Offence of unlawfully obtaining communications data

Investigatory Powers Bill – in a Public Bill Committee at 10:30 am on 12 April 2016.

Alert me about debates like this

Question proposed, That the clause stand part of the Bill.

With this it will be convenient to discuss new clause 4—Tort or delict of unlawfully obtaining communications data—

“The collection of communications data from a telecommunications operator, telecommunications service, telecommunications system or postal operator without lawful authority shall be actionable as a civil wrong by any person who has suffered loss or damage by the collection of the data.”

This new clause creates a civil wrong of unlawful obtaining of communications data.

Photo of Joanna Cherry Joanna Cherry Shadow SNP Westminster Group Leader (Justice and Home Affairs)

The new clause very much relates to what I said earlier about new clause 3. The intention is to create a civil wrong of unlawfully obtaining communications data as opposed to unlawful interception. Again, the drafting is mine and it could do with some serious tightening up, but my intention is to establish the Government’s attitude to the new clause. I hope that the Solicitor General will indicate that.

Photo of Robert Buckland Robert Buckland The Solicitor-General

I am grateful to the hon. and learned Lady for the way in which she spoke to her new clause. I see that it very much follows new clause 3. Our argument with regard to new clause 4 is slightly different because it has a wider ambit than private telecommunication.

We submit that this tort or delict would not be practicable. Communications data are different from the content of communication. For example, one would acquire communications data even by looking at an envelope or searching for a wi-fi hotspot when turning on a particular wi-fi device at home. It would not be appropriate to make ordinary people liable for such activity. With respect to the hon. and learned Lady, its ambit is too wide. That said, it is only right that those holding office within a public authority are held to account for any abuses of power. That is why clause 9 makes it an offence for a person in a public authority to obtain communications data knowingly or recklessly without lawful authority. I place heavy emphasis on the Government’s approach to limiting and checking the abuse of power by the authorities.

On the new clause, the interception tool was always intended to address the narrow area that was not covered by the interception offence in RIPA, which is replicated in the Bill. As noted, the communications data offence is intentionally narrower. It would therefore be equally inappropriate to introduce a tort or delict in relation to the obtaining of communications generally or in the areas not covered by the new offence. Under the provisions of the Data Protection Act 1998, communications data often constitute personal data. That act already provides for compensation for damage or distress resulting from non-compliance with the data protection principles and for enforcement in respect of failing to comply with the provisions of the act.

Photo of Lucy Frazer Lucy Frazer Conservative, South East Cambridgeshire

Does my hon. and learned Friend think that the offence of misfeasance in public office would also add a civil remedy for any wrongdoing?

Photo of Robert Buckland Robert Buckland The Solicitor-General

I am extremely grateful to my hon. and learned Friend. She is quite right. In fact, not only is there the offence of misconduct in public office, as it is now constituted, having been reformed from the old offence of misfeasance, but we have provisions in the Wireless Telegraphy Act 2006, the Computer Misuse Act 1990 and, as I have already mentioned, the Data Protection Act 1998. I therefore consider that the new offence we are introducing in clause 9, combined with relevant offences in other legislation, in particular the provision in section 13 of the Data Protection Act 1998, provides appropriate safeguards. On that basis, I respectfully invite the hon. and learned Lady to withdraw the amendment.

Photo of Chris Matheson Chris Matheson Labour, City of Chester

It is, as always, a pleasure to see you in the Chair, Ms Dorries. The Solicitor General has given examples of wide-ranging powers that are available to protect the public. I was grateful to listen to his contribution. However, during Second Reading I queried the Home Secretary’s position on the new offences that are being created. Many of the offences the Bill refers to, particularly in clause 9, relate to the regulation of investigatory powers. My concern is that later the Bill requires internet service providers, for example, to amass a large amount of personal data, and there is a danger that those data may be stolen rather the intercepted. I gave the example of a newspaper perhaps finding a low-grade technical operator in a telecommunications company, passing a brown envelope to them and stealing a celebrity’s internet connection records. I am concerned that the offence in clause 9 of unlawfully obtaining communications data does not go far enough.

