I beg to move, That the Bill be now read a Second time.
In my statement to the House last Thursday, I made clear the urgent need for narrow and limited legislation on communications data and interception. There is no greater duty for a Government than the protection and security of their citizens when we face the very real and serious prospect that the police, law enforcement agencies and the security and intelligence agencies will lose vital capabilities that they need in order to do their jobs. Communications data—the “who, where, when and how” of a communication, but not its content—and interception, which provides the legal power to acquire the content of a communication, are crucial to fighting crime, protecting children, and combating terrorism.
Communications data can be used to piece together the activities of suspects, victims and vulnerable people. They can prove or disprove alibis. They can identify links between potential criminals. They can tie suspects and victims to a crime scene, and they can help to find a vulnerable person who is at risk of imminent harm. Interception—which can take place only in limited circumstances, and with a warrant authorised by a Secretary of State—can prove vital to the investigation of the activities of suspected terrorists and serious criminals. Without those capabilities, we run the risk that murderers will not be caught, terrorist plots will go undetected, drug traffickers will go unchallenged, child abusers will not be stopped, and slave drivers will continue their appalling trade in human beings.
Will the Home Secretary put some flesh on the bones of what she has said, particularly for the benefit of Northern Ireland, which gives reality to this? I understand that in the past three years more than 300 people have been convicted of serious and organised crimes. Can the Home Secretary confirm that many of them were brought to justice as a result of this very type of intelligence activity?
The hon. Gentleman is absolutely right. The use of exactly this sort of data is important not just to the investigation of crime, but to the bringing of criminals to prosecution. Work done by the Crown Prosecution Service has shown that communications data have been used in 95% of serious and organised crime cases, and that that has been important not just to the investigation but to the prosecution. These are important data: they are vital to the fight against crime and the fight against terrorists.
However, as I explained last week, we currently face two immediate problems. First, the recent judgment by the European Court of Justice has called into question the legal basis on which we require communications service providers in the United Kingdom to retain communications data. Secondly, we face the increasingly pressing need to put beyond doubt the legal obligation for communications service providers who supply services to people in the UK to comply with our laws on interception, irrespective of where they are based.
The Home Secretary has, I am sure, been advised that the Bill will be within the continuing scope of European Union law, and that the charter of fundamental rights and the general principles of European law will continue to apply. No doubt she will also understand that the Bill is itself subject to future challenge by the European Court of Justice. I draw attention to my manuscript amendment, which I hope will be selected, and which would remove any doubt about the fact that the Bill, if enacted, will have full effect notwithstanding the European Communities Act 1972
I note what my hon. Friend has said, but, having examined the judgment of the European Court of Justice, we believe that UK legislation already complies with many parts of it, and we have specifically ensured that other issues that were not addressed in the judgment are addressed in the Bill.
The Home Secretary says that she has brought the Bill into line with the EU ruling. However, the ruling made it very clear that blanket retention of data was not permissible, and that retention of data must be specific to a threat regarding a group of people or a particular time. It is precisely that blanket retention that has been ruled illegal.
One of the issues that emerged from the ruling of the European Court of Justice was the scope of the data retention directive. The Court believed that it was too broad, and that it was necessary to be more specific about the purposes for which data could be retained. Our legislation was already specific, but we have looked at it again, and we are very clear about its focus in terms of how it will be operated and in terms of its scope. We are addressing the very issue that was raised by the Court.
Both today and last week, the Home Secretary has drawn a distinction between the data and the content. May I suggest to her that reliance on that distinction may not be legally valid in the future? For a start, she has already said that the data are often used to establish or disprove an alibi, and thus to prove someone’s whereabouts. They can be used to establish whether someone banks with a particular bank, or whether someone uses a particular doctor or dentist. I merely suggest to the Home Secretary that, in the world of Facebook and other even more modern ways of messaging, a reliance on the difference between data and content will not stick.
The hon. Gentleman is right in the sense that as technology changes and people use new methods of communication, we need to ensure that our agencies’ capabilities and powers, and the legal framework within which they operate those capabilities and powers, are indeed appropriate in relation to the technology as it develops. For that reason I considered introducing a further communications data Bill in this Parliament, but that is not to be, and it is definitely not what today is about. Today is simply about retaining the status quo.
As for the hon. Gentleman’s main point, the review of the capabilities and powers that are needed against the background of the threat that we face and the correct legislative framework will be important in that regard. It will, I hope, look ahead and ask what legislation the House needs to pass to ensure that we can deal with the environment in which we find ourselves.
Let me take the Home Secretary up on that point. Will she tell us now, at this early stage in the debate, whether she will accept new clause 1, which has been tabled by the shadow Home Secretary?
Obviously we shall come to that in Committee, but I am happy to say to the House now that I recognise the shadow Home Secretary’s desire to put the review in statute so that there is no question but that it will go ahead. I want to be clear about what the review will cover, and how we can ensure that it does the job that I think we all want it to do in looking at capabilities and powers and setting the right regulatory framework, and does it in a way—[Interruption.] The hon. Gentleman says “Just say yes”, but I do not say yes to an amendment if I do not think that it will deliver technically what everyone wants. [Interruption.] The hon. Gentleman says from a sedentary position, “Oh, come on,” but he was one of the Members who earlier stood up and talked about the importance of proper parliamentary process, so I am sure that he would not want to see amendments added to Bills if they did not deliver what everybody wanted them to deliver.
Given the breakneck pace at which MPs have been asked to come here and make decisions on the Bill, it is extraordinary that the Home Secretary cannot stand at the Dispatch Box and say yes or no about an amendment that has been tabled. What is the answer: yes or no? She wants MPs to make decisions today, but she cannot make decisions on amendments.
We have just had an hour-and-a-half debate in which Members have been talking about the importance of parliamentary process. We have a parliamentary process called Committee stage at which amendments to the Bill will be properly considered, and that debate will take place then. I have indicated to the House that I understand the desire of some Members to ensure that the review of the capability and powers that are needed and the regulatory framework is on the statute book to ensure that that does, indeed, take place. David Anderson, the reviewer of counter-terrorism legislation, has indicated that he will lead that review and there is widespread support for that given the excellent job he does in his current role. However, I want to make sure that, in looking to ensure we undertake that review, the Bill is drafted in a way that delivers what we all want to be delivered. I would have thought that that was entirely reasonable. That debate will take place at the Committee stage, when the hon. Gentleman will be free to wax lyrical about the nature of the amendment.
May I bring the Home Secretary back to what she was talking about before, which is what is loosely described as blanket retention? It is not possible for the police to identify, before a crime has been committed, the range of telephone calls made and received about which it would be helpful for them to have communications data in order to pursue that crime. Therefore, the retention of data for a period is the only way the system can work.
My right hon. Friend is absolutely right. People often argue, “Actually, all you need to do is retain data from the point when you’ve identified a suspect or that a crime has taken place,” but when somebody has been murdered, for example, it may be necessary to go back and identify calls between the victim and a number of people. That is why it is important to be able to retain data from the past, but that is for a limited period. Previously, under the regulations that were agreed by this House, 12 months was the set period for retention. One issue that the European Court of Justice raised was that there should not just be one period of retention for all types of data. We are addressing that by making it a maximum period of retention, so it would be possible in any notice to a communications service provider to say that a particular type of data is required to be retained for a period of less than 12 months. We are, therefore, introducing the flexibility that the ECJ required.
Will my right hon. Friend confirm that the same point she has been discussing about the retention of data in criminal and terrorist investigations will be equally valid in the police’s pursuit of child abusers and paedophiles? In a month when this issue has been so important to so many of our constituents, will she confirm that the legislation will be a critical tool in the police’s battle against child abusers and give us an idea of the implications of our not passing it?
My hon. Friend is absolutely right and the use of communications data is often absolutely vital in tracking and identifying that group of criminals. Without this use of communications data we would not be able to do that, and I fear that child abusers would go free as a result. The director general of the National Crime Agency has already made it clear that capability is being lost in this area. From memory, I think that almost 50% of communications data used in child abuse cases are more than six months old, hence the need to be able to retain data for up to 12 months.
Judging by some of the questions asked, there is a lack of understanding as some Members seem to think that in some way the use of communications data is new. Will the Home Secretary confirm that as far as the Crown Prosecution Service, and indeed its predecessors, are concerned, such use has been an absolute staple of bringing prosecutions ever since telephones came into existence? In fact there is no difference between the nature of the communications data acquired today and that which was acquired in the past in terms of showing who contacted whom.
I thank my right hon. and learned Friend for his intervention, and what he says is absolutely right. He hits the nail right on the head. I know, Mr Speaker, that it is not normally the case that Ministers at the Dispatch Box refer to legal advice that is given to them, but may I say how much I valued the legal advice my right hon. and learned Friend gave when he was our excellent Attorney-General?
Will the Home Secretary give way?
Yes, but I do need to make some progress so that others can get in.
The key issue is that the Home Secretary says this Bill does not extend powers beyond existing legislation, but I understand there is some doubt whether the Bill impacts differently from the current legislation on web-based e-mails. With regard to further scrutiny of these measures, as we have only limited time to discuss the Bill now, if we pass it and it subsequently becomes apparent that there are doubts whether it extends the powers of Government, what is the Home Secretary’s position? How can she come back to this House to get matters reassessed in that situation? That is a real concern for my constituents. If it is subsequently proved that powers are extended—despite her current assurances, which I accept—there must be some mechanism for dealing with that.
There is no change to the definitions that are already in existence in terms of the communications data that it is possible to access. That is why I say the Bill is about just replacing the situation we have at present. On the hon. Gentleman’s second point, I note that the Opposition have tabled an amendment suggesting that there should be a six-monthly review by the appropriate commissioner of the operation of this Bill. We are willing to accept that amendment, so that a process is in place that will reassure people that the Bill does exactly what the Government are saying: it merely replaces the powers already in existence.
If the commissioner finds in the six-monthly review that there are concerns that the legislation is going beyond the current position, is there a mechanism for that to be reported back to this House for further discussion and action?
Yes. The commissioner currently reports annually on these matters, and the Opposition proposal, as I understand it, is that he would report on a six-monthly basis. He would, therefore, not just be looking at the situation, but reporting on what was happening. Were he to find that there was any extension of powers, that would be made clear to people. However, I remain of the opinion, because this is what we intend, that the Bill is purely about enabling the powers that we have today to be continued in future.
There is debate about whether the powers are new, and I personally do not think they are, but will the Home Secretary give the assurance I tried to get from her yesterday, when perhaps I was not clear enough in asking for it? If she were asked to sign a warrant—these are mostly warranted powers—which involved a power that it was obvious to her would not have been available other than from this Bill, would she refuse to sign it on the basis that a new power had inadvertently been created?
My hon. Friend says most of these are warranted powers: of course the lawful intercept section of the Bill is in relation to warranted powers, but communications data are not subject to warrants signed by a Secretary of State. [Interruption.] I am about to answer the question. I am not quite sure who said that. [Interruption.] Oh, the hon. Member for Perth and North Perthshire (Pete Wishart); I might have guessed.
Certainly, I would expect only warrants that would fall under current lawful intercept powers to come to me. On the issue of lawful intercept, it has been the contention of this Government—and, I believe, the previous Government when they passed the Regulation of Investigatory Powers Act 2000—that that had extraterritorial application. That has been legally questioned and we have continued to assert that that is the power that currently exists. The Bill puts that beyond doubt, by putting it clearly into primary legislation, so nobody can be in any doubt that the power that we have always said existed does in fact exist. That is the entire point, and I might add that I think a number of people may take comfort from the fact that my hon. Friend the Member for Cambridge (Dr Huppert) does not consider there to be an extension of powers in this Bill.
I raised this issue when the Home Secretary made her statement last week, but she is aware that some of the service providers do not accept the extraterritorial application of RIPA. She is now asserting that RIPA does have extraterritorial effect under this Bill. If some of those communication service providers maintain their current position—that it does not—what powers does she have to enforce the extraterritorial nature of the Bill and what sanctions will be available to ensure general compliance with its extraterritorial effect?
The point about putting this beyond doubt in the legislation is obviously that it strengthens the ability to enforce in this area. The enforcement capabilities remain as they were previously—taking out an injunction against the company concerned, with the sanctions that that might entail. The position is not changing; what is changing is simply being absolutely without doubt that the extraterritoriality is there, because it is now in the Bill, rather than it being asserted by Government as having been the intention of the previous legislation.
I will now attempt to make some progress. I have made the point that urgent action is needed—
Before she moves on, will the Home Secretary give way?
I have been extremely generous, but I will give way to my right hon. Friend.
This is more a philosophical than a practical point for the Home Secretary, but what is the implication of our demanding extraterritorial powers for the likes of Google and others for, say, China, Russia and other unpleasant powers claiming the same power?
What this Government are doing is putting into legislation the powers that we believe it is important for us to have so that we can protect the British public. I know that my right hon. Friend has some difficulties with some aspects of what the Government are doing. I think it is right that we continue with the powers that we have had to enable us to protect the public, keep people safe and ensure that we catch criminals, terrorists and paedophiles.
Action is needed to ensure that we maintain the capabilities that protect us from those who would do us harm. The Bill provides the legal clarity needed to ensure that the use of those capabilities can be maintained by doing two things: first, by providing the legal basis for us to oblige domestic companies to continue to retain communications data; and secondly, by putting beyond doubt the application of the law of interception to all companies that provide communication services to people in the UK, regardless of where they are based.
When I made my statement to the House last Thursday, I received considerable support from Members on both sides of the House. I am extremely grateful for that support and would like to pay tribute to everyone who has shown willingness to work together on an issue as important as the protection of the public. In doing so, let me also thank the right hon. Member for Leicester East (Keith Vaz), the Chairman of the Select Committee on Home Affairs, which I gave evidence to yesterday and which wrote last night to say that it supported the legislation. He indicated that he was sure that a successor Committee would want to look carefully at any legislation that was brought forward, but I am grateful to the Committee for its support on this particular matter.
The hon. Gentleman is a member of the Home Affairs Committee, so I will allow him to intervene.
That was, of course, on a majority vote, and I was reminded that in the last Parliament the Home Affairs Committee endorsed 42 days’ pre-charge detention, which obviously I voted against. My right hon. Friend the Member for Leicester East (Keith Vaz) was the Chair at the time and, if I may say so, he is a very good chap indeed, but he knows where the wind blows.
That sounds to me like something that is best left between the hon. Gentleman and the Chairman of the Home Affairs Committee. Prudence suggests that I should move on rather than respond to that.
We have just had a debate on the business motion, in which my hon. Friend the Minister for Security and Immigration set out the reason for the timing of this legislation, so I will not go into that in detail, but I will talk about the provisions of the Bill. The Bill is short and narrowly focused and provides a limited response to a set of specific challenges. Clause 1 provides the clear legal basis for us to oblige domestic companies to retain certain types of communications data. Currently, those communications data are retained by communication service providers under the data retention regulations passed by Parliament in 2009, which implemented the EU data retention directive in the UK.
