My Lords, I am grateful that we have the opportunity to debate this very important issue today. As my right honourable friend the Home Secretary made clear on publication of David Anderson’s report, Parliament should have an early opportunity to debate these matters in full. The Government will bring forward detailed legislative proposals in the autumn, which will build on David Anderson’s recommendations, as well as those that the Intelligence and Security Committee of Parliament published earlier this year and the forthcoming report by the Royal United Services Institute for Defence and Security Studies, both of which have benefited from the knowledge and expertise of a number of noble Lords. Those proposals will be subject to full pre-legislative scrutiny by a Joint Committee of both Houses of Parliament. Before then, today’s debate affords a vital opportunity to understand the views of your Lordships’ House.
I note the considerable expertise from which we will benefit today. We will hear from the distinguished chair of the Joint Committee that scrutinised the draft communications data Bill in 2012, my noble friend Lord Blencathra. At the time, the Government accepted the substance of all of the committee’s recommendations. Had we been in a position to bring forward a revised communications data Bill, I have no doubt that it would have carried the confidence of this House and of the other place. David Anderson’s own recommendations are very close to those of that committee
We have noble Lords speaking in the debate with significant experience of the security agencies’ work such as the noble Baroness, Lady Manningham-Buller, while the noble Lord, Lord Butler of Brockwell, was a Cabinet Secretary and a member of the Intelligence and Security Committee. My noble friend Lord King is a former Secretary of State for Defence and was the chairman of the Intelligence and Security Committee, and my noble friend Lady Neville-Jones is a former security Minister. The noble Lords, Lord Blair of Boughton and Lord Paddick, both have considerable policing experience, and I am sure that we will hear another side of the argument in the contributions of those who have devoted considerable time to raising the issue of citizens’ privacy rights such as the noble Lord, Lord Strasburger, and the noble Baroness, Lady Jones of Moulsecoomb. We shall also hear from those who are in the position of having to adjudicate and balance the tensions between security and privacy such as the noble and learned Lords, Lord Brown of Eaton-under-Heywood and Lord Judge.
There is of course a balance to be struck between liberty and security, but as my right honourable friend the Home Secretary has said before, it is not a zero sum game. People can enjoy their privacy only if they have security. The right to life, which our anti-terrorism laws seek to protect, is the most fundamental right of all. The Home Secretary has made it clear that no decisions have been taken on David Anderson’s recommendations, which must be considered in the round along with those of the ISC and RUSI. Today’s debate, like that held in another place on
I would like to say a little more about David Anderson’s report in a moment, but first I must say a few words about the context of today’s debate. We ask the police and their colleagues in the security and intelligence agencies to keep us safe. That is their first responsibility and it is the reason that we grant them the use, subject to strict safeguards, of intrusive powers. That job is getting harder. The threats to the UK and its citizens are diverse, fast-changing and come from unexpected places. They are difficult to predict and even harder to prevent.
The threat level from international terrorism in the UK is “severe”, meaning that an attack is highly likely. In the past year, 165 people were arrested for alleged offences relating to Syria, including terrorist financing, preparation of acts of terrorism and attending a terrorist training camp. Thirteen individuals were convicted in relation to Syria-related terrorist activities. We believe that around 700 people have gone from the UK to Syria and Iraq to fight, many of them to join ISIL, which through brute force and repression controls swathes of territory in Syria and Iraq. And yesterday, of course, saw the 10th anniversary of the bombings on the London transport network in which 52 people lost their lives.
The threat from terrorism has not dissipated in the intervening years. Some 40 terrorist plots have been foiled in the past decade, and as many as four or five prominent plots have been disrupted in the last few months alone. Recent years have seen plots to carry out mass murder and instil fear in our citizens: plots inspired by propaganda on the internet that captures the minds of vulnerable people; plots that target people for who they are and what they represent; plots to conduct marauding Mumbai-style gun attacks on our streets, blow up the London Stock Exchange, bring down airliners, assassinate a British ambassador and murder serving members of our Armed Forces. When these plots succeed, as with the tragic murder in 2013 of Fusilier Lee Rigby, the effects can be devastating. As we debate these issues we must remember that this is not an academic exercise. The cost of getting things wrong is very high.
Of course, this is not solely about terrorism, terrible though that scourge is. Serious crime can also have a devastating effect on communities, whether in the form of cybercrime, drug trafficking or child sexual exploitation. Modern technology, though it has transformed our lives in many wonderful ways, has also made many of these crimes easier to commit, and we need to ensure that our laws keep pace with technological developments to combat them.
David Anderson cautions against describing the threat to the UK as “unprecedented”. However, the means available to those who would do us harm—to spread their message, to co-ordinate their plans and, increasingly, to execute them—are evolving, and it is clear that the means available to stop them must evolve in concert. David Anderson’s report was published almost a month ago, and I hope that noble Lords will by now have had the opportunity to study it carefully. If so, I hope that they will agree with my view that it is a thorough and well-written piece of work and that David Anderson deserves our appreciation and praise for his efforts.
The report covers the full range of investigatory powers. It is worth putting on the record that, broadly, David Anderson concludes that all the existing investigatory powers are necessary, they are appropriately used by our law enforcement and intelligence agencies and that there is no evidence of abuse. That last point, of course, builds on similar conclusions reached by the Intelligence and Security Committee of Parliament. Of course, David Anderson makes specific recommendations about matters such as authorisation, transparency and oversight. These are important issues and precisely the ones which the Government are now reflecting on, and which our debate today I am sure will do much to inform.
Let me deal with the issue of authorisation since it seems to have attracted the greatest level of media interest. Again, let me stress that we have not reached a decision on this matter. There are certainly different views on this issue, as evidenced by the fact that the Intelligence and Security Committee of Parliament strongly endorsed the existing system. I am clear that whatever system is finally decided on needs to be sufficiently agile to deal with urgent cases and to ensure that, in appropriate circumstances where it is necessary and proportionate, those whose communications need to be intercepted are subjected to that interception. We also need to ensure that any decision taken in this area does not adversely affect the relationship between the Executive and the judiciary in relation to other aspects of government power. We need to bear in mind who bears the risk and would be politically accountable were things to go wrong. This needs proper consideration.
Before I move off the subject of warrants, I want to reaffirm that no Home Secretary ever signs an interception warrant in his or her spare time. It is a core function of that office and, as so many noble Lords will attest, it is a responsibility that successive Secretaries of State have devoted proper time to in order to give full and thorough consideration to each and every warrant application put in front of them.
It is the first duty of a Government and the Parliament which sustains them to keep the country and our citizens safe. That means equipping those who are charged with that specific responsibility with the tools they need to do the job that we ask of them. But we also have a responsibility to protect the liberties of our people and to ensure that they are not unduly or unnecessarily interfered with. This Government have a good record in that respect, including replacing control orders, which were being whittled away by the courts, and reducing the maximum period of pre-charge detention.
As I have indicated, the Government approach today’s debate in listening mode. We have not reached firm decisions on all the issues raised by David Anderson. We want to listen carefully to what noble Lords have to say and I look forward to an informed and interesting debate.
My Lords, on behalf of those who sit on these Benches, I start by paying tribute to the dedicated and highly successful performance of the police and the agencies in keeping the people of this country safe from terrorism. While each successful attack is a severe personal tragedy for those involved and their families, we should reflect with some satisfaction on the fact that half way through the current decade, there have so far been only two fatalities in the UK due to terrorism. This compares very favourably with the last 40 years, when the death rate from terrorism was much higher. We know that, as in the past, there is currently no shortage of terrorist threats, so the low level of fatalities in the last five years can be explained only by the strong performance of the agencies and the police in detecting and preventing attacks before they happen. That is not to say that we can be complacent; in fact, we have to accept that whatever we do, however much money we spend and however much freedom and privacy we give up, some of these crimes will still happen. There is no such thing as 100% security.
We also need to realise that the closer we get to that unachievable 100% goal, the more expensive it is, in cash and in lost privacy, to achieve a very modest further improvement in safety. The law of diminishing returns comes into play. We must bear in mind the possibility of gaining at best only a marginal improvement in safety whenever we consider forfeiting any of our hard-won freedoms and way of life, or significantly increasing expenditure.
For years, everyone who has taken an interest in these matters has been able to see that the six Acts of Parliament that in some way cover surveillance in this country are an incoherent mess, out of date and not fit for purpose. The only exceptions—the only advocates for the status quo—have been in the Home Office. They have repeatedly asserted to us that RIPA is close to perfect, that Britain has the best oversight of its intelligence agencies in the world and that all surveillance is carried out within the law. We now know that none of these claims is true. The statutory regime is in fact deeply flawed, oversight has not been up to the job and multiple cases of lawbreaking have come to light, which may be just the tip of an iceberg. As a Conservative former member of the ISC said last week, there is a,
“suspicion that our security agencies are, on occasion, able to arbitrage the plethora of statutes to choose the easiest route in seeking authorisation”,—[ Official Report , Commons, 25/6/15; col. 1099.]
for surveillance. I draw the House’s attention to the recent example of the Metropolitan Police using RIPA to evade the requirement for judicial authorisation under PACE when seeking the identity of journalists’ sources during the “plebgate” affair. Under heavy pressure from the former Deputy Prime Minister during the coalition negotiations over DRIPA, the Home Office made several important concessions, one of which was setting up David Anderson’s review. Mr Anderson has produced an excellent report—I think we all agree on that—which is based on facts rather than rhetoric and which opens the door to the informed public debate that is so badly needed.
Whatever your views on the behaviour of Edward Snowden, there is no denying that, without his revelations, none of this long-overdue public conversation would be happening. If it were not for Snowden, the Patriot Act in America would have been renewed again on the nod. The Freedom Act would not have been passed by senators, who joined forces across party lines to curtail for the first time in 40 years the ability of the US Government to engage in the bulk collection of their citizens’ data. Here in the UK we would be none the wiser about the mass indiscriminate collection of our data without any explicit consent from Parliament. We would not know that our computers and phones are being hacked by the agencies without independent approval or oversight. The Home Office would still be pretending that all was well and Mr Anderson would not have been asked to carry out his review.
The forthcoming investigatory powers Bill presents Parliament with a huge opportunity to get these important issues resolved at long last. We supported the Home Secretary when she said in the other place that she wants to take the new Bill forward on a cross-party basis. But, to make that possible, and to achieve the right balance between security and privacy, there will have to be a sea change in the Home Office’s attitude. For as long as I can remember, its response to anyone with the temerity to query what is going on with surveillance has been patronising in the extreme. It has been a mixture of the defensive “we neither confirm nor deny” or “we never discuss security matters”, the misleading “everything’s fine”, and the dismissive “don’t worry about it, leave it to us”—all hardly designed to engender the public’s trust and confidence.
Only four months ago, the Government did it again by slipping through a new equipment interference code of practice to make it legal for them to hack private computers and phones. In my view, hacking enables the state to conduct the most comprehensive form of surveillance imaginable. My question to the Minister is to invite him to tell the House, why did the Government fail to draw Parliament’s attention to—let alone have any debate about—this hugely intrusive hacking power that they awarded themselves earlier in the year? The jury is out on Mrs May’s declared intention to achieve the right balance between security and privacy. That balance is vital to the success of the Bill’s passage through both Houses of Parliament and in gaining the trust of the people.
Mr Anderson reports a complete lack of detailed operational cases being presented to him for many of the proposed increased surveillance powers. He says that Parliament must rigorously assess and test any assertions about improved safety as a result of the new powers and expenditure being sought, in order to establish their lawfulness, likely effectiveness and true cost. That process must start during the promised pre-legislative scrutiny.
Turning to a few points in Mr Anderson’s report, I shall start, as the Minister did, with the proposal for judicial warrants. Mr Anderson does not put that forward as an optional extra; for him, it is a fundamental element of his proposals and was the easiest decision he had to make. He mentions judicial warrantry in about 50 of his 124 recommendations. For example, when suggesting that bulk collection might continue, he makes it conditional—in bold letters—on judicial authorisation by a new independent surveillance and intelligence commission, staffed 24/7 by judges and former judges. It seems that the Foreign Office argued in favour of retaining the current system of ministerial warrants because,
“judicial authorisation might ‘disadvantage the UK’ because judges would be liable to refuse applications that Ministers”, might accept. Anderson’s perfectly reasonable response was that,
“Ministers might be tempted to issue warrants in circumstances where it is illegal to do so, that would seem to me a strong argument in favour of judicial authorisation rather than against it”.
It is my firm belief that a Bill that lacks full implementation of Anderson’s plan for the ISC and judicial warrants will not pass through this House or even the other place. Incidentally, on bulk suspicionless data retention under Section 8(4) of RIPA, Mr Anderson defers to the courts to determine its legality. Indeed, the European Court of Human Rights is currently deciding whether bulk collection is proportionate, and therefore legal, and this judgment may well resolve the future of bulk collection.
Anderson is in my view even more critical of two aspects of the draft snoopers’ charter than the Joint Select Committee that considered the draft Bill, and that is saying something. He says of the proposal to collect and store third-party data, such as Facebook or Twitter transactions, that,
“there should be no question of progressing this element of the old draft Bill until such time as a compelling operational case has been made”.
This is an extraordinary state of affairs for anyone who, like me, sat on the Select Committee. We were told firmly on several occasions that third-party data were an absolute necessity for public safety. Now Mr Anderson has discovered that no operational case has been made for it, and that law enforcement is not all that bothered about it.
