rose to move, That the draft order laid before the House on 10 January be approved.
The noble Lord said: My Lords, this order is made under Sections 36(4) and 38(4) of the Immigration, Asylum and Nationality Act 2006. Section 36 of the 2006 Act introduced a requirement for the Secretary of State, in so far as she has functions under the immigration Acts, Her Majesty’s Revenue and Customs and a chief officer of police to share certain passenger, crew, freight, service and other travel-related information where the information is likely to be of use for immigration, police or Revenue and Customs purposes. Section 38 of the 2006 Act introduced a statutory gateway to allow for the disclosure of similar information to the security and intelligence agencies where the information is relevant to their statutory purposes. This order concerns the information that will be shared under these two provisions. For reasons of brevity, I will refer to the border agencies when speaking collectively about the Border and Immigration Agency, UKvisas, the police and Her Majesty’s Revenue and Customs.
As Security Minister, I am responsible for a wide range of measures to improve our security arrangements and this order is a key component in our efforts to enhance the security of this country. The increase in global travel brings great social and economic benefit, but it is also placing increasingly heavy demands on our border controls and border agencies. In order to meet these demands, the Government are putting in place the most comprehensive package of institutional and practical immigration reform ever announced, including the establishment of a UK border agency, a unified border force and the e-borders programme.
Neither e-borders nor other joint working arrangements between the agencies will be able to function effectively without this order, as their success is dependent on an ability to share, routinely and in volume, data relating to people and freight crossing the border. Data sharing in this form is not permitted under current powers, which require a case-by-case decision on the justification for disclosure. This is a serious obstruction to the work of the agencies. For example, under existing arrangements, examination of travel data independently by each of the border agencies may result in three interceptions against the same individual, rather than one co-ordinated response. Indeed, one agency may have intelligence on an individual who is also of interest to the other border agencies, but the other border agencies, being unaware of this, would not make a request for those data. This does not help the border agencies to carry out their functions effectively and it does not help the traveller.
This order seeks to address these and other obstacles to joint working between the border agencies by placing an obligation on them to share the travel-related information specified in the order to the extent that it is likely to be of use for immigration, Revenue and Customs or police purposes. This travel-related information can essentially be broken down into three clear categories: information about a passenger’s or crew member’s travel documents or journey; information held by the border agencies, which relates to a passenger or crew member, or their journey, or a freight movement; and information about or related to freight.
In practice, data will primarily be shared via the e-borders programme, whereby information will be pooled in an electronic database to which the border agencies, working in an operations centre, will have shared access. This will mean that passenger carriers will have to supply their passenger data to the Government only once, rather than receiving individual requests from the agencies. The pooling of data in this manner will allow us to develop a better awareness of suspect passengers, travel patterns and networks and to pre-screen passengers and identify those who carry a high risk of involvement in illicit activity. In turn, this will enable us to identify and target individuals who present a threat to the UK and to mount an appropriate, co-ordinated and proportionate response. This will also benefit the genuine traveller, as we will have information immediately available that will help us to make more informed decisions about them more quickly.
Our e-borders pilot, Project Semaphore, has demonstrated that this model works. The data collected by and shared between the agencies have led to more than 20,000 alerts being issued. There have been more than 1,600 arrests for crimes, including murder, rape and assault, and the offloading of passengers who would not qualify for entry to the United Kingdom, as well as to the seizure of many false documents, tobacco and drugs. Semaphore has also made a real contribution to the fight against terrorism. We are at the forefront of new passenger analysis systems and techniques, but we are not alone. Such systems are also in use in the USA, Australia and some EU countries and will rapidly become the norm in the developed world.
It is clearly important to ensure that data are shared safely and securely. We must also ensure that we act proportionately. I am convinced that these fundamental principles of data protection have been and will continue to be met. First, I can assure your Lordships that this order does not give the border agencies the power to share data without limitation. All the data specified relate to a passenger or consignment of goods coming into or leaving the UK. Information to be shared by the border agencies will have been assessed at the outset as likely to be of use for immigration, police or Revenue and Customs purposes. These purposes are clearly defined in law. It should also be emphasised that this order applies only to sharing between the border agencies and, where appropriate, the security and intelligence agencies.
