Communications Data and Interception

Part of Business of the House – in the House of Commons at 11:18 am on 10th July 2014.

Alert me about debates like this

Photo of Theresa May Theresa May The Secretary of State for the Home Department 11:18 am, 10th July 2014

With permission, Madam Deputy Speaker, I would like to make a statement about the use of communications data and interception; the difficulties faced by the police, law enforcement agencies, and the security and intelligence agencies in utilising those capabilities; and the steps the Government plan to take to address those difficulties.

Before I do so, I would like to make something very clear. What I want to propose in my statement today is a narrow and limited response to a set of specific challenges we face. I am not proposing the introduction of the Communications Data Bill, which was considered in draft by a Joint Committee of both Houses last year. I believe that the measures contained in that Bill are necessary, and so does the Prime Minister, but there is no coalition consensus for those proposals and we will have to return to them at the general election.

The House will know that communications data—the who, where, when and how of a communication, but not its content—and interception, which provides the legal power to acquire the content of a communication, are vital for combating crime and fighting terrorism. Without them, we would be unable to bring criminals and terrorists to justice and we would not be able to keep the public safe. For example, the majority of the Security Service’s top priority counter-terror investigations use interception capabilities in some form to identify, understand and disrupt the plots of terrorists. Communications data have played a significant role in every Security Service counter-terrorism operation over the last decade. They have been used as evidence in 95% of all serious organised crime cases handled by the Crown Prosecution Service and they have played a significant role in the investigation of many of the most serious crimes in recent times, including the Oxford and Rochdale child grooming cases, the murder of Holly Wells and Jessica Chapman, and the murder of Rhys Jones. Communications data can prove or disprove alibis, identify associations between potential criminals and tie suspects and victims to a crime scene.

I have talked before about the decline in our ability to obtain the communications data we need, which is caused by changes in the way people communicate and the technology behind those forms of communication. That is why I continue to support the measures in the draft Communications Data Bill. However, in addition to that decline, we now face two significant and urgent problems relating to both communications data and interception: first, the recent judgment by the European Court of Justice, which calls into question the legal basis upon which we require communication service providers in the UK to retain communications data; and secondly, the increasingly pressing need to put beyond doubt the application of our laws on interception, so that communication service providers have to comply with their legal obligations irrespective of where they are based. So I can tell the House that today the Government are announcing the introduction of fast-track legislation, through the data retention and investigatory powers Bill, to deal with those two problems.

I want to deal with communications data first, because we must respond to the ruling by the European Court of Justice that the data retention directive is invalid. This directive was the legal basis upon which the Governments of EU member states were required to compel communication service providers to retain certain communications data where they do not otherwise require them for their own business purposes. Indeed, the ruling provides us with such a problem precisely because very strong data protection laws mean that, in the absence of a legal duty to retain specific data, companies must delete data that are not required beyond their strict business uses. That means that if we do not clarify the legal position, we risk losing access to all such communications data and, with it, the ability to protect the public and keep our country safe.

The ECJ ruling said that the data retention directive does not contain the necessary safeguards in relation to access to the data, but it did not take into account the stringent controls and safeguards provided by domestic laws, in particular the UK’s communications data access regime, which is governed primarily by the Regulation of Investigatory Powers Act 2000. RIPA was, and remains, designed to comply with the European convention on human rights. It ensures that access to communications data can take place only where it is necessary and proportionate for a specific investigation. It therefore provides many of the safeguards that the European Court of Justice said were missing from the data retention directive.

The ECJ judgment clearly has implications not just for the United Kingdom, but for other EU member states, and we are in close contact with other European Governments. Other countries, such as Ireland and Denmark, implemented the data retention directive through primary legislation, which means they have retained a clear legal basis for their data retention policies, unless a separate, successful legal challenge to their legislation is made. The UK does not have that luxury, because here the data retention directive was implemented through secondary legislation. While we are confident that our regulations remain in force, the Government must act now to remove any doubt about their legal basis and give effect to the ECJ judgment. The legislation I am publishing today and the draft regulations that accompany it will not only do that; they will enhance the UK’s existing legal safeguards and, in so doing, address the criticisms of the European Court.

