Cookies: We use cookies to give you the best possible experience on our site. By continuing to use the site you agree to our use of cookies. Find out more.

House of Lords Hansard

Investigatory Powers (Codes of Practice) Regulations 2018

01 February 2018
Volume 788

    Investigatory Powers (Interception by Businesses etc. for Monitoring and Record-keeping Purposes) Regulations 2018

    Investigatory Powers (Review of Notices and Technical Advisory Board) Regulations 2018

    Investigatory Powers (Technical Capability) Regulations 2018

    Motions to Approve

    Moved by

  • That the draft Regulations laid before the House on 18 December 2017 be approved.

    Relevant document: 16th Report from the Secondary Legislation Scrutiny Committee

  • My Lords, I am pleased to be given the opportunity today to debate these important regulations, which are all being made under the Investigatory Powers Act 2016.

    That legislation brings together powers available to our law enforcement and security and intelligence agencies to obtain communications and data about communications. I make it quite clear that these powers are vital to the protection of our citizens. They ensure that our agencies are able to bring to justice serious criminals, including terrorists and paedophiles; they enable plots that threaten our national security to be investigated effectively; and they make sure that our agencies can locate and safeguard vulnerable and missing people.

    The Act also ensures that these important powers are subject to rigorous safeguards and oversight. It has introduced a double lock, such that any decision to use the most intrusive powers in the Act must be approved by a judge, and it has created a powerful new Investigatory Powers Commissioner to oversee the use of these powers. That post is held by Lord Justice Fulford, who, as noble Lords will be aware, brings a wealth of experience in the judiciary and expertise in matters of law that will be crucial in carrying out this vital role.

    The Act received Royal Assent in November 2016 following comprehensive scrutiny in this House as well as in the other place. The detail of that scrutiny has ensured that the Act provides a world-leading legal framework regulating the exercise of these crucial powers. The regulations that we are debating today form an important part of that legal framework and are all intrinsically linked to the Act’s implementation.

    I make it clear that the regulations do not, of course, create any new powers. However, they ensure that a number of important powers in the Act can be exercised and they set out how a number of those provisions will be used. Collectively, they also create additional safeguards on top of the already rigorous controls that are contained in the Act itself.

    We debate four sets of regulations today. First is the Investigatory Powers (Technical Capability) Regulations 2018. These regulations set out the obligations that may be imposed on a telecommunications or postal operator in a “technical capability notice”. Such a notice will require the relevant operator to maintain the necessary capabilities and infrastructure to ensure that when a warrant or authorisation is served on or given to them, they are able to provide assistance in giving effect to it quickly and in a secure manner.

    The Act itself makes it clear that a telecommunications operator may be required, as part of maintaining a technical capability, to retain the ability to remove electronic protection from communications that they have themselves applied. The regulations do not change this position. They simply set out that such an obligation could be included in a technical capability notice, as well as making it clear that the obligation itself may only require any steps to be taken to remove encryption that are reasonably practicable.

    The use of technical capability notices is subject to very strong controls and safeguards set out in the primary legislation. The Secretary of State may decide to give a notice only where it is necessary and proportionate and that decision must be approved by a judicial commissioner. In addition, before giving a technical capability notice the Secretary of State must consult the operator to whom it is to be given and must also take into account a number of factors, including the technical feasibility and likely cost of the operator complying with it. Further, before the notice is given, the Secretary of State must also consider the public interest in the security and integrity of telecommunications systems.

    The Act also ensures that telecommunications operators have an effective right of redress where they have been given a technical capability notice or, indeed, a national security notice or data retention notice. Specifically, the Act makes it clear that the relevant operator may seek a review of that notice by the Secretary of State. When conducting such a review, the Secretary of State must consult the Technical Advisory Board—a non-departmental public body—as to the technical feasibility and cost of the notice, as well as a judicial commissioner in relation to its necessity and proportionality.

    The second set of regulations that we debate today, the Investigatory Powers (Review of Notices and Technical Advisory Board) Regulations 2018, set out the circumstances in which such a review may take place and how the Technical Advisory Board must be constituted.