Secondly, stringent safeguards will be in place to protect an individual’s data. In country, information shared between the border agencies will be controlled, monitored and audited through a combination of technical safeguards and operational procedures. Staff will be given access only to information necessary for their role and may be subject to a range of sanctions in the event of misuse of data. Data transmitted to border agency staff overseas—for example, UKvisas—will be transmitted only by secure means across government networks and to government buildings.
Thirdly, we will also ensure, as far as possible, that the data being shared are accurate. Data received from the travel industry will be monitored by e-borders, and existing information, such as visa information, will be used to confirm the accuracy of data received. Where appropriate, corrections will be made within e-borders, with feedback provided to carriers where issues of data quality arise.
Finally, a code of practice, currently before Parliament, will regulate the sharing of the information specified in this order and lays down stringent data protection and data retention guidelines that the border agencies must adhere to. This code has been developed in close co-operation with the Information Commissioner’s Office. Both the code of practice and the test to be applied in respect of data sharing under these arrangements will be kept under review, to ensure that we maintain the right balance between border security and data protection issues. Indeed, the border agencies have committed to reviewing the safeguards and data requirements in the code six months after its provisions commence, with the involvement of the Information Commissioner.
The order forms part of an important package of secondary legislation, comprising orders on both data acquisition and data sharing that will underpin the UK e-borders programme, more effective joint working arrangements between the border agencies and, in future, the UK border agency. It is clear that this package of legislation is essential to the effective management and security of our borders and to ensuring the safety and security of the public. I commend the order to the House and I beg to move.
Moved, That the draft order laid before the House on 10 January be approved. 7th Report from the Joint Committee on Statutory Instruments.—(Lord West of Spithead.)
My Lords, this order, along with the others in the package, will have a wide-ranging effect on the control of our borders and on the freedom of individuals within our country to come and go without questions being asked. The orders themselves raise a number of questions and I hope that the Minister will forgive me if I go through them now.
The Explanatory Memorandum refers to the transfer of “bulk information”. Can the Minister explain what that means in this regard? In view of the amount of information likely to be gathered from passenger lists, other passenger information and travel documents, is it the Government’s intention that it will be possible to transfer it between agencies in total? Could a whole passenger list or even umpteen passenger lists be transferred from one agency to another? Will such a transfer require a request to be made from one or other of the agencies and, if so, what requirement under these circumstances will there be in respect of the protection of those data? What did the Minister mean when he said that all agencies would have shared access to the information? I suspect that ultimately this is all going to take place within e-borders, but will there be a common IT system to which the agencies outlined in the order will automatically have access so that information transfers between them? I would be grateful for a little more explanation on that point.
The Government’s IT systems and the transfer of data have taken a bad beating over the past few months. What further assurances can the Minister give that e-borders will be secure in this respect? Will the method of transfer be one that does not put individual travellers at risk of having their details lost in the post? Does the secure government network to which the Minister referred exclude any possibility of physical transfer by disk, for example, rather than a network transfer, so that there are clearly closed and secure methods of transferring the data?
At present, Operation Semaphore covers less than 12 per cent of all routes into and out of the United Kingdom. The calculated number of passenger movements annually is 250 million. Can the Minister tell us for how long it is intended that the information garnered will be kept on the system and, indeed, whether it can all be held on one system? A brief consideration would suggest that, at a minimum of five years of holding the information, over 1 billion loggings will take place—my maths is not very good, so there may even be another zero to add to that figure. At the current rate of some 16,500 alerts mentioned in the Explanatory Memorandum—although the Minister mentioned the figure of 20,000—in 30 million movements, there will be a vast amount of data that is of no interest whatsoever to any agency. How and when will all that data be pruned so that the names of people who have no reason to be on anyone’s database are taken off? Will there be a maximum amount of time that data on persons who excite no interest in any of the agencies can be held?
Will the Minister tell us what sharing of the information gathered will be available to other countries? Would such a facility be subject to their having a similar system to our Information Commissioner in order to guarantee the integrity of any information passed on, if it is intended that it should be, as I strongly suspect must be the case? What costs will the requirement for information put on carriers? They are going to have to hand information over to the Government. Will they have to upgrade their systems to deal with requests from the approved agencies and, if so, what help will they get with this?
