the first place, it will make no difference that a criminal was caught, and that there were good reasons for the method employed. The arrangements are too bureaucratic and involve too many people, and I do not think that that helps.
When I first read the Bill, I thought that I had misunderstood the way in which the European convention on human rights—which we have now incorporated into our law—will affect the way in which the police do their business. I am not talking about surveillance in the sense in which we all think of it—people planting bugs and so forth, for which warrants have always been issued; I am talking about the fact that a police officer who does not identify himself as a police officer, who is involved in following a criminal or getting into conversation with one, needs a warrant from a senior officer. The document that I have received from the Library refers to a superintendent; the Bill refers to a deputy chief constable. In any event, that officer needs a warrant to do what we all think happens all the time.
Let us suppose that a police officer is sitting in a public house. A guy walks up to him and offers him drugs, a radio or something of that nature. If the police officer arrested him immediately, saying, "I am a police officer", there would be no problem, but let us suppose that he strings the guy along. Let us suppose that he says, "I have some friends who would like this. Got any more?", or, "Go back and see whether you can get any more drugs from the other guy." Any covert operation of that kind would be caught by the Bill, which requires officers to go and find a warrant.
I commend the document from the House of Commons Library, especially pages 16, 17 and 18. It is interesting to read. It states:
Plain clothes detectives who spot known criminals in the street will need written permission to summon other officers to monitor the suspects' behaviour, under new rules governed by the European Convention on Human Rights.
If the regulations are not followed, any prosecution will automatically fail, even if the officers subsequently witness a blatant crime.
My right hon. Friend the Member for Maidstone and The Weald (Miss Widdecombe), the shadow Home Secretary, said:
This is absolutely potty … It shows that all fears about incorporating the European Convention on Human Rights into British law have been proved right. Jack Straw should state immediately that these rules will not apply here. It is complete nonsense.
It is in the Bill, however. Warrants have to be obtained for people to conduct ordinary covert police operations. Either they must go around wearing badges saying "I am a police officer", or they must be in uniform, or else they must have warrants. Even if they are following up a known criminal, they must give sufficient evidence to obtain a warrant to allow them to engage in covert surveillance. That is bonkers.
I am slightly surprised that the hon. Gentleman should quote words said by the right hon. Member for Maidstone and The Weald (Miss Widdecombe) that she did not use in the debate. Perhaps she has subsequently concluded that the Bill does not work in quite the way that he suggests.
That is a question that my right hon. Friend the Member for Maidstone and The Weald will have to address, but it seems extraordinary that the House of Commons Library has interpreted the position in that way—there are three pages; I will not read them out. I commend to every hon. Member what the paper says about what will happen if the Bill comes to pass.
The hon. Gentleman is incorrect. The paper goes into the Association of Chief Police Officers code of practice, pointing out that the code is not legislative; it is the way that the police normally deal with things. The paper goes on to say on page 18:
One force has summarised the rules by telling its detectives: "In the scenario where a known shoplifter is seen in shops and plain clothes officers are sent to keep observations, the Superintendent's authority must be sought.
It will be a deputy chief constable under the Bill.
In that case, where an officer in plain clothes sees a likely offender, and keeps observations, the authority is not needed"—
although I am not sure that that will be the case under the Bill—
however, if he calls other officers to the scene, a Superintendent's authority is required.
These codes will become law in October. If any cases where these codes have been breached are heard after this time, the prosecution will fail".
The hon. Gentleman may know that my son is a police officer. We often have late-night conversations because we both do not finish work until all sorts of strange times. I have listened to his frustration as a police officer running around after criminals trying to secure proper prosecutions. This country has tied up the detection of criminals and securing a prosecution with more and more red tape, more and more regulation and more and more paperwork. The Bill does not help. It is probably the most backward step in that procedure that we have ever had. If we give a police officer a warrant—that is what he gets when he signs up—he should be able to go after criminals. By all means, if that officer has used some covert system to do that, that should be recorded, but to have to get, all the time, prior authorisation by a very senior officer seems completely potty. My right hon. Friend the Member for Maidstone and The Weald used that word; it is very apt.
Everyone thought I would talk about the encryption keys. I again commend to Members who will be on the Committee—I am already on the Committee that is considering the Utilities Bill and will not be able to serve on this Bill—the words of the Foundation for Information Policy Research, its director Caspar Bowden and the papers that have been produced by one his colleagues, Dr. Gladman. They are clear and easy to read. It is the sort of thing that we sad people do on a Sunday: actually read about what is happening.
I have tried to be analytical about the Bill. I am less unhappy about the encryption side than I thought I would be. It is clear that one does not have to give away keys, the private keys, as long as one is decrypting what the law enforcement people require. That is reasonable.
It is unreasonable to force someone to give away the key so that some other person can decrypt. Often, that private key is the private key to masses of data, which have nothing to do with the criminal investigation. Ministers need to look carefully at the matter and to ensure that all the codes, let us say, of a bank are not broken, and that all the accounts are not got at, simply to get at the one account that someone is trying to go after.
People hide information on their computers. They include not just criminals who send messages about where the drugs will be picked up, or whatever; often, it is apt for pornography. I want the Government to try to help the police to break that terrible crime and to help the victims, the children, who are exploited to get the pornography and the paedophilia that goes with it. One can take a better route to ensure that people can decrypt as much as possible.
What did surprise me in the Home Secretary's comments is that anything that is received by way of a warrant is not adduceable in evidence. Obviously, lawyers think that that is right. It seems bonkers to me. If we are going to go to the lengths of forcing people to provide information through decryption under a warrant, it should be available to the courts. There will be occasions when one does not want to say that there has been surveillance. The prosecutor should not be forced to use that evidence and to reveal that it has been acquired via a warrant, but it seems mad to disallow that as evidence, so I hope that Ministers will look at that matter.
