We need your support to keep TheyWorkForYou running and make sure people across the UK can continue to hold their elected representatives to account.Donate to our crowdfunder
Before the noble Lord decides what to do with his amendment, it might be helpful if I amplify my earlier comments. It is perfectly right to say that some equipment interference operations involve taking advantage of weaknesses, generally in how users are interacting with the internet, but sometimes vulnerabilities in the software or hardware themselves. However, I also contend that the use of equipment interference does not in itself create those weaknesses. While the security and intelligence agencies might on occasion—as I say—exploit such capabilities, they are at the same time committed to making the internet as secure as possible. As I mentioned, the security and intelligence agencies regularly highlight such vulnerabilities to industry.
There is a simple point to be made here. To leave targets open to exploitation by others would increase the risk that their privacy would be unnecessarily intruded upon. It would also increase the risk of those who wish to know who our targets are identifying the security and intelligence agencies’ tools and techniques. Therefore, operations must be carried out in such a way as to minimise that risk. I come back to the point I made near the start of my remarks: the purpose of GCHQ is to protect the public in that sense.