    The third set of regulations is the Investigatory Powers (Codes of Practice) Regulations 2018. This instrument brings into force five codes of practice under the Act. The codes relate to the interception of communications; equipment interference; the bulk acquisition of communications data; national security notices; and the intelligence services’ retention and use of bulk personal datasets.

    Each of the five codes sets out processes and safeguards governing the use of these vital powers. They give detail on how the relevant powers should be used, including examples of best practice. They provide additional clarity and will ensure the highest standards of professionalism and compliance with the Act’s provisions.

    The codes are primarily intended to guide those public authorities that are able to exercise powers under the Act, as well as telecommunications operators that might be required to provide assistance in giving effect to its provisions. They provide detailed information on the processes for applying to use each of the powers, as well as in relation to the renewal, modification and cancellation of warrants and authorisations. They set out detailed safeguards in relation to the obtaining, retention, handling and destruction of information obtained in the exercise of the Act’s provisions, and they include detailed requirements on public authorities in relation to record-keeping and error reporting to aid the Investigatory Powers Commissioner in carrying out his oversight functions. The codes are detailed and comprehensive which together include more than 400 pages of guidance and best practice, ensuring that the use of these important powers is subject to the most stringent safeguards.

    The final set of regulations that we are debating today are the Investigatory Powers (Interception by Businesses etc. for Monitoring and Record-Keeping Purposes) Regulations 2018. As under pre-existing law, the Act makes it a criminal offence to intercept communications in the absence of lawful authority. It also makes it clear that lawful authority includes interception by businesses or other bodies where it is a legitimate practice. These regulations set out what conduct that includes. Such activities might be, for example, call centres recording telephone calls for training purposes, companies scanning their computer networks to detect cyberattacks or businesses ensuring that their systems are not being used for unauthorised purposes. These regulations simply ensure that companies can undertake these important routine activities without falling foul of the offence of unlawful interception.

    In summary, the regulations we are debating today relate to provisions already set out in primary legislation and ensure that the provisions can be implemented effectively. They make it clear how a number of powers in the Act will operate and establish additional safeguards to the already rigorous controls set out in the primary legislation itself. I commend the regulations to the House.

  • My Lords, I am happy to support the Minister in everything she has said about these regulations. A few years ago I had the privilege of chairing the Joint Select Committee on the draft of the Investigatory Powers Bill. The committee made around 80 recommendations which were all accepted by the Government, and I think that few Bills in the past couple of Sessions have been subject to as much scrutiny as this one. It was considered for many days in this House and in the other place, as well as in the Joint Committee. It was right that that was the case because the powers given by the Bill to the intelligence agencies are very wide and deep—rightly so, but safeguards have been built into the Act and now, of course, they are built into the regulations as well. That is necessary because we have to strike a balance between the liberty of the individual on the one hand and the safety of our citizens on the other.

    I welcome in particular the regulations on the codes of practice, which were central to the thinking of the Joint Committee. The Minister in the other place, Mr Ben Wallace, indicated that they are “user friendly” in terms of their language, and certainly they are more user friendly than the regulations themselves, which are phrased in gobbledegook, to say the least. The Technical Advisory Board, something that the committee recommended, has now been set up. It is an important development along with, as the Minister has said, the appointment of the new Investigatory Powers Commissioner, Lord Justice Fulford. On behalf of the Opposition, my successor as the Member of Parliament for Torfaen, Nick Thomas-Symonds, supported these recommendations and I do not doubt that my noble friend Lord Kennedy is likely to do the same. As a former chair of the Intelligence and Security Committee, I support them too because these regulations are vital to implementing the Act. I also congratulate the services on their work in ensuring that our children are safe from paedophiles and our citizens are safe from terrorists.

  • My Lords, if the House will allow me, I should like to make a few comments about what happened during Oral Questions yesterday. Perhaps I may say that the decision of the Prime Minister, the right honourable Theresa May, to refuse the resignation of the noble Lord, Lord Bates, was one of her better decisions. I also commend the noble Lord, Lord Taylor of Holbeach, on how he picked up the loose ball and ran with it. It just shows what the Government can do if they work together rather than against each other. The noble Baroness, Lady Smith of Basildon, reflected the views of the overwhelming majority in the House in indicating genuine respect and affection for the noble Lord, Lord Bates. We are very pleased that he is having a couple of days of well-earned rest before he resumes the fray. However, I fear that is the end of me being nice.