The Select Committee was also told that web logs were essential, but Mr Anderson apparently was not told this. The committee was told that they consist simply of a record of every website visited up to the first slash in the address—for example, www.bbc.co.uk. However, when asked by Mr Anderson for a definition of web logs, the Home Office came up with something much, much broader—effectively, absolutely everything that we do on the internet. Even with the considerably more restricted definition of web logs given three years ago, the Select Committee could not agree on whether the Government should have the capability to access them because of how revealing they would be of a person’s private life.
I am sure that the much wider new definition would have been rejected out of hand by the Select Committee, and quite rightly so, since it would put us seriously out of step with the rest of the world. Anderson says:
“I was told by law enforcement … in Canada and in the US that there would be constitutional difficulties in such a proposal”.
The new Australian data retention law specifically excludes web logs precisely because the Australian police told their Government that it would be a disproportionate invasion of privacy.
Anderson is also very clear on another matter that I have raised more than once in your Lordships’ House—namely, that there must be special protection for the communications of journalists and lawyers. I believe that the Government now have no option other than to give privileged communications extra safeguards, including judicial authorisation for access to communications data, prior notification and the right to challenge disclosure.
I should also like to raise the recent revelations from the Investigatory Powers Tribunal that GCHQ has been spying on leading human rights organisations, including Amnesty International, which is from time to time the Government’s opponent in various court cases. As Anderson says in his report:
“There can be no fairness in litigation involving the state if one party … has the ability to monitor the privileged communications of the other”.
The IPT ruled that GCHQ had broken its own rules, and so had broken the law, even under the current lax legislative regime. This was the third verdict this year in which the IPT has concluded that GCHQ acted illegally. So, my second question to the Minister is: will the Government instigate an inquiry into how and why respected human rights organisations have been subjected to surveillance, and will the Government order the security services to cease?
To recap: we on these Benches fully support the use of targeted intrusive surveillance to detect, prevent and prosecute serious crime. It is high time for the shambles that is the legislative position on surveillance to be addressed with a new Bill. But for that Bill to command widespread support in this House and the other place, the Government are going to have to get the balance right between security and privacy, which they have shown no inclination to do so far. They could start by engaging with the civil society groups with which they have had no contact for the past three years. Anderson tells us that consultation with law enforcement and service providers also seems to have been non-existent in the past few years.
It seems to me that unless the Government adopt a more open, more collaborative, more transparent and less secretive approach to this, the Bill is going to have a very bumpy ride indeed. It could well end up, like its predecessors in 2009 and 2012, consigned to the dustbin of history. That is not at all what we on these Benches want to happen, and not what our country needs.
My Lords, today’s debate is part of a continuing discussion on how best to ensure that we have robust and defensible legislation covering the intelligence work of the British intelligence and security community and the police. We all acknowledge that RIPA has its flaws and is out of date, but it was my service that argued for the necessity of legislation like this in 2000—against some departmental opposition—to ensure that we were compatible with the Human Rights Act. I say that because I and many of my former colleagues believe that having a proper legislative framework is critical for this work in a democracy.
I do not want to repeat many of the things the Minister said but I welcome this opportunity for us to continue the conversation that will go on through the autumn and when we see what the legislation looks like. I do not think now is the time to analyse minutely the substantial and carefully considered work of David Anderson and that produced in March by the Intelligence and Security Committee, which took a broader look at the subject. Of course, we await the outcome of the RUSI panel, which I believe we will see next week. We should thank it very much for that substantial amount of work. I really do not believe that everybody has read this report. It is an extraordinary piece of work. I admit to having read only chunks of it but we should be very grateful for what we have—I give this copy back to the noble Lord, Lord Blair.
I have only a few comments to make at this early stage. Obviously, when we see the legislation there will be more that one wishes to make. First, technology races ahead and the intelligence capabilities that we have had in the past and until recently are being eroded, not increased, and that heightens the risk. We need to be able to keep pace with and, where possible, get ahead of the terrorists, serious criminals and others. I have just started a book on ISIS, the subtitle of which is The Digital Caliphate, which tells us something very important. It is an accurate title.
I am pleased that both the parliamentary committee and David Anderson endorse the need for the existing powers, including bulk personal data and computer network exploitation, both of which have been critical to many terrorist and serious crime operations. The focus is rightly on the authorisation that should be needed for these powers to be used. They are not all here today but in this House are many former Ministers who have used these powers and carried this responsibility—I see the noble Lord, Lord Reid, over there, and the noble Lord, Lord King—and noble and learned Peers who have conducted the post-hoc scrutiny of warrants. I look forward to hearing their views and observations. My own experience is that those who had responsibility for authorising warrants for state intrusion into the privacy of the individual took that responsibility very seriously indeed. It was not an automatic process. I was often challenged by successive Home Secretaries and Northern Ireland Secretaries as to why a warrant was needed, and warrants were turned down.
David Anderson’s recommendation for judicial warranting for national security warrants within the UK is pretty attractive at first sight. It would shore up the interception legislation against legal challenge, and such a system is used in parallel legislation elsewhere in the world. I have thought for many years that we were likely to move in this way. I understand that it would be possible to make arrangements for a judicial response to be very rapid. We have to be agile; a warrant may be needed in a matter of 15 minutes if something appalling is to be prevented. But there is a real problem—and I look forward to seeing how the Government address this—over political accountability.
Let me give an example. The Home Secretary is asked by my former service to sign a warrant on a highly sensitive subject. She first looks to see whether the warrant is legal within the terms of the Act. She judges the intelligence case, which she has had described to her, but she adds something, which is a judgment of the political risk. She must decide whether the advantages and benefits of what this warrant might deliver outweigh the drawbacks if it all went badly wrong, because she knows that she is accountable to the other place if it so does. Judicial warranting, which, as I said, is at one level extremely attractive in taking this issue out of contention in many ways, misses that key part.
Whatever legislation we pass, either later next year or early the year after, I am confident that the security and intelligence agencies and the police will operate fully within its remit. MI5 argued for the Security Service Act, which we did not get until 70 years after our foundation. It is my strong view, as I said earlier, that a strong judicial framework is essential in a democracy. I am often asked whether the law inhibits security intelligence work. My reply is that it should be the foundation for it.
My Lords, I stand in some contrast to the galaxy of professional talent which the Minister outlined at the beginning of his speech as I come to speak today. As this is on the first day of the Ashes test match, I can just about recall the days of the Gentlemen and the Players, so I stand before your Lordships in those terms as a gentleman—an amateur—with a view as if from the Clapham omnibus.
I gladly endorse the positive comments which have been made about David Anderson’s compelling and comprehensive report. I would like to offer some reflections on two broader topics which he deals with: how we should approach the threats we face and how our understanding of personal privacy relates to wider questions of human life in society.
In trying to understand the nature of the threats we face, and will face, in the 21st century, I go back to the beginning of the 20th century. Then, people generally underestimated the potential existence of threats. It was a time of comparatively naive belief in progress, which was understandable on the back of all that had happened in the Victorian age, but it proved to be grossly overoptimistic. It was also a time when the downside of all that had been achieved in the Victorian age was not appreciated. We stumbled into the First World War unaware that the nature of warfare itself had been changed by the industrialisation of armament production and much greater firepower in weaponry itself. It has often been said that countries and armies tend to prepare to fight the last war again, rather than anticipating what the next war will actually be like. Perhaps the report before us is not quite at its best in addressing the question not of what threats we face today but what threats we might face—indeed are likely to face—in the future.
At the turn of the millennium 15 years ago, there was an understandable hope that the 21st century would not repeat the terrible problems of the 20th century, particularly in the form of its totalitarian disasters. I very much doubt that we will see such a repetition, but I do expect that we will have to face other challenges and threats that are equally, if not more, dangerous. I do not that say that because I do not believe in progress, but precisely because I do believe in a certain progress in human affairs. I will explain why.
I was originally trained as a scientist, and scientists tell us that the world is about 14 billion years old. For about half the time that the universe has existed, there was never any threat of death to anything at all in the whole universe, for the very simple reason that nothing was alive until about 7 billion years passed. Then life emerges, and it can die. It is only when life gets to a certain complexity that you can talk about something being deformed or diseased, or being preyed upon by something else. You have to get to a level of sophistication to have notions of deformation or disease. It is only when you get to animals that can move around their environment with deeper centres of meaning—that is why most of us tend to have animals as pets rather than plants—that you get one species preying on another. You do not get nature red in tooth and claw until animals have evolved.
With human beings, you get the potential for transcendent values to take root—for morality to be reflected on and acted on—through the gift of language and our ability to think about things through language and so forth. However, the downside to that is moral evil. You simply do not get an Adolf Hitler in the animal world. You do not get the equivalent, if you like, to what happened in that terrible incident in Tunisia a week or two ago. The more you develop potentiality in human civilisation, the more you create a certain downside: nuclear power gives you the prospect of cheap fuel but also of nuclear weapons, and so on and so forth. In a sense, I would say religion is an example here. Religious views can be twisted and warped to support violence in the way that they are, not because they are necessarily untrue but because they attempt to push the boundaries of human understanding.
As we go on in the 21st century, the threats will evolve, as the Minister said, and we need to get ahead, as the noble Baroness said just now, of where we are. That is something that the report possibly does not spend as much time on as it might. Just as the Industrial Revolution, for all its wonderful benefits, also transformed war and just as the discovery, as I say, of nuclear fission produced nuclear weapons, so the digital revolution which we are living through is going to produce ever more dangers which we have not yet fully appreciated, in unpredictable ways. As we encounter and have to face the stresses and strains of living in a global village whose population looks certain to exceed 10 billion within this century, we need to be very much on our guard. We simply have no choice in the matter. We have to work on a much more sophisticated look at potential threats as we go along, so that we are not caught off our guard unless it is absolutely unavoidable.
I turn to the issue of privacy, which is so elegantly addressed in Chapter 2 of the report. I am not really in any fundamental disagreement with it but would like to extend the argument a little further. Here and there I thought it was just a little too coloured by the Orwellian critique of 20th-century totalitarianism—Big Brother and all. That is no doubt understandable, but more needs to be said in today’s context. Our privacy and our need for privacy are tied up with our individuality as persons.
Different religions and philosophical traditions have recognised this, as the report notes. That human beings are individual persons uniquely fashioned from the dust of the earth has been central to my own Judaeo-Christian tradition. Essentially, we are not just spiritual souls temporarily detached from that to which we came, inhabiting a body of flesh and blood, and hoping to return to that unity or uniformity from which we derived. Our down-to-earth humanity, which distinguishes us all, is intrinsic to who we are. That is the Judaeo-Christian tradition: we are taken from the dust of the earth. To some degree, historically the human rights tradition derived precisely from this understanding, along with enlightenment influence.
Our sense of personal privacy is tied up with this, although the digital age poses deep questions. The report quotes Mark Zuckerberg, the founder of Facebook, saying that,
“privacy is no longer a social norm”.
I find that extended quotation from Mark Zuckerberg rather chilling. I sometimes hear it said today that a key to a successful marriage is complete honesty and transparency between the partners. I prefer Jane Austen’s older wisdom. Somewhere in Pride and Prejudice she offers the view that,
“honesty is a greatly overrated virtue”.
Privacy is essential to our humanity—but not privacy alone. We are above all also social beings with linguistic and other communication skills beyond other animals.
That was brilliantly brought out by David Attenborough in that series, “Life on Earth” when, in the last of the 13 episodes, he looked at human beings simply as a biologist would. He started, I think, with a shot of Trafalgar Square and the animation on people’s faces. Our facial muscles and everything about us are made to communicate much more than they are in apes and chimpanzees.
The report quotes the view that it is our desire for privacy that marks us out from other animals. Arguably, what marks us out is our desire for both privacy and community. The two must be seen together. Mother Teresa of Calcutta used to say the most pernicious form of poverty in the western world was the isolation and loneliness of so many people, especially older people. Parish clergy encounter that all the time in their daily work. In my view, the chapter on privacy needs a bit of counterbalancing lest we set up an unbalanced and in a sense overprivatised view of how human beings best flourish.
If, then, we find ourselves needing to sacrifice elements of our privacy in order to benefit society as a whole, we should not complain too much, provided that the limits set to our privacy are proportionate and genuinely intended to benefit society as a whole. In passing—it is indirectly relevant to the report—I have never seen why there should be any fundamental objection to a national database of DNA, providing its use was restricted to the detection of serious crime. I know that other noble Lords will not necessarily agree with me here but that is the view I have come to, having thought about it carefully. Returning to the report, I support the thrust of its recommendations but suspect that in time they will perhaps emerge as a little too cautious here and there, slightly overconcerned with an overindividualistic notion of privacy. We shall see.
Finally, on this much debated issue of whether there should be judicial or political authorisation of particular interceptions of data, it is a difficult one to call, but I tend to take the view that although there should be judicial involvement it should be an oversight of political decisions, rather than supplanting them. I say that for two reasons. First, a much greater judicial involvement risks compromising the proper standing back and observing role that the judiciary should have. At the end of the day, the role of the judiciary is to be kept clear and distinct from the political process. Notwithstanding the international comparators, that is the view I found myself drawing as I read the report.
Secondly, with the digitally enhanced stresses and strains that the 21st century is likely to bring, in some sense direct parliamentary accountability will be of particular importance. However, it is not a zero-sum game, to use that language. It is both and in some sense rather than either/or. I just hope that the precise balance between the political and judicial can be got right.