It is a sad fact that experience of terrorism, illegal immigration and crime, including the importation of drugs and the trafficking of women and children, seems to lead us to the inevitable situation where practically everything will be known somewhere about every person in this country. That may be an inevitability, but it is up to Parliament to ensure that this results only in the protection of our citizens and not harassment. The proof of that in terms of this order will be known only when and if the system breaks down, so it behoves the Government to ensure that, unlike some recent experiences, this does not happen with e-borders. Can the Minister confirm that e-borders is a stand-alone system and that it does not and cannot link up with any other IT system holding information on individuals in this country?
My Lords, I am grateful to the Minister for his explanation of the order. We have had the benefit in this case of reading what was said last week in the Delegated Legislation Committee, much of which was repeated in the noble Lord’s introductory statement. For example, Project Semaphore, which is the pilot on the sharing of passenger name records and freight records, has already contributed to the arrest of 1,600 people for serious crimes such as offloading passengers not qualified for entry to the UK, to the seizure of false documents and to contraband tobacco and drugs, as well as helping to combat terrorism. These are all objectives that I am sure all noble Lords will share.
The Minister told the committee in another place that the PNRs for an estimated 355 million passenger movements will be handled by 2015. I do not share entirely the concern of the noble Baroness, Lady Hanham, about the volume of data, considering that IT systems are continually able to share more and more information. I carry around two gigabytes in my pocket, and some USB dongles now on the market at very low cost carry four times that amount. It is not difficult to imagine that the IT system will be capable of dealing with the volume of information required.
I understand that the information will be shared initially by the three agencies involved in the new combined UK border agency—the BIA itself, HMRC and UKvisas—but there are also proposals under consideration for sharing the data with equivalent agencies in other EU countries. Presumably the Minister will correct me if I am wrong, but I assume that that will require a further order; it would not be allowed by this particular instrument.
As the noble Baroness, Lady Hanham, said, the order also provides for the transfer of data in bulk to the security and intelligence agencies. We, too, would be grateful for an assurance that the transfer of these data will be electronic only and not by DVD, and I would add that it should be encrypted for the transfer. I hope that we can have that assurance from the noble Lord.
I gather from the reply given by the Minister to the Delegated Legislation Committee that for the time being fellow European Union member states will be able to consult the database only on a need-to-know basis. What is the statutory authority for that process and what criteria would need to be satisfied in order to trigger a successful request from another EU member state?
Are the PNR data to be recorded and exchanged under this order in the same way as the PNR data that we are now providing under the interim EU-US agreement of 2006, or will provide under the further agreement that was under negotiation when your Lordships’ European Union Committee reported on the matter last June, and will they be held in a common database? Surely it would be absurd to collect PNR data for the purpose of transfer to the United States and our own internal purposes in a different format.
There is a description of the information in paragraphs 7.4 and 7.5 of the Explanatory Memorandum. It consists of information about the passenger’s travel document details, held in the machine-readable section of the passport, and information normally collected for the commercial purposes of the carrier, such as the name, address and telephone number of the passenger, as well as information about the ticket itself. If the carriers are already collecting and storing this information, what are the additional costs of £242 million that they are expected to incur over the 10 years from 2007 to 2017? The Explanatory Memorandum refers in paragraph 7.13 to capital expenditure by “most carriers”, but surely, if my assumptions are right, this cost will fall entirely on carriers that do not fly to the US and therefore have had no need until now for computer systems that will store the data that are mentioned.
The Minister also told the Delegated Legislation Committee in the Commons that the estimated cost of the programme to the Government was £1.224 billion over the same 10 years. That struck me as being a surprisingly precise figure, unless it depends on contracts with the e-borders suppliers that have far stronger penalty clauses than is usual in these matters. How far have we progressed towards establishing the e-borders operations centre and developing the computer systems that will be needed to receive, process and store the data that are transmitted to it by the carriers? Maybe the experience with Project Semaphore allows us to have greater confidence in predicting the costs, but could the Minister say who the suppliers are so that we can look at their previous records of delivering systems on time and to budget, which, as the noble Baroness, Lady Hanham, said, is not always the case with public sector IT systems? The Minister told the committee in another place that the estimated average cost per passenger movement was 14p. I assume that this includes the cost of the stringent safeguards that are imposed by the code of practice that is to be issued under Section 37 of the 2006 Act.