Although we are confident that those regulations remain in force, following the ECJ judgment, we must put beyond doubt the need for CSPs to continue to retain communications data, as they have been doing until now. If we do not do so, we run the risk of losing access to those data, which, as I have said, are vital for day-to-day policing. Our very strong data protection laws mean that, in the absence of a legal duty to retain specific data, companies must delete data that are not required beyond their strict business uses. The loss of those data would be potentially devastating. As I said earlier, it would impact seriously on the ability of the police, law enforcement agencies and our security and intelligence agencies to investigate crime, solve kidnappings, find vulnerable people in danger, uncover terrorist links and protect children.
Will my right hon. Friend explain for my benefit why it is legitimate to have the 12-month limit with the approval of Government, but not with the approval of the European Court of Justice?
The European Court of Justice did not say that a 12-month retention period was unlawful. It said that it recognised the need for access to and retention of the data, and it questioned the periods that were set aside. In fact, the data retention directive said that data could be retained for up to 24 months—we had previously used 12 months, rather than 24—but one of the issues was that it was said that requiring the retention of every type of data for the same period of time was not right and proportionate, and that it was necessary to be able to differentiate. We are introducing that differentiation by setting our data retention period at a maximum of 12 months, so that notices issued to CSPs for certain types of data can, if it is felt to be right, ask for retention to be for a shorter period.
As I have said, communications data are used in 95% of serious and organised crime investigations handled by the Crown Prosecution Service and have played a significant role in every Security Service counter-terrorism operation over the last decade. Clauses 1 and 2 will ensure that we can maintain the status quo by replicating our existing data retention regulations. As I have indicated, the Bill gives the Secretary of State the power to issue a notice to a communications service provider only if he or she considers the retention to be necessary and proportionate. As I said in response to my hon. Friend the Member for Isle of Wight (Mr Turner) and other hon. Members, the data retention notice will specify the duration for which data are to be retained, for up to a maximum of 12 months. If it is not proportionate to retain certain data for a full 12 months, a shorter period can be chosen. The data types that can be retained will be limited to the strict list of data types that are currently specified in the 2009 data retention regulations, and there will be a clear requirement for the Secretary of State to keep any data retention notice under review.
When it comes to the battle against terrorism, there is an ongoing, daily issue with the threat and carrying out of attacks in Northern Ireland, never mind all the other threats to national security. Does the Home Secretary agree that if this legislation were not passed, we would face an extraordinary situation, in that data retention powers would exist in the Irish Republic, because there they are in primary legislation, whereas in Northern Ireland, where the main threat exists, the Police Service of Northern Ireland and others would be deprived of a massive tool in the battle against terrorism and in co-operating with their neighbours down south?
The right hon. Gentleman makes an extremely important point. He highlights one of the reasons why it is important to pass this Bill and retain this capability in relation to communications data and lawful intercept. He is absolutely right: because the Republic of Ireland brought its communications data regulations into primary legislation, it does not have to respond to the ECJ judgment. It is because ours were in secondary legislation that we have to respond to the judgment.
Using headlines like “Terrorism” or “Organised crime” and so on obviously chimes with the public, but I have never understood why one of the reasons for retention, in section 22(2)(c) of the Regulation of Investigatory Powers Act 2000, is if it is necessary
“in the interests of the economic well-being of the United Kingdom”.
There are accusations that these data-gathering exercises are in fact used for industrial and economic espionage by countries in the “Five Eyes”.
One point that I mentioned earlier, which was made by the European Court of Justice, was in relation to the scope of the Bill. We are making it absolutely clear that the purposes are serious and organised crime, national security and economic well-being, and we are clarifying the definition of economic well-being in so far as it relates to national security.
It says in the Bill that a retention notice may be necessary for one or more of the purposes
“falling within paragraphs (a) to (h) of section 22(2) of the Regulation of Investigatory Powers Act 2000”.
It is, as I said, economic espionage.
Clause 3 (1) states:
“Section 5 of the Regulation of Investigatory Powers Act 2000 (power to issue necessary and proportionate interception warrants in interests of national security, to prevent or detect serious crime or to safeguard the UK’s economic well-being) is amended as set out in subsection (2).”
Subsection (2) reads:
“(economic well-being of the UK), after ‘purpose’ insert, ‘in circumstances appearing to the Secretary of State to be relevant to the interests of national security’”.
It might be worth the Home Secretary adding subsection (4) of clause 3, which explicitly links economic well-being to national security.
I am grateful to the right hon. Gentleman. Indeed, subsections (2) and (4) define economic well-being in terms of the interests of national security.
The ECJ ruling in April was critical of the data retention directive because it said it did not contain the necessary safeguards in relation to retained data. I said that to the House last week and referred to it earlier this afternoon. Of course that ruling did not take into account the different structures, regimes and domestic laws that are in place in individual member states. Our communications data access regime, primarily governed by RIPA, has strict controls and safeguards in place. The data can only be accessed when it is necessary and proportionate for a specific investigation, and access is limited and subject to a strict authorisation regime, which was specifically endorsed by the Joint Committee on the draft Communications Data Bill. Clause 3 provides an important clarification in that it makes it clear that the statutory purpose of safeguarding the economic well-being of the UK can only occur when it is in the interests of national security. That is already the position, but the Bill puts that position beyond doubt.
Part 2 of the Bill deals with the question of interception. The House will know that interception can only take place when a warrant has been authorised by a Secretary of State, when he or she considers it to be necessary and proportionate and when the information sought cannot reasonably be obtained by other means.
The Home Secretary has been very kind this week. May I just ask her this question? The former head of GCHQ told me last week that the Wilson doctrine extended to all the digital communications of parliamentarians. Will she confirm that the effect of that is that only MPs and peers of the realm are excluded from this legislation?
Obviously, the Wilson doctrine applies to parliamentarians. It does not absolutely exclude the use of these powers against parliamentarians, but it sets certain requirements for those powers to be used in relation to a parliamentarian. It is not the case that parliamentarians are excluded and nobody else in the country is, but there is a certain set of rules and protocols that have to be met if there is a requirement to use any of these powers against a parliamentarian.
In relation to intercept, I mentioned the need for agreement from a Secretary of State. If the National Crime Agency wants to listen to the telephone calls of a drugs trafficker, or the Security Service wants to read the e-mails of a suspected terrorist, agreement is needed from a Secretary of State first. I see warrant applications day in, day out, and can personally attest to the care with which they are prepared, the seriousness which those applying for them attach to complying with the statutory restrictions and the gravity of the cases with which they deal. Warrant applications provide the detailed intelligence background that forms the basis on which a person is being sought.
Ministerial oversight, which I share with the Foreign Secretary and the Secretary of State for Northern Ireland, is a vital safeguard to ensure that this sensitive and intrusive power is used only when it is necessary and proportionate. But in the absence of explicit provisions in legislation, as has been mentioned in a number of interventions, some overseas companies have started to question whether the law applies to them. Indeed, as the Prime Minister said last week, some companies are already saying that they can no longer work with us on interception unless UK law is clarified immediately. This Bill does exactly that.
Will the Home Secretary reflect again on the intervention by the right hon. Member for Haltemprice and Howden (Mr Davis)? If a foreign Government who are routine abusers of human rights passed the same legislation through their Parliament, could they then intervene on an internet service provider based in this country to obtain data on their citizens, in the same way that the British Government take that power for themselves in another jurisdiction?
The power that we are taking is to be able to serve a warrant in relation to somebody who is based overseas. There would be implications for anyone attempting to apply to serve something into the UK in relation to the operation of that under UK law.
Clauses 4 and 5 make it clear that RIPA applies to all the companies that provide communications services to people in the United Kingdom, regardless of where those companies happen to be based. The final clause contains the sunset provision, which means that the legislation will expire at the end of 2016. I recognise that a number of Members have suggested that this sunset clause should be at an earlier stage. I say to them that the reason it has been put at the end of 2016 is that we will have a review by David Anderson which will report before the general election. It is the intention that a Joint Committee of Parliament will look at his work and that of the Intelligence and Security Committee. It will then be necessary to put the required legislation in place. If anyone stops to think about that timetable, it is clear that it could not be completed by the end of this year.
Is the Home Secretary aware that many of us in the House feel that it is a very long time for a sunset clause and that, despite what she says, it could be earlier? That makes her acceptance of the Opposition’s proposal for six-monthly reviews all the more important and welcome. Will she confirm that those reviews—perhaps this is something that will be developed later—will specifically report on there being no extension to the powers in the Act?
Of course, that matter will be debated later when the Opposition amendment is debated. As I understand it, the intention of those reviews is to provide for a facility for the appropriate commissioner to report on the operation of the legislation such that if there were any extension of powers, it would be possible for that to be brought to the fore as a result of the work that was being done.
I talked about the timetable. If Members think about the processes that we want to go through to ensure a full and proper consideration of the capabilities and powers that are needed to deal with the threat that we face and then about the right legislative framework within which those powers and capabilities would be operated, they will realise that that requires sufficient time for consideration and then for legislation to be put in place. That explains the need for the sunset clause at the end of 2016.
I just want to make a brief mention of secondary legislation. In addition to the Bill, secondary legislation will be required to cover the detail of some of the data retention regulations. We cannot formally introduce the regulations in advance of the enabling legislation being enacted, but I have placed copies of the draft regulations in the Library—that happened, I believe, at the end of last week—for Members to scrutinise alongside the Bill. Our intention is to ensure that the secondary legislation can be scrutinised and approved by both Houses before the summer recess. The draft regulations mostly replicate the existing data retention regulations, which were approved by Parliament in 2009, but they also contain strengthened safeguards to respond to points raised by the ECJ judgment. They allow for data security requirements to be set out in the data retention notices, and ensure that this retention can be overseen effectively by the independent Information Commissioner. They also create a code of practice on data retention, thus putting best practice guidance on a statutory footing.
Given that the European Court of Justice was striking down a European directive as well as our legislation, what action does the EU propose to try to sort out this legislative muddle?
The European Union will consider the necessity of a further data retention directive in due course, but it will take some time to be put in place. As my right hon. Friend knows, the European Parliament has recently changed and the European Commission will be changing, so it will be some time before the issue is addressed. As anyone who has dealt with such matters at any stage knows, it can take some time for proposals to be considered and finally agreed.
Alongside the legislation, of which I have stressed the urgency and importance, it is right that we balance the use of sensitive powers against the public’s right to privacy. I have detailed the limits on access to communications data and interception that will be enshrined in the primary legislation. In addition, I announced last week a package of measures to strengthen safeguards and to reassure the public that their rights to security and privacy are equally protected. We will reduce the number of public authorities able to access communications data. We will establish a privacy and civil liberties oversight board. We will appoint a senior former diplomat to lead discussions with other Governments on how we share data for law enforcement and intelligence purposes. We will also publish an annual transparency report on the use of sensitive powers.
It is apparent to all in the House and has become increasingly evident over recent months that there is a problem with the low level of public awareness of the legislative measures, the safeguards and the framework. The interception of communications commissioner has produced an extremely good report on the use of these powers, in particular by GCHQ, rebutting many allegations about mass surveillance and considering targeting and warranting. However—I hesitate to say this—his report has probably been read by perhaps a handful of people in this country. What can the Home Secretary do to ensure that there is much more public awareness? Hopefully, the annual transparency reports and the new boards will help, but it is urgent and pressing that the public should understand exactly what the framework is, what the authorities and powers are and what the agencies are doing.
The right hon. Lady makes an extremely important point. She is right that Sir Anthony May produced a first-class report that set out the powers and how they are used and was clear about their rightful use. Sadly, perhaps because it was not a “shock horror” report, it did not receive an awful lot of publicity. I hope that the Government’s commitment to an annual transparency report will help in this regard. The Intelligence and Security Committee, on which the right hon. Lady sits, is carrying out its own review of privacy and security and I hope that it will get some publicity when it is completed. It therefore behoves all of us to try as far as possible to promote the message that effective oversight is in place.
The Home Secretary is being very generous in giving way. As she said, little of the legislation is new; it is clarifying what needs to be clarified. However, the annual transparency report is something new that puts more information in the public domain than ever before. Is that correct?
Yes indeed. It will be the first time that Government have published and made such information available. People will therefore be able to see rather better exactly how the powers are used by, for example, seeing the number of requests made.
For clarification and to inform the public, would it not be better for a Minister to come along and at least make a statement and be questioned once every six months on the basis of the interception of communications commissioner’s report?
The hon. Gentleman makes an interesting point. Ministers, including myself and the Foreign Secretary, go in front of the Intelligence and Security Committee. The ISC produces an annual report as well as other reports on specific subjects. I can assure the hon. Gentleman that I am often questioned about such matters when I go before the Home Affairs Committee, so Ministers are held accountable in a number of ways.
I referred earlier to the review of the powers and capabilities that the police, law enforcement agencies and security and intelligence agencies need and to the regulatory framework under which they are regulated. The review will consider those matters in the context of the threats that we face. As I said earlier, David Anderson has agreed to undertake the initial phase of that review. The measures that I have set out are in addition to the considerable safeguards already in place, including the oversight, as referred to by the right hon. Member for Salford and Eccles (Hazel Blears), by the various commissioners and the Intelligence and Security Committee.
As I made absolutely clear last week, the Bill merely preserves the status quo. It does not extend or create any powers, rights to access or obligations on communications companies that go beyond those that already exist. It does not address the same problems or replicate the content of the draft Communications Data Bill, published in 2012. The use of modern technology and changes in how people communicate have caused a decline in our ability to obtain the communications data that we need. I continue to believe that the measures contained in the draft Communications Data Bill are necessary to bridge that gap, but that is emphatically not what we are considering today. Parliament will need to return to those issues following the general election. The review to be undertaken by David Anderson, to which I have just referred, will consider the issue and I hope it will inform the debate.
I want to express my thanks to both sides of the House for the support they have given to the Bill. I would like to emphasise once again the need to get this Bill enacted before the recess. If we delay, we face the appalling prospect that police operations will go dark, trails will go cold and terrorist plots will go undetected. If that happens, innocent lives may be lost. We cannot allow that, so I urge the House to work together within this time frame to ensure that the police, the law enforcement agencies and the security and intelligence agencies have the capabilities that they need to protect the public and keep us safe. That is what the Bill is designed to do and I commend it to the House.
The Home Secretary will recognise that Parliament has been put in a difficult position by this week’s emergency legislation. It has been left until the final full week of Parliament before the recess and must be published and debated in both Houses in a week, and it relates to laws and technologies that are complex and controversial. They reflect the serious challenge of how to sustain both liberty and security, and privacy and safety in a democracy. This is therefore not the way in which such legislation should be done. Let me be clear that its last-minute nature undermines trust not only in the Government’s intentions, but also in the vital work of the police and agencies.