I did not find the report entirely convincing. The report is entitled A Question of Trust and rightly says that whatever new arrangements are introduced, they will work only if they establish trust, and that must be right. The danger is formulating laws which are driven by a fear of distrust. Ultimately, trust has to be established on a more positive basis than that.
My Lords, I am delighted to follow the right reverend Prelate. The word that he emphasised in his closing remarks was “proportionate”, and the question of trust goes to the heart of the debate today, which we will continue to have on these issues as we move forward, as the Minister said.
Before I welcome anything else, I welcome, I hope on behalf of the whole House, the Minister to his position on this. The great thing is that we have some continuity on this issue. The Minister dealt with these issues before. I am thankful we do not have a different Minister coming in and starting all over again. He is very familiar with the background to some of these problems, and I wish him the best possible prospects in dealing with the very important issues that occupy him now and for a considerable amount of time.
I also join in the welcome of the Anderson report and shall say a few words about it. I shall briefly recap where we started this because the Minister knows better than anybody else that we tried to do this once before. We did it against a background of the very clear warnings we had had. The noble Lord, Lord Evans, the successor to the noble Baroness, Lady Manningham-Buller, in the leadership of the Security Service, said that the threat is increasing and our ability to meet it is decreasing. We were very conscious of that at the time, and the Home Secretary, who is still the Home Secretary, said that there is serious gap in our capability that continues to grow. At that time, we had an opportunity with the then Counter-Terrorism and Security Bill, on which a number of noble Lords now in their places joined me in tabling amendments which could have filled some of the gaps dealing only with issues of national security and serious crime, because we thought they were dangerous.
We did that against an emotional background about the Charlie Hebdo assassinations in Paris and the terrorist attack in Brussels. We meet again now, having let various months pass, and we have Tunisia and Kuwait and the decapitation in Toulouse or Marseille. It is against that background that we realise just how serious and dangerous the situation is. The report from the Intelligence and Security Committee said that,
“to ‘create a jihadi threat with near-global reach … There is no doubt that young foreign fighters have learnt and benefited from the leaks of the past two years’”.
That is the balance of the argument about Mr Snowden. The director of GCHQ continues:
“However much [technology companies] may dislike it, they have become the command-and-control networks of choice for terrorists and criminals”.
The Financial Times said:
“‘The combination of ubiquitous social media and these nonstop conflicts is stoking a very different environment for extremism in Europe and the west … all the conditions are right for this big change in what lone wolf attacks are and mean.’
Isis’s skill in information warfare and its use of social media have made a huge difference to the pull of its message. Its physical caliphate itself is, of course, one of the group’s most emotionally resonant concepts. Unlike al-Qaeda, whose leaders led a covert and small network from shadows and caves, Isis has proclaimed its enduring presence as a physical state. Even the most wilful potential recruits for al-Qaeda struggled to find the network. In the case of Isis it is impossible to miss it. As such, for radical young Muslims drawn to extremes, it is much easier to take up the cause”.
It is against that background that I compare this with my experience in dealing with terrorism in Northern Ireland. I have consulted my noble friend Lady Neville-Jones, who is another great authority on this, and it is fair to say that we had a technology advantage—superior technology—at that time. We had some problems for a while in dealing with IEDs and detonation using remote devices; various developments happened that we had to match and counter, but we still had that advantage. However, I am not sure that in the current situation we have the technological advantage we need. Whatever we did, we tried to prevent access to weaponry. No one has asked any question such as, “Isn’t it odd that the chap in Sousse was able to get hold of a gun?”. We know that certain parts of the world are awash with weapons at present. Although I underline the seriousness of the threat that we faced at that time, I and other colleagues who shared that responsibility for terrorism and major threats in Northern Ireland never had to deal with suicide bombers. Those changes make for an exceptionally dangerous and difficult situation.
I turn to new technology, which is quite difficult enough for many of us to keep in touch with and comprehend. I found reading the Anderson report a pretty mind-blowing experience. I will not claim that I have read every page of it, either. Still, it is interesting. I do not how many noble Lords have had the chance to see the Hansard report of the debate in the Commons. One of the interesting contributions was made by a Member of Parliament, James Morris, who said that before he came to the House he had worked in the IT and technology industry for 20 years, and he had seen changes taking place. He warned about the threat:
“It provides opportunities for our enemies—for countries operating and wanting to develop cyber-attacks against our infrastructure; it enables terror groups to communicate below the radar in encrypted chatrooms on the dark web; and it allows networks to develop which are difficult to detect and to analyse”.—[Hansard, Commons, 25/7/15; col. 1116.]
That is the challenge that the comprehensive and impressive Anderson report brings out very clearly. One particular paragraph caught my eye, and I commend it to the House: paragraph 4.13 talks about the capacity of cables for the carrying of data. It is an illustration of the explosion in the amount of data that exist in the world at present, and I thought that he brought that point out very well.
Where I really started to lose it was where we got into the “internet of things”. The fastest-growing category is wearable technology. One aspect of it that I think some of us can comprehend is body cameras, which are being trialled by the police. I was interested to see that not only are we moving on to the development of wearable technology but the next move will be either implantable, embeddable or even ingestible. That is part of the Anderson report. At that stage, I thought that it really is getting to a stage of development where, as Mr Anderson rightly described it, we are in “a technology arms race”.
There is a real danger with the problems of encryption, particularly the problems of other countries being involved, and the problems of the localisation of data. I think that both Russia and China are now seeking to introduce legislation to prevent access to their data. Much of those data pass through those countries—data that we ought to have access to, and maybe British data, which raises very serious problems.
We will move forward through the stages that the Minister has set out—I will not begin to go into any more details on the Anderson report. Obviously, however, one of the key issues, which the right reverend Prelate also dealt with, is the question of who will sign the warrants. The Anderson report obviously strongly recommends a judicial approach, while the ISC has come out in favour of maintaining the present situation, as the Minister said. There is a distinction; the noble Lord, Lord Reid, intervened on this with the Minister when this matter was raised in the House earlier. Terrorism, security and certain other issues are best covered by the Secretary of State, answerable to Parliament—whichever Secretary of State it is—and much of the crime area could well be covered by the judges.
However, one of the figures that hit me between the eyes was the statement in the Anderson report that the Home Secretary in 2014 signed 2,345 warrants. One wonders how she manages to do her day job as well as that. I do not know what number of warrants the noble Lord, Lord Reid, used to pass over his desk, but that certainly seemed a terrific challenge. Of course, security, terrorism and crime issues, as well as crime, drugs, child sexual exploitation and fraud—the sort of issues for which warrants may be needed or access to data may be required—might be dealt with under an alternative arrangement.
On the basic issue of Mr Anderson’s report, he talks about the balance of liberty and security, which we have all talked about as well. Obviously, I have emphasised the challenges we face, such as the importance of ensuring that our agencies and security forces have the resources and capabilities to protect the public, but we must still respect the right of the individual to privacy as far as we can, making sure that this is proportionate, as the right reverend Prelate said.
Mr Anderson refers to affirming the primacy of communications and says that the law should be in “non-technical language”, and that he wants to,
“take a system characterised by confusion, suspicion and incessant legal challenge, and transform it into a world-class framework for the regulation of strong and vital powers”.
I add the point that the importance of having world-class legislation is that in many areas we depend on international co-operation, and if we have world-class legislation that will be acceptable in other countries as well.. We then have to sustain this into the future. Mr Anderson, having described all the technology, makes a cheering remark in his report, pointing out that it is almost immediately out of date. We therefore have to see how we can have legislation that will meet what will be the galloping pace of change. Some of the most interesting information in the Anderson report shows how far we have come in about 10 or 15 years from a situation in which a number of social media platforms did not exist—they were of no significance at all. When I was in Northern Ireland there were no emails, and no internet. As we know, the internet is only 25 years old. Having had that speed of development, I feel that it is likely only to increase.
My only criticism of the Government’s position is this. We all know that there is a serious gap in our defences. We also know that there is a very serious threat of a scale and type that we have not faced for a very long time. Our duty in this House of Parliament is to protect our people, and we tried to take an emergency step in the previous Parliament to meet that situation. The position taken by the Government and the Opposition at that time was to say, “We mustn’t do that because, although we’ve had the ISC report, we must wait for the Anderson report”. Having seen the size of the Anderson report, I can well understand why the Minister did not like to say to Mr Anderson, “Don’t bother to finish it because we’ve already settled the matter”.
We now have the Anderson report, which is excellent. It has been very well received but the Government have said that we are now going to have more pre-legislative scrutiny. My noble friend Lord Blencathra did an excellent job of pre-legislative scrutiny in the Joint Committee. As the Minister said, a number of the points raised by my noble friend and his committee at that time will be met in the proposals that will be put forward and they have been covered by Mr Anderson. I think that there is a need for a very full debate and discussion and then a need to bring forward the Bill. Let us have a very full Committee stage with ample time for consideration and then let us get on with it; otherwise, as I understand it, the necessary powers will not be in place until some time in 2016, if not towards the end of 2016. All that time will be spent while there is a gap in our defences and the threat that we know exists gets greater all the time. Can we not get on with it?
My Lords, I note that I was not mentioned by the Minister at the beginning because I am not an expert on this matter. However, I am a citizen of this country and I want a safe country, but I also want to live in a country where my privacy and civil liberties are balanced with that security. That is vital. I do not think that anyone would disagree with the tone of the debate that we have had today but the crux of the matter is to ask how we can achieve that balance in the most effective way. That is why talking about technology and the balance between security and civil liberties is really important. When we discuss these issues it is also important to ask what type of country we want to live in and how we want our country to be perceived. Those questions are at the front of my mind when I address this matter. As I said, I am not a technical expert but a citizen asking those questions.
One of the key issues in getting the right balance between security and civil liberties and privacy is to judge not just what we do to the civil liberties of those who wish to harm us, but how we protect the civil liberties of 99% of the population who are law-abiding and wish to live in a secure country. The Anderson report talks about why we need to make changes, and we need to think very carefully about that balance. In particular, the report says that in its present form RIPA 2000 is undemocratic, unnecessary and, in the long term, intolerable. If that is the case, we need to think very carefully about what kind of country we want to live in, what kind of country we want to be perceived as and how we balance security with civil liberties.
That is really important because some people talk about this issue as being about—I would not use these words but they have been used in the other place by the Prime Minister—protecting our values. Is it part of our values in the face of this type of terrorism to say that everyone is under suspicion? That is the signal given out by blanket and mass surveillance. Is it part of our values to say that we are not such a developed country that we can be smart and effective in targeting that surveillance and getting round some of the technological problems by working internationally? The kind of country that I want to live in is one which is smart and effective, and which does not say that, because of this threat, we are all potential suspects. This has to be targeted and proportionate: the two words that everybody—whether expert or, like me, a layperson—should keep at the forefront of their mind.
This debate is not understood by the vast majority of parliamentarians or the public—it is complex. I see myself as being relatively young in this place. I go on Twitter, Facebook, Periscope and WhatsApp. However, I do not necessarily always understand the technology behind them. Let us place this in a way that the public would understand and think about what the response would be. To deal with this threat, a copy of every letter and package sent via the Royal Mail would have to be retained. Every address would have to be retained. Further, at the stroke of the Home Secretary’s pen, everything in a particular Royal Mail sorting office would be opened. That is the paper equivalent of what this says. The public would understand that, but would they see it as targeted and proportionate to the challenge that we face? I think probably not. I asked the general public that question in a number of ways, and they do not see that as targeted and proportionate. On some of these issues we are looking for a needle in a haystack, and we are making the haystack bigger to find that particular needle. By trying to deal with this technology by widening the net, are we making it harder to target the people we so rightly need to target?
I believe that politicians and parliamentarians need to understand this a little better. Parliament must assert its function to set clear limits on the use of intrusive powers and must prohibit the use of them on a blanket and mass scale, because I do not believe that such use balances security, privacy and civil liberties in a way that most people would want and, to use the Prime Minister’s words, that would protect our values. It seems to me that we are in a rather strange fight, as some people call it, when to protect our values we undermine the very things that we see as important in a liberal democracy.
Be under no illusion—I am not making this up:
“The inadequacy of our surveillance laws and the need for both online and offline reform has been laid bare in some of the rare instances in which surveillance has come to light”.
For example, as my noble friend has already said:
“In recent years, the Metropolitan Police circumvented PACE safeguards to access the phone records of journalists, spied on a grieving Baroness Lawrence and her family and infiltrated social and environmental justice groups to the extent that women were tricked into serious and long-term romantic relationships—one even giving birth to a child with an undercover officer”.
We already have powers that are circumvented and we need to think very carefully about whether we are using, offline and online, targeted and proportionate responses to the threats that we face.
I turn to the issue of whether judicial process is needed. We are an outlier in the “Five Eyes” countries: the other four all use judicial signature for the warrant. All the issues that have been raised in the House, those four countries seem able to deal with. Importantly, the international communication service providers, who hold offshore a lot of the data and intelligence we are going to target, have made it very clear that they would have more confidence and be more likely to work with us if it was a judge-signed warrant rather than a political warrant. So we should listen to what the experts and the people who are controlling those data offshore are saying and work with them. When was the last time that the Minister or his officials sat down with the communication service providers to get their input on how we move this forward? When was the last time that the Minister sat down with an international body, in the US or in Ireland, where a lot of such data are held, to work out whether a judge’s or the Home Secretary’s signature would be more likely to get us to the data held offshore that we need on a targeted basis? We need to think about this very carefully. What might seem to us to be a wide net and to be sensible might be seen not to work when we start talking to the people with whom we need to co-operate on an international level, and we may be making ourselves less safe.