I bear in mind the Solicitor General’s comments on other protections that are available, but would he or the Government consider an offence of not just obtaining but being in possession of unlawfully obtained communications data, which would strengthen the protections given to members of the public? We all know that the kind of scenario that I am expressing concern about has not been unknown in the last few years, as various court cases have demonstrated—though I should not discuss their details. Is the Minister satisfied that the protections he has outlined and those raised by the hon. Member for South East Cambridgeshire are sufficient, or should we take this clause a bit further, to give the public broader and wider protection of their privacy and the security of their internet and telecommunications transmissions?

Photo of Keir Starmer Keir Starmer Shadow Minister (Home Office)

It is a pleasure to follow my hon. Friend because I want to develop the point. This is a welcome clause, it is right that it is here, and we support it. However, we question whether it goes far enough. It only covers obtaining communications data. We think that serious consideration should be given to an overarching offence of misuse of the powers in the Bill. At the moment, there are specific provisions in relation to intercept which are replicated frim RIPA and we now have this welcome provision, but there is no overarching offence of misuse of the powers in the Bill.

It is all very well to say that there is the tort of misfeasance in public office. That is not the equivalent of a criminal offence. It has all sorts of tricky complications when one tries to apply it in practice. It is fair to say that there are other bits of legislation that might be made to fit in a given case, but it would be preferable and in the spirit of David Anderson’s approach for a comprehensive piece of legislation for an overarching criminal offence to be drafted, either out of clause 9 or in some other way, relating to misuse of powers in the Bill. It has been a source of considerable concern in the past and I ask the Government to think about a wider offence that would cover all the powers, because comms data are only one small subset of the issues and material information we are concerned with.

I have two short supplementary points. In subsection (3) there is a reasonable belief defence. It would be helpful if the Minister said a bit more about that. May I also foreshadow the inconsistency that we will need to pick up as we go along in the way reasonable excuse and reasonable belief are dealt with in the Bill? It is set out in subsection (3), but there is an inconsistency in other provisions that I will point to when we get there.

My other point is to ask the Minister to consider whether obtaining communications data unlawfully is a sufficient definition to make the offence workable in practice. I put my questions in the spirit of supporting the clause, but I also invite Ministers to go further and consider drafting a clause that covers the misuse of powers in the Bill, rather than simply saying that if we fish about in other bits of legislation or common law we might find something that fits on a good day. In my experience, that is not a particularly helpful way of proceeding.

Photo of Robert Buckland Robert Buckland The Solicitor-General

Thank you, Ms Dorries, for allowing me to reply to a stand part debate on clause 9. I think we have elided the this and the previous clause, but I crave your indulgence to deal with everything in a global way. May I deal properly with clause 9 and set out the Government’s thinking on this?

The measure is all about making sure once again that those who hold office within a public authority are properly held to account for any abuses of power. The clause will make it an offence knowingly or recklessly to obtain communications data from a communications service provider without lawful authority. Somebody found guilty of that offence might receive a custodial sentence or a fine. The maximum punishment will vary according to whether the offence was committed in England and Wales, or in the jurisdiction of Scotland or Northern Ireland.

The hon. and learned Gentleman is right to point out the reasonable belief defence. The offence will not have been committed if it can be demonstrated that a person holding office acted in the reasonable belief that they had lawful authority to obtain the data. Where a communications service provider willingly consents to the disclosure of the data, including by making it publicly or commercially available, that would constitute a lawful authority.

The question about reasonable belief is about making sure that genuine error is not penalised, because there will be occasions when genuine errors are made. In the absence of such a defence, public authorities could be deterred by notifying genuine errors to the IPC. It is important that the Investigatory Powers Commission is an effective body monitoring failure and lack of best practice, and preventing future errors.

I think the hon. and learned Gentleman will agree that we both have fairly considerable criminal litigation experience. In this area, I think a regulatory approach will be just as effective, and in some ways more effective, than a criminal sanction. I am grateful to the hon. Member for City of Chester for reiterating the remarks that I remember him making on Second Reading, when he made some powerful points, but I caution that we are in danger of creating an entirely new criminal framework, catching people further down the line, which ultimately will only lead to more confusion and, I worry, the replication of existing offences.