I have no doubt that the legislation is needed, however, and that we cannot delay it until the autumn. After the European Court of Justice judgment in April, legislation is needed to ensure that the police and intelligence agencies do not suddenly lose vital capabilities over the course of the next few months and that our legislation is compliant with EU law. So Parliament does need to act this week so that existing investigations and capabilities are not jeopardised over the next few months, but this is a short-term sticking plaster. As we support the legislation today, we must also be clear that we cannot just go on with business as usual, when the powers and safeguards that keep us free and safe are rarely discussed and only debated behind closed doors. I want to set out today why this parliamentary debate needs to be the start of a much wider debate about liberty and security in an internet age, why we can only pursue this short-term legislation if it is the beginning and not the end of the debate, and therefore why this legislation is needed in the short term, but also why safeguards are needed, too.
Does the shadow Secretary of State accept that the legislation will be within the scope of EU law and the charter of fundamental rights, in which the previous Government got themselves into a pretty average muddle—if I may put it that way—and that the general principle of EU law will prevail? Does she therefore also accept that it is possible that the European Court of Justice could come back to this legislation, as it did with the Merchant Shipping Act 1988, and strike it down if in fact it takes the view that it is incompatible with EU law? Would she accept the idea in principle—
Order. This is an intervention. A large number of people want to speak. Interventions are getting a little too long and I would be grateful if they could be shortened.
The hon. Gentleman will be aware that it is always possible for there to be court challenges and legal challenges to our legislation and to individual decisions. The Government have gone to some lengths to ensure that the legislation before us is compliant with the European Court judgment, with European law and with our own legal framework.
The shadow Home Secretary said that this will be the start of a debate about privacy and security, and those of us who have been campaigning on this issue for many years welcome her conversion. Does she accept that the debate has already started and that many of us have been pushing the issue for some time, much as we welcome her addition to it?
The hon. Gentleman can always be relied on to pop up in these debates. I have heard that his support for the legislation has made some in this House question whether it is strong enough. Surely it cannot be, if he is supporting it.
The hon. Gentleman will know that I made a speech 12 months ago in which I talked about the need to strengthen the system for commissioners and for oversight in this area, and that I made a further speech at the beginning of March in which I raised specific issues about online security and liberty. The Deputy Prime Minister also made a speech that week which raised some of these issues. I am concerned because I think that, overall, the Government have not responded to some of the challenges. They still have not recognised the wider need for public debate and reform.
Does the right hon. Lady think that in striking down a directive that Labour agreed to, the European Court of Justice went too far, or does she think on reflection that the directive went too far?
The right hon. Gentleman will know that the directive went considerably further than the regulations we passed in this country. As I recall, the European directive was drawn up in the wake of the 7/7 bombings in London and the terrorist attacks that took place at that time and was designed to provide a framework to ensure that different European countries could legally take the necessary action to investigate terrorism. However, the decision we took in the UK was to implement it much more narrowly, to ensure that safeguards were in place and to ensure that there were safeguards in the operation of the Regulation of Investigatory Powers Act 2000. I think that those safeguards now need to go further in the light of changing technology, and it is important that we do that.
I recognise that the Home Secretary wants only to maintain the status quo and to ensure that powers are not suddenly lost over the summer, but the problem for us is that the status quo is being challenged by the pace of new technology, by the struggle of police and agencies to keep up, by the limitations of a legal framework that dates back to 2000, by the weakness of oversight that does not meet modern expectations, by the Snowden leaks, by the global nature of the internet and by private companies that, in the case of most of us, hold, access and use far more of our private data than any police force or intelligence agency might do.
Although the Government keep on saying that the status quo is remaining as the status quo, 10 years ago it was the status quo that all electronic communications of MPs were covered by the Wilson doctrine. Earlier this year the Minister for the Cabinet Office and Paymaster General said quite the reverse when he stated that metadata about MPs’ communications was now being kept by the Government.
My understanding is that the Government do not keep metadata on UK citizens and that the data retention directive is about the information that companies hold, but I would certainly be very surprised if companies were able to separate out the billing data for MPs, for example, from that of any other British citizen. It would be startling if they were able to do so. My hon. Friend is right that one would expect things such as the data retention directive to cover not just MPs but all UK citizens in that way, but my point is that the Government cannot take for granted the need to restore the status quo. We need to debate it and we need reform.
My real concern about how the Government handled the issue is not only about the delay in introducing the legislation after the Court judgment in April and the limited time we have to debate it. It is bigger than that. It is about the Government’s failure to rise to the bigger challenge and debate of the past 12 months. They have said almost nothing in response to the Snowden leaks, to provide either reassurance or reform. They tried to limit the debate over the draft Communications Data Bill, drawing it too widely, and have never been clear about what they really wanted and needed to achieve. They have not faced the new challenges of the digital age and recognised the importance of changing technologies and expectations. They have not started a serious review of the legal framework or the powers and oversight needed. The Home Secretary made a speech a few weeks ago that set out some of the safeguards needed, but it has taken time for Ministers to do that.
The right hon. Lady is making an interesting point. Is not the implication of her last six sentences that the Labour party should support the sunset clause being brought forward to Christmas of this year, which would force the debate that she is asking for?
I want to come on to that point in detail, because it is an important one. The wider considerations, the detailed review of the legislation and the public consultation that we need will take longer than just five months, and it is important that this is not simply about repeated sticking-plaster legislation. We need to have a sustainable debate about how to get the right kinds of reforms to sustain the framework for the longer term and, crucially, about how we get public consent in this.
In the US, they have had a public debate. President Obama led a debate on liberty and security after the Snowden leaks, setting up an independent review group last summer. His response robustly defended much of the work that the US agencies do as vital to national security, but he also recognises the need for stronger safeguards. Our system has many more legal safeguards than the US system. For example, our warrant system is much narrower than theirs, and rightly so. We also have strong public support for the work of our intelligence services and the police, but that is no reason to avoid the debate and hope that it will go away. That is what I believe that the Government have done since last summer.
I want briefly to reinforce the right hon. Lady’s point. I have just come back from talking to St Albans Women’s Institute and the ladies made exactly that point. They asked what the difference would be, what it was all about and what it will mean to the public. There will be a problem in getting the message across through the media and the public will not understand why there has been this sudden rush to legislation
The hon. Lady is right. Although we know that there are issues about the Court judgment and its implications over the summer, there will be considerable concern about the pace at which this Bill has been introduced and has been debated in Parliament. The short-term debate would be easier if there had been a wider longer-term debate about the question of a sensible framework in which the public could feel involved and have their say. If emergency issues came up, as they will from time to time—for any Government in any circumstances there will be court judgments that suddenly mean that an emergency response is needed—it would be so much easier to have the emergency debate against a backdrop in which the broader issues of security and liberty, and how we balance them in an internet age, are being properly debated and discussed, with public involvement.
Those of us who believe in the vital work the police and agencies need to be able to do should be the most ready to debate both the powers and the safeguards that are needed, because they must have public consent. We cannot hide behind a veil of secrecy. Of course, that debate must be handled with care so that we do not expose important intelligence capabilities that need to be kept secret to be effective, but we can have a debate about the legal framework, about the principles and about the powers and safeguards we need.
We know the vital work that we want the police and agencies to be able to do: building the intelligence that foils terrorist attacks; providing the fast response needed to find the last location of a missing child or murder victim; and stopping online fraud and cyber-attacks, which are escalating with every month. We also know that people will only continue to support those vital powers if they also know that there are proper safeguards: protection for innocent people’s privacy; public reassurance about what that protection really is; safeguards so that powers cannot be abused; safeguards, checks and balances on what the police and intelligence agencies can do; and a Government and Parliament that recognise that this is difficult and do not try just to sweep it all under the carpet and deny the public a say.
The lack of a wider debate is making it harder to have a short-term debate today. This is not the right way to have this debate. However, I also believe that we cannot reject this legislation now; it would be wrong to do so. We need to support it today, but we must also use it to get the wider debate that we need.
Let us be clear about what is at stake. The Court judgment means that the regulations on data retention need to be replaced; otherwise, they will fall altogether. This is about the requirement for companies to hold their billing data and other communications data for 12 months. This does not refer to the content of the calls and messages; it just covers the communications data. If the police are investigating a crime or pursuing an emergency that involves risk to life or limb, they can get a warrant and ask the companies to hand over the data relating to the suspect. As the Home Secretary has said, these data are used to identify conspiracies, prove alibis, locate missing children and find out who is committing online crimes or sending online child abuse. The police need warrants to do this, and the data do not tell us what people are saying. They cannot tell us the content of an e-mail—that is private—but they can help us to solve crimes.
These data are particularly important in dealing with serious and organised crime. For example, they can show that drug dealers who claim not to know each other have in fact been calling each other every week. They can show who the armed robber called to help him get away from the scene of a crime, or where a missing child was when their phone was switched off. They can also help to trace who a terror suspect contacted before they went to Syria, for example, and to work out who might be grooming or radicalising more young people to go there.
These data are used in court in 95% of the serious and organised crime cases that reach prosecution. They are particularly important in relation to online child abuse, because they allow the police to get warrants, to contact companies to find out the name and address of the person who has sent vile images of child abuse and to rescue children who are being hurt. A recent Child Exploitation and Online Protection Centre investigation resulted in the arrest of 200 suspects and identified 132 children who were at risk of abuse. The prosecutions and actions needed to rescue those children were made possible only through the use of communications data. A similar investigation in Germany, where communications data are not held, led to only a handful of cases being investigated.
The Assistant Commissioner of the Metropolitan police has described the importance of communications data to rape investigations. She has said:
“As to robberies and rapes, it is very usual for phones to be stolen. The stranger rapist, on many occasions, will take the phone from the victim and within 24 hours we find the rapist.”
The data also protect our children’s safety. In one case that the Joint Committee looked at, an online help service contacted the police, worried about a child who had posted on their website a threat to commit suicide. The police contacted the relevant companies, which helped to track down the service user’s name and address, then sent the local police to the door to find that the child had hanged himself but was still breathing. Fast action and communications data saved his life.
It is because we recognise how crucial this evidence is to so many investigations that we believe it would be too damaging to the fight against crime and terrorism for the police to lose this information this summer. The Government have rightly made changes to ensure that the new legislation can comply with the ECJ directive. They have narrowed the number of organisations that can access the data, for example, and introduced further safeguards to ensure that the process is necessary and proportionate.
The second part of the Bill is more complex, as it addresses the global nature of our telecommunications. Increasingly, the companies that help us to communicate with each other, with the family members we live with and with our neighbours and friends down the road, are based abroad. They should not be excluded from UK law just because of where their headquarters are based. International companies have been covered by and complied with RIPA for many years. Indeed, the legislation has always made it clear that companies should be covered if they provided services in the UK. We recognise, however, that other court judgments have made it more important to be explicit about legislation that has extraterritorial effect, rather than just leaving the arrangements implicit in the legislation. Again, it would jeopardise important intelligence if we were to ignore this factor.
Similarly, on telecommunications data, we have sought assurances from the Home Secretary that these measures are not an extension of powers and that they are only a clarification of the arrangements that already exist and of practices that already take place. It is important to recognise that this is not just about the legislation. The Home Secretary has now given the House assurances that the way in which she issues warrants will comply with that intention not to extend those powers, and that this is simply about maintaining the powers that are already in place.
This means that the safeguards are extremely important. The safeguards in the Bill and in the regulations are welcome. They ensure that the legislation is temporary, as well as restricting the purposes of the legislation so that it cannot be used only for purposes of economic well-being, and restricting the number of organisations that have access to data. We welcome the proposals for a privacy and civil liberties board, although we will need more debate about how that should work and how it should fit with our proposals to overhaul the commissioners and ensure that there is stronger oversight.
Does my right hon. Friend agree that it is important to have the widest possible consultation with as many groups as possible before the names are put forward for the new board?
My right hon. Friend is right, and I would certainly expect the Select Committees to play an important role in that process. There needs to be a debate about the way in which the board should work. It has considerable potential. Wider, more substantial reforms of the existing framework are needed, including, for example, to the structure relating to the commissioners, who in theory have oversight of different parts of legislation, and to the role of the counter-terrorism reviewer, which is more effective than the work of some of the commissioners. We need to look at the whole framework in determining how the privacy and civil liberties board will fit in with the wider reforms that we need. That might need to be a two-stage process: the introduction of the board and reforms made to the commissioners’ structure in the light of the wider review that we are calling for. We have tabled amendments to secure such a review.
The review of the legislation is particularly important. For some time, we have been calling for an independent expert review of the legal and operational framework and in particular of the Regulation of Investigatory Powers Act 2000. As a result of the communications data revolution, the law and our oversight framework are now out of date. As my hon. Friend the Member for Rhondda (Chris Bryant) has said, new technology is blurring the distinction between communications and content, and between domestic and international communications, as well as raising new questions about data storage. We therefore need to reconsider what safeguards are necessary in an internet age to ensure that people’s privacy is protected.
We need stronger oversight, too. We need to know how far the new technology is outstripping the legal framework, and what powers and safeguards are needed for the future. We need to determine how warrants should operate, who should have access to data, and whether the police and intelligence agencies have the lawful capabilities that they need. The police need to be able to keep up with new technology, but the safeguards need to keep up, too. All those elements should be included in the scope of the first stage of the independent review by the counter-terrorism reviewer, David Anderson.
I congratulate the right hon. Lady on the long list of considerations that she wishes her party to look at, but has she considered the easy availability of strong cryptography? What is her party’s position on that?
I will not pretend to be an expert on individual technologies or on the legal framework that is needed to safeguard them. That is exactly why we need an expert review. The honest truth is that most of us here in Parliament are considerably less expert on these technologies than our children, and we therefore need technological expertise as well as legal expertise as part of the review. That is the kind of review that David Anderson needs to lead.
We have tabled an amendment to put the review on a statutory footing and to outline some of the issues that it must cover, so that the House can be reassured that a sufficiently wide-ranging review will take place. It will need to look at the practice as well as at the legislation. We will also need to have a serious public debate about David Anderson’s conclusions, through the Joint Committee of both Houses and through taking public evidence. A public consultation must form part of that process. This is about getting the balance right, but it is also about ensuring that we have public consent. We cannot have any more sticking-plaster legislation; we need a serious and sustainable framework that will command consent for years to come.
Forgive me, but I am slightly confused. It is perhaps because I am a bit thick, but will the right hon. Lady clarify the current situation for me? Do we have these rules and regulations now? If we do not pass this Bill into law, how long can the police and the security services continue to have access to these data?
The Home Secretary responded to a similar question earlier. The advice that I have received is that the UK regulations are still in place, but that they are likely to be challenged and likely to fall as a result of the European directive having already been struck down. The consequence of that would be that we might risk losing some of those powers over the summer, before Parliament returns in the autumn, and we should not put the police and intelligence agencies in that position. The hon. Gentleman will have heard me argue for the wider reforms and wider debate that is needed, but in the short term we should not pull the rug from underneath the police and intelligence agencies this summer as a result of a European Court judgment.