I want to come on to some of the practicalities, be it about subscriber data, blanket retention of web logs and third-party data or the creation of request filters. As I have already said, the people whom we need to talk to are the communication services providers. That is really important. I, as just an ordinary boy from Sheffield, have spoken to them and I get a greater understanding of what is needed to protect not only my civil liberties but the security of the country that I love and want to see safe.
If we understand those technological developments, we will understand the issues relating to encryption that the noble Lord, Lord King, mentioned. We can have this mass surveillance; we can have the net spread widely; but if the people abroad are not going to work with us on the encryption key, then it is a waste of time keeping it. It is like going back to the Royal Mail’s suggestion. It is like saying, “You can have a copy of the envelope. You can’t see what’s in the envelope because we’ve got nothing to open this new material that the envelope’s made of”. That is the equivalent. So we need to work on an international basis. We are looking and focusing in the wrong direction. This is about working internationally with Governments and with the providers. We need to think about encryption and about how we use targeted third-party data when they are needed.
Therefore, I suggest that we need to be very clear. We need to look particularly at mutual legal assistance treaties—MLATs. What work are the Home Office or other government departments doing to tackle this issue through stronger and smarter MLATs on encryption and data sharing internationally? If we work with Governments or providers internationally who want to help us with this, they will say that they will do it only if we are targeted and smarter. They will say, “We will only do it if a judge is brought in”. So let us start talking to our international colleagues who want to work with us and see what needs to be part of such MLATs and where we need to focus.
I agree that this is not a zero-sum game: this is not about wanting civil liberties over security, or security over civil liberties. As I said, I want my privacy and my civil liberties, but I also want the country that I live in to be safe. I understand that, to achieve that, we may need to improve or strengthen some of our security capabilities. But we will not do that by getting it wrong by looking in the wrong place or doing the wrong thing. Nor do we get it right by undermining the very values that we are fighting for for our security—the privacy and civil liberties that actually make us a strong nation, not a weak one.
My Lords, I hesitated before putting my name down for this debate. Nine long years have passed since I was appointed the Intelligence Services Commissioner under RIPA, having acted before that as president of the successive tribunals that were set up to deal with complaints into the various intelligence agencies. I recognise that my experience is, therefore, already to be regarded as perhaps somewhat out of date. This is a fast-moving field, as has already been remarked. However, I want to say a word or two about one of the more substantial divisions of opinion between the two main reports that we are considering in this debate: namely, whether it is Ministers or judges who should be authorising invasions of privacy as provided for under the legislation.
First, however, I shall allow myself a broad reflection. I wonder whether any other noble Lords watched, as I did, on Sunday night, the truly heart-rending play on BBC 1, with Emily Watson playing the mother of a beloved 24 year-old daughter, Jenny Nicholson, who was massacred 10 years ago in the 7/7 Tube bombings. Frankly, nothing could more tellingly have brought to life the absolute imperative of Government doing all in their power to secure public safety.
Of course, there is always a balance to be struck between that imperative—the importance of ensuring that our intelligence agencies have all the powers they need in their never-ending struggle to protect us—and the need also to guard against excessive invasions of privacy. It is a balance required to be struck by reference to three critical touchstones that are provided for in the legislation: necessity, reasonableness and proportionality. However, in striking that balance, and before rejecting a particular application as unnecessary, unreasonable or disproportionate, surely it is appropriate to bear in mind the contrast between, on the one hand, the catastrophic consequences of a terrorist outrage such as 7/7, with the gross violations of people’s human rights that that occasions, and, on the other hand, the relative harmlessness of a privacy intrusion, even if later it might come to appear unjustified.
I speak of the relative harmlessness of an invasion of privacy because, in truth, that is how I see it. Had one lived in parts of eastern Europe with a Stasi-like security service in operation, I acknowledge that one might have seen it differently and in a rather more jaded or jaundiced light. Indeed, Mr Anderson recognised as much on pages 31 and 32 of his comprehensive and hugely impressive report, where he reflected on the marked differences of opinion between our own courts and the Strasbourg court on a number of privacy issues. He instances cases such as those on the retention of DNA samples—on that, I profoundly agree with the view expressed by the right reverend Prelate—and on stop-and-search powers, both of which I touched on in last week’s debate on human rights. For my part, I continue to believe that it is better to allow the occasional questionably justifiable invasion of privacy than to risk losing the chance of avoiding the next terrorist outrage.
I turn now to the question of who—Ministers or judges—should be responsible for before-the-event authorisations of privacy invasions. Let me make it clear at once that I am expressing my views specifically in relation to those invasions of privacy which are applied for by the three main intelligence agencies: MI5, SIS and GCHQ. I have direct experience of those. I say nothing about what are presumably the vast majority of warrants sought for what I think can fairly be called more routine law-enforcement purposes, of which I have no particular experience.
When, earlier this year, we debated the Counter-Terrorism and Security Bill, I unsuccessfully moved an amendment in connection with the proposed toughening-up of the TPIM regime to include what had originally been in the control order regime: provision for internal relocation—internal exile, as it came to be called. I advocated transferring from the Home Secretary to the High Court the primary responsibility for deciding on the facts whether the suspect in question had indeed been engaged in terrorist activity. That followed a clear recommendation by Mr David Anderson QC. However, the amendment was defeated on the basis that it should be for the Secretary of State and not the courts to assess all such matters in any context involving national security. I still happen to think that it was a pity in the case of TPIMs, but I take a very different view in the present context. Orders involving a suspect’s forced internal exile are, I would suggest, hugely more disruptive of people’s lives than what would result from any of the warranted intrusions and interferences with privacy which are under consideration in today’s debate.
I believe that warrants and other such authorisations which are sought by the security services for privacy invasions in the national interest for security, defence and foreign policy reasons should all continue to be decided by Ministers, and that judicial commissioners—let me say at once that I am entirely relaxed about the proposed merger of the various commissioners into a single composite body of retired senior judges—should continue, as in the past, to subject such authorisations to periodic retrospective judicial scrutiny; in other words, the judges’ role should continue to be confined to after-the-event review.
It was always my experience that the Secretaries of State and their dedicated warrantry units were acutely alive to the fact that their processes and at least a proportion of their decisions would be tested in detail and challenged in the course of such reviews. I always found those concerned to be frank and conscientious in their assessment of the various considerations in play. The present Intelligence Services Commissioner, Sir Mark Waller, in his annual report published just a fortnight ago, records at page 24 that he was impressed by the dedication and high ethical principles of all those working for the agencies, and that emphatically was my own experience too.
I take the opposite view from that expressed by the noble Lord, Lord Strasburger, on the need for a judicial warranty to avoid the issue, so it is suggested, of excessive numbers of unlawful warrants by the Secretaries of State. Rather, it seems to me preferable that a Minister should decide these applications, appreciating that he has to reach a defensible conclusion, than that, following the proposed change in the law, he should be tempted to say, “Well, a judge will decide this. Who knows, he may well grant it. It is certainly worth running the case before him”. I suggest that that could lead to less well-targeted warrantry than at present.
All questions of national security and the vital interests of the state should be for Ministers in the first place. Of course the process must be rigorously invigilated. That would continue to be achieved by strict after-the-event scrutiny on judicial review principles. In these sorts of cases there will often be room for two views. Questions of necessity, reasonableness and proportionality do not invariably admit of absolutely plain and categorical answers. The Home Secretary may well have wider perspectives than a judge, whether of the security dangers sought to be avoided, or indeed the possible political fallout from granting or refusing authorisations. The noble Baroness, Lady Manningham-Buller, touched on that aspect.
Commissioners should condemn an authorised intrusion of privacy in retrospect only if the case for it can fairly be said to have been clearly insupportable. In short, on this issue, I prefer the conclusions in the ISC report, but let me add that that does not detract from my profound admiration for the great bulk of Mr David Anderson’s work. He has served the nation well.
My Lords, the Anderson report is a landmark in the national discussion on this important issue. It is written with the most extraordinary clarity. There would be very few people in this House who did not learn something from this report. It supports the substance of the Government’s role in maintaining the security of this country and its population, while at the same time making recommendations that, if implemented, will alter the current legislative framework and procedures in important ways. It raises many issues and asks many questions, some of which it answers while others remain unresolved. I suggest that what we have in front of us is the beginning of the process rather than the end.
There is one area in which the ground for the Government is very firm. As the noble Baroness, Lady Manningham-Buller, said, the report accepts—takes for granted in a sense—the need for and legitimacy of bulk collection of communications data, subject to calling for important new safeguards. I will come to those in a minute. Those who argue that that should be outlawed have not provided an answer to the crucial question of how initial leads can be generated to form the basis of more targeted subsequent investigation. Indeed, I would argue that the power to collect data in bulk is becoming more, not less, important as people engaged in criminal activity—I include terrorism in this—move towards the use of different media and the dark web, as mentioned by my noble friend Lord King.
Legislation needs to cover all types of data. It is not clear to me that Anderson is absolutely explicit on that point. The growing use of encryption is a major challenge, telling us something else important, which my noble friend Lord King also mentioned. Security and law enforcement agencies must remain technically capable as well as legally empowered to protect the public.
If the Government could carry out their protective functions without the support of the public, without resort to the co-operation of communications providers, and without the help of the security industry, on whose technical capabilities they increasingly depend as in-house government R&D withers, it could perhaps struggle on broadly within the existing legal and procedural framework. However, I do not think that would be politically wise or provide the basis for the external technical and political support on which the Government are increasingly dependent in carrying out their security functions.
The debate in the other place focused on two issues: the generally accepted need for public trust and, within that, the legitimate authority for issuing warrants—on which opinion was divided, as I see it is in this House. I wish to explore some of the implications of these issues, rather than spending time on rehearsing arguments so well expressed elsewhere about the threat we face—which is very great and growing—and our need to respond to it. Suffice it to say that public trust is essential and much more likely to be retained by greater openness and additional safeguards on the powers needed by the Government. I agree with the way Anderson moves the debate on that issue, and therefore I do not think the Government can hang on to the status quo—not that I think they are minded so to do. The present uncertainties about the factual position—this is where Anderson is partial—and about the straightforwardness of some procedures employed by the security and law enforcement agencies have bred a certain miasma of suspicion, which will not go away without a certain degree of change. I hope that the Government recognise that; I think they do.
This matter, and the suspicions that have been generated, bear on the issue of warranting. However, before I come to that, I want to mention some issues which so far have been less aired in this debate. There are broadly two ways in which intrusive powers can be exercised by the Government: either with service providers’ co-operation or on a non-collaborative basis, with probed access to the network and increased surveillance. It is clear that, to be fully effective in providing protection, the Government need access to both routes. At the moment, they increasingly have to rely on the non-collaborative route in the absence of sufficient assistance from service providers, which, if they chose to offer it, could provide vital help with such matters as encryption and transnational services. In referring to service providers, I include also the new media operators.
The problem is that in the absence of judicially authorised warrants, service providers’ current reluctance to collaborate with the Government is likely only to increase. The protection that the Government are able to afford the public, even with the help of the security industry, is therefore likely to diminish. This is a real rub. One could argue perfectly legitimately—as Members of this House have—that the warranting function is essentially political. One could equally argue that it is ultimately judicial. In fact, I think it is a mixed competence. We have to consider the practical implications of our position. We cannot ignore that the way in which these decisions are taken, whether judicial or political, will be neutral when it comes to the assistance that the Government need from outside sources. That includes foreign Governments.
I therefore incline towards the notion that we will have to have a very strong judicial element in the warranting system. I also reckon that we will need mutual legal assistance agreements; I do not see how else we are to get help with these issues from organisations that lie beyond our territorial jurisdiction. Those agreements will be difficult to negotiate in the absence of a judicial element in warranting.
I do not want to dwell on this, but if the Government decide to accept the recommendation of setting up a new body, to which David Anderson has given the acronym ISIC, it would be right to give it the status, resources and trained staff that would enable it to provide both a first-class service to the Government 24/7—that will be necessary if we go down that route—and confidence to the public. It would be an error to provide a grudging, underpowered ISIC.
The other element in this game is that the Government are increasingly dependent on outside players to carry out their functions and to protect the nation. The active and willing participation of the security industry is also essential in maintaining government capability against a threat that, as I said earlier, is constantly increasing and throwing up technical challenges. We have to understand, for reputational and other reasons, that the security industry also needs a clear and accepted legal framework to work in. The issue is not quite the same as dealing with foreign Governments, but the industry is keenly interested in the reputational angle of the relationship that it must have with government. We need a relationship with the security industry that addresses the need for capability gaps to be filled now and in future. There is an issue of how we devise legislation that allows us to keep pace with technology while ensuring public trust in how those capabilities are used.
The Anderson report contains some not entirely justified strong language about the failure of government to make the case for the retention of third-party data.
I do not quite share his indignation on this subject. I do not read this stricture, as some commentators seem to have done, as meaning that no case can be made. I take the view that no adequate case has yet been made, although it should be before legislation is embarked on. I agree in the sense that we need a national consultative process. We need to talk to each other more about this. We need to get to the bottom of our differences and to discuss all the angles. The sooner we do so the better. As my noble friend Lord King rightly remarked, there is, for obvious reasons, no time to lose; I do not need to labour that point.