There is no doubt about the need for the collection and sharing of information about passengers and goods entering and leaving the UK for security purposes. As with any very large IT system, however, there is a small risk of erroneous data being recorded and I share the anxiety of the noble Baroness, Lady Hanham, about whether the code of practice to which the Minister referred will deal adequately with the mechanisms available to persons who claim that wrong data have been recorded against them. Will it allow them not only the means of having access under freedom of information to the information that is recorded but good opportunities for making corrections?
My Lords, I thank noble Lords for their contributions to the debate and for the good points they raised. On the use of bulk information and what is presently known as the JBOC—when e-borders comes into operation it will become the EBOC, the information centre—data are fed into what is effectively a sealed area, where it is recorded, held, sorted out and analysed. This is done by operators who will have gone through specific security training because, as has been said already, there has not been a good track record, not only in government but in private companies as well, of looking after data and making sure they are correctly protected. These operators have to undertake and pass a training course before they are even allowed to operate and use the machines. The procedure has been tightened-up well and will ensure that that is done properly. The bulk information is analysed within the JBOC—in future the EBOC—and when one finds data that are of interest to an agency in one of the other areas, that information is passed and that agency deals with that information about that specific subject.
I was asked whether discs would be flying around. There is a facility to produce a disc although some of the machines are disabled so that they cannot produce discs because it is so easy to put data on them and remove them. If discs are going to be used, there is a mechanism in place to ensure that these are looked after, logged properly and are only transferred by hand. That is how that will be dealt with within the structure.
Beyond the JBOC or EBOC, it will deal with specific data about someone of interest to that agency, which they will be able to pass to each other. For instance, if it goes to BIA, BIA will be able to talk to HMRC about that specific person. But the bulk data that has been fed in will not be flashing around to different people.
On the issue of Project Semaphore and how long data will be held, at the moment the information is held for about five years, although some police forces hold it for six and HMRC has said that some data may have to be held for longer for various customs and excise reasons.
The order does not cover sharing information with other countries although it is open to us to enter into agreements to share data with states. Clearly when we do that we will have to make certain that all the data protection guarantees and so on are in place, using the commissioner and other methods to achieve that.
The question of costs was touched on by the noble Baroness and the noble Lord, Lord Avebury. The costs for industry are variable. At the bottom end they are down at 0.04p and at the top end they are £6.31. When we worked it out, the average cost was 14p, as has been mentioned. It is up to the carrier to decide how to meet these costs but we feel that for that amount of money it is incumbent on an organisation to help in what this achieves for the security of the nation. As has already been said, it is amazing what has been achieved with Project Semaphore; the benefits from that have been quite huge.
The noble Baroness raised the importance of protection and balancing that against causing harassment. Exactly what the balance is going to be is the same in almost every context in the counterterrorist area. It is always a balance and we believe that we have it correct. The data that have been gathered and the way we are looking after that data are necessary to help our security, in the fight against serious crime and so on. We have put in place many data protection measures. We are constantly aware that when we are collecting huge amounts of data on people—and, as has been rightly said, more and more data are being held—there are risks.
But nowadays, I am afraid, in any big organisation, to be able to do these things you need to get that data. We have got to become better as a nation at looking after data, not only in pure physical security terms but in making sure that everyone who ever gets their fingers on it and works with it has been correctly trained and understands the full implications of doing so. However, I do not think that means we must not do it. In this modern world, we cannot avoid doing these things; instead, we must become very good at it. Within this context, the way that we will run JBOC—and then, in the future, EBOC—will achieve that.
The noble Lord, Lord Avebury, raised the encryption of data and whether they would be passed encrypted. The plan is that they will be passed by a secure means and encrypted, but this is an issue that I want to check again, so I shall get back to the noble Lord in writing. All my experience is that people are often not as good at that as they should be. I want to make absolutely certain that that is done.
The European Union is not really part of the order. There will be further debate about the EU and US aspects of it.