We need to discuss whether a criminal can be caught by the legislation. If we are to put burdens on the rest of electronic commerce, it will be important to achieve the purpose, which is to catch criminals. If a criminal wants to ensure that, once he has read a message, he cannot be forced to give up the key, he will find a trustworthy person and say, "You see this key. Here is a light. I am burning it. I now have absolute proof that I no longer have the key." That seems to be the way in which someone will try to ensure that no one can get to the information after it has been read.
The Home Office should know that even though people are securing something within the memory of the computer, often, all the information that has been translated and put on to the screen has gone through a buffer and that buffer can be read by a competent computer technologist. Reading the hard disk to find out what had gone before is not that difficult.
Again, if someone wants to see what is happening on a screen, they could set up a covert camera to point at the screen—a simple surveillance technique—so that they could see exactly what is being decrypted. After all, that should be adduceable in evidence. For example, if someone who is looking at pornography is seen with the screen, one could prove that they have looked at the pornography, as well as possessed it.
When someone is putting things on to his screen, it is not that difficult technically to have a device in the computer—again, put in as a surveillance device—to send all information to the screen along a telephone line to a bug. In many ways, at the right level the old surveillance systems are perfectly adequate for dealing with these issues. That matter should be looked at carefully.
I have a worry about someone being given a warrant to obtain information. A police officer may walk in and give the managing director, or company secretary, of a company a warrant, saying that, as the persons responsible for the company, they must provide him with the key to the information. Under the law, they cannot go to the computer engineer and say, "How do I do this?" because information will be passed on, which is not allowed. They are allowed to talk only to a lawyer about the matter. That seems silly and impractical. The wording should be correct—it should ensure that people who have to provide the information will be able to do so.
Of course, it will be an impossible situation. The police may have been to a particular organisation and perhaps talked to one or two people there. Another guy may come up and say to those two guys, "Crumbs, what are you doing?" They will say, "We have been asked by the police to get the key to this. You can get five years in prison for doing that." Imagine the conversations that might ensue. One goes home to one's wife and says, "I'm sorry that I'm a bit late tonight, darling", to which she might well reply, "Where have you been?" "Well, it's a bit of a secret." "No, where have you been?" "Well, some police officers came in and asked me to get the cryptographic keys, so that we could decrypt something."
In the legislation, the husband in that dialogue, by divulging that information, would be guilty of an offence carrying a possible five-year sentence. Such a situation is nonsense. If someone releases information that gets back to the criminals, enabling them to get away with their crimes, that person should be prosecuted. However, people should not be liable to prosecution merely for telling someone that they have passed information to someone else. The innocent would be caught by such a provision, and that would be silly.
The Bill makes various provisions that could catch the innocent. It is also too prescriptive in dealing with police. We have to cut red tape away from the police, not bury them in it. The Bill is also too restrictive for new electronic companies and it could impose costs that serve no useful purpose. I do not believe that, in many technical spheres, the Bill will do much to catch criminals.
We already have some very sensible laws on investigatory powers. We want light-touch regulation; we want people to co-operate with the forces of law and order. I believe that, ultimately, law-abiding people should accept that, occasionally, they may come under surveillance to enable the forces of law to continue to protect them.
I do not share all of the concerns expressed by my hon. Friend the Member for South Dorset (Mr. Bruce), but I share some of them.
An interesting fact—just to set the scene—is that, in the United States, 44 per cent. of families have access to the internet, whereas, in the United Kingdom, only 18 per cent. of families are connected. However—with today's announcement that Alta Vista will provide free internet access for only £10 annually, which is a major improvement and very good news—the UK percentage is likely to grow.
At current levels of internet access in the United Kingdom, however, 100 million e-mails are being transmitted daily worldwide. That is a lot of e-mails to try to intercept. Nevertheless, the Bill aims rightly to deal with how best to intercept telecommunications between criminals. In 1993, only 1,005 telecommunications warrants were issued under the Interception of Communications Act 1985. In 1998, the number almost doubled, to 1,913 such warrants, compared with only 118 letter warrants. The number of telecommunications warrants issued is most likely to be even higher than the number recorded, as information on warrants issued by the Foreign and Commonwealth Office and the Northern Ireland Office was not published. We all understand why that information has not been published—it is far too sensitive.
It is interesting that the Bill is receiving its Second Reading today, when we have also had the "G3" auction of franchises for the third generation of mobile telephones, enabling mobile telephones to be used not only for voice communications, but for receiving very high-quality pictures and for internet access. If all goes well, that technology will be coming on stream in the next two or three years.
Currently, Virgin Net—to provide a little more information about the scale of developments—has over 100,000 passwords active in the United Kingdom. We are well aware of the type of problems that can arise from people using e-mails and the internet. Recently, Amazon and Yahoo were attacked, when, in one second, they received more e-mails than they would usually receive in a year. Although the Bill is aimed primarily at dealing with criminals who are concerned with making money from drugs or with terrorism, terrorism is inflicted also against the internet and the City. The attack on the World Trade Organisation meeting, in Seattle, and last summer's attack on the City were co-ordinated in e-mail messages between anarchists. I hope that the Bill will deal with that type of information.
Like my hon. Friend the Member for South Dorset, I have various concerns about the Bill. I do not know why, for example, clause 25 does not cover tracking devices. The Minister is talking to the Whip, but I ask him to listen to my concerns—simply because I hope that he will deal with some of them in his reply.