The Government should not be frightened of leading such a national consultation and debate. The public are not foolish about the danger that we face. They know that powers are needed by government to provide security. They emphatically do not want to know about technique, and they do not want others who should not know about technique to know about it. But they do want to be able to understand where the limits to those powers that will be exercised will lie, and to be confident that the disciplines are in place to keep the system honest.
My Lords, I was not present yesterday because I was taking part in a number of the commemorative events for 7/7. The day provided a poignant counterpoint to the debate. Like other speakers, I welcome the debate and warmly welcome the report by David Anderson QC. I welcome his observation of the current laws being in a patched and confused state and I agree with his recommendation of a completely new, comprehensive legal framework. I intend to look most closely at his chapter 9 on law enforcement.
In the last 100 years, there have been only three major technological breakthroughs in law enforcement: fingerprinting; the discovery and exploitation of DNA; and phone and email analysis. They are all vital. Each requires an effective and, as far as is possible, transparent legal framework. In paragraph 9.22, Mr Anderson notes that in 26 recent terrorism prosecutions, of which 17 ended in a conviction, 23 could not have been pursued without access to and analysis of communications data. In 11 cases, the conviction depended on those data. I am not at all surprised.
In paragraph 9.8, Mr Anderson notes that,
“the public would not accept the existence of physical no-go zones in towns and cities”— for the police, he means—
“so they expect the police to have the capacity, in appropriate cases and when … authorised, to trace any kind of communication”.
I thoroughly agree, as I do with paragraph 9.31, in which Mr Anderson notes the use of the phrase “digital witness” for the first time to indicate that, just as the public expect the police to seek the human witnesses to a crime,
“they would be failing in their duty were they not to seek the digital evidence that relates to a crime or other allegation”.
As many speakers have said, digital is the new normal. The police have to be able to find it. Through the technological changes that Mr Anderson notes in his chapter 4, the use of services such as Skype, which use a system known as Voice over Internet Protocol or VolP, and the increasing private access to encryption, the police are losing that ability as we speak. The digital world is growing dark.
I now turn to one point of detail, which is the law enforcement and CPS request for data retention to last for 12 months. Mr Anderson is on top of his case here, too. At paragraph 9.45, he notes that, first:
“Conspirators become more guarded in their use of communications as the moment of a crime approaches”, and, secondly, that the major players, rather than the actual operatives, are more likely to be traceable at the beginning of a conspiracy than at the end. They are no fools, my Lords.
I turn to the way forward. Mr Anderson’s report states that its purpose is,
“to inform the public and political debate on these matters, which at its worst can be polarised, intemperate and characterised by technical misunderstandings”.
I could not agree more. I do not often shout at the radio but I did when I heard, during a discussion on the previous data communications Bill, a senior and well-respected Liberal Democrat MP—now, I am afraid, a former Liberal Democrat MP—say that he was against the Bill because it would allow the police to read every email, text and social media exchange of every UK citizen and examine details of which websites they had visited. A moment’s thought would recognise the simple absurdity of that suggestion. Again, Mr Anderson catches it very well in paragraph 10.23, in the chapter dealing with the intelligence agencies, in a quotation from the Intelligence and Security Committee. The report states:
‘“Our Inquiry has shown that the Agencies do not have the legal authority, the resources, the technical capability, or the desire to intercept every communication of British citizens, or of the Internet as a whole: GCHQ are not reading the emails of everyone in the UK’”.
When we finally come to debate whatever legislation emerges from the Government, I hope that we will do so on that understanding, and that whatever appropriate and necessary safeguards are erected are put forward to combat misuse or arbitrary decision-making, not to prevent a mass conspiracy of agents of the state to do something which is simply impossible and implausible.
I will finish with a real story. Noble Lords may remember that on the night Gordon Brown became Prime Minister in June 2007, terrorists packed two cars with explosives, left them in the Haymarket, one outside a nightclub called Tiger Tiger, and the other parked in an area where the responding emergency services would have been likely to assemble. Despite their best efforts, the terrorists failed to set off the bombs. Their next appearance, as far as the public were concerned, was when they crashed a large vehicle into the front of Glasgow Airport. As I understand the case, they were able to do that because of Loch Lomond. The Metropolitan Police monitoring their phones were about 20 minutes behind them when the signals disappeared in the Loch Lomond area, which is notorious for poor signal coverage. The suspects were lost. In that space, they had turned round and they went back to Glasgow. By the time the police were able to reconnect their signals, it was too late. I suggest that this is a metaphor for us to bear in mind—the Loch Lomond effect. If we do not take action and implement David Anderson’s recommendations, that kind of lost capability will become more and more common—not because of signal strengths but because of technological change. Quite simply, as on 7/7, people will die. There is no time to waste.
My Lords, there have been a number of reports into the use of investigatory powers by public agencies in the UK. Indeed, I published my own report, which looked at the Metropolitan Police’s use of undercover police, at the Regulation of Investigatory Powers Act and at police databases. I found that the police had overreached and misused their powers, aided by illiberal legislation that is not fit for purpose and, of course, a mayor who was happy to turn a blind eye rather than champion civil liberties. Today I will limit my comments to David Anderson’s report. Like many noble Lords, I welcome several of its recommendations.
I am pleased that David Anderson found that RIPA is not fit for purpose and should be replaced. This is something that the Green Party called for at the last election and we had in our manifesto. RIPA has failed. It fails to regulate the actions of undercover police officers, to support the confidentiality of journalistic sources and to protect legal privilege, and it certainly does not provide a proper and open right of redress via the Investigatory Powers Tribunal.
I am also pleased that Mr Anderson recommends that the new legal framework that replaces RIPA should comply with international human rights standards. I find this particularly relevant when the Government are indicating that they would consider withdrawing from the European Convention on Human Rights. I would welcome clarification from the Government of the implications of this new legal framework if we were to leave the ECHR.
I welcome the recommendations for judicial approval for the interception of communications rather than the current arrangement involving the Secretary of State. In practice, Ministers are not held to account for warrants because it is an offence to disclose that a warrant has been granted and because of the Government’s policy of “neither confirm nor deny” on security matters. Were questions to be asked here or in the other place about the specifics of an intelligence operation they would not be answered. When questions of security are asked, the common response is “operational issues” and the stonewalling of NCND. This lack of accountability is partly why I welcome the move to judicial approval.
I also think that the idea of replacing the three existing oversight commissioners with a single independent surveillance and intelligence commissioner is to be welcomed. I believe it would provide greater safeguards around the use of metadata, as well as the increased safeguards needed for lawyers, journalists and others who handle privileged information.
By contrast, some aspects of the report do not go far enough and cause me concern. For example, I am pleased that Mr Anderson recognised that the role and jurisdiction of the IPT should be expanded. However, I do not think his report goes far enough. I do not believe that the IPT should hold proceedings behind closed doors. Instead, cases should be brought in open court, subject to closed material procedure or public interest immunity framework. This would provide greater transparency and allow for secrecy where necessary.
I question the bulk collection of external communications—those sent from and into the UK. While Mr Anderson says they should continue, subject to “additional safeguards”, I would like to see a far more robust case put forward from the police and security services which makes clear why blanket non-targeted surveillance is more effective than targeted operation-led powers. I found the information provided in the six agency case studies in the report to be limited. I remain to be convinced that the results achieved could not have been achieved using targeted surveillance.
I am pleased that Mr Anderson states that no operational case has been made for requiring service providers to retain records of users’ interactions with the internet—so-called web logs—as proposed by the draft communications data Bill, better known as the snoopers’ charter. I am pleased that he has questioned the lawfulness, intrusiveness and cost of the proposals. His report also points out that no other EU or Commonwealth country requires the blanket retention of web logs; in fact, Australia has recently prohibited this in law. I hope the Government and Home Secretary will pause for reflection on why we alone need such a power.
This report also touches on the use of undercover state agents, or covert human intelligence sources. I accept that this was not the focus of David Anderson’s report but it is an area where I have huge concerns. The House is probably aware of the cases of several women who were deceived into long-term intimate sexual relationships with undercover police officers. Their testimony to the Home Affairs Select Committee laid bare the life-changing consequences these women suffered. I am concerned that, as it stands, RIPA still authorises sexual relationships by state agents. I find this quite alarming. If Parliament thinks that state agents should have this power, which I do not, or that there should be limitations to it, that must be part of the debate we are having. If RIPA is to be replaced then its replacement must clarify the law in this area.
I also draw the House’s attention to a particular aspect of RIPA which I find inconsistent and in need of reform. Different forms of intrusive surveillance are authorised at different levels. For example, interception of communication requires authorisation from the Secretary of State. On the other hand, the authorisation of direct surveillance, including the activities of an undercover police officer, requires only the authorisation of another police officer. It is worth pointing out at this stage that most of the investigatory powers used to obtain communications data are so used by the police and not the security services. I believe that the highly intrusive nature of an intimate relationship with a state agent, presenting as someone else, is capable of being far more intrusive than the interception of communications. I should therefore like to see judicial authorisation for undercover state agents.
In conclusion, I hope that this report leads to a proper debate on these issues, but in order to have a rational and proper debate we must stop describing the threat we face as unprecedented. It is, as Mr Anderson explains, a “surprisingly common” mistake. As someone who has had a file held on a police database of domestic extremists, I am concerned by systems of surveillance which are not clearly defined, targeted and publicly held to account. The past few years have seen revelations that GCHQ spied on Amnesty International, that undercover police have been sent to spy on those campaigning for police accountability, and that RIPA has been used to violate lawyer-client privilege. It really is time that we had a proper debate. There should be clear rules and processes around obtaining data. It should not be easy for the state to obtain communications; that is the cost of privacy in a free society. It is our role to challenge the police and security services to provide a proper case, supported by evidence, for any additional powers that they need or request to do their job. Those who challenge the police and security services do not do so because we are unaware of the threat that we face. We do so to protect the very values that terrorism seeks to undermine.
My Lords, the last time that the noble Baroness, Lady Jones of Moulsecoomb, and I discussed this matter we were in complete agreement, which was rather frightening to us both. I listened carefully to what the noble Baroness had to say and today I am only about 25% in agreement with her, which she will probably be relieved about as well.
I give a warm welcome to the Anderson report for two reasons. First, I believe that he has the recipe here for agreement by all sides. He has rejected adding more ingredients to the old RIPA stew and come up with a new recipe which can be palatable to those in the security services and police who want more powers; to the Home Office, which wants to grant those powers; to the groups who are concerned about the invasion of privacy; and to we parliamentarians who want the powers—whatever they may be—to be clearly spelt out and granted by Parliament. The Anderson report does that.
The second reason why I like the report is that it entirely supports the report and conclusions of the Joint Committee on the original snoopers’ charter Bill, which I was privileged to chair. I thank my noble friend the Minister for his typically overgenerous remarks about me as its chairman. I was just the chairman; the real work and thinking behind it were done by the excellent members of the committee from both Houses—from the Labour Party, the Conservative Party and the Liberal Democrats, along with that venerable Cross-Bencher, the wonderful noble Lord, Lord Armstrong of Ilminster, who was not economical with the truth in giving us advice.
I have always felt that some of my noble friends thought that I was a bit offside in not backing the draft Bill and that my behaviour, as a former Conservative Home Office Minister, had let down the forces of law and order. However, my committee rubbished the draft Bill for one reason only: it was rubbish. I am glad that its flawed clauses were not added to the Counter-Terrorism and Security Bill in the last Session by my noble friend Lord King, as it tried to add unacceptably wide catch-all clauses to an out-of-date RIPA. To be fair, the Home Office civil servants, whom I rate immensely, quickly caught on that the draft Bill was wrong and worked quickly to redraft it, so I am afraid I disagree with my noble friend Lord Strasburger—I think there was a sea change in attitude in the Home Office.
However, that draft did not find political favour in the coalition and did not make progress. Instead, we had the Anderson study. I have gone through the report, A Question of Trust, carefully and cannot find a single instance where he has disagreed with the findings of our Joint Select Committee. Indeed, his recommendations exactly match ours. I am not being arrogant and claiming he was guided by us—of course not—but he examined all the issues in detail, as we did, and came to the same conclusions. Of course, we did not deal with interception warnings as those were not in our remit, but I suspect that, if they had been, we might have come to the same conclusions.
What are the key points? Anderson rightly sets out the principles in chapter 13. Difficult though it will be, they will have to be translated into legislation as part of the Bill. It is difficult for UK Acts of Parliament to do this, as opposed to EU law or United Nations conventions, which can prefix the regulations with a million “Whereases”—“Whereas this”, “Whereas that” and “Whereas the other”. But if we want public and parliamentary acceptability, we have to balance the granting of exceptional powers with enshrined rights to privacy in a transparent system.
I warmly welcome recommendations 1 to 12, which call for a completely new and comprehensive RIPA, covering all aspects of communications and written in simple language. It has to set out clearly what powers we are granting the security services and key law enforcement agencies. That can be done without revealing operational techniques, and it is no excuse to say that the law has to be obscure in order to prevent the bad guys knowing what we are doing.
Recommendation 12 is particularly important. It is vital that we have revised definitions of communications data and their subdivisions into traffic data, use data and subscriber data. The contents of some of these categories, especially subscriber data, have changed dramatically since 2000, and so have attitudes to privacy. Young people—and some noble Lords—seem content to put enormous amounts of information about themselves on Facebook and have a more relaxed attitude to invasion of privacy than some of our generation. That is why we need to engage, as recommendation 12 says, with “all interested parties” to attempt to rank, in order of the extent to which privacy is invaded, the information which law enforcement agencies want and the different regimes they would need to comply with in order to get it.