    I thank the Minister for introducing these regulations, which, if the House will allow me, I will take in the order set out on the Order Paper rather than in the order in which the Minister spoke to them. The regulations have been introduced against a background of two linked and significant matters. First, the 16th report of the Secondary Legislation Scrutiny Committee states:

    “Because bulk interceptions in particular have the potential to include communications of people who are not suspects as well as those who the security services are targeting, this legislation is likely to be of interest to the House”.

    In other words, this important committee of the House has given these regulations a red flag, not least because the codes of practice run to several hundred pages. Again I quote:

    “We were therefore disappointed with the obscurity of the original Explanatory Memorandum which gave the reader no indication of the potential effects of these Codes.”

    Secondly, the Home Office is having to make late changes to the Investigatory Powers Act in an attempt to comply with the European Court of Justice ruling on the UK’s mass surveillance powers following the decision of the Appeal Court this week. We had long debates, as the noble Lord has just said, during the passage of the Investigatory Powers Act. We on these Benches argued that the bulk acquisition of communications data treated everyone in the UK as a suspect. We drew a distinction between mobile phone data that is routinely kept by communications service for billing purposes—such as where was the call made and where was the person calling, so that the person can be charged the right amount on their bill—and new communications data that CSPs do not routinely collect; for example, so-called internet connection records, where CSPs will be required to keep a record of the first page of every website that every user of the internet in the UK visits on a rolling 12-month basis. The Investigatory Powers Act allows police and other organisations to self-authorise access to such data. The Appeal Court ruled on Tuesday that the Data Retention and Investigatory Powers Act 2014, many of the powers in which are incorporated in the Investigatory Powers Act, is inconsistent with EU law because of a lack of safeguards and the absence of a prior review or an independent administrative authority.

    Noble Lords may wonder what this has to do with the regulations before the House today. The Investigatory Powers (Codes of Practice) Regulations 2018 include a draft code of practice on bulk acquisition of communications data. My understanding is that the Government claim that the judgment does not affect bulk acquisition of communications data because this is limited to the intelligence services—the Security Service, the Secret Intelligence Service and GCHQ—and that these organisations are concerned with national security, which is outside EU data protection law. The first problem with this is that GCHQ, in particular, in involved in accessing data in relation to serious crime; for example, working jointly with the National Crime Agency on child sexual exploitation, which is not within the normal definition of a national security issue.

    The second problem is that, after Brexit, the UK will be treated as a third-party country by the EU 27. National security issues will no longer be exempt from scrutiny and compliance with EU law if the UK wants to continue to exchange data with the EU 27. Will the Minister explain what impact the UK’s need to secure an adequacy certificate from the EU in relation to compliance with EU data protection standards once we exit the EU will have on the bulk acquisition draft code of practice? Will she also explain what advice Ministers are receiving about the likelihood of success of Liberty’s other challenge to the Investigatory Powers Act, due to be heard in the High Court later this year, and what effect that will have on these codes of practice? The bulk acquisition draft code of practice also talks about communications operators receiving public funding and support to ensure that they can provide an effective and efficient response to the security services’ requests for data. Can the noble Baroness tell the House how much public funding will need to be provided, particularly in relation to ICRs that are not collected and stored at the moment?

    On the second code of practice, in relation to equipment interference, we pointed out in debate on the Investigatory Powers Bill the anomaly that while requests from the security services for equipment interference—downloading the contents of a mobile phone or exploiting weaknesses in software to enable remote accessing of a computer, for example—had to be authorised by a Secretary of State, requests by law enforcement agencies for equipment interference could be self-authorised by a law enforcement chief. The interception of communications warrants, covered by the third code of practice, has to be authorised by a Secretary of State whether the request comes from the security services or law enforcement agencies, but a Secretary of State’s authority is not required in the case of equipment interference warrants for law enforcement agencies. Surely, in the light of the decision of the Court of Appeal, such self-authorisation should no longer be permitted?