The right hon. Member for Haltemprice and Howden (Mr Davis) said that the sunset clause should simply be moved to five months’ time. I understand the intention of the hon. Members who have signed the amendment, and I recognise their concern and their desire to increase the short-term scrutiny of the legislation, but I fear that if we do that, we will simply be stuck with another unsatisfactory sticking-plaster legislation process. We will not have the time to obtain the conclusions of the expert review, to consult on them, to debate, to take evidence or to draw up proper primary legislation with the more substantial reforms that I believe are needed. If we continue with repeated sticking-plaster legislation, we will undermine public consent in this process even further. That is why we must not rush things; we must do it properly. We are doing quite enough rushing this week, as it is, without trying to rush through the more substantial debate that we need within five months. That is why the longer period is needed.
Hon. Members are right that we need stronger safeguards in the short term, right now. We need more reassurance that the Bill is doing what the Home Secretary has made clear. That is why we have tabled a second amendment, and why I welcome the Home Secretary’s indication that she will accept it. It is about requiring the intercept commissioner in the mean time to report on the operation of the Bill every six months. During that period, we need to know whether the Bill is simply being used to continue the work that was being done before or whether it is being used to extend the Government’s powers against the will of Parliament. The six-monthly review will reassure the House that the Bill is being implemented in the way that Parliament intended.
We also want to see longer-term reforms, including strengthening the Intelligence and Security Committee so that it has the same powers as other Select Committees and an Opposition Chair, and we believe that an overhaul of the commissioners is needed. We currently have lots of different commissioners, and even when they do excellent reports no one notices them because the reports are not public-facing. Too often, they are limited to assessing compliance with existing legislation rather than looking at whether the legislation is still appropriate or effective.
This is a difficult debate for Parliament today. We have legislation that is urgently needed, but it is against the backdrop of us all knowing that a much wider debate is called for. So we have to make sure that that debate happens and that sustainable reforms are brought forward. Too often, this debate becomes polarised. The hawks say that we need stronger powers to protect national security, but they will not say what and why. The civil libertarians say that it is all a conspiracy; that they do not believe the scare stories; and that privacy is paramount. But most of us, and most of the British public want both—security and liberty, safety and privacy. We want to be kept safe from fraudsters stealing our identity or our money online. We want our children’s innocence kept safe from abusers, and paedophiles to be caught. We want the police and intelligence agencies to be able to track down murderers, fraudsters and terror suspects.
However, we also want to know that, unless we are suspected of a crime or terrorism, we have a right to protection of our information and privacy. We want to know that people will not be listening to our calls, reading our e-mails or checking out where we have been surfing on the web; to know that there are fair, up-to-date laws governing what Government agencies, the police and private companies can do; and to know that there are safeguards, checks and balances in place to make sure that those laws are upheld.
Yes, we need to pass this Bill today, because the powers that it retains are too important to the protection of public safety to lose carelessly one summer. But we also need a proper debate about the balance of privacy and safety, and how we maintain both liberty and security in an internet age, because both are essential to our democracy. Today must be the start, and not the end, of that debate.
Order. There is a six-minute time limit on all Back-Bench contributions. I remind Members of the timetable. This debate must end by 5 pm. On that basis, we have more speakers than time, unless we can make rapid progress.
I begin by paying tribute to the shadow Home Secretary and the Opposition for deciding to give their full support to this measure. It is always reassuring to the nation as a whole when political parties come together—we do not do it very often—on an issue of national security. Especially with emergency legislation, that has a powerful and beneficial impact, and reassures many members of the public who might otherwise be concerned.
The Intelligence and Security Committee has considered the Bill, and we have taken evidence from the intelligence agencies on its content. If we were concerned in any way that the Bill simply added to the powers available to the Government and that they were using a fast-track procedure to implement it, we would not be able to recommend its endorsement, but we are satisfied that that is not the case.
I have listened carefully to some of the comments by those on both sides of the House who are opposed to the Bill and have criticised it. Part of the argument is that it is shocking that, when the European Court of Justice has repudiated the directive, we should defy that decision. They have not taken the trouble to read properly what the Court said. It was clear. It did not oppose the retention of data under national laws based on the directive. I shall quote the judgment:
“the retention of data for the purpose of their possible transmission to the competent national authorities genuinely satisfies an objective of general interest, namely the fight against serious crime and, ultimately, public security.”
The Court’s objection—it was an understandable point—was that the directive contained insufficient proportionality and safeguards. The directive covers 28 countries, and some of them did not have previous legislation or experience in this area and simply implemented everything that the European directive seemed to permit them to do. However, as the shadow Home Secretary rightly said, that has not been the practice in the United Kingdom. Most of our safeguards had already been introduced, and continue to apply.
Let me remind those who have criticised the proposal what the safeguards include, which are far broader than the narrow approach of the directive. First, for any intelligence agency to use the powers, it has to satisfy not just itself but the Secretary of State and Parliament that to do so is in the interests of national security, fighting serious crime or protecting economic well-being, which is linked to national security. If it does not meet that requirement, the agency cannot use the powers in the first place.
Secondly, the European Court directive allowed data to be retained for up to two years. In the United Kingdom it has never been retained for two years; a maximum of a year is allowed. That is a considerable improvement. Many countries do not have the system that we already have of the interception of communications commissioner, who is able to examine the use of the powers and report both to Parliament and to the Secretary of State if he thinks that they are being used in a disproportionate way or not for the purpose that Parliament intended.
It is therefore an important consideration that the United Kingdom happens to have this experience and has used the powers in a proper and responsible way—we are not the only country, but it does not apply to all 28 members of the EU.
The right hon. and learned Gentleman cites the interception of communications commissioner as some kind of safeguard, but is he aware that the commissioner has recently ruled that there has been
“significant institutional overuse of existing powers”?
That same commissioner is already warning us.
We will have to see the context in which the commissioner made that remark, but I have read his report and he gives a clean bill of health to the intelligence agencies on communications data, which is what we are talking about here. He has answered many of the criticisms that have been made elsewhere and said that they are unfounded and unjustified. I am sure that the hon. Lady has read that report. Perhaps she should re-read it and then she will remember the point that she momentarily forgot when she intervened.
The other important part of the Bill relates to questions of extraterritoriality. This is a difficult and sensitive issue, because obviously many communications service providers are not UK companies and would be reluctant or might refuse to recognise any restrictions imposed on them. I shall read out one sentence from the explanatory notes that have been prepared for the benefit of the House on this part of the Bill, which explains why this is an important and justifiable provision. The explanatory notes state on page 4:
“While RIPA has always had implicit extraterritorial effect”—
the Government themselves have said that it is extraterritorial—
“some companies based outside the United Kingdom, including some of the largest communications providers in the market, have questioned whether the legislation applies to them. These companies argue that they will only comply with requests where there is a clear obligation in law.”
In other words, up till now it has been implicit that the legislation is extraterritorial—that has certainly been the Government’s view—but that has never been spelled out explicitly. That is what the Bill now seeks to rectify, and we are told in the explanatory notes that some of the communications providers based outside the United Kingdom have said that that is what they are looking for. If it is an explicit obligation, they will be willing to comply with it. If it is not, they will have to consider whether they wish to do so or not.
There will be other providers which, even with that explicit statement, still decline to co-operate. Our Government have to decide what they will do to try to change that situation, because it is a very unsatisfactory one. We are talking about companies that operate within the United Kingdom. We are not talking about what they are doing in America, France, Germany or other countries. They should co-operate in the way that United Kingdom companies co-operate and in a way in which some overseas companies are prepared to co-operate. They recognise the public interest, and they recognise the need for these provisions in the battle against serious crime in particular, not to mention terrorism and such matters.
The House and the public can be reassured that what is in the Bill is not what we have been told is in it. Its purpose is to maintain the current situation. To oppose the Bill would create an enormous risk, if indeed the provisions, which are currently in regulations, were challenged before the courts and were then struck down. Therefore I certainly and, I think, my colleagues on the Intelligence and Security Committee, recommend these provisions to the House.
It is a pleasure to follow the right hon. and learned Member for Kensington (Sir Malcolm Rifkind). I am not sure whether he and I are the best people to support the Home Secretary. It seems to be de rigueur in some quarters to believe that members of the Intelligence and Security Committee and former Home Secretaries lose any sense of the need to support the noble causes of protection of privacy and promoting civil liberties as soon as they come into office. We are supposed to have all that sucked out of us as we walk down Marsham street.
Sometimes, as a non-tweeter, I am lectured about the importance of privacy by people who send a tweet every time they brush their teeth. Leaving that aside, I suppose that, just as it is impossible to imagine a new Foreign Secretary arguing for Britain’s withdrawal from the European Union, it is impossible to imagine a Home Secretary being caught up with the more fundamentalist wing of the civil liberties group. That does not mean that we do not care about civil liberties.
Leaving aside Home Secretaries and distinguished Chairs of the Intelligence and Security Committee, the people who work in the security services and the police and the Child Exploitation and Online Protection Centre are equally concerned about issues of privacy. The one thing that sometimes irritates me about this debate is the idea that we could direct them. In this country, with all our values, which we sometimes seem to believe exist only within this Chamber or within Members of Parliament and Ministers, that is a ludicrous suggestion.
For me, there is one test for the Bill—the Ronseal test: does it do what it says on the tin? Let me assure Opposition Members that the Home Secretary prior to 2010, who was me, operated entirely on the basis of this Bill. I have sprinkled rosewater on it, I have held it up to the light, I have closely examined all six clauses. Apart from the ambiguity, which others have referred to, we always believed that we had protection in respect of CSPs based overseas and that they were subject to the law on communications in the UK. We always operated in that way, and it is as well to make that clear. Would it not be ludicrous if it worked any other way?
It would not only be ludicrous; it would be an invitation to companies to re-site themselves outside the United Kingdom, for fear of placing themselves at a competitive disadvantage.
Of course. The right hon. Member for Berwick-upon-Tweed (Sir Alan Beith) made a very important point earlier about the need for a blanket provision. We need to keep blanket information. How will we resolve the cases that the shadow Home Secretary set out so effectively without that provision?
I admit before this House that I believe these laws ought to go further. I have made that clear before. I agreed with the Home Secretary in the foreword to the draft Bill a couple of years ago, which says that we cannot allow continuing and new technologies to remove this capability, but I accept that this is not the place to argue for that. Indeed, I believe that the new provisions set up under David Anderson, the Privacy and Civil Liberties Oversight Board and the examination that David Anderson will carry out, make it more probable that we will have an informed debate when the matter comes before Parliament.
The right hon. and learned Member for Beaconsfield (Mr Grieve), who is not in his place, spoke about telecommunications, but before telecommunications, there was the Post Office. It has always been the case that we have used these kinds of powers to protect this country against our enemies. When I joined the Post Office as a postman in 1968—I know that is a long time ago—there was a whole unit in St Martin’s le Grand occupied by MI5, or the service, as it was called, where technicians wore rubber gloves and sat with very strong lights and large kettles, steaming open letters. I add, incidentally, that I was not one of those people. I know that by reading “The Defence of the Realm”, the splendid history of MI5 written by Christopher Andrew.
Christopher Andrew also tells us that in 1969, 221,000 postal items were opened in this way. There had been an increase of 135,000 on 1961. The interception of communications commissioner’s report in 2013 shows the total number of interception warrants authorised by the Home Secretary. Bear in mind that 221,000 letters were opened in 1969. The number of warrants authorised in 2013 was 2,670. That shows that, although there is a more complex problem, although the challenges are more complex and, I would say, the threats to this country are more severe—that our citizens are in a more perilous position than they were in the 1960s is arguable, but that is what I believe—it is incredible that we have a much greater grip on the issue now. We have far more surveillance and far more oversight of these matters than we had, and that is very healthy.
In my view, we are today defending what is there already. If there was an addition to those powers—I was pleased to hear the Chair of the Intelligence and Security Committee say that the Committee had looked at this—I would not support the Bill and I would not have supported the programme motion earlier. Members in all parts of the House see this as important. Let us not lose the capabilities that we have before we debate whether those capabilities need to be added to.
It is a particular pleasure to follow my old sparring partner from east Yorkshire on this as much as on any other issue.
As I have only a short time, I shall focus on one issue alone out of the four that affect the Bill. When this Government brought a different but related Bill before the House, the so-called snooper’s charter, it was, frankly, an embarrassment. It was pilloried by the Joint Committee on the draft Communications Data Bill and heavily criticised by both MPs and Lords. One clear fact that arose from that review was that many thought that RIPA, the Bill upon which this legislation is based, was simply not fit for purpose, that it was too loose, and that if the snooper’s charter came before the House at some later stage, many would use it to rewrite RIPA. Certainly many Liberals thought that, and a number of Conservatives too, and some Members of other parties. That may be one reason why the Government are uncomfortable about giving this Bill a full procedure over several weeks, with a proper Committee and Report stage, and so on; because they may find that they get a tighter definition of RIPA than they previously had.
The House knows that I am not a great fan of the British Government being told what to do by the European Court of Justice or the European Court of Human Rights. I much prefer that British liberties—our freedom, our privacy—are protected by Parliament. But the harsh truth is that Parliament has been a weak defender of our freedoms this past 20 years, and the process we face today, crashing the Bill through the Commons in a single day—even more poignantly on reshuffle day; I see the empty Benches around me—is an awful demonstration of that. One consequence of that slack attitude is that we have bumped more and more frequently into treaty obligations and international court judgments against us, where Britain should be the shining example, not the villain of the piece. The Bill does nothing to correct that.
The Court, as a number of speakers have mentioned, branded the untargeted mass collection of our data—European rather than just ours—as a
“wide-ranging and particularly serious interference with”
It is arguably the case that, in some ways, Britain is the most extreme example of that across western Europe. Because the Bill does nothing to correct that particular aspect, it is likely to face legal challenge, and may well fail as a result. It will not be beneficial to security in this country if that happens.
Much of this failure hinges on the fact that access to communication data in this country is not subject to judicial approval. It is one of the differences between ourselves and America and some other European countries. It is approved by officers of the same organisation that request it. The result of that—the point that I think the hon. Member for Brighton, Pavilion (Caroline Lucas) was referring to—is that too many people have too much access, too easily, to too much data. That is the core point. Therefore, we use this power in that respect more often than many of our international colleagues.
There were 514,000 authorisations and notices reported in the RIPA 2013 report. It is difficult to compare countries, but to give a partial comparison—
I thought I heard the right hon. Gentleman say that those who authorised communication data requests were the same people as those who checked it. I think that the right hon. Gentleman will find that that is not correct. There is a system of surveillance commissioners who are there to do the authorisation, and the checking is done separately.