I can give the House the two easy examples for a start. At the bottom end of the privacy scale is the name of the subscriber, and at the top end are the subscriber’s emails. All the stuff in between—the bank account numbers, the location of calls, the websites visited and dozens of other bits of information—needs to be classified into categories, each requiring various conditions to be satisfied before it can be accessed.
I welcome David Anderson’s support, in recommendations 15 to 18, for the Joint Committee’s recommendation on web logs and his call for a discussion with all parties on how to resolve this issue, which is the most difficult we will have to deal with in this legislation. It was the issue which most exercised the Joint Committee and upon which we found it very difficult to agree. The law enforcement authorities and the Home Office say that it is vital; privacy campaigners say there is a great breach of privacy. After much discussion and thought, our committee unanimously concluded that this matter has to be set out clearly in the Bill and both Houses given a chance to vote on it. Provided that the Home Office builds on the other safeguards proposed by Anderson, I will back the collection of web logs, and I think that the measure will get through Parliament as well. However, it will not get through if there is an attempt to sneak it in through some obscure drafting.
Recommendations 24 and 25 on extraterritorial effect are also important, and David Anderson has homed in on the mutual legal assistance treaty—MLAT to its friends. Our Joint Committee liked MLAT as a principle but the Home Office said that it was far too slow. We said that a new treaty should be negotiated “forthwith.” We said,
“the Government should take advantage of the special relationship with the United States to ensure that bilateral arrangements with them are expedited”.
At this point, I will jump to judicial warranting because it is relevant to a point I want to make about MLAT. Mr Anderson recommended replacing the Home Secretary’s warrants with judicial ones. The judges—with all due respect to noble and learned judges—will be no better or worse than the Home Secretary. The submissions will still be drafted by the same highly qualified civil servants, based on the same evidence. On some rare occasions, the decision by the Home Secretary or the judges will be wrong and an incident may occur. That is an inevitable consequence of decisions made by human beings trying to guess the motivations of other human beings. As has been often said, the security services have to be lucky all the time; the terrorists have to be lucky only once. I now support judicial warranting for interception except for those rare cases that may involve national security and the agents of foreign powers. Some have said that the Home Secretary will be blamed if judges make the decision and an incident occurs. I disagree; that is nonsense. Not even our nastiest press or bloggers will get away with trying to blame the Home Secretary for a decision made by independent judges.
While I see no extra insight resulting from judges doing warranting, there are two major advantages. First, it gives a flavour of impartiality to the process and will be seen as a counterbalance to giving the security services and police the extra powers they want. This is quite different from the SPOC process, which we do not want magistrates anywhere near. Secondly—this shows the relevance to extra-territorial jurisdiction—American CSPs are familiar with judicial warrants and will happily hand over information to the FBI and CIA if a judge issues a warrant. However, they do not like handing over information because a British politician asked for it. That is where the noble Lord, Lord Scriven, and the noble Baroness, Lady Neville-Jones, are absolutely right. This is the pattern in the rest of the world and it is the case with our major ally, the United States, where most of the information is stored. Therefore, coming back to ordinary investigatory powers, we should extend judicial warranting for interception purposes for all requests, however minor, to the USA CSPs. In those cases, our judges should merely rubber-stamp the requests and route them through a newly negotiated MLAT that must take no more than five days, rather than five months, as at present.
There is something else we must do with the United States—stand up to them. Imagine if we had a giant United Kingdom company—a British Apple or Google—that stored vast quantities of information on US citizens. Imagine if the FBI or CIA asked this Brit company for information and it said, “Oh, sorry, can’t do that—need a warrant, you know. You need X, Y and Z and it will take six months”. What would happen? The Americans would round up every Brit in the States, issue international arrest warrants for every other Brit connected to the company and they would get 20 life sentences each. We have seen the Americans impose their Lex Americana on the world and we must do likewise if—a big if—we decide that Google or Apple holds information in California that we must have here. We should also serve the warrant for information on their UK-based executives and have the same sort of penalties for lack of co-operation. We may even very privately tell the USA that the feed they get from GCHQ is not guaranteed or that MUSCULAR will be down for a few weeks for essential maintenance. They play hard ball—whatever that is—with us and we should have the guts to do likewise. I know that my noble friend the Minister cannot even acknowledge those points without the risk of special rendition and waking up in Diego Garcia tomorrow morning, but we must think of playing by American rules if we are in the same game as them.
I have a few final points. The SPOC system works. Our Joint Committee probably started with the prejudice that it was incestuous and not rigorous, with one friendly policeman sitting beside another and rubber-stamping it. We assumed that magistrates would be a better choice. We were surprised to find we were utterly wrong. As operated by the Metropolitan Police, the SPOC system is absolutely first class. The same goes for the other big users which can allocate highly trained specialists to do nothing other than SPOC work. Indeed, we think that all smaller police forces should combine their operations into regional units or let the Met and other big forces competitively bid to do it. This is an example of where being big is good; the more cases they handle, the more professional they are.
The SPOC regimes operated by the other big players, the United Kingdom border agency—or whatever it is called this week—HMRC and the security services are also impeccable. All other smaller non-police users must be compelled to go through a professional process, such as the national anti-fraud network, rather than trying to do their own thing.
There is one issue which Mr Anderson has not picked up, and that is the ability rapidly to amend the law for new technological advances. Some may say that a new RIPA should be future-proof and encompass everything. I say no, absolutely not, not unless it is so widely written that it would lack transparency, like Clause 1 of the original flawed Bill. Our Joint Committee recommended—and I recommend it here—the creation of a new technical sub-committee working under the new ISIC. I should point out that our Joint Select Committee report said:
“Consideration should be given to a new unified Surveillance Commission reporting to parliament with multi-skilled investigators and human rights and computer experts.”
So thank you, Mr Anderson. We are again not just on the same page but are singing the same tune.
The ISIC role, as defined by Mr Anderson, does not focus on emerging technology. We need a sub-committee which can act quickly and recommend to ISIC that a new process, software or gizmo needs to be added to the Act. Then ISIC would recommend to the Home Secretary that an urgent amendment should be made. Then we need the second part of the solution: fast parliamentary approval using the parliamentary super-affirmative procedure, which exists, but is hardly used, and which we recommended in our report.
Finally, we really have to dump all the other hundreds of authorities which can access, even in a limited way, investigatory powers legislation. The Home Secretary rightly says that we need it to catch terrorists, paedophiles and serious criminals. The public will buy into that, but not when they hear that Slough council used it to catch people selling fake trainers or Cambridgeshire County Council used it to catch fraudsters, which is in the Anderson report. We all know that these ancillary organisations have only very limited access to subscriber data, but it prejudices the public against communications data per se. If the crimes are so serious, as in the case studies quoted by Anderson, why in the name of goodness is trading standards dealing with them? They should been handed over to the police or the National Crime Agency to prosecute. We cannot have vital powers required by the police, security and state agencies tainted because far less important agencies are in the loop as well.
I look forward to seeing the new draft communications data Bill. We need to see it quickly and to pursue it in draft form quickly. Then we can move forward to a proper Bill. If it adopts the recommendations of Mr Anderson and the Joint Committee then it can never be called a snoopers’ charter and it will deserve parliamentary approval.
My Lords, much of the attention in this afternoon’s debate has rightly focused on the Anderson report, but I shall start by paying tribute to the other members of the Intelligence and Security Committee on which I had the privilege of serving as one of the two representatives of your Lordships’ House. That committee was excellently chaired by Sir Malcolm Rifkind. It was not only a very harmonious and stimulating committee but Sir Malcolm devoted himself to it with great application and energy and did a huge amount to promote better understanding of the issues we are discussing today, not least by holding public hearings of evidence for the first time.
The Anderson report and the ISC report, together with the RUSI report, which we expect in the next week or two, and the report of the commissioners and the Joint Committee chaired by the noble Lord, Lord Blencathra, provide a valuable basis, which should be sufficient, for the very important decisions the Government will have to make about intelligence legislation, which will be a major feature of Parliament’s work in this Session. If I may reciprocate the very kind compliment from the noble Lord, Lord Bates, we are very fortunate to have him as the Minister who will guide the House through this legislation.
We have to recognise that the intelligence agencies and the Government face a difficult dilemma in preparing this legislation. On the one hand, modern technology gives extraordinary opportunities for intrusion on citizens’ lives. Those who challenge the users of that technology to justify their use of it for intrusion are, in my view, right do so. The essence of freedom is the right to challenge authority, all the more so when the instruments of oppression in George Orwell’s Nineteen Eighty-Four are now with us today. On the other hand, the effectiveness of the intelligence agencies depends to a large extent on the enemies of the state not knowing what the agencies can do and, equally importantly, what they cannot do. Herein lies the dilemma. If the intelligence agencies demonstrate how they have used intelligence to protect us from attacks, they risk alerting attackers to how to reduce the risk of detection.
That is why we need intermediaries within the ring of secrecy, such as the ISC, David Anderson and the former judges who are the intelligence commissioners, to scrutinise the agencies. Even so, those outside the ring of secrecy constantly demand to be persuaded. I have no complaint with that; they perform a valuable service in insisting that the agencies make their case. I am very conscious of the risk of those who have been inside the ring of secrecy, as I have been, becoming beguiled by the agencies. The case has to be made, scepticism is right and trust has to be earned.
However, those who are sceptical do not assist the conversation when they overstate their case. I thought there was one respect in which the noble Lord, Lord Strasburger, overstated his case today: he was surely not right in saying, in his defence of Edward Snowden, that if it had not been for him we would not have had this national conversation. I remind him that the communications data Bill—indeed, the noble Lord served on the Joint Committee—preceded the revelations of Edward Snowden, and that discussion was, rightly, already happening.
One of Ed Snowden’s revelations that garnered considerable concern and attention was the capability of the agencies for the bulk collection of communications, and that discussion has indeed been valuable. The authorities made a mistake, if I may say so, in not being candid earlier about the fact that that capability existed. However, the discussion also led to a great deal of misunderstanding. What the ISC found, and
David Anderson confirmed, was that the bulk collection or bulk interception of intelligence does not amount to mass surveillance. This led people into the sort of mistake that the noble Lord, Lord Blair, quoted. On the contrary, a capability that in any case has to be highly selective, because the interception agencies have access to only a limited number of message carriers, is subject to filters that minimise the risk of innocent communications being picked up. Nevertheless, I acknowledge that the case for using that capability has to be made. The ISC saw examples of where the search had given leads that led to the prevention of terrorist acts. We were less successful than Mr Anderson in persuading the agencies to allow us to quote those examples, which he did in his report. He was satisfied, which reassured me that the ISC was probably right to be satisfied as well.
One aspect of the revelations of Ed Snowden, from which we should take some reassurance, is the following. He removed from his employers 1 million NSA reports and 60,000 reports that GCHQ had shared with the NSA. People may have been surprised by the extent of the agencies’ capabilities revealed by the reports, but it is striking that out of 1 million NSA reports and 60,000 GCHQ reports, none revealed any significant examples of abuse of power against citizens. It would be right to take reassurance from that. The annual reports of the Intelligence Services and Surveillance Commissioners state that the UK agencies are meticulous in their observance of the law. That has always been my experience, and other people who have had sight of the work of the intelligence agencies and who have spoken tonight have also confirmed that that is their experience.
Although some of the details of the agencies’ capabilities have to remain obscure, I think it is common ground among us all that there is no need for the legislation that governs these activities also to be obscure. Both the ISC and David Anderson—and, indeed, the Government—agree that entirely new legislation is needed to replace the present ramshackle and almost impenetrable structure of laws. That the law is so ramshackle and opaque is not, as some have suggested, the result of some sort of establishment conspiracy. What has happened—I have seen it passing before my eyes—is that over the last 30 years successive laws have piled up to deal with new situations; that is, to cope with developing technology and changing threats.
It is worth just reminding ourselves of this succession of new laws, which will be very familiar to other noble Lords in this Chamber: the Telecommunications Act 1984, which was one of the first; the Interception of Communications Act 1985; the Security Service Act 1989, with another in 1996; the Intelligence Services Act 1994; the Human Rights Act 1998; the now notorious Regulation of Investigatory Powers Act 2000; and, in the last few years, the Justice and Security Act 2013, the Data Retention and Investigatory Powers Act 2014, and the Counter-Terrorism and Security Act 2015. This has been legislative Pelion piled on Ossa, and it needs to be dismantled and rebuilt in a transparent fashion. That is the task in front of us—a big task but a necessary one.
Having said that, the basic elements of the legislation are sound. They are built on the principles that intrusions on privacy have to be restricted to the purposes of preventing or detecting serious crime and protecting national security, and that they must be both proportionate and necessary for those purposes. It is worth reminding ourselves that any intrusion on privacy beyond those purposes is a criminal act, and should be. There also has to be effective authorisation and scrutiny within the ring of secrecy to ensure that the agencies are not both judge and jury over their own actions.
At the same time, new issues arise as technologies change and threats develop, so there are always new questions to answer. To what extent should communications providers be compelled to retain data for inspection—the issue that arose in the communications data Bill? In what circumstances should the data be inspected and who should authorise that? Should our own nationals be given greater protection than others? That has always been the case and it was the basis on which the legislation was built, but in an international world is that still right? And what rules should govern our sharing of intelligence with other nations?