    Targeted equipment interference warrants can be issued against equipment belonging to or in the possession of an organisation or equipment in a particular location. Can the Minister explain, if warrants allow interference with the equipment of innocent people within that organisation or at that location—collateral damage, if you will, in pursuit of the real criminals and terrorists—how that is compliant with the ruling of the High Court and the ECJ?

    The Investigatory Powers (Interception by Businesses etc. for Monitoring and Record-keeping Purposes) Regulations are straightforward and we support them. The Investigatory Powers (Review of Notices and Technical Advisory Board) Regulations deal with appeals against technical capability notices, national security notices and data retention notices, which includes consultation with the Technical Advisory Board. These regulations set out the composition of the TAB and the process and timing of appeals. We support these regulations as well.

    Finally, we come to the Investigatory Powers (Technical Capability) Regulations, setting out what may be contained in technical capability notices, which impose obligations on a relevant operator in order that the operator can deliver what is required if served with an interception warrant, equipment interference warrant, or warrant or authorisation for obtaining communications data. In the tech sector, techUK represents 900 companies, employing about half of all those employed in that sector in the UK, and it has raised concerns about technical capability notices arising from these regulations.

    Clearly, communication service providers must have the technical capability to be able to comply with lawfully authorised warrants. But these regulations also require CSPs,

    “to notify the Secretary of State, within a reasonable time, of—

    (a) proposed changes to telecommunications services or telecommunication systems to which obligations imposed by a technical capability notice relate;

    (b) proposed changes, to existing telecommunications services or telecommunication systems, of a description specified in the notice, and

    (c) the development of new telecommunications services or telecommunication systems”.

    In her opening remarks, the Minister said that these regulations do not create new powers. But techUK claims that these notifications of innovation were not listed on the face of primary legislation, albeit that the primary legislation states:

    “The obligations that may be specified in regulations under this section include, among other things”.

    I emphasise “among other things”. It goes on to express concern that these provisions could force tech companies half way through development to notify the Home Secretary about what they were doing and that the Home Secretary could then come back and demand changes, extending the tight deadlines under which they operate and risking information about commercially sensitive developments being made public to the benefit of competitors. These provisions could be a barrier to innovation and drive tech companies overseas beyond the reach of these regulations. Can the Minister provide some reassurance to the House that these additional provisions will not stifle innovation and drive tech companies overseas?

  • My Lords, it would be a pleasure to follow the noble Lord, Lord Paddick—except that he has covered everything I was going to cover, and more, and in much greater depth. So all that is left for me to say is that I am untrusting of this legislation—to put it mildly. I am offended by definitions that are not definitive. I am offended by the fact that some of the data collection is indiscriminate. For example, on the bulk personal datasets, on a typical travel route, if you are interested in one or two people, all the passengers will have their datasets collected. That is unreasonable and I deeply regret the regulations.

    The Minister said that this is world-leading legislation, and it is in its draconian reach. Innocent people are going to be affected by this as their data is going to be collected. Whether people are migrants, journalists or innocent bystanders, they will be affected and their lives could be affected afterwards. That is unforgivable. We are being asked to approve these regulations. I do not approve of them; I think they are dreadful. I very much hope that the Government have got it right on the way to curb any excess by the security services. It is a real shame that this has happened. I thank the noble Lord, Lord Paddick, for covering this much more effectively than I have.

  • My Lords, I agree completely with my noble friend Lord Murphy. As the Investigatory Powers Bill went through, it was quite remarkable to see that so many of the suggestions that were made by the committee were accepted—every single one, I think—and that there was such prolonged debate. I am not aware of any legislation or any normal practice in any other country in the world that pays so much attention to the rights of the individual.

  • My Lords, I declare an interest as former Chief Surveillance Commissioner. The regulations which are proposed today seem to be entirely consistent with the primary legislation, and the primary legislation has increased the level of supervision, particularly in relation to the judicial commissioners and the responsibilities that are imposed on them by the legislation.

