Bulk interception warrants

Part of Investigatory Powers Bill – in the House of Commons at 3:15 pm on 7th June 2016.

Alert me about debates like this

Photo of Stephen Hammond Stephen Hammond Conservative, Wimbledon 3:15 pm, 7th June 2016

Like yesterday, I want to make my usual declaration that I am not a lawyer. It is always dangerous to follow lawyers, particularly the excellent contribution of my hon. Friend Suella Fernandes.

The amendments are clear, and I approach them from the same point of view of economic cybercrime and the importance of bulk data which I took in my comments on Second Reading and yesterday.

Understandably, Joanna Cherry raised concerns. I understand the resolve of her and her party on the central point about potentially using less targeted and less intrusive means, rather than bulk data. However, the Minister rightly made the point that there is a review, and he mentioned not only the necessity of the review, but that it would look at the necessity of these powers. If we consider the bulk powers in relation to economic cybercrime, their necessity becomes increasingly clear.

Over the past few years, our economy has been transformed by advances in technology, backed by encryption, with huge changes in how business is conducted. E-commerce is a reality not for the few but for the many. Given the parcels that arrive on my doorstep from my daughter every day, it is a huge thing that has reached everybody. More than that, there are new business opportunities for the growing IT sector. The use of big data, which my hon. Friend the Member for Fareham discussed in an historical context, is becoming increasingly evident in the context of the internet economy in looking at patterns of behaviour to determine new product design and identify new customer opportunities.

Equally, those opportunities are extended to economic cyber-criminals and terrorists. My hon. Friend Wendy Morton spoke about 95 cyber-attacks that have been identified through the use of bulk data. To choose one specific example, Apple has publicly accepted that the existing bulk data powers detected a vulnerability in its operating systems that, had it been exploited, would have affected the modification of the software being used on iPads and iPhones. It might have been used for all sorts of purposes, but one purpose could well have been the removal of data about bank accounts and other personal data. In the open world that we see at the moment, there are myriad threats, particularly in the dark web through password-protected information. Much of what happens is valid. The existence of encryption and anonymity protocols is a huge benefit to people, but criminals and terrorists have embraced this dark world as well. The power to acquire and analyse bulk data is therefore essential. My right hon. and learned Friend Mr Grieve said that we have to trust our security services. Those who have some experience have very clearly made the case that we should look at the whole issue of the existence of data harvesting.

I believe that the bulk data powers are essential because they allow for intelligence-gathering on overseas subjects of interest. They identify the “needle in the haystack” threats that my hon. Friend Tom Tugendhat talked about by identifying small displaced fragments of information, establishing the investigation of links between subjects of interest, understanding patterns of behaviour and communication methods, and looking at pieces of information that are acquired through new and varying sources. Bulk interception focuses on foreign intelligence. Criminality and terrorism is international, and it is therefore only right that we should have access to the data so that we can detect aspects of that criminality. The importance of bulk data acquisition is clear. Detailed and directed searches of bulk data communications can establish the fact that there is communications content between subjects of interest and reveal where attacks are planned. Bulk acquisition can help to direct where a warrant for more individual targeted data, such as interception, is essential and complementary. It also allows for searches of traces of activity where previously unknown suspects may be taking part in patterns of behaviour that are well known but not yet identified.

The Bill codifies and pulls together the powers that are already in place and puts in place some consistent safeguards. As my right hon. and learned Friend the Member for Beaconsfield said, none of these powers is unnecessary or disproportionate. Through the safeguards that they are putting in place in their amendments, the Government will ensure the review of valid lines of operation by Mr David Anderson. More importantly, a number of cases will involve not just the Secretary of State but the judicial commissioner—the double lock that several Members have spoken about. In terms of the content acquired under the warrant that was initially going to look out for people internationally, if those data then pertain to people in the UK, another, more targeted examination warrant is needed. That is another protection and additional safeguard that was not there before. The statutory code of practice that is being put in place secures the safeguards that we need.

Particularly with regard to economic cybercrime, I hope that when the House considers the amendments on bulk data powers proposed by the SNP, it will conclude that Mr Anderson’s review is appropriate. Many Government Members are making an overwhelming case that these powers are necessary. I hope that the vast majority of colleagues will join us in rejecting the amendments.