That is not correct, I am afraid. The authorisation process does not go to the commissioners. It comes back afterwards to the commissioners.
The point about this is the numbers. The Americans, with whom we can partially compare, use only 39,000 to 57,000 references in a given year. In Europe, the country that least admires the privacy of its nationals is France. Its total metadata approvals is 35,958—36,000. If we add in all the other approval processes, it still comes to less than half of ours. So access to our data has insufficient safeguards. There is no prior review to access by a court or independent body, and after-the-event oversight—the commission oversight—is incredibly under-resourced. The intention was that data be used only for the purposes of prevention, detection or criminal prosecution of offences that may be considered sufficiently serious to justify such an interference. There are 100,000 prosecutions for indictable offences that face custodial sentences in the UK each year. About 80,000 end up in prison. We are talking about 500,000-odd approvals to deal with fewer than 100,000 prosecutions.
The Government seek to diminish the importance and sensitivity of communications data by distinguishing it from the content of the communications. At one time this firm distinction stood up and was credible, but now, because of technology, rather than going the other way and making things more difficult for the agencies, the scale of the internet and mobile phone technology has provided an intimate picture of people’s personal lives. In the ECJ’s words:
“This data, taken as a whole, may provide very precise information on the private lives of the persons whose data are retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, activities carried out, social relationships and the social environments frequented.”
In other words, it is an incredibly intrusive piece of information.
As I said, I do not like taking lessons from the ECJ, but on this they are absolutely correct. These measures are just not proportionate. They were badly designed in 2000—I am sorry to say to the right hon. Member for Blackburn (Mr Straw)—and they have got worse with the passage of time and technology. The Government have not listened, and accordingly have left themselves open to legal challenge. While the Bill may be law by the end of the week, it may be junk by the end of the year.
It is a huge pleasure to follow the right hon. Member for Haltemprice and Howden (Mr Davis), who has an unrivalled knowledge of these issues. He is right that we should be cautious in dealing with legislation of this kind. The latest figures we have are that the number of tweets being issued every year is 150 billion, the number of mobile phone contracts has reached 82 million, the number of landlines is 24 million, and the number of broadband connections is 21.7 million. So a lot of data are flowing about. That is why it is extremely important that we consider these matters very carefully. I for one associate myself with the wish of all those who have spoken, including the Home Secretary, that we had longer to scrutinise this legislation so that we could raise the kind of issues that have been raised so far but in much greater detail.
Yesterday, the Home Affairs Committee took evidence from the Home Secretary, who was subjected to quite robust questioning from members of the Committee on this issue. In particular, the hon. Member for Cambridge (Dr Huppert), who is something of the expert in these matters, was able to raise a number of points that Members had concerning the speed of the legislation going through the House and its detail. Of course it is not satisfactory that we had only one session. We would have liked to have had more sessions. We would have liked to have had the Minister for Security and Immigration before us, but that was not possible given the time scale.
The Committee wrote to the Home Secretary supporting the Government’s view. My hon. Friend the Member for Walsall North (Mr Winnick) is right: he did not support the letter being sent, nor its contents, but every other member of the Committee did, representing every other major party in the House. As he knows, he often finds himself in a minority of one on issues that are voted upon in the Committee. That in no way means that we do not take his view seriously. Of course we do. He is a very distinguished Member of the House. But that was the view of the Committee, as I correctly reported to the Home Secretary in my letter last night. It echoed what the Prime Minister said to me and other Select Committee Chairs when he said that this was not a land-grab; that this was existing legislation and not about additional powers. I and the Committee support this on the basis of the assurances given by the Prime Minister to me at Downing street, and to other Select Committee Chairs, and to members of the Committee only yesterday by the Home Secretary, that no additional powers are being sought by the Government. I think that that is the basis upon which the shadow Home Secretary and the official Opposition also support the Government.
There are two issues that I hope the Minister will take on board in Committee. The first, of course, is the need to ensure that the scrutiny process is as robust as possible. The Home Affairs Committee recently published a report on counter-terrorism. Its conclusions—I will not go through them all because they are too long—talked about enhancing the role of Parliament and the various commissioners. We felt that it was unacceptable that at least one of the commissioners was part time, with a part-time secretary to deal with these very important issues. We felt that some of the commissioners should be amalgamated to produce full-time people who are able to scrutinise the work of the security services.
The second issue is that the Committee felt that David Anderson should be given additional resources. A feature of our reports over the past few years has been that we have praised the role of the counter-terrorism assessor and asked that he—only men have occupied the post—be given additional support in order to do his job effectively. We rate David Anderson’s work, but we think that he could do much better if he had more resources. He has not asked the Committee for more resources; it is our view, having looked at the evidence and heard from various parties.
That is why it is extremely important that we have a privacy and civil liberties board that is widely representative of those with an interest—all the stakeholders. I urge the Government to consult widely, including with the Select Committee and others outside Parliament, before the names of the board members are announced so that they can work with the independent assessor and do a job that is robust, fair and has the confidence not only of this place, but of the British public.
Reluctantly, given the time scale, we support the Government, accept the assurances that have been given and hope that they will return to Parliament frequently to inform us of any additional information or powers they seek so that there can be proper and appropriate scrutiny, which we have recommended should be conducted by our successor Committee once it is formed in the next Parliament.
I accept that the timing of the Bill is unfortunate. This is the second time in three years that a Court case that was known about well in advance has produced a result that has caught the Government flat-footed and necessitated emergency legislation. It is also unfortunate that this is being done so quickly, because there is great cynicism towards the state among the general public, and dealing with these matters in this way does nothing to address that problem. However, it is the content of the Bill, rather than the timing, that is the central issue.
The content of the Bill maintains existing powers, and those powers are important where it counts, which is at the sharp end of these things; at the criminal trial of the person accused of serious criminal activity, where the sort of evidence that these powers produces can mean the difference between conviction and acquittal. I know that because I prosecute those cases and have used the evidence produced as a result of these powers.
It is worth bearing in mind the alternative. It is worth thinking about what would happen if it was not possible to have access to that sort of information. Imagine two alternatives. First, consider an individual who is stopped by the police and has his telephone on him. Nobody would suggest that his telephone should not be looked at. Nobody would suggest that it should not be plugged into a computer so that the content can be interrogated. Nobody would suggest that, if his telephone was known to be in his house, the police should not be able to go through his front door, break the lock on a cupboard and retrieve it if that was necessary for the purposes of evidence.
Secondly, consider another individual who has no telephone on him but in whose home the police find a telephone bill. Is the suggestion that they could not use the telephone bill to go to the service provider and see whether they can find the same sort of information that they would have been able to take from the telephone had it been in the individual’s jacket pocket? Is it really being suggested that we should not use technology at all in the investigation and prosecution of serious crime? If that is not being suggested, and there is therefore no difficulty about the use of the technology, the only issue is the extent to which that is fettered by regulation and law, and that is not a matter for this debate, because the Bill is about provisions that already exist.
In serious criminal trials up and down the country today, people are using evidence that deals with the fact of a text message and its content, the fact of a telephone and information that has been retrieved from answerphones, information from social media, and the fact of an e-mail and its content. However, there is a distinction between what can be taken from a computer, if a computer is found, and the data that can be retained and accessed if the hardware is not there, but that is a debate for another day.
As far as the Bill is concerned, its effect, which is to maintain powers that have previously existed, to allow access to data that have previously been accessed and to prosecute people in the same way they have been prosecuted in the past, does not deserve the general challenge that it is receiving from those who simply do not like the idea of retaining data, and the criticism that it somehow opens Pandora’s box as far as privacy is concerned. The idea that the police should be able to identify someone who might become a criminal so that only their data are retained is absurd. The idea that data need be retained for only a short period of time ignores the way in which drugs conspiracies, for example, are investigated, where the drugs are traced from the individual on the street back to the wholesaler, from the wholesaler to the central supplier, and then from the central supplier to the importer. That all takes time, and if the data are not retained for a period, by the time the importer is identified, all their data have gone and the link cannot properly be established.
It is all very well to talk about the importance of privacy—I completely understand and respect those who prioritise that—but there is a conflict between the effective use of data to prosecute serious crime and privacy in the sense that the fact of something or the existence of something will not be made available to law enforcement bodies and a recognition that with that will come an inability on the part of the police and the prosecutor to deliver convictions that, at the moment, go a long way to keeping people safe.
I am glad to follow the hon. Member for Dewsbury (Simon Reevell), because although none of us remotely underestimates the difficulty of finding a proper balance between liberty and security—some might come down in different places on that—I say with respect to those who are criticising the data retention practice in the United Kingdom, rather than the policy of the EU, which is greater, that there is a fundamental logical fallacy in what they are arguing, as the right hon. Member for Berwick-upon-Tweed (Sir Alan Beith) exposed powerfully. It is this: where there is a suspect for a crime, it is for a crime that has been committed in the past. The police will not know who that suspect is until they come to the police’s attention, at which point they have to get historical evidence. These days, part of that historical evidence will be in data records. They have to be able to access everybody’s data records in order to find those of one particular person, because the police, no more than the rest of us, are not given powers of clairvoyance with which to anticipate who is and who is not to be a suspect. Unless or until I hear from opponents of this Bill and of data retention how the police can be expected to identify in advance those who are going to be suspected of crime, I have to say that the whole logical basis of their argument completely falls away.
I always listen with interest to the right hon. Member for Haltemprice and Howden (Mr Davis). Indeed, there are areas where I have been in concert, if not conspiracy, with him. I think I am correct in saying that he said that Parliament has been a weak defender of our liberties in this field over the past 20 years. With respect, I beg to differ. Forty years ago, almost to this month, after six hours of questioning by former police officers as part of my security vetting procedure, I was interviewed by a senior officer of the Security Service. He explained to me that a file had been kept on my family since at least since 1961, when I was 15 and my sister, who was the subject of one of the original reports, was 17. In order to identify a discrepancy that had arisen between what I had said and what they thought they knew, he had to show me my file—a big, thick manila file was produced. He went on to question me as to what contact I had had as president of the National Union of Students at the end of the 1960s and the early ’70s with the student national organiser of the Communist party. I said that I had met this man from time to time at a pub in Covent Garden. “Oh yes,” he said, “You met that man at the Sussex Arms in Covent Garden on these dates, and this is what you discussed.” I mentioned that in my book and it is a great tribute to the modern Security Service that it and the Cabinet Office approved of my relaying of the story.
At that stage, however, we were in the area of the secret state. There was no parliamentary oversight whatsoever of the intelligence or security agencies. The telephone tapping that happened to me and my family was the subject of no statutory warrant whatsoever. The past 30 years have seen this House progressively doing its duty by the citizen—from the Telecommunications Act 1984 and the Intelligence Services Act 1994 through to, I am proud to say, the Human Rights Act 1998 and the Regulation of Investigatory Powers Act 2000—to ensure that the necessary powers of the state to detect and prevent crime and to secure national safety are the subject of proper controls.
Of course, as technology changes, the law should take account of it—both sides of the House are agreed on that—but RIPA was a huge advance in terms of human rights, and that was how I introduced it to the House back in 2000. It is simply a matter of record that that Act applied overseas and there has been dispute subsequently about its exact wording. That is all that is being corrected by this Bill and I defy anybody to challenge that.
There is one area in which this Bill will, indeed, change the law. Clause 3 will change the basis for obtaining a warrant for intercept on grounds of economic well-being. At the moment, in RIPA, economic well-being is the sole criterion without condition. In future, it will be subject to the interests of national security.
The right hon. Gentleman may be unaware that there has been a European directive since the late 1990s that links economic well-being to national security issues. It has been implemented in the United Kingdom through a code of practice, which is unsatisfactory, and it is that code of practice that will now appear as primary legislation.
I am aware of that, but the right hon. and learned Gentleman will be the first to accept that there is a world of difference between something in a code and something in a Bill. I note that not one critic can find the words to commend the fact that this Government, with support from the Opposition, are going to strengthen provisions, rather than diminish them.
As the right hon. and learned Gentleman has generously given me an extra few seconds, I will also address data records. Before the Telecommunications Act 1984 and the Intelligence Services Act 1994, data communications of all sorts were collected without any statutory control. That, too, has been the subject of repeated strengthening of the law, to protect the citizen. I hope this House will pass this sensible, necessary and very modest measure.
May I declare an interest at the outset? My wife works for Google, albeit in a role entirely unrelated to this debate.
It was US founding father Thomas Jefferson who declared:
“The price of liberty is eternal vigilance.”
He meant vigilance not by the state but by lawmakers, citizens and civic society. As the Government grapple with an undoubted problem—the proliferation of the means, and the volume, of communications used by terrorists and serious criminals—this House must exercise its duty of vigilance, particularly when legislation is being rushed through at lightning speed, increasing the risk that we get the balance wrong.
I for one would like to see Parliament remain in Session until the summer to make sure that we get this right. I urge the Government to look very carefully at the amendment tabled by the hon. Member for West Bromwich East (Mr Watson) and others, which would allow us to sunset this Bill by the end of the year, to give us time to put some proper legislation in place. That seems to me to be the one point in this debate that is utterly unanswerable—we must surely be able to enact a better piece of legislation in six months than in one day. If not, what would that say about hon. Members on both sides of the House?
Last Thursday, this House debated giving the European Court of Justice the last word on powers relating to crime, policing and extradition, yet today the Government are lamenting the ECJ’s ruling on UK surveillance powers. I hope that all hon. Members will wake up to the wider democratic erosion by the European Union of our ability to strike the right balance for ourselves through this Parliament and our courts.
Equally, I recognise the concern of the intelligence agencies about the capability gap between communications between nefarious individuals and groups and our capacity to keep track of them. However, even if legislation itself can provide a framework for collecting this rising tide of data in a safe way with adequate checks and balances, the real problem, to be frank, is not the gathering but the challenge of sifting through an exponentially increasing amount of communications data to find the missing piece of the security jigsaw. That is why, while they are invaluable in police investigations and prosecutions after criminal activity has occurred, the role of comms data in monitoring real-time plots by terrorists and criminals posing some kind of imminent public threat is, frankly, pretty minimal. I wish Ministers and shadow Ministers would be a bit more explicit and honest about that.
In that context, I want to make five points. First, it is not strictly correct to say that we are merely reasserting the legal status quo. Until recently, internet providers and other IT companies held communications data voluntarily, and the key issue was the terms on which the Government could access those data. They no longer need to retain those data for commercial purposes, so the nature of the relationship between the state and commercial operators has fundamentally changed from a voluntary to a coercive one. This is the first time that we have in effect put our legislative imprimatur on that change, and it will have major implications for the IT companies. There is a very real risk that they will be perceived by their customers as the privatised wing of an increasingly powerful surveillance state, and they are understandably very anxious about that.