  • My Lords, having had the privilege of serving on the investigatory powers pre-legislation committee under the chairmanship of the noble Lord, Lord Murphy, and on the Intelligence and Security Committee, and having long experience of the operation of GCHQ and the other intelligence agencies, I start from a different position from that of the noble Baroness, Lady Jones. I start from a position of believing that these agencies operate very high standards and that the detail of these codes of practice, which have taken some time to produce, are an indication of that.

    I have two questions for the Minister which may have been covered by the noble Lord, Lord Paddick, but in which I am interested. The cost of requiring providers to keep records of IP addresses which they would not normally want to keep in the course of their business was an open issue when the committee served. I would be interested if the Minister could tell us—as the noble Lord, Lord Paddick, asked—how much the Government estimate that that cost will be.

    I would also like to know whether the codes of practice on the retention of records are consistent with the judgment of the European Court of Justice in the case brought by Mr David Davis and Mr Tom Watson, and whether that problem has been solved.

  • My Lords, I thank the noble Baroness, Lady Williams of Trafford, for her explanation of the regulations before the House today. Like my noble friends Lord Murphy and Lord West of Spithead, I support these regulations.

    These are important and serious issues, and the Government and Parliament have to balance the rights of individuals to privacy and protection from unwarranted intrusion on the one hand with the rights of us all to be protected and for the authorities to have proportionate powers to help them in the fight against serious crime.

    As we have heard, the Investigatory Powers Act makes it a criminal offence to intercept the communications of a person in the UK without lawful authority and sets out what constitutes that lawful authority. I am clear that the warrants can be issued only where it is proportional and necessary on one or more of three statutory grounds: in the interests of national security; for the prevention and detection of serious crime; and in the interests of the economic well-being of the United Kingdom. Furthermore, the decision to issue an interception warrant will be subject to approval by a judicial commissioner.

    In respect of the targeted interception warrants which would be used as an investigatory tool against individuals or small groups—and in particular points 5.81 and 5.82 of the Interception of Communications Draft Code of Practice, which covers urgent modifications of targeted warrants—can the noble Baroness, when she responds to this debate, tell the House what particular oversight and protections there are? When the senior official makes urgent modifications from the intercepting authority, it must be approved by a senior official in the warrant-granting department within three days, and then both the Secretary of State and the judicial commissioner must be notified as soon as reasonably practical. When you consider that this particular provision could relate to a terrorist incident, or a large quantity of drugs that is going to enter the country imminently, the oversight seems to be quite slow and not in step with the seriousness and urgency that were the reason why the original modification was sought.

    Points 4.13 to 4.18 of the Intelligence Services’ Retention and Use of Bulk Personal Datasets Draft Code of Practice deal with confidential information relating to members of sensitive professions. Can the noble Baroness, when she responds, say something on how the code will protect journalists, and in particular their sources, from being identified? Investigative journalists play an important role in exposing corruption and wrongdoing, which can lead to serious criminal charges against individuals, and they provide an important public service. Can the noble Baroness also say for the record what she sees as “due regard” in respect of point 7.13 in the same code?

    Section 9 of the Bulk Acquisition of Communications Data Draft Code of Practice covers “General safeguards”. Can the noble Baroness say something on how the safeguards on the copying of data, and on the destruction of the data when it is no longer required, will be managed? When data is acquired and copies taken, I can see the risk of losing track of all the copies and then having to ensure that all copies are properly destroyed in a timely manner when they are no longer needed. Can the noble Baroness, in her response, also make specific reference to the processes in place for complaints and for dealing with errors, including serious errors, and can she confirm that she is satisfied with the robustness of the procedures and what procedures are in place to review that robustness?

    In respect of the Investigatory Powers (Technical Capability) Regulations 2018, can the noble Baroness explain why the figure of 10,000 customers was chosen as the one below which these types of warrants cannot be issued?

    The noble Lord, Lord Paddick, made reference to the Appeal Court ruling. It would be useful to hear a response from the noble Baroness to the points he raised. With those questions, I am very happy to support the regulations before the House today.

