Filtering arrangements for obtaining data

Investigatory Powers Bill – in a Public Bill Committee at 4:30 pm on 14 April 2016.

Alert me about debates like this

Question proposed, That the clause stand part of the Bill.

Photo of Joanna Cherry Joanna Cherry Shadow SNP Westminster Group Leader (Justice and Home Affairs)

I wish to speak briefly on clause 58. I indicate that I will also cover clauses 59 and 60, which I also oppose. The clauses provide for the establishment and use of a filter to gather and analyse communications data. They provide for a communications data request filter, which was a feature previously proposed in almost identical terms in the rather unpopular draft Communications Data Bill. The only change made is that under clause 58(5), which states that the Secretary of State

“must consult the Investigatory Powers Commissioner about the principles on the basis of which the Secretary of State intends to establish” the filter.

The request filter essentially is a search mechanism that allows public authorities to conduct simple searches and complex queries of the databases that telecommunications operators will be required to build and hold. The Joint Committee on the Draft Communications Data Bill described the request filter in that Bill as

“a Government owned and operated data mining device”,

which, significantly, positions the Government at the centre of the data retention and disclosure regime. Access to the filter and the data it produces would be subject to the same self-authorisation processes as all communications data. In practice, the request filter would be a search engine over an enormous federated database of each and every citizen’s calls, text records, email records, location data and internet connection records. Those would be made available to hundreds of public authorities.

I am sure the Government will, as they have in the past, be keen to portray the request filter as a safeguard for privacy. However, the processing of such a huge amount of personal data, as permitted by the request filter, is a significant privacy intrusion. It is not only me who thinks that; the Joint Committee on this Bill noted that there were

“privacy risks inherent in any system which facilitates access to large amounts of data in this manner.”

When I asked the Solicitor General why other countries do not do that, he said that the lead must start somewhere, but I do not want my constituents to be guinea pigs for such a system. I can tell from my mailbox that many of my constituents are very concerned about such huge amounts of personal, private data being held and analysed in that way. They want to see serious crime tackled, but not at the expense of their privacy.

A balance has to be struck, and I fear that the request filter is more of an intrusion into privacy than a safeguard for it. It is a portal with the power to put together a comprehensive picture of each of our lives. We should not misunderstand that that is what the filter can do. It raises many of the same concerns as a large and centralised store, with the added security concerns of protecting multiple distributed databases.

Public authorities will have a permanent ability to access the request filter, which will make it an enticing and powerful tool that could be used for a broad range of statutory purposes. The ability to conduct the complex queries that the request filter will allow for could increase the temptation to go on fishing expeditions—that is, to sift data in search of relationships and infer that concurrences are meaningful. That was one of the many concerns expressed by the Joint Committee on the Draft Communications Data Bill about the request filter proposal.

With the request filter power, authorities could use communications data to identify attendees at a demonstration and correlate that with attendance at other public or private locations in a 12-month period, or identify those regularly attending a place of worship and correlate that with access to online radio websites, inferring risk. Those examples show that the new ability risks casting undue suspicion on thousands of innocent citizens and mining their personal contacts for patterns, which is an unacceptable intrusion into the privacy and civil liberties of our constituents and British citizens generally.

Photo of Keir Starmer Keir Starmer Shadow Minister (Home Office)

I will not be long, but I want to raise some concerns about the provisions. It is clear—the Minister will correct me if I am wrong—that the arrangements are to assist a designated senior officer who is considering whether to grant an authorisation, and therefore has got to that stage of the exercise, and more broadly to provide for effective ways of obtaining communications long before there is serious consideration of a particular authorisation. Subsection (1)(a) applies in relation to the contemplation of a possible authorisation, whereas subsection (1)(b) is a much wider way of organising the data so that someone can later find what they want more easily.

The arrangements are made by the Secretary of State but then exercised by the designated senior officer, and we have discussed who will be doing that. It is so concerning because the provision allows for the designated senior officer, who in many cases will be not a high-ranking individual in a public authority, to start to organise the data that have been obtained under a retention power. It is therefore a very wide ranging power indeed.

I accept the argument that anything that allows the authorities to get to the data they need and moves out of the way data that are irrelevant to any possible exercise has real use. We will not oppose the clause because if the idea is effectively to deselect data on individuals who are not of interest, the sooner that is done the better. Nevertheless, I echo the concerns that have already been expressed that it is a very wide power that will in the end be exercised by relatively low-ranking individuals in an authority to look at and organise a huge amount of data. I have real concerns about the clause, but, for the reasons I have identified, we will not be voting against it.

Photo of John Hayes John Hayes Minister of State (Home Office) (Security) 4:45, 14 April 2016

We can probably satisfy the need to address the concerns that have been raised. First, let us be clear about privacy. To restate what I said when we began our consideration of the Bill, because there is no one’s canon that I like to draw on more than my own,

“privacy…is at the heart”––[Official Report, Investigatory Powers Public Bill Committee, 12 April 2016; c. 90.]

of all we do. The defence of private interests and the protection of the public are the essence of the Bill. This filter is, of course, an additional safeguard. It will allow public authorities, when they are dealing with such a request, to consider on a case-by-case basis what needs to be released and, by implication, what does not.

The Joint Committee on the Bill considered this matter in some detail and concluded at paragraph 38:

“We welcome the amendments that have been made to the Request Filter proposal. They constitute an improvement on that which was included in the Draft Communications Data Bill.”

There is, however, an argument about the process once a request has been made, and that is the argument made by the hon. and learned Member for Holborn and St Pancras.

The code of practice goes a long way towards making things clearer in chapter 9, paragraphs 9.1 to 9.4. Indeed, that chapter describes the request filter as

“an additional safeguard on the acquisition of communications data” that will work in tandem with other safeguards to

“limit the volume of communications data being provided to a public authority.”

Therefore, the filter is a way of eliminating unnecessary data from release.

Nevertheless, I hear what the hon. and learned Gentleman says about ensuring that the permission to do that is in the hands of the right people and dealt with in the right way. It might be that we can say a little more about that in the code of practice. I will take a look at that, because there is an argument for refining that part of the code.

In response to the hon. and learned Member for Edinburgh South West, it is clear that public authorities will sometimes need to make complex inquiries. For example, they may ask multiple questions of multiple communications service providers for data to identify an unknown person who is suspected of having committed a crime at different places and at different times. The complexity of the requests is the context in which the application of the filter will be applied.

Currently, public authorities might approach communications service providers for location data to identify the mobile phones in specific locations at the relevant times to determine whether a particular phone and a particular individual is linked to three offences. To get to the end that I have described, very large amounts of data would be required, so the filter process is both a safeguard—a protection—and a way of making the system more practicable. For all of those reasons, it is an important part of the Bill. Having said that, I hear what is being said about the process rather than the principle of it. Maybe we could look at the process, but I am absolutely committed to the principle and on that basis I commend the clause to the Committee.

Question put, That the clause stand part of the Bill.

The Committee divided:

Ayes 10, Noes 2.

Division number 8 Christmas Tree Industry — Filtering arrangements for obtaining data

Aye: 10 MPs

No: 2 MPs

Aye: A-Z by last name

No: A-Z by last name

Question accordingly agreed to.

Clause 58 ordered to stand part of the Bill.

Clause 59