The second issue is the extent to which we can retain our communications capability at least at the same level as before. I do not doubt that the technological revolution has dented our ability to track criminals, but I question whether we can realistically expect to maintain this particular operational capability, at least in the way we have in the past, just by gathering more and more data on every citizen. There is a world of difference between gathering the rising tide of communications data and the effective use of such data to improve our security. If our challenge is to look for a needle in a haystack, increasing the size of the haystack will not necessarily make that task any easier. The only way in which the authorities will be able to make effective use of the increasingly vast quantities of data is through data mining and profiling, which—mercifully—no Minister has avowed; it would have major ramifications for the relationship between the citizen and the state.
With that in mind, my third point is that our strategic approach to surveillance should focus our finite resources and our intrusive powers on national security and the most serious crimes that threaten public safety. Yet the Bill will retain powers not just for national security, crime and public safety, but for a long list of other purposes—from tax collection to economic well-being and public health—and, indeed, any other purpose that the Secretary of State may order. I appreciate that Ministers will say they are just copying RIPA, but that legislation is fundamentally flawed, and it is regrettable that we are just nodding it through again in such a rushed time frame.
Is my hon. Friend suggesting that he wants those aspects of the Bill removed before Third Reading?
Rather than the Bill just being nodded through, the key thing is to take advantage of a fairly light legislative timetable between now and the end of the year: we could pass the emergency legislation, and then get the job done properly and correctly, with the right balance.
The fourth issue is the extension of interception and communications data powers to cover foreign companies under clause 4. It is a new power, or at least there is an increase in the extent of the power. Have the internet and phone companies concerned agreed to this substantial assertion of extraterritorial jurisdiction? If not, how do the Government plan to get round the encryption and other security mechanisms in which many such firms take pride for the purpose of protecting their customers’ privacy? In practice, there are only three possibilities: that foreign firms co-operate voluntarily, which would be brand suicide; that that part of the Bill becomes utterly ineffective, because those with a malevolent intent quickly work out which providers will leave them immune to the powers that are enacted; or the nuclear option of the Government considering Chinese-style blocks or bans on offending modes of communication by overseas providers. Such unanswered questions are fundamental to the Bill, as they were to the draft Communications Data Bill before its demise. For all the legitimate concerns about privacy, it can equally be questioned whether clause 4 has any realistic hope of dealing effectively with the problem at hand.
Finally, as so often in this House we are yet again reaching instinctively for legislation to deal with issues that really require a stronger law enforcement capability. The annual Home Office statistics released last September showed that total terrorism convictions had fallen by 57% compared with the level in 2006-07. I have long called for a more robust prosecutorial capacity to fight terrorism and serious crime, such as lifting the ban on the use of intercept evidence, more plea bargaining and a stronger Crown Prosecution Service.
I am very conscious of the time, but the fundamental point is the need to recognise that there is a problem with communications data, but that we do not need to rush through the Bill or to repeat the mistakes of RIPA. I hope that Ministers will respond to the points made so that we can avoid passing in haste yet another piece of clumsy surveillance legislation that will erode our privacy as citizens without effectively tackling the undoubted security threat we face.
It is a pleasure to follow the hon. Member for Esher and Walton (Mr Raab). I listened to him carefully, and there is a problem with what he said. His starting point was that something needs to be done, but he then listed a whole lot of reasons on why nothing can be done. Although he made a very fluent speech, I do not think that it took us any further, except in saying that he wanted more time to consider the Bill.
I will start by discussing the time we have to develop our arguments and consider the Bill. One factor to be borne in mind is whether there is enough time for this House and for concerned experts and members of the public to get their heads round what is being proposed and to have a say. That is an important question that needs to be answered.
My hon. Friend the Member for Ellesmere Port and Neston (Andrew Miller) reminded me earlier that I was responsible for a piece of legislation called the Disqualifications Act 2000, which you will remember, Madam Deputy Speaker. Although the content of that legislation has no bearing on this Bill, it is comparable because it was a five-clause Bill that went through all its stages in the House in one 26-hour sitting. The quality of the debate as we got into the 23rd, 24th and 25th hours was probably not that good. I am not convinced that we got better legislation after sitting for 26 hours than we would have done had we sat for five or six hours.
In the time left to me, I will cover two clauses of the Bill. The first is clause 3. I will not speak about it for too long, because I tabled an amendment to it, along with my right hon. Friend the Member for Salford and Eccles (Hazel Blears) and other hon. Friends, that will be debated later. Amendment 1 covers the whole issue of economic well-being. The only thing I want to say at this point is that we at least need to have a debate about the scope of economic well-being. The purpose of amendment 1, which is a probing amendment, is to get the Government to give us some idea of the dimensions of economic well-being. The amendment tries to restrict it to three main areas, but there may well be other areas that should be considered. If there are, we ought to hear about them.
Clause 4 is the extraterritoriality provision. I well understand the need for it and will not speak against it, but I just fear that it might prove to be unworkable. I am looking for reassurance about how it will be carried out in practice. Let us imagine that there was a billing office for Google in Liverpool and that some relatively junior person in the organisation turned out to be the sole representative of Google in the United Kingdom. I am sure that that is not the case, but I am using it as a hypothetical example. My fear is that somebody who is well down the pay grades could, by virtue of being in an office that is owned by a parent company that is registered in Ireland or the United States, be the person on whom the notice is served to enact the warrant. That would be disproportionate. I might have misread clause 4. I will be quite happy if the Minister can ease my mind on the subject, but it does pose a bit of a worry for me.
In conclusion, when we are debating issues such as this, a couple of considerations must be borne in mind. The first is the amount of time that is available, which I have covered. The second is whether the provisions break new ground in policy terms. My reading of the Bill—I have read it carefully several times—is that it brings the Regulation of Investigatory Powers Act 2000 up to date slightly to address the problem that arose as a result of the European Court of Justice decision. In so far as it breaks no new policy ground, I do not think that there is necessarily a problem with what is proposed. I am quite prepared to support the Bill on Second Reading.
Order. I am setting the time limit at five minutes in the hope that everyone in the Chamber will get their five minutes before the winding-up speeches start.
I will do my best to comply with that, Madam Deputy Speaker—[Laughter.] Sorry, I meant to say that I will indeed definitely comply with that.
This is a difficult issue for those who, like me, have massive concerns about civil liberties and privacy. It is a pleasure to follow the right hon. Member for Knowsley (Mr Howarth). We do not always agree on these issues, but I care passionately about the abuse of surveillance that has taken place, and seeing the state have more control. I expressed that view when we got rid of the draft Communications Data Bill in calling for our only debate to consider the post-Snowden situation, and in the digital Bill of rights that my party passed. There is much we need to do, and I have called for many years for reform of the Regulation of Investigatory Powers Act 2000, and of other legislation such as the Telecommunications Act 1984, which has some really amazing powers in section 94. I therefore start off instinctively concerned about anything proposed in this way.
Communications data and lawful intercept are very important, although we need improvements in how they are dealt with—for example, communications data should be collected for a much shorter time. We could have a system of retention for a short period followed by preservation orders to address many of the concerns raised. Accessibility should be limited; there is definitely too much access with 500,000 requests a year. I believe we should have judicial warrants for lawful intercept, as that is a much better way to proceed. We can improve those measures, but we need them because it is clear that we face a problem now.
I raised this issue on 8 April when the Home Secretary appeared before the Home Affairs Committee on the day of the European judgment. I pressed her on the matter and she insisted that the regulations were still valid. I understand why she feels she has to say this, but I do not think it is correct. I think the Home Office is continuing on a hope and a prayer, and at some point that will end, and that is the emergency that persuades me. I am also very aware of the circumstances around the lawful intercept drop-off. That is true and I have spoken to many people, so I do not entirely trust the Home Office when it says there is a problem in some areas. I think the Home Office is largely to blame because of the way it has conducted itself in its interactions with other companies. When we considered the draft Communications Data Bill, we expressed concern that the way the Home Office misportrayed what companies were saying might drive some of them overseas, and we have seen that.
On new powers, the data retention regulations are as before but with more constraints; the Bill is slightly less powerful than what it gets rid of. Is lawful intercept a new power? We have had interesting discussions about whether we knew it was applicable overseas, and when we considered the draft Communications Data Bill we published a report that highlighted the fact that it appeared to impose no limits on the telecommunications operators to whom it applied. We heard from different companies about how they complied with the requests they receive. That should not be a surprise given that two years ago we published a report on that. I know that other hon. Members have been here longer. We knew this measure was there; it is not a new power.
What is not allowed is what was in the snoopers charter—the draft Communications Data Bill. We will not allow website logs; that is clearly not allowed by anything in that provision. There is nothing in the Bill that would allow domestic companies to be forced to collect information on third-party overseas companies, which was in the Communications Data Bill. Such things are not allowed and will continue not to be allowed.
There are safeguards, and if it were not for those there is no way I would support the Bill. I have called for these safeguards for many years. The Liberal Democrats made them a condition of acceptance of the Bill, and I am pleased that we have secured them. There is a sunset clause with no possible extension, and the RIPA review, which we desperately need.
Does my hon. Friend agree that, contrary to remarks from those on the Opposition Front Bench, it is not only the passage of time and the advance of technology that has discredited RIPA?
My hon. Friend is partly right. RIPA was an improvement on no regulations, but it gave far too much power to far too many people, and we needed to fix that situation much earlier. The approach taken by the previous Government to try to collect more and more powers with the interception modernisation programme and so forth is not the right way to go.
We have a number of safeguards. The Privacy and Civil Liberties Oversight Board that I and other hon. Friends have been mentioning for a while is an important safeguard and will be written into law. We are reducing by hundreds the number of bodies that are able to get direct access to data. Councils used to be able to get direct access to communications data to find out whether somebody was applying to the right school for their child. That is no more. This Government are ensuring not only that councils cannot get direct access, but that they also have to get a magistrate’s say-so. We have annual transparency reports—a key requirement—and the trimming of powers for access to communications data. A huge amount in the Bill provides safeguards and we are in a better place as a result, although we are not in a perfect place. I would like to see a much more substantial rewrite of RIPA, with many more limitations and a new approach. That is what I hope we will get from the RIPA review. We would certainly want any improvements that could be implemented to be implemented.
People often talk about the trade-off between security and privacy or civil liberties. I do not think it is a trade-off; I think we can have more of both at the same time. The Bill preserves the security we currently have, which is a good thing, and, because of the safeguards and the changes, it actually supports privacy and is a pro-civil liberties measure. The Guardian highlighted the fact that the Bill could
“prove a major opportunity to bring the relentless rise of the surveillance state under democratic control.”
The Independent said that:
“the law may in fact, in a few years, benefit the civil libertarian cause.”
Having seen sustained assaults over many years on this issue, I support that and hope we can achieve a better balance.
It is a pleasure to follow the hon. Member for Cambridge (Dr Huppert). He is a valued member of my Joint Committee on Human Rights, as was the hon. Member for Esher and Walton (Mr Raab). I was delighted to hear him quoting the banner of the Tower lodge miners, a great bastion of trade union freedom. The quote has been attributed to Franklin—it may well be—and to the Lord Mayor of Dublin, but today it has been made famous by the Tower miners. The opening statement by the shadow Home Secretary, who is not in her place, really did sum up that sense of the need to protect our liberties and the security of all our citizens. That is very much in the spirit of “eternal vigilance is the price of freedom”.
I am conscious that we have very little time, so I would like pose three questions to the Minister and then make reference to public confidence in Parliament. First, why was draft legislation not prepared during the two-year period in which the Government knew of the risk of the directive being ruled invalid, and why was Parliament not given a proper opportunity to scrutinise and debate the detail? Secondly, what exactly is the urgency that requires the complex issue of extraterritoriality to be dealt with by emergency rather than ordinary legislation? Thirdly, I will be writing to the Government, on behalf of the Joint Committee on Human Rights, to ask for a more detailed explanation of how our law meets each of the criticisms of the European Court, but there is one central question I would like the Minister to answer today. Why, in the light of the case law, do the Government consider that it is compatible with the right to respect for private life to continue to authorise blanket retention of communications data?
Let me turn to the vexed question of public confidence in Parliament. Emergency legislation such as this has the potential to undermine the public’s confidence in Parliament’s capacity to do its job of holding the Government to account. In the wake of the Snowden disclosures, there is widespread mistrust of the Government and the intelligence agencies when it comes to surveillance. Detailed scrutiny of the Government’s justifications for interfering with people’s privacy must involve civil society. To be democratically legitimate, that scrutiny must take place here in Parliament. The Government need to recognise that they do not have a monopoly on wisdom or expertise in these matters. They need to heed the views of parliamentarians and specialist parliamentary Committees, and the views of wider civil society.
Courts are also more likely to uphold laws that have been properly scrutinised by Parliament. Lack of effective parliamentary scrutiny makes it more likely that courts will find laws to be in breach of fundamental rights. This only feeds the public perception that Parliament is disempowered in relation not only to the Government, but to the courts.
Let me give a good example of that. Last year the Jobseekers (Back to Work Schemes) Act was passed as emergency legislation only days after it was introduced. My Committee was unable to report before the Bill received its Royal Assent but we expressed grave reservations about the Bill’s compatibility with two particular human rights: the rights of access to court and to peaceful enjoyment of possessions. For that reason, we would have liked to scrutinise it in more detail. Last week, the legislation was declared incompatible by the High Court on the very grounds identified by my Committee. While, no doubt, the Government will be appealing against the judgment, it illustrates well the vulnerability of emergency legislation to successful legal challenge on human rights grounds.
The Government are now taking the same risk with this Bill. From my perspective as the Chair of the Joint Committee on Human Rights, I can see a clear pattern emerging: very widely drafted powers to counter terrorism and serious crime, with too few safeguards to guarantee that they are only used when necessary and proportionate, give rise to concerns about their indiscriminate overuse. We have seen it with powers to take and retain, for example, DNA—
I have massive concerns about the Bill. I do not like the way in which it has been brought to the House. I do not like the way in which we have to rush through this process at breakneck speed, even though this is an issue that was flagged up to the Government some three months ago. I am suspicious about the reasons why we are doing all this now. I do not like the fact that it seems little more than a half-hearted attempt to get around a European Court of Justice ruling that declared the European directive invalid and thereafter practically everything that the Government are doing on data retention probably illegal.
I am suspicious about the way in which all the UK parties and party leaders have been brought into line around these unspecified threats. That is reminiscent of the dark days of the creation of the anti-libertarian state by new Labour; unspecified threats were the things we had to address then. I particularly do not like the fact that the Scottish Government, who have responsibility for the judiciary, policing and even delivering parts of RIPA in Scotland, were not consulted about the Bill. Most of all, I do not like the way in which the Government are trying to pretend that this is just business as usual when it clearly is an extension of what the Government can do in the collection and retention of an individual’s personal data.