Clause 25 states that tracking devices are not covered by the Bill. Why are they not covered? It is extraordinary that one should not be able to issue a warrant to track a vehicle being used by criminals, to determine where they are going and with whom they are meeting. It is an unusual provision to omit from the Bill.
Although clause 1 gives the power to demand access to encrypted data—an issue which has already been dealt with in detail by my right hon. and hon. Friends—it does not address the issue of how we are to deal with data that criminals themselves have encrypted. How will we be able to decrypt that information? I am quite sure that that type of information will be encrypted not by internet service providers, but by criminals themselves. They will use black boxes both to encode and to decode their e-mails.
How much information can be decrypted? Both the United Kingdom Government and the United States Government use Cray computers, but data exceeding 128 bits—or, nowadays, perhaps 256 bits—are difficult to decrypt. Although I appreciate that the Minister will not wish to deal with that matter in detail, I should like to be reassured that the issue will be addressed.
I am slightly concerned by clause 1(6), which deals with companies' right to snoop. As I said in an earlier intervention, I agree that it is right and proper for companies to record—providing that they announce it in advance; it is not right if they do not announce it in advance—financial transactions made on the telephone, for example. I am sure that many hon. Members use telephone and internet banking services. It is quite right and proper that that type of conversation should be recorded.
It is wrong, however, for companies to monitor their employees' telephone conversations, to try to stop them using their telephones for personal conversations. That is going a little bit too far, and I ask the Minister to comment on that matter.
Clause 53 states that MI5, MI6, GCHQ, police, Customs and Excise and the Ministry of Defence will not be covered by the covert investigations commissioner. If those bodies will not be covered by the covert investigations commissioner, who will be? Who will be watching the watchers?
In replying to the Home Secretary's speech, my right hon. Friend the Member for Maidstone and The Weald (Miss Widdecombe) said that the Department of Social Security should be allowed to instigate investigations to counter benefit fraud. I agree with her, but I go even further on the issue. As we all know, criminal organisations try also to defraud the Inland Revenue. If Customs and Excise—particularly customs officers—is able to initiate warrants, why cannot the Inland Revenue, in its own right, initiate warrants in its attempts to fight serious crime?
The Home Secretary told my right hon. Friend that, if a crime is serious enough, a warrant could be initiated by police. As we all know, however, there are often delays in obtaining a warrant. Nevertheless, sometimes, a warrant has to be issued swiftly or a tap has to be installed quickly. It all takes time. Therefore, although I echo my right hon. Friend's call to give the Department of Social Security the right to initiate a wire tap or a warrant to examine mail, the right should be extended also to the Inland Revenue.
The Home Secretary said that he realises that telephone numbers can be changed rapidly, and he said that the Bill seeks to allow telephone numbers subject to surveillance also to be changed quickly, essentially to mirror telephone number changes made by criminals. Why not simplify the system, and include in warrants the name of a location or an individual? If we were to do that and an individual were to change his or her telephone number, a fresh warrant would not have to be issued. Warrants issued to cover a mobile telephone or an internet account would definitely have to include a named individual.
I should like, finally, to pick up on a comment made by the hon. Member for Southwark, North and Bermondsey (Mr. Hughes), who said that, although ever more information is being collected on the individual, ever less information is being collected on who holds that information. That must strike a chord with many hon. Members. We hear of people applying for mortgages or hire purchase who find that their credit limit is nil because of a bad credit rating. It is difficult to track down why that has happened and who has given out the information, and there is a duty of care.
I wholly support the intentions of the Bill to protect people from pornography, drugs, terrorism, and the other crimes about which we have heard today. However, there ought to be protection for the individual so that they know precisely who is holding information and why it is being gathered in the first place. Having quickly elucidated those concerns, I wish to say that this is a timely Bill which, in principle, has my support—although I have difficulties with some of its clauses.
This has been a good debate, with thoughtful speeches from both sides. My right hon. Friend the Member for Maidstone and The Weald (Miss Widdecombe) referred to three principles which will govern our view of the Bill. The first was that those who fight the crimes that go to the heart of our security as a nation, often in difficult circumstances, should have our support and should have the modern means that they need to fight crime effectively and to protect our country effectively.
Secondly, the liberty of the subject cannot be ignored when powers of this sort are being dealt with. We must ensure that, so far as possible, the balance between the interests of those who fight crime and the interests of the subject who must be free are properly weighed. Thirdly, we should consider always the interests of those who do business for Britain and those who rely upon our commitment as a nation to free trade. They should not be over-regulated.
We have heard some good examples of the background to the debate. The hon. Member for Ilford, South (Mr. Gapes) highlighted the problems caused by international drug traffickers and the way in which they use modern communications to ply their foul trade.
My right hon. Friend the Member for Bridgwater (Mr. King)—speaking on behalf of the Intelligence and Security Committee—told us of how familiar the Committee is with the national security challenges that the country faces in terms of terrorism and organised crime. However, he made the point that if we are to protect this country, we must protect the human rights which make this country what it is. He mentioned the companies involved in e-commerce and the varied nature of e-commerce. That theme was taken up by many hon. Members. He explained that with hundreds of companies involved in electronic communications, the task of those who must intercept communications to defeat crime becomes that much more difficult.
Hon. Members set out the problems, and provided some details of how difficult it is to deal with modern communications while trying to retain some rights which crime fighters have had almost since time began. I think that the first warrant was given to intercept a postal communication in 1647, although I am ready to be corrected. I am sure that there was some interception of communications going on in the age of the caveman. This has always been a matter of importance to those fighting crime. In the modern age, achieving the simple aim of intercepting what one person has said to another has become difficult.