The carriers are already collecting some of these data. Clearly they have them there because they need to be able to issue tickets and do other things, but not always in a format that they can pass to us easily, which is why there is an extra cost aspect to all of this.
My Lords, my concern was that the PNR data, which are already being collected by the carriers for transmission to the United States under the provisional agreement we had with it in 2006, should be identical with the information that is now being collected by the Borders Agency. Otherwise, the carriers would have to collect two different lots of information, for transfer to the US and for use internally respectively. That would be a tremendous waste of resources.
My Lords, the noble Lord makes a good point. As I understand it, we include the same data fields but we might need some more. Again, I will try to come back with a precise answer on that point.
The noble Lord made a point about the code of practice giving adequate ability for access to, and removal of, data. I think I can assure him that that will be the case. The removal of data can sometimes be quite difficult—we have to know exactly who gives that authority and how it is to be done—but the intention is that it will be incorporated.
I hope I have answered most of the points raised, and I am grateful that they have been, because they are all very valid. One does not like suddenly to apply a requirement to provide more and more, for the reasons we have discussed, but this is important and it will make us safer. It is something the public would expect a Government to do. I assure your Lordships that the necessary safeguards are in place; certainly, I will put a huge effort into trying to protect these data.
I will come back on that one point to ensure that that side of encryption is there. I have not yet visited the JBOC, but I was talking to the team in the briefing for this debate. I intend to go there and have a good look at it—it is out near Heathrow—to ensure that it will be as good as they tell me it will. I find that by walking around and looking at things, one sometimes gets a slightly different perspective from when one is told things by people. We are working closely with the Information Commissioner on this issue, and I believe we will achieve what we want. The order is good for this country, and I commend it to the House.
My Lords, before the Minister sits down, I want to go back to the sharing of bulk information. It was clear in the statement made by the Under-Secretary in the other place, Meg Hillier, that bulk sharing of travel-related data would take place under e-borders. I am not sure whether the Minister was referring to the transfer of bulk information or the sharing of that information and whether the sharing comes about in the whole of the e-borders system. We want to clear that up. Information piece by piece is one thing, but just transferring a whole load of data from one place to another is quite another.
The second issue that arises is the concerns I still have about transferring anything by disc. The Minister said in his reply that this would be from hand to hand. The Benefits Agency was meant to have transferred things by hand, but in practice people put items into little packages and gave them to someone else for delivery, and in the midst of that some of them got lost. Does the Minister not agree that the very least that can be done by disc should be encouraged? Perhaps there should be some very secure system that requires only the highest level of intervention if a disc is going to be made at all?
My Lords, to add to what the noble Baroness has just said, I do not understand why any data should have to be transferred by disc at all. You can transfer large quantities of data over the internet. The Government have their own secure internet system, so why is it ever necessary to use discs for transfer?
My Lords, can I just come back on those points and first address the disc issue? As I said, a number of the machines have been disabled so they cannot actually produce discs and therefore this would be done on a very exceptional basis. The sort of thing might be, for example, if the security service or the SOS IT system was not functioning. There might be a requirement, in terms of the encrypted transfer, to cut a disc for it. It would be done in very exceptional circumstances. It is not something that would be standard procedure at all. If a disc was cut, it would be done in the very special way that I talked about.
In terms of bulk data, perhaps I can reply in writing and clarify it. As I understand it, the bulk data, by which I mean the PNR information—all the data fields we have asked for from the various airlines, shipping firms and so forth—will all be transferred and pumped into the JBOC; into the organisation which I talked of. I think of it as a great operation centre cocooned and cut off with a huge pipe pouring in. Within that centre, the operators, who have all been specially trained and will not be allowed to use the machines unless they have passed the various tests on looking after data, will do the analysis. They will look at this, will decide, “These two match. This is someone they should be aware of”. That bit of data then goes out, so it is not bulk data pouring out again. That is as I understand it. If it is any different from that, perhaps I can get back to the noble Lord in writing. I think that that covers everything. On that basis, I commend the order to the House.
On Question, Motion agreed to.
My Lords, in view of our precision delivery here, I think I can predict accurately that the Minister will appear at this Dispatch Box almost within seconds. There is no need to further consider anything on these matters and I think we can probably proceed.