On one matter, like other speakers, I cannot go all the way with David Anderson. I do not believe that ultimate responsibility for authorising intrusion should be transferred from Minsters to judges. Others have pointed out that decisions on intrusion require political judgment, not just the application of law, and should be made by people who are politically accountable. The noble Lord, Lord Blencathra, said that people supposed that there was a risk that if a judge took a decision and something went wrong, the Secretary of State would be blamed for it. He dismissed that risk and I think he was right to do so. My concern is exactly the reverse of that. It is that the judge will be blamed for what ought to be an executive act. I have an illustration of that: the case of the murder of Fusilier Lee Rigby, which the ISC examined. Let us suppose that a judge had declined to authorise a warrant for the surveillance of the killers, Adebolajo and Adebolawe, and that this refusal had proved critical in failing to prevent the attack. That could have happened. A judge should not be held accountable for such a decision; it is an executive act and the decision should be taken by the Executive.
Having said that, there is some scope for compromise with David Anderson’s recommendations. It seems to me that the role of the commissioners can be expanded and perhaps rationalised, and that the judicial commission should be given a more active and immediate role in scrutinising Ministers’ authorisation of warrants. I was particularly struck by the suggestion from the noble Lord, Lord Blencathra, that we are more likely to get international co-operation when there is judicial authorisation. In cases where we go to another country to seek access to data that are in its possession or in the possession of institutions based in that country, we may carry much more plausibility if there has been such authorisation. That suggestion, if I may say so, is well worth considering.
One other aspect needs to be mentioned. An effective structure to protect us against terrorism will not depend on our legislation alone. Again, this was illustrated by the murder of Fusilier Rigby. The vital clue which could have prevented the killing was in an internet message discovered only after the event. As others have said, communications providers say that they will comply with legislation in co-operating with authorities to prevent serious crimes but they cannot do so because they are subject to conflicting legislation in the different countries in which they operate. In particular, as has been said, legislation in the United States, where many of the principal providers are domiciled, inhibits such co-operation.
There, I agree with the noble Lords, Lord Scriven and Lord Blencathra, that this problem can be solved only by international diplomacy, not by our legislation alone. One report that we do not have in front of us tonight is that of Sir Nigel Sheinwald, the Prime Minister’s envoy on this subject. There have been rumours of what that report says: that he urges—I think rightly—a new international agreement, particularly with the United States, which will assist in this area. The suggestion from the noble Lord, Lord Blencathra, about judicial authority may well help in that. There is one thing that I hope the Minister might be able to tell us in responding to this debate. Can he tell us any more about the work of Sir Nigel Sheinwald in developing diplomatic relations with other countries on this vital issue?
My Lords, it has been a very interesting debate and one that will obviously help inform the upcoming debates on the investigatory powers Bill. I also very much welcome the Government’s approach of publishing a draft Bill and having pre-legislative scrutiny by a committee of both Houses of Parliament.
I am a Liberal Democrat and the House would expect me to put privacy and the rights of the individual front and centre of my contribution—and I will not disappoint the House. I was also a police officer for over 30 years, albeit having very little to do with the investigation of terrorism. However, 10 years ago, to the day, I fronted press conferences as the Metropolitan Police spokesman following the
Terrorism has changed in nature, even during my time as a police officer. The IRA was like an army— it was a hierarchical organisation that could be infiltrated. Fixed-line and mobile communication data, including text messaging and who was contacting who, from where and at what time, could easily be accessed because mobile phone service providers need this information so that they can bill the customer.
As Anderson says, quoting from one of the Snowden documents, we were in a “golden age” in terms of the accessibility of intelligence—never before had the police and the security services had such a wealth of information about the communication between criminals, terrorists or otherwise.
Some noble Lords talked about the level of threat. The noble Lord, Lord King of Bridgwater, quoted a former head of the Security Service, the noble Lord, Lord Evans of Weardale, about the level of threat—as does Anderson. However, Anderson says something somewhat different from what the noble Lord, Lord King, said. The noble Lord, Lord Evans of Weardale, said that the nature of the threat is changing, rather than necessarily getting more complex, unpredictable or alarming. As a result, Anderson concludes at paragraph 3.6 that:
“claims of exceptional or unprecedented threat levels—particularly if relied upon for the purposes of curbing well-established liberties—should be approached with scepticism”.
I hope that we will approach such issues with scepticism.
The noble Baroness, Lady Manningham-Buller, and other noble Lords talked about technology racing ahead. The noble Lord, Lord Blair, talked about the digital world going dark. It is absolutely right that the risk is heightened because of those changes. For me, it was my noble friend Lord Scriven who asked a critical question at the crux of this: how do we make up for those deficiencies? I think that the more important question is: will it be legislation and giving the security services and the police more powers that bridges that gap, or will it be something completely different?
The attacks that we have seen in the UK and most recently in Tunisia have tended to be by lone wolves or small groups of people who have long known each other and are therefore impossible to infiltrate. There have also been changes in technology, with the advent of web-based communication, such as Facebook Messenger and “over-the-top”—or OTT—provider apps such as WhatsApp and Wickr. They are free-to-use services, so there is no need to record any billing information. Such systems of communication are causing the security services and the police to fall behind in terms of the intelligence that they can access. To ensure privacy and the integrity of communications, to give confidence to their users, such providers have encrypted the information. Indeed, Wickr messages apparently self-destruct once delivered, and FaceTime calls and iMessages between Apple devices cannot even be decrypted by Apple itself. As quoted by Anderson at paragraph 11.16(b), Apple states:
“Apple doesn’t scan your communications, and we wouldn’t be able to comply with a wiretap order even if we wanted to”.
The technology is outpacing the police and the security services, and indeed our efforts to keep up with it. By way of another example, an IP address identifies a device on a network but it can be shared by multiple users simultaneously. We passed the Counter-Terrorism and Security Act 2015, which requires communication service providers to retain other data to ensure that, even if a shared IP address is used, it can be tied down to one device. However, there are already problems with that legislation.
First, the measure is likely to identify only the bill payer and not the device. If you use a virtual private network, as we all do when we access the parliamentary intranet from our iPads, the IP address is that provided by the VPN and not by the device. By using a VPN where the server is in the UK, I can make the internet think that I am in the UK whereas I might be in Australia—which is very useful when you want to watch the BBC News but questionably legal. Although a VPN may be provided by a single entity, so that the single entity could be asked who is using the service, other VPNs such as Tor—apparently otherwise known The Onion Router—use a network of 6,000 computers to encrypt data and hide the IP address and other identifiers. This is all in the Anderson report.
I could go on baffling noble Lords and myself with examples provided by Anderson, but I can best describe the situation as akin to that applying to new psychoactive substances. As soon as the Government think of legislation, such as the communications data Bill, to close a gap in the police and the security services’ capability, technical experts will create another gap. For example, keeping 12 months of people’s web logs will tell you nothing about who is communicating with whom if it is done on Facebook Messenger or Wickr, but it will be a massive intrusion into people’s privacy. There is a real danger that it will be all pain and very little gain.
The Anderson report is comprehensive, informative and well balanced. Where the recommendations entirely agree with the report produced by the noble Lord, Lord Blencathra, quite some momentum is being built up in terms of anybody being able to argue against it. However, you cannot take an informed decision on what legislation is necessary to replace existing legislation unless you have a grasp of the technology.
There is much that we have to take on trust from the security services because they deal in secrets, and we do not want to reveal to the enemy exactly what the security services’ capabilities are. However, what we do not have to take on trust, because it is not a secret, is the technological landscape that the new legislation will have to operate in. Nor do we have to take on trust the legislation that the security services are asking for. We should not simply give the police and security services what they are asking for. In the past, for example, the police service, although not the security services, asked for 90 days’ detention of terrorist suspects without charge. Parliament, quite rightly, refused, so there is also a precedent for this.
On the communications data Bill or any successor, Anderson is clear. He says:
“If a sufficiently compelling operational case has been made out”— and he says that one does not exist at this time—
“a rigorous assessment should then be conducted of the lawfulness, likely effectiveness, intrusiveness and cost of requiring such data to be retained”.
That was also the recommendation of the committee of the noble Lord, Lord Blencathra. Anderson adds:
“No detailed proposal should be put forward until that exercise has been performed”.
It is a very powerful report. Consultation should not just be with noble Lords in this House or with Members of the other place. There needs to be proper consultation with industry professionals, which, as the noble Baroness said, should include the security industry. However, it should also be with internet service providers. On Thursday last week, I was invited to the annual awards ceremony of the Internet Service Providers’ Association. Its villain of the year award went to the Home Secretary for failure to consult the industry at all on data retention. Surely, if we are to be successful in defeating terrorism, we have to have the support and co-operation of those who provide the means by which these terrorists communicate with each other.
My Lords, not surprisingly, this has been a well-informed debate between the heavyweights in this field. I am in the same position as the right reverend Prelate the Bishop of Chester of not being an expert, although I am not sure that I can follow him and equate that to mean that I might be regarded as a gentleman.
We are potentially considering a number of reports in this debate, including the Intelligence and Security Committee’s report on privacy and security, the latest annual reports from the Chief Surveillance Commissioner and the Intelligence Services Commissioner and the report on investigatory powers entitled A Question of Trust by David Anderson, the Independent Reviewer of Terrorism Legislation. Most of my comments will be related to the Anderson report, which is the most recent of the four.
The Anderson report was commissioned on the basis of an opposition amendment when Parliament was asked to legislate quickly to introduce the Data Retention and Investigatory Powers Act 2014. We argued that it was the right time for a thorough review of the existing legal framework to be conducted as we and others no longer felt that the current arrangements were fit for purpose. As has been said on more than one occasion, the report by David Anderson into the use of investigatory powers by public agencies in the UK recommends that the legal framework for the use of such powers should be overhauled, as the current law is fragmented and often obscure in an area of activity where advancements in this digital age have profound and rapid implications. On page 245 of the report, David Anderson says of the present situation:
“The technology is hard to grasp, and the law fragmented and opaque. Intelligence is said to have been harvested and shared in ways that neither Parliament nor public predicted, and that some have found disturbing and even unlawful. Yet this was brought to light not by the commissions, committees and courts of London, but by the unlawful activities of Edward Snowden. Informed discussion is hampered by the fact that both the benefits of the controversial techniques and the damage attributed to their disclosure are deemed too secret to be specified. Politics enters the picture, and for informed debate in the media are substituted the opposing caricatures of ‘unprecedented threats to our security’ and ‘snoopers’ charter’”.
Mr Anderson goes on to say:
“If one thing is certain, it is that the road to a better system must be paved with trust”, and that:
“Trust in powerful institutions depends not only on those institutions behaving themselves … but on there being mechanisms to verify that they have done so”.
With the need to promote trust in mind, he has formulated his recommendations on the basis of five principles: the minimisation of no-go areas; limits on powers; rights compliance; clarity and transparency; and a unified approach. These principles ought to play a key part in the development of the law and the practice of investigatory powers. Under the fifth principle of a unified approach, Mr Anderson has indicated his disagreement with the Intelligence and Security Committee’s report Privacy and Security: A Modern and Transparent Legal Framework, which states that,
“there should be a clear separation between intelligence and law enforcement functions”.
The Independent Reviewer of Terrorism Legislation feels instead that the seamless and co-operative working relationship between the security and intelligence agencies and the police is a feature of the United Kingdom’s security landscape that is widely admired across the world, but rarely successfully imitated. Part of the secret of that success, Mr Anderson has said, is that the,
“police and agencies … interoperate across significant parts of their work, a process that has accelerated since the London bombings”, of 10 years ago, which are so much in our minds at present.
In line with the theme of his report, which is entitled A Question of Trust, Mr Anderson states that the investigatory powers available to public authorities must be shown to be necessary, clearly spelt out in law, limited in such a way as to conform to international human rights standards, and subject to appropriate safeguards. Included in other recommendations in his report are that warrants for the interception of communications should require judicial approval rather than the approval of the Secretary of State, as is currently the case. However, an exception would be made in cases where the warrant is required in the interests of national security relating to United Kingdom defence or foreign policy, where the approval of the appropriate Secretary of State would be required.
A further recommendation is that the power to require service providers to retain communications data for a period of time should continue to exist, as currently provided for under the Data Retention and Investigatory Powers Act 2014. The capability of the security and intelligence agencies to retain intercepted material in bulk should be maintained with additional strict safeguards. Further, the three existing oversight commissioners should be merged into a single independent surveillance and intelligence commissioner. Finally, the role and jurisdiction of the Investigatory Powers Tribunal should be expanded.
On further issues, the independent reviewer has said in his report that there are possible benefits to requiring communications service providers to retain their records of users’ interactions with the internet—the so-called web logs, to which reference has already been made—as proposed in the draft communications data Bill. He goes on to say that if such proposals were to be brought forward,
“a detailed operational case needs to be made”, with a full assessment of the implications for retaining such data being carried out.
One of the key objectives set out in the report for the renewal of legislation on investigatory powers is public trust in the use of such powers by government agencies in order that people should not become disenchanted with the whole business of intelligence gathering. Such disenchantment or disillusion would result in a loss of public confidence in law enforcement and intelligence agencies, which is needed if they are to carry out their work to maximum effect.