The hon. Member for Milton Keynes, North-East (Mr. White) referred to the difficulties of split-packet technology. As my right hon. Friend the Member for Maidstone and The Weald mentioned, when messages are being sent via the internet, one whole message is not sent off to be received by someone at the other end. The message is broken down into tiny split packages and sent off by any number of routes. As has been pointed out, they can go via Australia and California before arriving. [Interruption.] It was my hon. Friend the Member for Lichfield (Mr. Fabricant) who pointed that out.
To try to intercept all of those tiny communications—a snowstorm of 100 million communications a day, all broken down into tiny particles—is not an easy task. Wills Stanford of the Federation of the Electronics Industry told me that although it may be technically feasible—no one is saying that it is not—no one has yet found a way of doing that. Will the Minister tell us whether such a method has been discovered? If so, fine. However, if something is that complicated, there are bound to be substantial costs involved.
My right hon. Friend the Member for Bridgwater dismissed some of the huge figures suggested, such as hundreds of millions of pounds for each company. However, he made the point that the costs could be substantial. We are saying that it is all very well for the Government to take the power under clause 13 to make a reasonable contribution to the costs of industry. However, are the Government going to do it? On what basis will they do it? Will the Government pledge that it will be a sufficient contribution, so that no communications service provider is put out of business simply by the costs of providing the Government with the interception capability that they require for their purposes?
Technical issues were raised concerning clause 21 and communications data. The right hon. Member for Berwick-upon-Tweed (Mr. Beith) said that communications data can be a wide range of items and can give a full picture of somebody's life style, going into matters which are private. That can be justified in some cases but, at the moment, the powers in the Bill seem broad. In Committee, this should be explored. Attempts should be made to ensure that such powers are used only in serious investigations.
The hon. Member for Leyton and Wanstead (Mr. Cohen) said that he would not be satisfied if the fact that someone had not paid their car tax provoked such an investigation. One imagines that a reasonable Home Secretary would not wish to see matters such as MOTs, car tax and council tax arrears causing the obtaining of vast amounts of communications data, and the Home Secretary himself said that he would like to concentrate on the real villains. Having said that, the powers are there—the key to any Bill—and they seem to be wide enough to allow for that. In Committee, we will tackle that issue to ensure that the law meets the laudable intentions of the Home Secretary.
Many hon. Members referred to clauses 46 to 49, concerning the giving of a notice to obtain the code to encrypted information or providing a plain text, and the offence that is created. That was a key part of the speech of my hon. Friend the Member for Esher and Walton (Mr. Taylor) who, as the Minister responsible, proposed a different system which he now accepts was flawed in many ways, but which was based on the idea of giving law enforcement agencies the powers that they need. My hon. Friend accepts that key escrow is not the correct approach, but he made the point that it is important, when considering the extent of the powers to issue a section 46 notice and the way in which keys are stored, not to impose key escrow on industry by the back door. The industry has spoken on the issue, and it is important that what is proposed meets the gravity of the situation without imposing mandatory key escrow.
There will be—as there is already—a role for voluntary safekeeping of codes and keys, and the Federation of Electronics Industries runs T-scheme, in which a key can be placed for safekeeping, albeit largely to ensure that it is not lost by the owner. It may become more common for companies and individuals voluntarily to secure their key in some way and I see no problem with that. However, the problem with the provisions at present is that the offence under clause 49 places the burden solidly on the individual to clear himself of wrongdoing, but the fear is—as expressed by several right hon. and hon. Members—that the real criminal would not mind too much being found guilty of failing to comply with a section 46 notice if the effect was to protect information that could be used to prosecute him and his partners in crime for serious offences.
For example, the Cabinet Office performance and innovation unit's report in May 1999 cited a case in which two suspected paedophiles were arrested by the police on suspicion of distributing child pornography on the internet. The suspects' computer systems contained pornographic images of children, but the leading suspect's computer also contained a large amount of encrypted material. The indications were that the encrypted material included the communication of child pornography all around the world via e-mail, but the police investigation was hampered by the fact that it was not possible to decrypt that information. Although the paedophiles were found guilty, it may be that the full extent of their crimes will never be known, because encryption protected them.
My hon. Friend the Member for Mole Valley (Sir P. Beresford) gave the example of Gary the paedophile and made the point that the guilty could hide behind encryption and, if necessary, claim that they had lost their key. If they are found guilty and sentenced to up to two years imprisonment, they will be sanguine about that because they could have been found guilty of more serious offences and sentenced to 10 years or more. Both the Conservatives and the Liberal Democrats—
I would not go that far. Both Opposition parties are concerned that the provisions should concentrate their fire on the guilty—those in cases where other evidence is found at the site, or those with previous criminal convictions—rather than the innocent person abroad who may have lost or forgotten their key.
The Home Secretary pooh-poohed the idea that people might lose their key, as if they would be proper fools. However, the hon. Member for Milton Keynes, North-East mentioned the Foundation for Information Policy Research, which states in its briefing:
The central difficulty arises from the fact that it is an inevitable and frequent occurrence (even amongst computer professionals) that keys … are genuinely lost, forgotten or inadvertently or intentionally destroyed.
Therefore, there is some evidence that it is a real problem.
The Opposition will table amendments to ensure that the provisions are targeted on known offenders with evidence of previous wrongdoing admissible to prove a guilty intention. The burden of proving guilt should be on the prosecution, but it should be possible to use evidence of guilty intentions so that those who are genuinely guilty can be found guilty. If the provisions are amended along those lines, the Opposition believe that the Bill will be improved.
