Skip to main content

Internet: Privacy

Volume 703: debated on Thursday 17 July 2008

asked Her Majesty’s Government:

What guidance they have issued to internet service providers on when and how they can intercept their customers’ website use; and what information they have made available to the public about the privacy issues involved.

My Lords, the Home Office provides guidance about lawful interception conducted under warrant for law-enforcement purposes. This is separate from advice provided by the Department for Business, Enterprise and Regulatory Reform on the relevant business facing legislation. ISPs may, with the consent of the consumer, use information about consumers’ internet use for the provision of value-added services. The Information Commissioner provides information to the public on privacy issues.

My Lords, the Minister will be aware that my Question was prompted by the recent trials between BT and Phorm, which were conducted without the permission of subscribers. Does he agree that at the very least the British public must be offered an opt-in system when such trials or the scheme itself is put online? Furthermore, is he aware that in the US, Congress has asked that this scheme be put on hold while the privacy implications are examined? Will he do the same?

My Lords, the noble Baroness has a particular interest in this issue and she raises some very important and good points. Before I looked into it as a result of the Question, I certainly had not addressed it. The Home Office, BERR and the Information Commissioner were not aware of the two tests conducted by BT, which was not good. I know that the Information Commissioner’s Office and BERR are now investigating that very issue, which is very appropriate. Since then, BT has approached all three authorities about a trial with around 10,000 broadband subscribers.

The right measures are in place to look at that, but we possibly need a test case to see whether this is interception or not. I am not clear in my own mind on that yet and I will take away that task to see whether it is. If it is, it will be covered by a chunk of the regulation of investigatory powers legislation. If it is not, we will need to think about how we will deal with it. I was aware that the Americans have an issue with it. At the moment, the Information Commissioner has given advice to people and we are protected.

My Lords, in view of the concern expressed by the noble Baroness about privacy, will the Government withdraw their plans for a communications data Bill to set up a database logging every private phone call and e-mail? There has been enormous opposition to the idea, including that from the Information Commissioner.

My Lords, the noble Viscount is referring to the IMP. It is very early days as to where we go on this and it relates to entirely new methods of how telecommunications firms will transmit and move data. It is also early days to see how this will impact on any aspects of intercept. We have come to no decisions on any of that. It is still being looked at. It is too early to make any statement.

My Lords, last year, in a Science and Technology Committee report of this House on internet security, the committee recommended that a system of kite marks be established that identified respectable behaviour from ISPs. That recommendation was rejected by the Government. In a follow-up report, the noble Baroness, Lady Vadera, said that the Government would look into this proposition. How is that going?

My Lords, I do not know the detail of that. I know that in the Data Sharing Review, published in July, the Information Commissioner, Richard Thomas, and Dr Mark Walport came up with a series of proposals. Perhaps I may get back in writing on that point.

My Lords, following my noble friend Lady Miller’s Question and the use of this technology, especially by Virgin Media, to write to 800 customers warning them about this downloading, is it not a real cause for concern that this can be used to infringe on a person’s privacy in this way?

My Lords, we have to be careful because very often people do not realise how much data are used by these various firms—they know your URLs, they know your name and they know when you log on and log off. All of these data are there already. It is quite legal, for example, if I go on to Google and say that I am a sailor and interested in ships, that when my web page comes up the adverts that appear on it tend to deal with ships and shipping. They already do this. What they are now asking to do through Phorm is to go further. That is why we have to monitor this issue closely. The ICO needs to get involved much more than he is. He has issued advice on Phorm on his website and we are keeping a close eye on this. I have made the point about whether this reaches into the regulation of investigatory powers legislation and whether we need a trial case to establish that. Otherwise we are covered. I used to say to my people in the Navy that more people look at your internet information than look at a postcard when you write it. People tend to forget that. The data are used for quite legal purposes.

My Lords, can the Minister explain how the Home Office advice to Phorm found its way onto the cryptome.org website? More broadly, the Minister referred to IMP: can he explain what the interaction between IMP and the SCOPE programme will be?

My Lords, as I said, I do not want to go down the IMP route at the moment. We are in the very early days of deciding what we want to do and where we are going and it would be imprudent of me to step into that debate at the moment.

My Lords, what is the division between national interest and national privacy? The net is worldwide and, therefore, our details are available worldwide. Is there a need for international discussion on these matters?

My Lords, perhaps I may first wish the noble Baroness a happy birthday. I go back to what I said. A lot of information is available to the internet service providers through headers, URLs and so on. There is no doubt that the driver for Phorm is the cut-throat market. Providers are finding it difficult to make the profit margins they want and wish to charge advertisers more. They can do this by promising that they will target precise adverts to people. That is the driver to it. There are concerns about individual privacy and so on. The noble Baroness is right: it is a worldwide system. Internet service providers have access to such details, but they have to put safety measures in place; and that is what the ICO is meant to ensure happens.