The House will understand that I want to be clear, as I said earlier, that this legislation will merely maintain the status quo. It will not tackle the wider problem of declining communications data capability, to which we must return in the next Parliament, but it will ensure—for now, at least—that the police and other law enforcement agencies can investigate some of the criminality that is planned and takes place online. Without this legislation, we face the very prospect of losing access to this data overnight, with the consequence that police investigations would suddenly go dark and criminals would escape justice. We cannot allow that to happen.

I want to turn now to interception, because there is growing uncertainty among communication service providers about our interception powers. With technology developing rapidly and with the way in which we communicate changing all the time, the communication service providers that serve the UK but are based overseas need legal clarity about what we can access.

The House will understand that I cannot comment in detail on our operational capabilities when it comes to intercept, but I have briefed the Opposition on Privy Council terms and members of the Intelligence and Security Committee have heard first hand from the security and intelligence agencies, and it is clear that we have reached a dangerous tipping point. We need to make sure that major communication service providers co-operate with the UK’s security and intelligence and law enforcement agencies when they need access to suspects’ communications. Otherwise, we would immediately see a major loss of the powers and capabilities that are used every day to counter the threats we face from terrorists and organised criminals.

The Bill I am publishing today will therefore put beyond doubt the fact that the existing legal framework, which requires companies to co-operate with UK law enforcement and intelligence agencies, also extends to companies that are based overseas, but provide services to people here in the UK. I will make copies of the draft Bill available in the Vote Office, and I will also make available the regulatory impact assessments and the draft regulations to be made under the Bill, in order to allow the opportunity for the House to scrutinise these proposals in full.

The parliamentary timetable for this legislation is inevitably very tight. My right hon. Friend the Leader of the House has just provided details of the prospective timetable for the Bill’s consideration, but it is crucial that we have Royal Assent by the summer recess. The Government have therefore sought to keep this Bill as short as possible. It is also subject to a sunset clause, which means that the legislation will cease to have effect from the end of 2016. The Bill thus solves the immediate problems at hand and gives us enough time to review not just the full powers and capabilities we need, but the way in which those powers and capabilities are regulated, before Parliament can consider new, and more wide-ranging, legislation after the general election.

It is right to balance the need to prevent criminal exploitation of communications networks with safeguards to protect ordinary citizens from intrusions upon their privacy. That is why, alongside the legislation I am publishing today, the Government will also introduce a package of measures to reassure the public that their rights to security and privacy are equally protected. We will reduce the number of public authorities able to access communications data. We will publish an annual transparency report, giving as much detail as possible—within obvious parameters—about the use of these sensitive powers. We will appoint a former senior diplomat—I am sorry, I mean a senior former diplomat; for the avoidance of doubt, I repeat, a senior former diplomat!—to lead discussions with other Governments to consider how we share data for law enforcement and intelligence purposes.

We will establish a privacy and civil liberties board, based on the US model, which will build on the role of the independent reviewer of terrorism legislation, and the board will consider the balance between security and privacy and liberty in the full context of the threat we face from terrorism.

We will review the interception and communications data powers we need, as well as the way in which those powers and capabilities are regulated, in the full context of the threats we face. The Government are discussing with the usual channels the precise form this review might take, but I hope that an initial report will be published before the next election.

I have said many times before that it is not possible to debate the correct balance between security and privacy—and, more specifically, the rights and wrongs of powers and capabilities such as access to communications data and interception—without understanding the threats that we face as a country. Those threats remain considerable. They include the threat from terrorism—from overseas and from here in the UK—but also the threat from industrial, military and state espionage practised by other states and foreign businesses; the threat from organised criminal gangs; and the threat from all sorts of criminals whose work is made easier by cyber-technology.

In the face of such a diverse range of threats, the Government would be negligent if they did not make sure the people and the organisations that keep us safe—the police, other law enforcement agencies and the security and intelligence agencies—have the legal powers to utilise the capabilities they need. They are clear that we need to act immediately. If we do not, criminals and terrorists will go about their work unimpeded, and innocent lives will be lost. That is why I commend this statement, and this Bill, to the House.