My right hon. Friend the Member for Bridgwater and others mentioned the proliferation of commissioners. Although the Intelligence and Security Committee has said that it supports one tribunal and has discussed the proliferation of commissioners, he was not able to say confidently that it was necessarily against the number of commissioners that will result from the Bill. However, the debate showed a mood to consider the idea of a unified commission that could employ investigative officers. My right hon. Friend was able to confirm that his committee has appointed an investigator so that it can be more proactive, and it may be that the commission will need staff to do its job properly. The Opposition will probe that issue in Committee and suggest that the commissioners should have more power and better staffing, and I hope that the Government will be prepared to listen.
The Bill is at the nexus of three important principles, as my right hon. Friend the Member for Maidstone and The Weald said. The first is the principle that we should fight crime and do it effectively as part of the essential contract between the subject and the state. The second is that the liberty of the individual should be respected. The third is that we should have freedom of trade in this country. The Opposition believe that the Government do not, at the moment, have the balance right between those factors. However, the principle of the Bill—that we should give powers to the police and other authorities—is accepted.
We shall seek in Committee to improve the Bill, because it would be a tragedy if we were to impose such burdens on business that the information technology industry, which has been such a success for this country recently, is hampered. We must remember that such companies have a choice. The Opposition will support the Government tonight, but in the remaining stages, we will seek to amend the Bill and we will return to the subject if we do not get satisfaction.
I thank the right hon. and hon. Members who have contributed to the debate for its good quality and good naturedness. It has been a good debate, and a wide variety of good points have been raised. I also appreciate the general support for the Bill that has been expressed by hon. Members on both sides of the House, albeit with qualifications on particular aspects, and the fact that—with one exception—the fundamental need for the Bill has been universally recognised. A wide range of issues of detail, principle and definition has been raised and I do not pretend that I shall be able to respond to all the points in detail this evening. I shall try to respond to as many as I can.
As the hon. Member for North-East Hertfordshire (Mr. Heald) has just said, the Bill must address difficult questions of balance between a range of competing principles. It is legitimate for different parties and individuals to reach different views about the precise balance that is finally settled on. However, consensus has been reached on some important principles at the outset. The first is that investigatory powers are necessary. That is a distasteful fact that none of us enjoy thinking about, and those right hon. Members who have had to exercise those powers know that they raise hard questions. However, given the crimes that we are trying to combat and the interests of national security that we have to address, investigatory powers are necessary: we cannot say otherwise.
Many examples have been given, but I shall cite only one or two. On drugs, for example, page 1 of the regulatory impact assessment presented for consideration by the House explicitly states:
The risk is … difficult to quantify but, as an illustration, and at the top end of the scale, lawful interception of communications played a part—often the crucial part—in operations by police and HM Customs during 1996 and 1997, which led to 1,200 arrests … the seizure of drugs with a street value of over £600 million … the seizure of over 450 firearms.
These successes would have been in jeopardy had the criminals used networks which fall outside the scope of the current Act's warranty regime …
That is a serious degree of crime, involving drugs and firearms, which the Bill is tackling.
Several hon. Members mentioned money laundering. My hon. Friend the Member for Ilford, South (Mr. Gapes) raised the subject of terrorism, as did the right hon. Member for Bridgwater (Mr. King). The hon. Member for Mole Valley (Sir P. Beresford) mentioned paedophilia, and although I did not entirely appreciate the way in which he phrased his remarks, he raised a very real question as a serious point of debate.
Investigatory powers are necessary, but proper statutory regulation of those powers is also needed, as I think the House accepts. The Government decided to enshrine in law the European convention on human rights in the Human Rights Act 1998, the relevant provisions of which take effect in October. That legislation places the regulatory principle at the core of the range of activities that have been undertaken, in different forms, for some time.
My hon. Friend referred to a certain consensus of support in the House for the proposals. Is he also aware that the organisation Justice, which has suggested some changes to the Bill, broadly welcomes the provisions overall? The organisation is unhappy with the present legislative framework, or lack thereof, and strongly believes that the Human Rights Act 1998 should be incorporated in this legislation.
My hon. Friend is entirely right. I was delighted with the stance taken by Justice. I do not agree with all the details of its position, but its fundamental support for the Bill, which my hon. Friend has explained, is welcome. We need to ensure that the investigatory powers that are granted comply with the European convention on human rights, and the Human Rights Act 1998.
Regulation is also necessary because of changes in technology, and it has to be updated to keep up with those changes. That question has been addressed by a number of hon. Members this evening, and I shall return to it in a second.
I shall come to that in the course of my remarks. I listened carefully to the hon. Gentleman's speech, and a number of the assertions that he made were wrong. He seemed to have misread the Bill in various ways. I shall write to him in detail about several of the points that he made. He made his assertions—such as that about the pager systems—in a jokey style, but I want to place it on record that they were complete nonsense.
The Bill is a major step forward, as my hon. Friend the Member for Upminster (Mr. Darvill) suggested. I was pleased when the right hon. Member for Bridgwater described the Bill as necessary and sensible. That is the correct approach to the matters that have been discussed.
Several hon. Members raised the co-operation with industry that is at the core of the proposals. They were right to do so, for reasons of general competition, and because investigatory practices have always in the past been based on co-operation with the industry involved. The Home Office has worked very closely with the Department of Trade and Industry, and I hope that the good dialogue that we have had will improve further. We have established an industry forum, which is debating the issues, and my officials in the Home Office have held a close dialogue with the industry about how we should proceed.
One of the consequences of the decision to devote part III to measures originally proposed in the Electronic Communications Bill has been that a much more direct form of communication has been established between industry and the Home Office. That necessary change has been welcomed on all sides.
A number of points were raised in connection with industry. I cannot help the hon. Member for Esher and Walton (Mr. Taylor) about the nationality of the chairmen and chief executives of BT and other organisations in the sector. I shall try and write to him on the matter of whether there is any requirement of the kind that he described, but I was thinking as he spoke of the fact that Rupert Murdoch used to switch his nationality for his own convenience, and it is possible that others could do the same.
