My Lords, as the very last Back-Bench speaker I might not have much to say but I have one thing to say at the start: it seems rather a good day for this Second Reading because the Bill bears on UK national security. I therefore hope that, unlike some current Bills, it will still have adequate government support amid the political disarray. I am not sure whether the UK break-up party, formerly known as UKIP, would agree but there is just a chance that the UK has a future. Your Lordships will understand that I come from Northern Ireland, while several noble Lords here come from Scotland. We are worried that there is no such future. However, even in the event of break-up there will still be an interval after the current legislation expires in December during which the security of the UK remains a proper concern for us in this House and this Parliament—and thereafter, who knows?
The Bill comes to us after extensive preparatory work, which has been much mentioned. I, too, declare an interest as a member of the Royal United Services Institute working party that produced one of the reports before the parliamentary scrutiny began. However, further consideration is still relevant, because these are complex matters.
Like many noble Lords, I think that the fundamental architecture of the Bill is sound. There is good reason why the rights to liberty and security form a single right in the European convention and elsewhere. Liberty and security are inextricably interconnected and are matters that must be specified in ways that are mutually qualifying. It is also good to see the right to privacy—of course another qualified right—taken so seriously.
One of the reasons why it is so hard to draft good legislation in this area—and on this occasion I must congratulate the parliamentary draftsmen on the Bill and the excellent Explanatory Notes, which is something I do not often say—is that so many people start with quite obsolete views of what is at stake. Many people imagine that what has to be controlled and regulated is surveillance or intrusion or spying or, to use a well-known word that has been mentioned already, snooping, hence the populist phrase “snoopers’ charter”. That view is archaic. Of course there are still episodes of snooping and intrusion, but what we are trying to regulate in the era of big data is inference, and that is much harder. We are trying to regulate moves that enable inferences to be drawn.
It can be helpful to keep three rather simple questions apart. The first question is: are other people actually gaining access to private data about me? That is the sort of question that worries people, and the answer is usually not and, in particular, not to information that those other people are going to know is about me. The question perhaps reveals either a bit of paranoia or a bit of vanity, but it is quite common.
The second question is, “Can people gain access to private information or data about me?”, and the answer is that usually they can. They do not, but they can. Mostly, of course, they will not realise the data are about me. They can, and that is true not just of the security services but also of many others, and I will come back to that.
The third question is the one we are dealing with and is: may people gain access to data about me? It is only this third question that the Bill seeks to address, and then only with respect to a limited range of public bodies. It seeks to regulate the investigatory powers of the police and the security services assuming that possibilities of inference, and so of disclosure, have been multiplied by the new technologies. The Bill does not seek to regulate the same activities when undertaken by other parts of the state or by non-state actors, such as internet service providers or the media.
There are therefore parallel questions, and I want to raise one, which other noble Lords have also raised, about the media. Many of us have received briefings from the National Union of Journalists about special protection for journalists so that they do not have to disclose their sources and are protected from investigation. I understand very well the concern that this raises, and my noble friend Lord Colville spoke very eloquently about it just now, but I am worried about whether it can be effectively drafted. The Bill currently provides for two special cases of privileged exemption from investigation: for legislators and for legal professional privilege. Both are quite controlled exceptions. We can tell who is a legislator and who is lawyer and when a lawyer is engaged in the relevant discussions with a client. I expect that a claim for journalistic privilege may be tabled, and I wonder whether Her Majesty’s Government have thought about the issues that should be approached and the questions that should be answered. Is every blogger and tweeter a journalist? Other noble Lords have raised that question too. If not, where is the line to be drawn? Secondly, what protection would Her Majesty’s Government think appropriate to prevent the use of claims of privilege in cases where, unlike the Winterbourne investigation, there is no source but only fabrication? Does not freedom of public debate depend on the possibility of testing media claims? Does soft power too need to be accountable?
This is not the Bill to address these issues, but they need addressing. There is a need to address parallel issues about intrusion into private matters by non-state actors, including businesses and the media, that use these new and powerful forms of data analysis. I believe that the new data protection regulation that has finally completed its passage in Brussels is a rather superior document to the data protection directive on which our Data Protection Act is based. It is a pity of course that it does not come into force until 2018 and that we may not have the benefit from it.
My final word is on whistleblowing. Whistleblowing is not a matter of sending poison pen letters: good whistleblowing works when there are proper structures in which there is a confidential intermediary who receives the whistleblower’s message. The media are not the people to handle good whistleblowing. We need, on the contrary, to require major institutions to have proper whistleblowing structures. Some do and many do not—it could be done.