t: 020 7219 8155 e: fieldm@parliament.uk

Investigatory Powers Bill

March 15, 2016

 

I prepared the following speech for Second Reading of the Investigatory Powers Bill. It may be that I will not get the chance to speak so will hope to make these points at Report Stage instead.

In the admittedly short history of pre-legislative scrutiny, surely no prospective law has been through the mill as comprehensively as the Investigatory Powers Bill.

This is welcome; but I still believe the Science and Technology Select Committee are right to warn that this legislation lacks clarity and the absence of precision and proportionality still makes opaque the obligations on either global communication service providers or the tech industry at large.

As someone who served throughout the last Parliament on the Intelligence and Security Committee, I would fully endorse their view of the key importance of adopting consolidating legislation if we are to restore public confidence in the workings of law enforcement and our security services. As the current ISC note in their pre-legislative report various powers and authorisations remain hopelessly scattered through different pieces of legislation. A failure of this legislation to consolidate is a serious missed opportunity, although I recognise the time constraints which the government works under.

Nearly three years have now passed since the publication of documents, stolen and disclosed by NSA contractor, Edward Snowden, which first led to allegations that US and UK security services were in cahoots. Claims that they were engaging in blanket surveillance were not simply damaging to national security, but put into sharp focus the serious ethical questions that lie at the heart of this Bill. The balance between national security and individual liberty; the obligations that reside with privately-owned technology companies – many with vast, global reach – to undertake surveillance alongside government, unbeknownst to their clients with whose data they have been entrusted.

I believe that the single most profound impact of the Snowden revelations has been felt by the global communications service providers. Their cooperation – collusion, perhaps, would be a more accurate word – with the government, law enforcement and security services remain essential to the workings of this legislation. Yet the exposure of the hitherto cosy, under-the-radar relationship between the technology giants and the authorities has damaged their reputation particularly in the eyes of their younger users. The risk of new tech challengers appealing to a sceptical young hipster clientele with their unique selling point the non-cooperation with security services should make us all shudder. Small wonder the CSPs insist that their work for and on behalf of government must now be governed by a robust legal framework setting out clear obligations. As I have observed before the critical importance of CSP involvement here will make it difficult to resist their demands for global protocols, not least in the highly contentious sphere of authorisation of warrants. UK exceptionalism in this area holds that senior Ministers, having political accountability and a well-honed sense of national security considerations, should be the ultimate arbiters of warranty, albeit subject to judicial oversight. As this Bill makes its way through parliament, and especially in the House of Lords, I strongly suspect that the government’s understandable instinct to hold to this traditional line will be sorely tested.

The technology industry believe that their commercial and reputational interests are only protected now by a watertight, legal framework. This means a set of rules that cannot be subject to jurisdictional arbitrage by collaborating security services and will make it difficult for the UK to avoid at the very least having a cadre of senior judges. Such senior lawyers will have specialist knowledge and experience in this highly technical field, which will result in their enjoying a more substantial and decisive role in scrutinising the operation of the warranty process.

It has been widely observed that the global technology and communication service providers’ stratospheric growth over the past two decades has been aided by their ability to avoid taxation. The Google controversy of recent months will surely be followed by others in this industry (Uber, Facebook and Apple to name but three) who have been able to squirrel away profits in the most tax advantageous manner. However, it might also be wise to reflect that this has been the price – unarguably an overly generous gift from taxpayers – that governments have been willing to pay in order to secure the essential cooperation in the sphere of internet surveillance, which Western governments believe is so vital to national security.

However, I reckon we are now at a crossroads in public sentiment. The high tide of global technology dominance may be upon us. Perhaps it is no longer the prerogative of the Luddite to wish to see the tech giants brought down to size, however loudly they insist upon the virtues of a ‘sharing economy’ or their array of apps that freeload on existing infrastructure, needless to say all developed and paid for our of fusty ‘old economy’ taxation. Yet at the same time as the CSPs now strike a public pose standing up for their customers’ privacy against Big Government, it is worth recalling that their very business models hinge upon the exploitation of knowledge and information from their own users. Information which can then be sold for profit to third party advertisers.