The hon. Member for Esher and Walton also asked about key escrow, and I can give him the assurances that he sought. Let me make it clear that key escrow is off the agenda. We have ruled it out of the Electronic Communications Bill, for the reasons that have been stated. Clause 13 of that Bill explicitly rules out its reintroduction, and nothing in this Bill would bring it back. Of course, no one can second-guess the omnicompetence of Parliament, which is one of our parliamentary doctrines, but we have been as clear as it is possible to be that key escrow will not be introduced.
I should make it clear also that the back-door method of reintroducing key escrow—by putting sanctions in place or exerting pressure, as my hon. Friend the Member for Milton Keynes, North-East (Mr. White) described—is not part of our intention. It, too, is off the agenda. We understand the argument put forward by the industry, which the hon. Member for North-East Hertfordshire set out in his speech, that it would be undesirable to have a form of legislation in this country that did not operate along those lines. We have accepted that argument, and I can give the hon. Gentleman the assurances that he sought.
The Bill does not mandate the use of any particular encryption product. People and businesses are free to use any system that they like. That is the deliberate intention behind the Bill, for the reasons that have been set out. I hope that that goes some way to meet the concerns that have been expressed in the debate.
The general issue of burdens has focused on the question of costs. The hon. Member for Buckingham (Mr. Bercow) is not in his place at the moment, but he raised a more generally rhetorical series of issues of the kind with which the House will be familiar. However, the question of costs is very serious, and I shall concentrate on that.
It was perfectly proper for the House to raise the important matter of costs, but we must retain a sense of proportion. The regulatory impact assessment report on part I of the Bill emphasised that the total compliance costs are not expected to exceed the measure of significance—£20 million—used in the regulatory impact assessment. We agree, but clauses 13 and 48 make it clear that we are prepared to contribute to those costs, where they arise.
We have not stated the precise basis on which we shall make available that cash support, as we are in active discussion with the industry on the issues involved, and how much money might be needed. Various different estimates are flying around, but costs will be different for different companies. That is why it is difficult to determine the amounts of money that might be needed, but we are actively discussing the matter. We have asked for estimates from each of the companies involved, and we are considering those estimates very seriously. We are considering how to deal with the matter, and the Bill gives us the power to make cash contributions to ensure that it is dealt with properly.
I agree that the debate thus far has been characterised by a series of figures flying around in different directions on a basis that is not exactly scientific, although I do not want to impugn the motives of anybody providing them. However, I agree with the hon. Gentleman that it would be helpful to have the maximum possible information for the debate in Committee, and I shall try and ensure that it is available. A difficulty is that some of the figures are commercial-in-confidence for individual companies. That is one reason why we have not had a very open paper on the matter. I acknowledge that we need to conduct the debate in a more informed way, with as much information as possible.
Our general stance has been to deal with the issue on the basis of marginal costs rather than the average cost of any changes that arise. There is a lot of debate on that, but I can assure the hon. Gentleman that in Committee we will seek to provide as much information as we can about the costs involved.
We are discussing industry self-regulation in many of these areas. That would be far preferable to a regulated and bureaucratic system, for precisely the reasons that we gave earlier.
I now turn to the various issues regarding interception. I begin by reminding right hon. and hon. Members of the scope of the interception. Clause 5(3) states:
Subject to the following provisions of this section, a warrant is necessary on grounds falling within this subsection if it is necessary—
I quote that because a number of suppositions have been flying around, both in the Chamber and outside, about a range of very extreme circumstances in which the powers might be used. In fact, their use is limited by the scope of the clause. There is plenty of room for argument, and some right hon. and hon. Members have referred to the precise meaning of phrases such as
the economic well-being of the United Kingdom …
It is necessary to emphasise that we are talking not about some global power that has no trammels, but about a tight series of definitions which is open to discussion in Committee. That is where we start, and I think it an important point.
Can the Minister confirm that there is no statutory definition of
economic well-being of the United Kingdom
in the Bill or applied to the Bill? If so, one could, for example, say that someone might be justified, at least in theory, in intervening for the purpose of protecting jobs or commercial contracts because it would be in Britain's interests.
I have been entertained in a number of environments by the flights of fancy that the hon. Gentleman is prepared to follow on some hypothetical trail. As was indicated in the debate, the phrase is used because it was used in previous legislation and is thought to be tightly enough defined for our purposes. I am happy to look at possible alternative wording, but I believe that the phrase in the Bill has stood the test of time, and we intend to stick with it. I do not intend to respond to the hon. Gentleman's hypothetical questions about what it might or might not cover in certain circumstances.
The Minister may or may not be aware—I suspect that he may well be—that a near neighbour of ours, and certainly of the United States, does intelligence gathering to ensure the economic well-being of its industries and businesses. I hope that we would still be able to do the same and would not be constrained by the Bill.
As always, the hon. Gentleman illuminates the debate by his comments. However, I will say no more than I did to the hon. Member for Southwark, North and Bermondsey (Mr. Hughes).
Particular points were raised to which I want to respond. First, my hon. Friend the Member for Leyton and Wanstead (Mr. Cohen) referred to the number of warrants that have been signed by the Secretary of State. That is a perfectly fair question. There are two factors here—the first was alluded to earlier by my right hon. Friend when he said that as the technology has advanced and the number of phones and phone numbers have increased, there has been an expansion in the number of warrants for each of those phones and in those circumstances. Secondly, the unfortunate truth is that the extent of international serious crime on drugs and other business has also been expanding over the relevant period, so the importance of interception as a weapon for law enforcement and security has become increasingly significant.