  • My Lords, I thank all noble Lords who have spoken, particularly the noble and learned Lord, Lord Judge, the noble Lords, Lord Butler and Lord Murphy of Torfaen, and of course the noble Lord, Lord West of Spithead, for in a nutshell outlining what these regulations do, which is to complement the primary legislation. This legislation was thoroughly scrutinised by the committee and all the recommendations that it made were accepted by the Government.

    It is absolutely right that the most rigorous safeguards are in place. In introducing the Act, the Government struck a very clear balance between liberty and safeguarding the people of this country. It is not about undermining the work of journalists: it never was about undermining the work of journalists. As I said in my opening speech, these powers are absolutely necessary to prevent terrorism and intercept paedophiles and serious organised criminals. The aim of the legislation was never towards journalists.

    The noble Lord, Lord Kennedy, asked about oversight. The oversight function is by the commissioner, as I think he suspected. Yes, the codes of practice are lengthy, but they are user-friendly. It is such a complex area, but that was the intention behind the codes of practice.

    Before I turn to the numerous questions that the noble Lord, Lord Paddick, asked, I absolutely echo his words about my noble friend Lord Bates yesterday. He is a wonderful man, a wonderful Minister, and we are very glad that in a few days he will be back. My noble friend Lord Taylor picked up the Question. I do not know how well he answered it, but I am sure in his inimitable way he answered it pretty well, he is such a professional. Yes, I commend the words of the noble Baroness, Lady Smith. This was obviously a spontaneous event and those who responded spontaneously in your Lordships’ House were very generous and kind. I thank everyone who was there at the time.

    The first question of the noble Lord, Lord Paddick, was about the Explanatory Memorandum to the codes. The committee made clear:

    “At our request the Home Office has now replaced this”—

    the Explanatory Memorandum—

    “with one that sets out more clearly what the Codes do and why, which should aid the House in its scrutiny of the way the system is to operate”.

    The noble Lord also asked about bulk communications involving those who are not suspects—innocent people. I reiterate what I said in my opening speech: there are extremely stringent safeguards in the IP Act regulating the use of bulk powers. A bulk warrant may be issued by the Secretary of State only where it is necessary and proportionate—they are the two key words here—and where the decision to issue it has been approved by a judicial commissioner. The bulk powers are available only to the intelligence services, and a bulk warrant may be issued only where it is necessary in the interests of national security.

    Every bulk warrant must specify each of the operational purposes for which the data obtained may be subsequently examined. Examination may not take place for any purpose other than those specified in the warrant, and the Secretary of State and judicial commissioner must be satisfied when they issue the warrant that those purposes are necessary. Examination of bulk data itself may take place, again, only where it is necessary and proportionate. In practice, the safeguards mean that only a tiny fraction of the data obtained will ever be accessed.

  • Does not the Minister agree that the collection of bulk data is not assuming that everyone in our population is a suspect, as the noble Lord, Lord Paddick, said, any more than the camera systems on our public transport assume that everyone on that bus is a suspect? Rather, it highlights and spots the person who sticks a knife in someone.

  • I am very grateful to the noble Baroness. The question I was asking, reflected by another noble Lord during the debate, was: what is the impact of the Appeal Court ruling this week and the decision of the European Court of Justice on these very issues? The expression I used was one that came from that judgment rather than being one I was adopting as my own.

  • Sometimes the problem with interventions is that you do not get around to saying what you were going to say. Perhaps noble Lords will be patient. The noble Lord, Lord West, put it very succinctly and illustrated what we mean by bulk data.

    Where the content of a communication is to be examined when it is of a person known to be in the British Isles, a separate targeted examination warrant must be obtained, which is in itself subject to approval by the Secretary of State and a judicial commissioner. The codes of practice that I have been outlining today provide additional safeguards on the use of bulk powers relating to filtering data, the training that must be obtained by those examining it and how bulk data should be handled, retained and destroyed.

