Mark Astley : The powers to access communications are very important to our members. Trading standards are our main users. They are not high users but it is important for them to be able to investigate those crimes so they can support their community and the businesses that they are working for and on behalf of.
Mark Astley : Can I just elaborate a little bit more about our organisation? We provide a service to assist them in obtaining data and intelligence to assist investigations. However, from a telecommunications perspective, we are only able legally to operate on behalf of other local authorities. We are not able to represent other public agencies such as the Food Standards Agency, although the intention of the Bill is to introduce those collaboration agreements, so we could facilitate that.
Your organisation has identified a range of crimes that local authorities use communications data to tackle. Do you think the Bill ought to identify the crimes more precisely to prevent data from being used in relation to, for example, rubbish collection or school places?
Mark Astley : I believe that the process is in place for identifying necessity and proportionality. The three bar process that we currently have in place will deal with that. To actually identify particular legislation could become more constraining and difficult to administer and, as more legislation comes along, more changes may be required to the Bill.
Mark Astley: No, but we have the three locks in place. They call it the double lock at present, but what the National Anti-Fraud Network provides is what we call a triple lock. We have the NAFN single points of contact that it has to go through. They are fully accredited and professional, and they are fully trained to ensure that we weed out all those types of inquiries. The next lock is the designated person, and following that you have the judicial approval process, too. There is a triple lock in place to prevent any of that from happening.
But there is nothing on the face of the Bill to prevent the individuals you have mentioned from ultimately reaching the view that it might be necessary or proportionate to access communications data to deal with issues around rubbish collection or school places. It has happened, has it not?
Your organisation told the Joint Committee that five hours of an officer’s time seeking judicial approval is “slow and inefficient” and “a deterrent to councils”. Do you feel that the individual’s right to privacy might justify five hours of an official’s time?
Mark Astley: The issue around resources is more about how we can better deliver the services. The judicial approval process is there, and it is supportive. Looking at the figures for the past two years, 2% of those requests have been rejected by our own SPoCs, 0.3% have been rejected by the designated persons and only 0.2% have been rejected by judicial approval. Our belief is that the processes in place work effectively.
That was not really my question. My question was on whether you agree that the individual’s right to privacy justifies the time that is sometimes taken in inputting for a judicial approval.
Obviously, your role is an additional safeguard. There are those who think that the Home Secretary and I are preoccupied with safeguards, checks and balances and the defence of privacy, but I think we have probably got this right. Can you tell me of the number—the frequency—of requests that you would consider to be an abuse of power in respect of applications for information? How often do you come across seedy requests that you would consider to be an abuse of the powers?
Just so there is no mystery—people might ask themselves, “Crikey! What on earth do local authorities need these powers for?”—what sort of offences do local authorities investigate and prosecute?
But, just as importantly, and probably more importantly, they can also safeguard the lives of people who are renting properties from landlords who, for example, are not keeping up to date with their gas certificates.
I do not know whether you have already done this, but could you briefly help us with the process that exists at the moment? What will happen after the Bill in terms of your organisation getting this information?
Mark Astley: Inquiries come through to our organisation electronically from an applicant, and our SPoC will work with the applicant to get the application either up to standard or cancelled because it is not appropriate. Once it is up to the required standard, the application is passed over to the designated person, who will then look to authorise it for proportionality. Once that has gone through, our systems provide a court pack, which is delivered to each individual applicant, and they then have to arrange for a court attendance to get judicial approval.
Differently, in Scotland they also have a legal representative process, except they have a fourth lock in place in that their legal representatives get involved and then go on to the sheriffs for judicial approval. It is then returned to us. Once we have that approval, we then obtain the information accordingly.
Of course, the Bill also introduces the further safeguard of the criminal offence of making an unauthorised disclosure. In other words, there is also safety from the perspective of the telecommunications organisation, BT or whoever it is, knowing that if they do not make sure that you have complied with all of your duties, they themselves may be criminally responsible for giving you any information that they should not be giving you.
With the permission of the Committee, I might suspend the sitting for 10 minutes at 10 minutes to 4 to allow people to have a quick break, because this is quite a long sitting. Is that with the permission of the Committee? Brilliant.
I have two questions. Mr Astley, there are two opposing schools of thought relating to this Bill. There are those of us who recognise the need to update the legislation as it is to provide protection for children against sexual abuse and to provide protection against terrorism, terrorist atrocities and terrorist threats, and at the far end of the scale are those who believe that there is an absolute right to privacy and that no price is worth paying to imperil that privacy.
The job of Parliament is to find the correct balance on the scale between those two extremes. I do not think it would be too difficult to find justification, for example, for the protection of children against sexual abuse or for the defence of the realm against foreign threats and foreign terrorists. Justify to the Committee, if you will, the use of some of these powers, limited though they are in the Bill, for offences at the lower end of the scale.
Mark Astley: From a local authority perspective, they are a small user of telecommunications data. It has never been abused or misused from a local authority perspective, but they investigate some quite serious crimes. We had a particular case of advance-fee fraud, which was worth £7.5 million.
If you look at the majority of the applications that local authorities make, an extremely high percentage in the last two years—96%—was purely for subscriber data, or what is currently known as “c data”. That is the basic information about the subscriber to a telecommunication service and sometimes that is the key information that investigators need. An example would be someone who is trafficking illegal tobacco and the shopkeepers they are speaking with only have a telephone number for the delivery person. Therefore, in order for people to investigate successfully, which they have the powers to do—provided by Parliament—it is important that they have that access.
Let me ask you then, finally, why in that case, if a crime is sufficiently serious, can the involvement of the police not take over the requirements for access to electronic communications data, as opposed to, for example, your members?
Mark Astley: Yes. As I have previously mentioned, our members are very highly trained; they are commensurate in some respects to what the police investigate. But they deal with their local community on a more local basis and they have the powers and expert knowledge, in particular about rogue traders, about illicit tobacco and about counterfeit items. They have that experience.
You could still handle those investigations and deal with them, but when it was apparent that they are of a sufficiently serious nature you can involve the police, who are then able to make the applications on your behalf, so you would not need access under the terms of the Bill.
In the last year for which records are available, which I think is 2015, about half a million applications for access to comms data were made. About 0.4% of those were local authority applications.
You were asked questions about the replication of the existing regime relating in England and Wales to magistrate authorisation, in Scotland to sheriff authorisation, and in Northern Ireland to district judge or magistrates court authorisation, for applications for access to comms data by local authorities. Those provisions are replicated in the Bill, are they not? I think it is in clause 66. But they are in the primary legislation.