An unauthorised disclosure by someone in a communications service provider would be covered by the Data Protection Act 1998, because those providers have duties and obligations under that Act just like any other holder of data. I hear what the hon. and learned Gentleman says, and I will consider the matter, but my initial reaction to his question and that of the hon. Member for City of Chester is that the Data Protection Act covers such a disclosure.

Photo of Victoria Atkins Victoria Atkins Conservative, Louth and Horncastle 10:45, 12 April 2016

I have heard Opposition Members’ arguments. Some thought has been given to this point and clause 49 puts a duty not only on people who work in public services but on postal operators, telecommunications operators and any person employed therein to not make unauthorised disclosures in relation to intercept warrants. That might help.

Photo of Robert Buckland Robert Buckland The Solicitor-General

I am grateful to my hon. Friend, who served with distinction on the Joint Committee. That provision relates to creating a statutory duty, which, with respect to her, is slightly different from some of the arguments we are having about criminal sanctions. However, it is important to pray that in aid, bearing in mind the mixed approach we need to take in order to hold public office holders and public authorities to account when dealing with this sensitive area.

The Bill provides a great opportunity for us to put into statute a new offence, which will, together with the other agencies, provide a robust regime that will add to the checks and balances needed in this area in order to ensure that our rights to privacy are maintained wherever possible, consistent with the Government’s duty towards the protection of our national security and the detection and prevention of crime.

Photo of Chris Matheson Chris Matheson Labour, City of Chester

I am grateful to the Solicitor General for that clarification. My concern about his reliance on, for example, the Data Protection Act is what happens in the scenario I described, which I do not believe is so unbelievable, bearing in mind the experiences that hon. Members of this House have had in the past few years with the theft of their information. One problem that his solution presents is that if, for example, my personal data were stolen and published, the only recourse I would have is to the telecommunications provider, which is in a sense a victim itself. The real villains and culprits—the people who stole the information and published it—would not be covered by the Data Protection Act, which is why I seek consideration of extending the clause or guidance from the Solicitor General.

Photo of Robert Buckland Robert Buckland The Solicitor-General

I hear what the hon. Gentleman says. I have already indicated that I will consider the matter further. I will simply give this solution. He mentioned the stealing of information. Information is property, like anything else, and of course we have the law of theft to deal with such matters. I do not want to be glib, but we must ensure we do not overcomplicate the statute book when it comes to criminal law. I will consider the matter further, and I am extremely grateful for his observations.

Question put and agreed to.

Clause 9 accordingly ordered to stand part of the Bill.

Photo of Joanna Cherry Joanna Cherry Shadow SNP Westminster Group Leader (Justice and Home Affairs)

On a point of order, Ms Dorries, may I seek clarification on my position on new clause 4, which the Minister invited me to withdraw? I am minded to do so, having regard to what the Solicitor General said about the Data Protection Act and what the hon. and learned Member for South East Cambridgeshire said about misfeasance in public office, but as a novice in these Committees I seek some guidance. If I press the new clause to a vote now and it is voted down, does that prevent me bringing it back to the Floor of the House?

As I made clear at the beginning of our sitting, you could move the motion at the end of consideration, but that does not prevent you from bringing the new clause back on Report. This point in the proceedings is not the time to for it.

Photo of Joanna Cherry Joanna Cherry Shadow SNP Westminster Group Leader (Justice and Home Affairs)

I realise that, but my point is about the conflicting information on the issue. If an amendment is pressed to a vote and voted down in Committee, some people tell me that it cannot then be brought before the House at a later stage; others tell me that that is not the case. I am anxious to have the Chair’s clarification.

It is not normal, but it does sometimes happen; it is at the Speaker’s discretion. If voted down, you would have to retable the amendment and it would be up to the Speaker, who would know that it had been heard in Committee and voted down.

Photo of Joanna Cherry Joanna Cherry Shadow SNP Westminster Group Leader (Justice and Home Affairs)

I am grateful. So if I withdraw the new clause now, I cannot be prevented from bringing it back later—I will withdraw it in Committee.

Clause 10 ordered to stand part of the Bill.

Schedule 2 agreed to.

Clause 11