    The noble Lord, Lord Paddick, also asked if warrants allowed interference with devices of innocent people and asked how that was compliant with the ECJ ruling—the question on everyone’s lips. Equipment interference is subject to stringent safeguards and any warrant must be necessary and proportionate and must be approved by a judicial commissioner. This House has, of course, approved those strong safeguards.

    I see the noble Baroness, Lady Chakrabarti, looking quite interested, because the noble Lords, Lord Paddick and Lord Butler, asked about the Liberty challenge to the IP Act and the Government’s response to it. The judgment handed down by the Court of Appeal on Tuesday this week—I presume that that is the one that they are referring to—relates to the challenge brought against the DRIP Act. It has now been replaced by provisions in the Investigatory Powers Act, and therefore the judgment relates to legislation that is actually no longer in effect. The provisions in the Act challenged by Liberty, which will be heard at the end of February in the High Court, relate to targeted communications data and, therefore, are not relevant to the debate today.

    I move on to the technical capability regulations. I was asked whether they would stifle innovation. To be clear here, none of the regulations that we are discussing today in and of themselves place any burden on industry. To suggest that the Investigatory Powers (Technical Capability) Regulations 2018 would damage companies operating in this country is to misunderstand what the provisions in those regulations actually do. Those regulations do not themselves impose any requirements on telecommunications or postal operators. Rather, they set out what obligations could be imposed on an operator through a technical capability notice. The power for the Secretary of State to give such notice is set out in the Investigatory Powers Act itself, and has therefore already been approved by Parliament. There are stringent safeguards in the Act regulating the use of technical capability notices to minimise the impact on businesses, including that the notice must be necessary, proportionate and approved by a judicial commissioner. As I have already said, before giving a technical capability notice to a relevant operator, the Secretary of State must consult that operator. In addition, the Secretary of State must consider a number of factors before deciding to give a notice. Those factors include the technical feasibility and likely cost to the operator complying with the notice, which goes to the heart of ensuring that a notice does not damage a company’s interests.

    The Act also makes it clear that the Secretary of State must ensure that arrangements are in force for securing that relevant operators receive an appropriate contribution in respect of their costs incurred in complying with the Act, as the Secretary of State deems appropriate. Such costs include those incurred in relation to complying with a technical capability notice. The Government’s policy is that the appropriate contribution is calculated on a case-by-case basis to ensure that the operator makes neither a loss nor a gain from complying with the Act. A number of the draft codes of practice that we have debated today include an entire chapter on technical capability notices, giving further information about their use, including details of the cost recovery process and the sorts of activities it is anticipated that the Government would fund as part of an operator maintaining a capability.

    I may be repeating myself here, but the noble Lord, Lord Butler, asked about making sure that the codes of practice on retention records are made consistent with this week’s ruling. The judgment related to the retention of communications data by telecommunications operators is not being debated today. The CJEU ruling was not about safeguards for equipment interference or for access to bulk communications data. The IP tribunal considered the specific issue of whether the CJEU judgment applied to bulk communications data and has made a further reference to the CJEU on this very point and on whether the bulk communications data regime is within the scope of the judgment’s safeguarding requirements.

  • My Lords, I realise that I am intervening a bit late, but I did not want to interrupt prematurely, as I did before. Will the Minister comment on techUK’s specific suggestion that the regulations impose an additional aspect to the technical capability notice, in that the Home Office will be alerted to changes in innovation in systems and development? I do not think that the noble Baroness has addressed that specific issue.

  • I do not think that they do, but I will write to the noble Lord, if I may, on that specific point.

    The noble Lord, Lord Butler, asked about the cost of providers keeping IP addresses. The Act makes it clear that companies will be provided with an appropriate contribution to their costs of complying with the Act. The noble Lord will appreciate that I do not have the detail of that to hand, but I am happy to write to him.

    The noble Lord, Lord Kennedy, asked about the processes in place for dealing with errors. There are entire sections of the codes of practice setting out the processes for reporting errors to the IP commissioner, including the timeframe for when it must be reported and what might constitute an error. The commissioner has broad and comprehensive powers to investigate such errors.

    I think I have answered everything apart from the question from the noble Lord, Lord Paddick.

  • Motions agreed.