I want to take that last concern first. I listened very carefully to all the party leaders last week when this was presented. The Prime Minister said that the Government were not introducing “new powers or capabilities”, but clauses 3 to 5 make significant amendments to the range of powers included in RIPA. The Bill extends the Government’s surveillance powers in two very important ways. Clause 4 clearly extends the territorial scope of RIPA, and the Government can now issue interception warrants for communications data to companies outside the UK. It also extends the definition of what “telecommunications services” means within RIPA to include webmail services such as Gmail. The hon. Member for Esher and Walton (Mr Raab), who is no longer in his place, said that the most fundamental change is in that relationship between ISPs and the state.
The Government must now come clean with the British people. This is not business as usual. These are significant and substantial new powers. The Bill is more than the sum of its parts. It is a statement of intent. The Home Secretary said as much last week when she introduced it. Her real intention is, of course, to reintroduce her much-coveted snoopers charter in this Bill. The way in which the Bill brings on board the overseas ISPs is little more than a paving Bill for the reintroduction of that most unwanted anti-civil libertarian measure.
There has been a lot of talk about what is and what is not included in the Court judgement. The Government have had three months to address the Court’s findings. It is not the threat of terrorism or of criminal activity that has forced the Government’s hand in bringing this forward today. It is the threat of legal action by organisations such as the Open Rights Group and others that has prompted this emergency legislation. The Government should not mislead us about the urgency of the Bill. Given its significance and the issues it raises about our civil liberties, it should not be passed without proper parliamentary scrutiny. Truncating consideration of the Bill in this way is nothing short of appalling. It does a massive disservice to our constituents who have taken a real interest in this.
We all agree that the targeted retention of communications data can help the police to tackle serious crimes such as terrorism and child abuse. We all want to ensure that our communities are safe. But it has to be done proportionately and responsibly, and first and foremost, it should be legal.
What the European Court of Justice said was that we have a very low threshold for the retention of data, and it made it clear that the retention of data of every single person strikes the wrong balance between the need to tackle serious crime and our right to privacy and a private family life.
What most disappoints me is the total disrespect shown to Scottish Ministers. The first any Scottish Minister got to hear about this Bill was several hours after the statement was made in this House about its introduction, yet Scottish Ministers are responsible for policing and justice. It is Scottish Ministers who sign off any request for intercept on serious crime grounds. Part of RIPA required an Act of the Scottish Parliament and it puts in place the authority to conduct directed surveillance, undercover intelligence and intrusive intelligence. It is therefore staggering that this Government would proceed with this measure without exchanging even the slightest word with Scottish Ministers.
We believe that it will always be necessary to collect and retain the personal data of individuals in the pursuit of serious crime and we will take those responsibilities very seriously as an independent nation, but because this Government have got the balance so badly wrong, we will oppose the Bill today.
My right hon. Friend the Member for Blackburn (Mr Straw) said that the security services are far better than they were many years ago. That is because over many years and particularly in the ’70s and ’80s, there were campaigns both inside and outside the House for proper scrutiny of the security services, so I think we can take some credit for the improvement.
As to the Bill before us, the European Court of Justice set out in what I consider to be a wise decision 10 principles that have already been mentioned and need to be emphasised. What it did not do was say that the data retention carried out under the 2006 EU directive was wrong in itself. That it was necessary to have such data retention was not in question. What the Court did say was that certain circumstances should be recognised when directives are given to internet companies and that these needed to be related to a particular threat to public security, a particular time and a particular geographical area. In my view, that is absolutely right.
What the Government have done is to say, “Well, we do not agree with it, and to show that, we are going to bring in a Bill that simply legislates on the basis of the very factors that the ECJ said were wrong.” I see no reason to disagree with the ECJ. I see no reason why the 10 principles set out by the Court should not be enshrined in British legislation, but that is not happening. What will happen if this Bill is passed is that we will carry on as normal, regardless of the ECJ. It would be just the same, except for certain words being added and the sort of extension that can be seen in clause 4. What sort of reaction to the ECJ is that? It is understandable why so many of us—yes, a minority, but a significant number—have such reservations. I hope that further consideration will be given to what is happening.
The very fact that this measure is being rushed through in one day denies the opportunity—certainly for the Home Affairs Committee and for other appropriate Committees, too—to scrutinise it properly. If there were ever a measure that required detailed scrutiny by the relevant Committees, it is this one, yet any scrutiny that takes place will be post-legislation. That is not a wise course for us to follow.
To me, if not to others, this makes a mockery of what Parliament should be doing. When Labour was in office, the Conservative party was highly critical of its legislation on various matters—pre-charge detention, identity cards and so forth—and claimed that it would be the champion of civil liberties. There is not much evidence of that in any way, shape or form. The Home Secretary ought to recognise that there must be quite a lot of disappointment —not among Labour Members, because we did not expect any better, but among those people in the country who thought that a Conservative Government would follow a path that really respected civil liberties.
In a forceful speech, my right hon. Friend the shadow Home Secretary said that we needed to establish the right balance between civil liberties and security. I could not agree more. None of us who are critical minimise for one moment the acute terrorist threat to our country. We recognise the need for the security services. We recognise that there are evil people who want to do the maximum damage to others in this country. We would have no illusions even if there had been no 7/7, and the crimes and atrocities that that were committed nine years ago had not occurred. However, I do not believe that we have arrived at the right balance, although I hope that we shall do so in due course.
As I said earlier, my concerns—like those of others—are not just about some questionable aspects of the provisions in the Bill, but about its presentation as emergency legislation. The ruling from the European Court of Justice followed a case that had lasted two years, and the flaws and weaknesses that it revealed had been identified by, among others, a Joint Committee of both Houses of Parliament. Moreover, a judicial review that is pending in the United Kingdom courts was lodged some three years ago. It is clear, therefore, that the Government should have been aware of the susceptibility of the existing legislation to a court challenge of that nature. There is absolutely no reason why good, due, careful parliamentary consideration should not have been given to the issues before now. Furthermore, it has still not been properly explained to us why—although the judgment of the European Court of Justice was issued as long ago as April, and despite the long notice that is provided by cases that last so long—legislation is being scrambled, or microwaved, through the House just before the summer recess.
The Government have made several claims today. At one point, we heard that the Bill was intended to clarify, or strengthen, the focus of RIPA. In some respects the Bill actually widens that focus in a way that arguably extends its implications, yet the Government are trying to tell us that it narrows the focus, and also contains new protections and new qualifications. As other Members have pointed out, the Bill wears some new words here and there like badges, pretending to recruit the judgment of the European Court of Justice, but the fact is that the existing powers are not being narrowed as Ministers have claimed.
The other assurance that we have been given relates to the sunset clause. It is supposedly emergency bridging legislation, intended to prevent a serious situation in which existing powers are challenged and cannot be used to close a dangerous gap. However, the expiry of the sunset clause is nearly two and a half years away. That appears to be quite a lengthy emergency. If we are saying now that we are happy to pass this legislation on the basis of a two-and-a-half-year sunset clause, and on the basis that it merely continues the data retention provisions that we already have in RIPA, does anyone really believe that, in two and half years’ time, Parliament will do anything other than say, “Well, we must carry on with what we have already had, and what we have already put up with, because if it has been done before and if it has been done up until now, and if it is what the security services and others say they need, we shall just have to stick with it”?
As for all the other paraphernalia that we are being offered—the furniture of the various reviews that will take place, the privacy and civil liberties oversight boards and all the rest—none of it will convince the public that, when it comes to it, when the security services and others say that they want the essence of these powers and these arrangements to be renewed in 2016, and indeed, if they wish, to be extended, deepened and widened, Parliament will not say that that is OK. Again, the senior parties will feel they have no choice but to go along with it on this basis, and we will have a consensus based on poor consideration by Members who feel they have been whipped by some of the threats, suggestions and inferences that come from the security services.
This House, which often raises questions about the respect in which politics and Parliament and this Chamber are held, has to ask how the public are meant to have any respect for an elected Chamber that is not showing a lot of respect for itself, in the way in which we are receiving and passing this Bill. We are even offering to the public that the things that will protect them will be outside Parliament—that there are going to be those commissioners and oversight boards. That is because we know that the public no longer believe in Parliament as the protector of their civil liberties and of good democratic order.
We should be a chamber of scrutiny and accountability. That is why we should be questioning the way in which we have received this Bill, and it is why we should be pressing the Government further through debating amendments at the next stage of this Bill’s passage.
I understand where my hon. Friend the Member for Foyle (Mark Durkan) is coming from, but I disagree with him that it is not possible to create vehicles to build trust with the public. We need to look at examples of work that happens in other sectors. My Select Committee, the Science and Technology Committee, has recently been taking evidence on the way data analytics are managed within social media networks, and it is interesting to consider how the banking card systems create a vehicle of trust between customer and bank, with the customer sharing an enormous amount of information with those organisations.
My hon. Friend is absolutely right that the body that is trusted least is Government, and it is our job as Parliament to find ways, in this very serious area, to rebuild that trust in the system. Our next period of work on this subject must be the hugely important job of creating confidence in the independence of the oversight process of the Government and the security forces.
The David Anderson review gives us an opportunity to do something important. Clearly, David Anderson’s work goes substantially beyond counter-terrorism. Mention has been made of many other types of crime, and on my last visit to my constituency police headquarters I looked at how forensic computing is being developed in that police force. I was horrified at the proportion of work they are doing on child abuse images. With that in mind, we need to ensure that the David Anderson review takes into account expert advice from people involved in all those areas.
I encourage the Minister, when thinking about the privacy and civil liberties oversight board, to think broadly. The Minister should not think of a board and structure that fits the technology of today alone. We need to think of a structure that is technology-neutral, which both deals with the philosophical points that have rightly been raised from both sides of the debate in the House today and is structured in such a way that it can continue its work and evolve with the technologies. Twitter is here today, but it will be gone tomorrow, and something else will take its place that will be bigger, faster and better, enabling greater analysis of data for all sorts of commercial, or criminal investigation, purposes.
The other point I would like to make concerns warrants. I have discussed this with my wife, who as a magistrate has had to sign many warrants. It has always seemed to me that the missing link in public confidence has been the ability to be sure that when a warrant is signed, the person responsible for signing it—in this case the Home Secretary—is continually pressing the investigating officer, to show that the warrant was issued with just cause, so that there is some confidence building in the process of warrant granting. There would seem to be a place for almost an online equivalent of magistrates taking some of the Home Secretary’s role in this complicated area, because one would need to be logging the intrusions into personal data in a way that we have the technology to achieve, as we have demonstrated in other Departments. There is still a lot to be done in confidence building.
With those observations, I fully support the aims and objectives of the Bill, but urge that oversight is considered carefully.
The underlying issue that we are discussing in this important debate is whether we want the online space to be a law-governed area.
The radical libertarians, who seem to want the online space to be completely free, without boundaries, rights or responsibilities, would, I fear, unwittingly lead us into an anarchic place, where those with power and aggression dominated and where the weak and vulnerable suffered. Even the Swedish Pirate party told me that it wanted some rules of the game. We do not want a retreat into what I would call mediaevalism. When I say that, I mean that the internet should not be like the forest in the 13th century, which was completely outside the law. I know that there are some geeks who explore the dark net who see themselves as latter-day Robin Hoods, but the rest of us do not see them in that way.
One of the reasons for that is that we have seen an explosion in crime online and in particular crime against children. It is vital that we tackle that more energetically. The police believe that 60,000 people in this country are downloading illegal images of children all the time. We need to do more to tackle them, not less. That is the context in which we are looking at this legislation this afternoon. Given that, the requirement for telecommunications companies to keep comms data is necessary. The Mobile Operators Association told me that after Snowden and the European Court of Justice judgment, it wants legal certainty. It is no longer prepared to continue with a voluntary approach.
Our object with this legislation is not to shift the power of the state and the citizen; it is to reproduce in the online, telecoms spaces the rights and responsibilities of the real world, as my right hon. Friends the Members for Blackburn (Mr Straw) and for Kingston upon Hull West and Hessle (Alan Johnson) pointed out. Therefore, disclosing content to a limited number of public authorities with a warrant in pursuit of serious crime seems to me to be reasonable. This solution may be rather clunky, but at the moment it is the only practical one available.
If I may say so, this whole arena has been bedevilled by the problem of extraterritoriality. Whether companies are located in the US or Latvia, we see them evading their taxes or not having proper child protection standards. One of the useful things in the ECJ judgment on the Spanish man and the right to be forgotten was that it asserted that such companies are subject to European law. However, it is right that this piece of legislation puts that beyond doubt. Furthermore, it would be helpful to do more work to build the international consensus in this area. Just as we had to spend many years developing the international law of the sea, we now need to look at having a treaty basis for international co-operation in the online space.
As the timetable has been so rushed, it has not been possible to look at this area in a more comprehensive way. There are two areas in which we need to do further work. The first is on the issue of anonymity. I am talking not about people having nicknames on Twitter but about ensuring that we have a correspondence with people’s real and virtual identities, possibly using the device media access control address. That would help us to tackle crime in a less clunky way, and reduce it as well.
Finally, my right hon. Friend the Member for Delyn (Mr Hanson) has tabled an amendment to improve the oversight of the public authorities, but we still do not have good oversight of the use put by private companies to all this data, and we need to beef up legislation in that area. It is clear that those companies think that they are entitled to sell on this information without people’s consent. I am disappointed that the Secretary of State for Justice, who has held on to his position in this reshuffle, has described as “mad” proposals to do more in that area.
The straw man—or straw person—has been evident in this debate this afternoon. Several Members have suggested that those of us who oppose this Bill somehow oppose the retention of data per se. I wish to make it clear that I have not heard anybody say that. Everything is about the terms on which the data are being retained.
The right hon. and learned Member for Kensington (Sir Malcolm Rifkind) gave the impression that I had suggested that the Court of Justice of the European Union had said that the data could not be retained. Of course it did not say that. What it said was that the terms under which data are retained have to be proportionate. The right hon. and learned Gentleman, who unfortunately is not in his place, suggested that I had not looked at the ruling. I can confirm that I have. Paragraph 59 makes it clear that what the Court of Justice is asking for is an end to blanket retention. It says that
“retention must relate to specific threats, and be confined by specific criteria, such as a time period, geography, or a set of people of interest.”
We are talking about the terms and the conditions of that data retention. Let us consider the fact that there are plenty of countries that seem to be able to tackle serious crime without undermining their citizens’ civil liberties through blanket data retention. I am talking about Austria, Belgium, Bulgaria, Germany, Greece and Sweden.
The hon. Member for Cambridge (Dr Huppert), who is in his place, tried to reassure us that there were all these safeguards that would make us feel comfortable. One of those safeguards, and the only one that is actually written into the Bill, is the sunset clause, which is two and a half years away. Many Members have already said why that does not give us comfort, which is why I am supporting the amendment that would bring it forward to six months. None of the other measures to which the hon. Gentleman referred is in the Bill.