Where our security services come into play is in the interception, either targeted on the communications of a subject of interest, or more controversially the bulk interception of vast quantities of data on the internet. Nevertheless the handling of bulk interception involves three further stages: filtering, targeting and selection of specific datasets.

Provisions for the storage of bulk and selected data for the proposed twelve month period are important for a rarely avowed reason. For whilst existing surveillance techniques in truth have limited application in identifying new threats or targets, in the aftermath of a terrorist incident this type of technical intelligence is invaluable in the process of reconstructing events and building up an accurate picture of the activities and associates of a known terrorist or serious criminal.

Plainly we need to realise that our terrorist adversaries are increasingly ahead of the game and that risks rendering a distressingly large proportion of this legislation effectively redundant. ISIL in particular recognise that avoiding a digital footprint is the best way to protect their own security. Either that or adopting the increasingly sophisticated encryption techniques, which cannot be overcome simply by granting security services ever wider or more draconian powers.

Modern encryption is virtually unassailable, if done properly. Regrettably politicians are no more in a position to outlaw or ban encryption than they are to disinvent nuclear weapons. The power of encryption hinges upon the underlying mathematical modelling. For security services the world over the sheer spread of commercial technology has fundamentally altered the balance between defending your own computerised systems and unseen surveillance inside your enemies’ systems. On the one hand government craves the capacity to achieve total security of its own systems, yet on the other it is acutely aware that those self-same techniques will enable our targets to evade the day-to-day surveillance essential to counter-terrorism. So fundamentally we have to ask whether in devising technology systems is it more important to exploit, or even create, weaknesses that allow for systems to be left open. This deliberate creation of so-called ‘back doors’ to bypass encryption protection is now so well documented as to be practically ineffective in the face of a well-resourced, highly motivated and technologically savvy terrorist adversary.

The key point here is that Western security services – in particular the NSA, the American equivalent of our GCHQ – have led the way in devising, protecting and implementing encryption, so they are understandably the most fearful of its universal application. The emergence and growth of the ‘dark web’ – sitting beyond the knowledge or access of law enforcement agencies – is the murky secret that ought to hang like a shroud over much of the debate we are having over this charter governing investigatory powers and surveillance. The truth is that whilst the codification and balanced extension of powers that this legislation offers to security services and law enforcement alike is timely and important, it is assuredly not a silver bullet to the criminal and terrorist threats we face. Diligent, coordinated watchfulness will help protect more than a flurry of new laws or the collection of larger quantities of information.

Increased resourcing for our security services in these dangerous, unpredictable times is welcome. But we should judge carefully whether it might be better not to spend near limitless sums on ever more sophisticated computerised systems accessing vast quantities of data, but further complicating the authorities’ key task of sifting out the relevant from the peripheral. Instead it might be a better use of our resources to focus on the more traditional spying tradecraft of old-fashioned human intelligence.

There is in my view a risk that too much store today is being placed on the interception of communications. More expansive, imaginative use of human intelligence allows for deeper cultural understanding in far-flung parts of the world – it also recognises, more than a reliance on surveillance outcomes, that intelligence is by its nature often contradictory and episodic.

Surely at the heart of protecting us in this dangerously unpredictable world is the fostering of a more nuanced understanding of events, history and cultural difference. The twin notions of surveillance, even if more comprehensive than encryption allows, alongside the vast expenditure now being earmarked on drone warfare programmes seems a world away from this and focuses solely on ‘hunting down the bad guys’.

Technological advances and new sophistication in encryption techniques will make elements of this Bill superfluous within a very few years; moreover, in dealing with the unknown unknowns it is despite the Home Office’s best intentions virtually impossible to ‘future proof’ laws such as this. We in the political village must appreciate this and in providing reassurance to our electors that we take seriously their security, avoid suggesting glibly that simply passing laws ensures safety against an ever more sophisticated terrorist and organised criminal threat.