My hon. Friend has the point exactly. An individual may have not only a number of land-based telephones but mobile and other phones which he or she can change rapidly. The number of warrants increases for that reason alone.
A further point that was raised by the hon. Member for Lichfield (Mr. Fabricant), among others, concerned the other agencies that may be empowered to intercept communications. The arguments come from a variety of corners. Some say that the Department of Social Security should have the right to do so, some that the Inland Revenue should, and some that the provision is too widely drawn. Clause 6(1)(k) shows that the power is there, but I emphasise that we have no plans to use that power to extend the power to intercept beyond what is set out in the Bill. We have intentions on the other aspects of surveillance covered in the Bill, and I shall come to that shortly, but we have no plans to use that clause to widen the application of interception. I hope that that clarifies the situation.
My hon. Friend the Member for Leyton and Wanstead also asked whether communications could be intercepted for the purpose of gathering council tax or road tax. The answer to that is no, because, as I said earlier, the scope of clause 5 does not permit the gathering of council tax or road tax to be the purpose of these communications. They are not issues of national security, although some might argue that they are.
The Department of Social Security deals with the largest area of crime by value in the country. The Benefits Agency's organised crime division deals with crimes involving huge amounts of money. Why does it have to go to the National Criminal Intelligence Service or some other law enforcement body to obtain an interception warrant?
All police services in the country have to go to NCIS as well. I repeat that clause 5(3)(b) states that a warrant is necessary
for the purpose of preventing or detecting serious crime …
I acknowledge the hon. Gentleman's point that benefit fraud and Inland Revenue fraud are areas of serious criminal activity. The police will naturally and correctly be involved with those activities, and they will have the power to address them.
Well, there we are. It is true that there are successful combined operations with the police—the Home Secretary mentioned one. However, there are also operations conducted by the Benefits Agency organised fraud branch on its own which involve large amounts of money. Why can it not apply for an interception warrant?
The reason is as I have said. The Bill contains a series of different powers of surveillance and investigation, and I shall come in a moment to the type of investigation that might arise in other areas. However, interception is a significant intrusion into individuals' liberties and we consider that it should be used only by a narrow and tight range of agencies. That is what is set out in the Bill. The argument, for example, that the social services benefits fraud agency was investigating serious organised crime but not involving the police in any way and needed separate powers to do it does not stack up. They can carry out precisely the joint operations described by the hon. Gentleman, and that will continue.
Is not the very strong defence that the Minister is making of the need not to have any extension of these powers a powerful argument for what the right hon. Member for Berwick-upon-Tweed (Mr. Beith) said? It is not sufficient for the Government to say that they have no plans in that regard, then to let through legislation that could expand those powers and leave the Secretary of State the chance to do just that. I am not sure whether the Minister is coming to this point or whether he thinks that he has met it by saying that the Government have no plans in that regard. I do not think that that would meet the situation.
I shall consider the points that have been raised. I understand the force of the right hon. Gentleman's comments. As we have said, there is a balance of judgment to be made between the various issues. I was trying to suggest—although I realise that it is not palatable to Members on the Opposition Front Bench—that when it comes to the use of that extremely important, powerful and intrusive interception technique, it should not simply be given to the Department of Social Security or the Inland Revenue as the hon. Member for Lichfield (Mr. Fabricant) proposed. The power would take effect only in cases of serious crime, which would thus involve police co-operation. The right hon. Member for Bridgwater asks whether we should not rule it out altogether and, in effect, delete clause 6(1)(k)—the element that widens the measure beyond current powers. I understand that point; no doubt we shall consider it in Committee. However, I thought that it was important to set out our thinking on the matter.
The right hon. Member for Berwick-upon-Tweed (Mr. Beith) asked why the Ministry of Defence was listed as an intercepting agency. The reason is so that an interception that is carried out to protect UK troops serving abroad, and which might involve an intrusion into a person's privacy, can be undertaken in accordance with the law.
The hon. Member for Lichfield asked why clause 25 does not cover tracking devices. It was a legitimate question—I was listening at the time. The reason is that interference with property to install a tracking device—when that is necessary—needs authorisation under part III of the Police Act 1997, or a property warrant. That authorisation is needed at present; that is why it is not mentioned in clause 25.
My hon. Friend the Member for Ilford, South asked about subsection (2)(j) of clause 6. The reason for that provision, which deals with mutual legal assistance, is that it allows an application for an interception warrant to be made in accordance with an international mutual assistance agreement. The request would have to satisfy the law of the requesting country as well as UK interception law.
I have tried to deal with the practical points that were made about interception. In response to my hon. Friend the Member for Leyton and Wanstead, there will be a public consultation exercise on the proposed codes of practice, but it will be the interception commissioner who oversees that, not the data protection commissioner.
The right hon. Member for Maidstone and The Weald (Miss Widdecombe) asked about the number of extra commissioners. I want to put her straight on that point, as perhaps it was not clear in the Bill. She asked if there would be two extra commissioners. There will be only one. The interception commissioner named in the Bill replaces the existing one. I hope that clarifies that matter.
Several Members have made powerful points about the overall number of commissioners—not merely in relation to the Bill. The reason why we did not reduce the range of commissioners so that there was a single one for this process—although we did establish a single tribunal—was that we felt that it was important not to throw the existing processes in different institutions too much into the air. I have taken note of the views expressed in the debate; we shall discuss the matter in Committee and we are prepared directly to consider the position.
I emphasise that the commissioners are not merely rubber stamps, as my hon. Friend the Member for Leyton and Wanstead suggested. They take their duties extremely seriously. The Government acknowledge the seriousness with which they do their work; there is no suggestion that they take it lightly.