An awful lot of people watching this debate will be absolutely staggered that the Liberal Democrats, who have, to their credit, been upholders of civil liberties in the past, are here undermining them. What we see here is a willingness to trade off this blanket retention of data, which many people believe will be deemed illegal, with concessions that may or may not be forthcoming in the future. We have always known that new Labour had an authoritarian streak, but we had hoped that the Liberal Democrats would stand up for civil liberties. Many people today will be sad to see the way in which they have caved in on this issue.
We have been repeatedly told that the Bill simply maintains the status quo, and there are plenty of legal experts who will argue that that is not accurate; we have heard many of their statements repeated in the Chamber this afternoon. Notwithstanding the fact that the status quo has been ruled a breach of fundamental human rights, the provisions in the Bill, specifically clause 4, extend the territorial reach of the law relating to data retention, bringing overseas communications companies that provide services in the UK into the scope of RIPA.
Even those parts of the Bill that do not constitute going further than the status quo are deeply worrying. It has been confirmed that they breach fundamental human rights in their scope and in their totality. There are also more specific concerns with many of the Bill’s provisions. Clause 1, for example, retains authorisation for hundreds of public authorities to acquire communications data while the framework for granting access to that data is worryingly open to abuse. Barring local authority access, there is no requirement for independent prior judicial authorisation when communications data are sought by public bodies.
That means that the potential for ongoing and wide-scale privacy infringement is enormous and has been realised in the shape of roughly half a million requests a year from public bodies since 2009. The actual scale of infringement is difficult to assess. We still do not have a full picture across all the public bodies that are able to access communications data of the type of investigations for which data are accessed, the extent of access and the number of individuals affected. The European Court of Justice has however confirmed that privacy is being breached even though to what extent is unfortunately still a secret.
Moreover, while we are told that communications data played a role in 95% of all serious criminal investigations over the past decade, we have no idea about the exact nature of that role. That makes it difficult to judge exactly how significant the blanket retention of data is in averting terrorist attacks, for example. When crimes are successfully prevented, we are not told whether communications data are central or peripheral to the operation; nor are we told whether data lead to successful prosecution or whether prosecution could have been secured without access to the data. That is why we need a proper debate. The interception of communications commissioner has already warned that far too many requests for data are being made and that he is struggling to keep up with them. The idea of loading more on to the commissioner is unsustainable. We should not be pushing this legislation through in a day; we should be having a proper and full debate.
I feel uneasy about the Bill on several grounds. As I am sure that we all do, I clearly accept that there is a need for a new law in order to establish a proper legal foundation to balance the right to privacy with the requirement to ensure security, but it should not be done in this way. The Official Secrets Act 1911 was rammed through this House in just one day in an atmosphere of fear and we have had to live with the undesirable consequences of a national security concept with blanket coverage ever since. Has the House really not learned that telescoping proper parliamentary scrutiny is nearly always dangerous and can lead to unexpected outcomes as we helplessly watch the law of unintended consequences kick in?
The Government’s first argument for emergency legislation does not stand up. As many have said, the European Court of Justice ruling was on 8 April. The Government wasted more than three months without taking any action before suddenly, seven days before the recess, alleging that it is critical that the Bill be passed by the House in one day. That is either panic or a deliberate attempt to blackmail the House into undiscriminating compliance.
The Government’s second argument, namely that foreign-based phone and internet companies were about to stop handing over the contents of individual communications in response to a UK warrant, does not stack up either. It has been reported that communications service providers have said that they did not know of any companies that had warned the UK Government that they would start deleting data in the light of legal uncertainty. Indeed, the Home Office, according to the Financial Times, instructed companies to disregard the ECJ ruling and to carry on harvesting data while it put together a new legal framework. The Government’s alleged anxiety that they might lose access to stored data overnight is wilfully overdrawn.
The Prime Minister’s assurances are neither convincing nor effective. He stated, as echoed several times by the Home Secretary today, that the legislation will merely maintain the status quo. That is not true. It will impose for the first time a duty on foreign-based internet companies with subsidiaries in the UK to co-operate with surveillance requests by UK agencies. We were also assured by the Home Secretary last Thursday that the Regulation of Investigatory Powers Act 2000
“ensures that access to communications data can take place only where it is necessary and proportionate for a specific investigation.”—[Official Report, 10 July 2014; Vol. 584, c. 457.]
Again, however, that is misleading. Charles Farr, the lead Home Office official in this area, argued in his legal witness statement last week that general intercepts are permitted under RIPA because they are “external”, by which he meant that because communications travel via foreign server, largely based in the US, they can be intercepted indiscriminately even when there are no grounds to suspect any wrongdoing.
Lastly, the Prime Minister offered a number of specific measures to assuage the deeply held concerns about the Bill, but they do not really inspire confidence. He proposes a privacy and civil liberties board, which is of course welcome in principle but, considering that the Intelligence and Security Committee was not told about and did not find out about the indiscriminate tapping of overseas communications under the Tempora system, it is difficult to have trust in oversight boards having the resources, capability and access to scrutinise and deal with what is really happening within the security services’ manipulation of fast-changing communications technology.
The review of RIPA is long overdue and very welcome, but it is not a good omen that the circumvention of the RIPA rules to allow the indiscriminate mass surveillance that exists today is to be allowed to continue for another two and a half years without any attempt in the Bill to circumscribe those powers. The restriction of the number of bodies that can directly contact phone companies and demand access to data is, of course, right, but the current number is about 600, I think, and we are not told by how much it will be restricted. I welcome the sunset clause, but the end of 2016 is far too late. It should be for the end of 2014. For all these reasons, I cannot support the Bill as it stands.
We have had a useful debate today, in which the House has had to reach a balance in making a judgment on the Bill. The balance has been between two main concerns: the privacy of information and the need for agencies such as the police and others to know about that information and access it; and the need not to let criminals off the hook. There is a real dilemma that I know all hon. Members are examining, but I hope that it is one that the Bill can resolve.
As you know, Madam Deputy Speaker, we are here because of the European Court of Justice and its decision to strike down regulations to enable internet providers to retain communications data for law enforcement purposes for up to 12 months. That is an issue we must address for the reasons the Home Secretary and the Minister have outlined. We also need to ensure that the Government respond to the needs of the companies calling for a clear legal framework. The Home Secretary also outlined that view.
Members on both sides of the House have shared the Government’s balanced view, including my right hon. Friend the Member for Normanton, Pontefract and Castleford (Yvette Cooper). The right hon. and learned Member for Kensington (Sir Malcolm Rifkind), the Chair of the Intelligence and Security Committee, has endorsed that balanced approach, as has my right hon. Friend the Member for Leicester East (Keith Vaz), the Chair of the Select Committee on Home Affairs. Indeed, the Home Affairs Committee has written to the Home Secretary today saying:
“The Committee’s view is that the retention of communications data, subject to appropriate safeguards, is an important tool in the fight against terrorism, organised crime and child sexual exploitation, and the Government is right to bring forward urgent legislation”.
I accept that my hon. Friend the Member for Walsall North (Mr Winnick) has dissented from that view and in his speech he clearly put his dissent on record. However, the points made by my hon. Friend the Member for Aberavon (Dr Francis) about the protections and freedoms that his Committee has examined are also important. He has put on record his concerns while, again, taking a balanced approach.
There are those in the House today who have fallen more on the side of privacy than of crime fighting, and I respect that view and understand why it is taken. I do not necessarily share it, but the right hon. Member for Haltemprice and Howden (Mr Davis) talked about ensuring that we have safeguards in place and the hon. Member for Esher and Walton (Mr Raab) argued for the sunset clause and about the question of what national security is, and those are issues that we should explore. I hope that Ministers will deal with these issues not just now but as the Bill goes through the House today and through the other place, so that there are safeguards and powers to review the legislation. I hope that later in our consideration the proposals put by my right hon. Friend the Leader of the Opposition, supported by my right hon. Friend the Member for Normanton, Pontefract and Castleford and other Opposition Members, will be considered seriously.
Members such as my right hon. Friend the Member for Oldham West and Royton (Mr Meacher) have expressed real concerns and might not support the Opposition’s view in the Lobby tonight. I respect that view, but I cannot share it today, and I urge my right hon. Friend, even at this late stage, to consider supporting the Opposition as well as the Government. I paraphrase what the hon. Member for Perth and North Perthshire (Pete Wishart) has said on other occasions, when he said he was not happy, he was not happy at all. That broadly summarises his position today. It is shared by the hon. Member for Foyle (Mark Durkan). I accept his point that smaller parties—I represent a constituency in Wales—need at least to be involved in the discussion on these matters, even if the hon. Member for Perth and North Perthshire remains not happy, not happy at all.
The hon. Member for Brighton, Pavilion (Caroline Lucas) has raised the terms of engagement, and she made a good, solid contribution, but ultimately the Opposition have to make a judgment, and the judgment that my right hon. Friend and I have formed supports the Government’s view on these matters. Even though we think that the Government should have looked at this earlier, we support that judgment for the reasons given by my right hon. Friends the Members for Kingston upon Hull West and Hessle (Alan Johnson) and for Blackburn (Mr Straw), who are former Home Secretaries and know the difficulties that the Home Secretary faces now. They have been in office in the Home Office, as indeed have I, and have seen the challenges that we face. They have understood that the retention of data records is important. I am pleased that that view was also shared by, for example, the hon. Member for Dewsbury (Simon Reevell), who made a strong case from a criminal prosecution point of view that retention of data was necessary for court cases.
My right hon. Friend the Member for Knowsley (Mr Howarth) made some important points, which he will raise again in Committee. He recognised, again as a former Home Office Minister, the importance of the Bill in the round. My hon. Friend the Member for Bishop Auckland (Helen Goodman) drew an interesting analogy with Robin Hood and being in the forest. I hope that I am not Friar Tuck in this, Madam Deputy Speaker. She made the point that it is a simple regulation of dark issues in relation to the use of evidence in court.
The hon. Member for Cambridge (Dr Huppert) made important points in support of the legislation, as did my hon. Friend the Member for Ellesmere Port and Neston (Andrew Miller). In summary, all investigations into online child sex abuse, major investigations into terrorism and organised crime, and the prevention of young people from travelling to Syria would be severely jeopardised if the legislation did not pass in its current form. Without it, the police would not be able to catch paedophiles sharing child images. Mobile phone records helped the police find out about the attempted terrorist attack on Glasgow airport in 2007. Without the legislation, those records would no longer be available. The security services would not have been able to check who the Woolwich attackers had contacted when they undertook that murder.
The Minister has our support. We will examine the Bill in Committee, but on Second Reading we give him our unqualified support.
I thank all the right hon. and hon. Members who have contributed to a vibrant and valuable debate. I note that some comments were made about the role of the House in defending liberty and ensuring that we strike a balance between collective freedoms and individual liberty. The speeches this afternoon have brought that to the fore, and I understand and recognise the significance of the legislation before the House this afternoon. The Government have to work quickly to address the problems created by the judgment of the European Court and declining co-operation from communication service providers. The Bill has undergone some good debate and challenge this afternoon.
I welcome the fact that, almost without exception, right hon. and hon. Members who have spoken have understood the importance of interception and communications data in the fight against terrorism and other serious crime and have therefore supported the Bill. Several hon. Members highlighted its import in confronting child abuse and safeguarding children. It will play a crucial role in enabling our law enforcement agencies to bring crimes to justice.
Sometimes this debate can be framed round security—what the intelligence agencies are doing. Actually, much of it is about what our police and law enforcement agencies are doing to identify, prosecute and bring to justice those who would harm our constituents; about how the use of communications data is such an integral part of that; and obviously, as we all understand, about the importance of intercept. I was struck by the speech of the right hon. Member for Kingston upon Hull West and Hessle (Alan Johnson), who referred back to the year that I was born and his role at Royal Mail, reflecting on how interception played such a role even then, but in a different way, and on how technology has moved on. We have discussed the vital importance of this Bill in ensuring that those who work to keep us safe can continue to have the tools that they need. That is at the heart of our debate.
Some speeches were framed on the basis that this Bill is extending powers. I reiterate, yet again, that it is not about extending powers but about maintaining the powers that already exist to retain data, including under the Regulation of Investigatory Powers Act 2000, in order that our police and law enforcement and security agencies, and others, can continue to do the work that they do now.
A number of Members mentioned the European Court judgment. Let me briefly go through some of the issues that were highlighted. On scope, the Bill will limit any data retention to a strict list of data types specified in the data retention regulations. It will enable the Secretary of State to issue data retention notices to communications services providers, on a selective basis, only if she considers the obligations to be necessary and proportionate.
On duration, each notice will have to specify the duration for which data is to be retained, up to a maximum 12-month period. If it is not proportionate to retain certain data for a full 12 months, that enables a lower period to be chosen. Again, that reflects some of the comments made in the European Court judgment, with a clear requirement for the Secretary of State to keep any notice under review. Access will be limited to that which is necessary and proportionate under RIPA.
On storage, the UK already imposes strict data security requirements on our communications service providers. These will become part of the notice requiring a CSP to retain data and will therefore be enforceable. It is right that we have reflected on the European Court judgment, but we retain our focus on what the powers are today as well as reflecting on some of the points that the Court made.
Part of the judgment proposes that the Government provide exceptions for persons whose communications are subject to an obligation of professional secrecy. That does not seem to be covered in the Bill or in the draft regulations.
I hope that in Committee we will be able to get on to the role that the statutory code of practice may play in that regard. The hon. Gentleman will note that there is reference to that in the Bill, and we will be able to discuss it shortly.
It is important to note that the Intelligence and Security Committee has endorsed these proposals, with one notable exception. Indeed, the Home Affairs Committee has done the same, obviously recognising that there may not have been unanimity in that respect. It is important to say that Committees have reflected on and examined this and seen that it is about protecting the status quo.
It was 7-1, like Germany and Brazil.
The Chair of the Committee has made his point in his inimitable fashion.
It is important to understand that this is about protecting powers, not adding to them. It is about ensuring that our law enforcement agencies and security agencies have the powers that they need. That is what the proposal in this Bill is about. While I note the clear concerns over the balance between security and liberty, this is about protecting powers, not enhancing them. I commend the Bill to the House.
Question put, That the Bill be now read a Second time.
Bill read a Second time; to stand committed to a Committee of the whole House (Order, this day).
Further proceedings on the Bill stood postponed (Order, this day).
Data Retention and Investigatory Powers Bill (Money)
Queen’s recommendation signified.
Motion made, and Question put forthwith (Standing Order No. 52(1)(a)),
That, for the purposes of any Act resulting from the Data Retention and Investigatory Powers Bill, it is expedient to authorise the payment out of money provided by Parliament of—
(1) any expenditure incurred under or by virtue of the Act by the Secretary of State, and
(2) any increase attributable to the Act in the sums payable under any other Act out of money so provided.—(Anne Milton.)
Question agreed to.