I do not know what particular occurrences or issues Mr Anderson had in mind when deciding to make the issue of trust such an important theme in his report. However, for example, within the last two or three weeks there has been a newspaper report claiming that at least 20 rogue mobile phone towers capable of eavesdropping on personal calls had been uncovered around London. The equipment, it was said, was used by the police to target criminal activity but it was asserted that it also collected the data of all other phones in the area, meaning that the public’s privacy could be being routinely invaded. Whether the report was true or not, I cannot say, but while I doubt that anyone would feel it inappropriate to use such equipment to track criminal activity, a problem arises if there is any suspicion, justified or not, that it might be being used rather more extensively. It is, as the Anderson report is entitled, a question of trust.
More recently, we appear to have had a case to which the noble Lord, Lord Strasburger, referred of the Investigatory Powers Tribunal ruling towards the end of last month that an Egyptian NGO had been subject to surveillance by the UK Government with its email communications being intercepted and access to their information being unlawfully retained for longer than the time limit allowed. At the same time, it is claimed that the Investigatory Powers Tribunal made no determination in favour of Amnesty International’s claim that it had been a victim of unlawful surveillance. However, it seems that last week the Investigatory Powers Tribunal ended its ruling, stating that it was in fact Amnesty International, not the Egyptian NGO, that had been subject to this unlawful surveillance activity—the first time it is being said the Investigatory Powers Tribunal has not ruled in favour of the agencies.
Obviously, this matter could raise two issues: first, why an international human rights organisation has apparently been subject to surveillance in the first place; and, secondly, how the Investigatory Powers Tribunal appears to have made the error of mistaking an Egyptian NGO for Amnesty International, and what that could mean for its ability to provide effective oversight. I say this as a serious comment, not a frivolous one: I am not in a position to comment on the rights and wrongs of the case to which I have referred. I simply make the point that if what I have been given to understand is anywhere near accurate it will inevitably raise questions of trust, which is a key theme of David Anderson’s report.
We agree with the view in the Anderson report that the current legal framework is opaque and unsustainable and that the current commissioner system should be overhauled with the creation of a new single commissioner. We also believe that the Government should consider carefully the recommendation made in the Anderson report for consultation with law enforcement agencies and communication service providers to establish the operational case for the retention of web logs.
Our opposition to the draft Communications Data Bill reflected our concerns that it gave the holder of the post of Home Secretary too much power, including the determination of which categories of data communications service providers should be required to retain. Those concerns were shared by the Joint Committee on the draft Bill which considered that the powers outlined in Clause 1 were too wide ranging.
We also agree with the recommendation in the Anderson report that there should be judicial authorisation for interception warrants introduced into the process. Such judicial approval already applies in the United States, Canada, Australia and New Zealand. We would want the Home Secretary to retain her or his role in assessing the nature of threats to national security. On the recommendation that authorisation of warrants by the Secretary of State should be replaced by judicial authorisation, Mr Anderson states that the Home Secretary routinely signs thousands of warrants per year. Most are concerned with serious and organised crime—some two-thirds—and the remainder with national security, principally terrorism.
It seems that in 2014, the Home Secretary, as the noble Lord, Lord King of Bridgwater, said, personally authorised 2,345 interception and property warrants and renewals. My maths is not very good but, as far as I can make out, that amounts to an average of between six and seven a day, seven days a week, 52 weeks a year: a surprising figure, to put it mildly. No doubt the Minister will tell us how that figure compares with previous years. I do not know whether the Home Secretary has time, with all the other responsibilities of that position as well as those of being an MP, to delve into each warrant authorisation sufficiently deeply to ask any necessary challenging questions or to seek further information or clarification. The Minister has already told us that a Home Secretary does have the time—and not spare time, but core time—to do so. Perhaps the fact that the Minister decided that there was a need to try to get his retaliation in first on this point is, in itself, revealing.
In his report, Mr Anderson makes the point that English law has long recognised the need for a judicial warrant for the search of a person’s home. He goes on to ask why the equivalent should not be required to access the information available about a person based on their communications, which may be very intrusive and informative. The independent reviewer’s recommendations include a mechanism for reconciling judicial authorisation with the special expertise of a Secretary of State where defence of the United Kingdom or foreign policy issues are involved.
The Government have said that they are committed to introducing a Bill on investigatory powers early next year, so that it can receive Royal Assent before the
sunset clause in the Data Retention and Investigatory Powers Act comes into effect at the end of 2016. Prior to that, a draft Bill will be brought forward for consideration in the autumn and will be subject to full pre-legislative scrutiny, including by a Joint Committee of both Houses. We want strong powers with proper checks and balances and oversight of how the system is to work and is working. However, it is also crucial that our intelligence agencies can counteract the serious and growing threats that people face. That requires an up-to-date legal framework and the protection of our security and liberty. We have to ensure that the issue of public trust raised in Mr Anderson’s report is addressed. If we do not, the effectiveness of our intelligence gathering will be weakened, with potentially very serious consequences for us all.
I conclude by recognising and paying tribute to the dedication and commitment of those who work so hard and diligently to protect us, whether from acts of terrorism or from those for whom acts of vicious and heartless criminal activity are apparently an acceptable way of life. One day after the 10th anniversary of the
Let me begin by echoing the words of the noble Lord, Lord Rosser, in his closing tribute to the men and women of our security services and the work they do day in, day out, often at significant risk to themselves, to prevent the types of atrocity that we have seen all too often around the world and on our streets here in the United Kingdom.
This debate was styled as a take-note debate, in the terms that we use in this House. I do not propose to respond to each of the points made, because that was not the purpose of the debate. The purpose was simply for noble Lords to bring their incredible experience, knowledge and insight to this forum, so that we could draw upon their comments, observations and questions as we begin the process of preparing a draft Bill for consideration here. Effectively, as I saw it, the debate moved between three stages. The first stage was to recognise the nature of the threat. That was brought into very sharp focus by frequent references to David Anderson’s report. I do not think I have ever previously responded to a debate in which the report that formed the subject of it has so frequently been the basis of the contributions to it. The noble Lord, Lord Butler of Brockwell, will be impressed from an academic standpoint by the number of citations of the report, which shows that it is an incredibly thorough piece of work. I pay tribute to Her Majesty’s Opposition for encouraging us to undertake it. It was absolutely right that we did.
The report outlined the threat before us and identified a determined and ruthless new emerging threat. We found that in the evidence and report by the Intelligence and Security Committee into the death of Fusilier Lee Rigby. The noble Baroness, Lady Manningham-Buller, gave us some insights into the sophistication of the technology and urged us to be agile in our responses to it. The noble Lord, Lord Blair, gave his reflections, in particular on those horrific attacks and planned attacks. The chilling thought of the Loch Lomond effect struck us significantly.
If the threat is there, the second question is: what are we to do about it? That was a very interesting debate. The contributions on law enforcement from the noble Lord, Lord Paddick, and others were very important—that we talk about how we track this. I was conscious of the reference in the report by the former director of GCHQ, Sir Iain Lobban, who said in his valedictory speech that we must “enter the labyrinth”. As my noble friend Lord Blencathra reminded us, that labyrinth is getting more and more impenetrable. We were distinctly helped by my noble friend Lady Neville-Jones, who comes to this from a security perspective and is doing valuable work in informing our response to the cyberthreat facing not only commerce, but society. That complexity is a very important issue.
Let me respond to the contributors who asked whether we are having conversations with internet service providers and communications service providers. That is crucial—if noble Lords go to the appendix of the Anderson report, they will see the list of communications service providers that he interviewed. This is an ongoing process: at the Home Office we regularly meet with communications service providers, both domestically and internationally. Indeed, a senior Home Office official is in the US today holding meetings with companies. We also have my noble friend Lady Shields, who is from the world of social media. She is now Minister with responsibility for internet security.
We also had the very helpful work in 2014 of Sir Nigel Sheinwald, the Prime Minister’s special envoy on intelligence and law enforcement data sharing. His role was created to work with foreign Governments—precisely the point that was asked—and with communications service providers to provide access to data across different jurisdictions for intelligence and law enforcement purposes. Since Sir Nigel’s appointment the Government have expanded their dialogue with the companies but, despite some progress and co-operation, that remains incomplete. We all agree that we need to work on longer-term solutions. The noble Lord, Lord Butler, asked whether I had an update on Sir Nigel’s report, which was presented to the Prime Minister. As we set out in July 2014 when the position was announced, the role of the special envoy has been to conduct discussions and negotiations on data sharing. Any detailed advice relating to his work as a government special envoy remains internal civil service policy advice, helping Ministers to consider a full range of options. However, the Cabinet Office published a summary of his work on its website on
The third question is: if the threat is real and serious as virtually all noble Lords have acknowledged it is, and if our police and security services need more powers, how do we ensure that we carry public trust with us? These points were focused on by the noble Lords, Lord Strasburger, Lord Scriven, Lord Blencathra and Lord Paddick. It must be stressed that there are two elements to this answer. First, there is a plethora of people—in fact, some may say too many—overseeing the work of our security services, including the Interception of Communications Commissioner, the Intelligence Services Commissioner and Surveillance Commissioners. All their reports are available in the Printed Paper Office. There is also the Intelligence and Security Committee of Parliament, the Independent Reviewer of Terrorism Legislation, the Investigatory Powers Tribunal, to which I will come back in just a second, and the courts more generally. The noble and learned Lord, Lord Brown, with his significant experience, clearly outlined the way they would approach these issues and the principles they would apply in so doing. The Information Commissioner also oversees this process.
A number of noble Lords referred to, and asked for comment on, the recent Amnesty International case that came before the Investigatory Powers Tribunal, to which I wish to put a response on the record. The tribunal made it clear in its judgment of
I was asked by the noble Lord, Lord Rosser, whether I could provide some detail on the actual number of warrants that have been signed. I did have that figure to hand, but perhaps I will write to him setting out how this year’s figure compares with that of previous years.
In conclusion, I again thank all those who have contributed—
My noble friend did not answer the point that I raised. I think it is generally widely accepted that we are at risk in this country of terrorist attacks, and that at the moment our defences are not as strong as they could be. We believe that measures in legislation which could come forward would protect the nation from the sort of outrages that we have suffered in the past and would provide a better chance of protecting the country. The course on which the Government are now embarked is to go away and prepare legislation and then submit it for pre-legislative scrutiny by a Joint Committee of both Houses, which will take some time. It seems to me that because of the initiative of the Opposition in initiating the Anderson report, on which I congratulate them, we have the most extensive preparation for this legislation: a report that has been very widely respected on all sides of the House.
The noble Lord, Lord Blencathra, who chaired the previous pre-legislative scrutiny Joint Committee, said that the Anderson report meets all the points that his committee wished to raise. Of course, I understand that there are points that still need discussion. One of them, as we know very well, is whether there should be judicial or ministerial approval. But if we have another Joint Committee, it will rehearse the arguments, which are already very well rehearsed, and it will come back to a decision of Parliament. Parliament will have to decide some of the issues that are outstanding.
The advantage of the course that I am advocating is that unless we really want to go down this very extended route, we could actually have better protection in place for all the citizens of our country sooner if we now go ahead, prepare the Bill—drawing on all the advantages of having the Anderson report available—and then put it to both Houses to decide those issues that, I absolutely accept, remain outstanding; they are a matter of debate, and can be decided by votes of both Houses. I say to my noble friend, who has given an admirable response to the debate so far, that I hope the Government will consider whether we really need to have a further, second pre-legislative scrutiny committee, which will take time and leave the country at risk for longer than I believe is necessary.
My noble friend speaks with great authority and experience. He is right to urge us to move as quickly as we can, given the statements that he quoted from the Home Secretary, which were made before the last election under the previous Government, about every day that goes by without these powers. A process has been set out here and the Prime Minister and the Home Secretary have been very clear that because of the importance of taking people with us and, as far as possible, being able to bring this forward in a cross-party way—not just cross-party, but of course including the Cross-Benchers in this House—we ought to be seen to be going through a very thorough process. That involves basing it on the Intelligence and Security Committee, the Anderson report, the RUSI report which is to come and the debates that have been scheduled ahead of time in both Houses before the Recess. There will then be a period to reflect on that over the Recess and the Government can then come forward with a draft Bill that I hope, because it has been deliberated over, will not be subject to the type of criticism that the noble Lord, Lord Blencathra, levelled at the previous Bill. On the basis of that, one might therefore hope or think that the period of time for pre-legislative scrutiny might be shortened, and that the period of time for scrutiny through the House might be quicker than it otherwise would have been had it not been for all the evidence, reports and consideration that have gone before.
I know my noble friend will not accept that answer fully but I hope he will accept that it is an answer and a position which we have taken with great care and consideration to ensure that, as we progress down this path towards reform and to new legislation, which will go much beyond RIPA’s sunset at the end of 2016, we will carry people with us, that it will be better legislation as a result, and that we will progress down that road in a position of trust between those who carry out those duties and the citizens of this country—
My Lords, I am reluctant to delay us on an evening when there are some transport problems, but it may have slipped the Minister’s mind that I asked him a question concerning how the Government slipped through powers giving themselves the right to hack into computers and phones without any reference to or discussion in Parliament.
I will check again in the record but I am pretty sure that the answer was that the powers to which the noble Lord referred have been laid before Parliament but will of course have to be approved by Parliament. An approval process will have to be gone through before they can come into effect. While I am looking at my notes, I can save my colleagues from the Home Office a letter by saying that the Interception of Communications Commissioner’s report, published in March 2015, said that there were 2,795 interception warrants in 2014, compared to 2,760 in 2013 and 3,372 in 2012.
Once again, I thank noble Lords for their contributions to this debate. It has been incredibly valuable and I will make sure that it is drawn to the personal attention of my right honourable friend the Home Secretary when the Official Report is prepared.