I had intended to cover the general question of intrusive techniques in some detail, but, because of the hour, I shall not do so. We are considering the listing by order of other authorities to carry out direct surveillance and the use of covert human intelligence sources. The Department of Health is one such; the Medical Devices Agency observes business premises suspected of being involved in supplying counterfeit devices. MOT certificates set out when there can be intrusive investigation by the vehicle inspectorate of the Department of the Environment, Transport and the Regions.
The Department of Trade and Industry has powers in such matters—as does the Health and Safety Executive. The Inland Revenue has important powers, which have been mentioned. We have already referred to the immigration service of the Home Office and to the DSS. Extraordinarily, the sea fisheries inspectorate of the Ministry of Agriculture, Fisheries and Food uses surveillance to determine whether vessels are keeping to their quotas and are using the correct size of nets.
We are addressing the powers of many bodies. It is an important step forward for democracy that we are introducing a Bill that puts all those forms of surveillance under a regulated system. That has not been so in the past. Most Members will welcome that change—it takes us in the right direction.
Many points were made about the role of the judiciary versus that of the Executive. I shall not repeat the familiar comments on that matter, except to say that it is right for the Executive to take such key decisions. My right hon. Friend has signed the certificate on the front of the Bill, stating that we believe that it complies with the European convention on human rights—he did that advisedly.
We take seriously the points made about penalties in relation to clause 49—especially those made by the hon. Members for Mole Valley and for North-East Hertfordshire. They are good points and we shall consider them. I realise that they are an attempt to improve the legislation and we shall examine them in Committee as positively as we can.
The hon. Member for Southwark, North and Bermondsey (Mr. Hughes) asked about information on whether a person had been bugged. It is difficult to imagine circumstances in which we could ever say to someone, "You have been bugged. These techniques have been used against you." The reasons were set out by my right hon. Friend earlier. It is critical that we have knowledge of the situation if we are to beat major criminals and to counter threats to national security. We must maintain the powers to investigate that are set out in the measure.
Surely, there is now a circumstance in which somebody is in effect told that he has been bugged, because although that has never happened, the commissioner could say that something unlawful took place.
That is true. It has not happened, but it could happen.
Serious points were made about encryption. Several misconceptions have arisen, both in comments when the Bill was published and in the debate. First, there have been accusations that the decryption provisions reverse the burden of proof to such an extent that it is incompatible with the presumption of innocence enshrined in article 6 of the European convention. There must be reasonable grounds for believing that a person served with a decryption notice has a key in their possession before use of the decryption power can be authorised in the first place. That is set out in clause 46.
The offence of not complying with the notice is set out in clause 49. In that case, the burden falls on the prosecution to prove beyond reasonable doubt that the accused is, or has been, in possession of a key and that he or she failed to comply with the notice. The Bill outlines several statutory defences.
Clause 49(2) creates a defence for an individual who has forgotten or mislaid a key or password. It is true that he or she must prove the defence, but they need to do that only on the balance of probabilities. In other words, he or she must explain what has happened. It will be for the court to decide whether, on balance, the person is telling the truth. That seems to be an entirely reasonable burden to impose on an accused person. There are comparable provisions in plenty of other statutes.
The Crown Prosecution Service would, of course, need to be satisfied that it was in the public interest to pursue a prosecution in a particular case. Innocent people will not suffer under the provisions. As I pointed out, we believe that the Bill is ECHR compatible. My right hon. Friend signed a statement to that effect. It is not a frivolous undertaking.
The hon. Gentleman assured me that he would deal with my question as to when a police officer would have to get in touch with a more senior officer to obtain a special warrant simply to undertake plain-clothes activities.
As I pointed out, the code of practice will set that out clearly. I shall consider seriously all the hon. Gentleman's points. However, I think that in his fears about the Bill he is tilting at windmills—those fears were expressed in his interventions throughout the debate.
The second concern that has been expressed about the Bill relates to key escrow through intimidation. That matter was also raised in the debate. I make it clear to hon. Members and to people outside the House that we shall not force anyone to use a particular technology. Individuals and businesses remain free to utilise any type of encryption, provided they choose the one that best suits their needs.
The third point raised was about the secure handling of keys. It was suggested that the Bill will leave seized keys vulnerable. I assure the House that the Government are sensitive to the need to protect material obtained under all the powers in the Bill. The level of security to be deployed is not largely a matter for primary legislation. As the House knows, we have already announced the establishment of a dedicated resource—the Government technical assistance centre—to help law enforcement on encryption. The centre will handle the keys that are obtained. Deploying the highest level of protection for such keys and other sensitive information will be a specific objective of the technical project to establish the centre. Work on that is going on at the moment.
I wish to emphasise one important point. We envisage that the disclosure of the plain text of protected material, rather than a key, will be sufficient in almost all cases responding to a decryption notice and I expect there to be very few cases where disclosure of the keys themselves will be required. We hope that plain text will be offered, but we believe that the security for the keys that we will offer through the Government technical assistance centre will provide the assurances that hon. Members seek.
I come to the more general concerns that have been raised. I accept that technology is moving very fast. That makes it much more difficult to decide how we operate, and future legislation may be necessary. However, I do not accept the philosophy of despair that has been suggested by some Members. Crime is damaging society in a wide variety of ways. Therefore, we believe strongly that we need such powers as we can achieve to contest drug, terrorist, paedophilia and money-laundering crimes. We intend to do what we can to combat them.
We also acknowledge that international co-operation is necessary. It is exceptionally important and that is one reason why my right hon. Friend the Home Secretary played such a leading role at the Tampere summit in trying to secure such co-operation. The idea that there is nothing we can do as events move forward is wrong. We are determined to do what we can. I commend the Bill to the House.