With permission, Madam Deputy Speaker, I would like to make a statement about the use of communications data and interception; the difficulties faced by the police, law enforcement agencies and the security and intelligence agencies in utilising those capabilities; and the steps the government plans to take to address those difficulties.
Before I do so, Madam Deputy Speaker, I would like to make something very clear. What I want to propose in my statement today is a narrow and limited response to a set of specific challenges we face. I am not proposing the introduction of the Communications Data Bill that was considered in draft by a Joint Committee of both Houses of Parliament last year. I believe that the measures contained within that Bill are necessary – and so does the Prime Minister – but there is no Coalition consensus for those proposals and we will have to return to them at the general election.
The importance of communications data and interception
The House will know that communications data – the ‘who, where, when and how’ of a communication but not its content – and interception – which provides the legal power to acquire the content of communication – are vital for combating crime and fighting terrorism. Without them, we would be unable to bring criminals and terrorists to justice and we would not be able to keep the public safe.
For example, the majority of the Security Service’s top priority counter-terror investigations use interception capabilities in some form to identify, understand and disrupt the plots of terrorists.
Communications data has played a significant role in every Security Service counter-terrorism operation over the last decade. It has been used as evidence in 95 per cent of all serious organised crime cases handled by the Crown Prosecution Service. And it has played a significant role in the investigation of many of the most serious crimes in recent time, including the Oxford and Rochdale child grooming cases, the murder of Holly Wells and Jessica Chapman and the murder of Rhys Jones. It can prove or disprove alibis, it can identify associations between potential criminals, and it can tie suspects and victims to a crime scene.
I have talked before about the decline in our ability to obtain the communications data we need, which is caused by changes in the way people communicate and the technology behind those forms of communication and that is why I continue to support the measures in the draft Communications Data Bill
But in addition to that decline, we now face two significant and urgent problems relating to both communications data and interception. First, the recent judgement by the European Court of Justice that calls into question the legal basis upon which we require communication service providers in the UK to retain communications data. And second, the increasingly pressing need to put beyond doubt the application of our laws on interception, so communication service providers have to comply with their legal obligations, irrespective of where they are based.
So I can tell the House that today the government is announcing the introduction of fast-track legislation – through the Data Retention and Investigatory Powers Bill – to deal with these two problems.
I want to deal with communications data first, because we must respond to the ruling by the European Court of Justice that the Data Retention Directive is invalid.
This directive was the legal basis upon which the governments of EU member states were required to compel communication service providers to retain certain communications data, where they do not otherwise require it for their own business purposes. Indeed, the ruling provides us with such a problem precisely because very strong data protection laws mean that, in the absence of a legal duty to retain specific data, companies must delete data that is not required beyond their strict business uses. This means, if we do not clarify the legal position, we risk losing access to all such communications data, and with it, the ability to protect the public and keep our country safe.
The ECJ ruling said that the Data Retention Directive does not contain the necessary safeguards in relation to access to the data. But it did not take into account the stringent controls and safeguards provided by domestic laws – and in particular the UK’s communications data access regime, which is governed primarily by the Regulation of Investigatory Powers Act 2000. RIPA was, and remains, designed to comply with the European Convention on Human Rights. It ensures that access to communications data can only take place where it is necessary and proportionate for a specific investigation. It therefore provides many of the safeguards that the European Court of Justice said were missing from the Data Retention Directive.
This ECJ judgement clearly has implications not just for the United Kingdom but also for other EU member states, and we are in close contact with other European governments. Other countries, such as Ireland and Denmark, implemented the Data Retention Directive through primary legislation, which means that they have retained a clear legal basis for their data retention policies, unless a separate, successful legal challenge to their legislation is made.
The UK does not have that luxury, because here the Data Retention Directive was implemented through secondary legislation. While we are confident that our regulations remain in force, the Government must act now to remove any doubt about their legal basis and to give effect to the ECJ judgment. The legislation I am publishing today – and the draft regulations that accompany it – will not only do this, they will enhance the UK’s existing legal safeguards and in so doing it will address the criticisms of the European Court.
The House will understand that I want to be clear, as I said earlier, that this legislation will merely maintain the status quo. It will not tackle the wider problem of declining communications data capability, to which we must return in the next Parliament. But it will ensure, for now at least, that the police and other law enforcement agencies can investigate some of the criminality that is planned and takes place online. Without this legislation, we face the very prospect of losing access to this data overnight, with the consequence that police investigations will suddenly go dark and criminals will escape justice. We cannot allow this to happen.
Madam Deputy Speaker, I want to turn now to interception, because there is growing uncertainty among communication service providers about our interception powers.
With technology developing rapidly and the way in which we communicate changing all the time, the communication service providers that serve the UK but are based overseas need legal clarity about what we can access.
The House will understand that I cannot comment in detail on our operational capabilities when it comes to intercept, but I have briefed the Opposition on Privy Council terms and members of the Intelligence and Security Committee have heard first hand from the security and intelligence agencies, and it is clear that we have reached a dangerous tipping point. We need to make sure that major communication service providers cooperate with the UK’s security and intelligence and law enforcement agencies when they need access to suspects’ communications. Otherwise we would immediately see a major loss of the powers and capabilities that are used every day to counter the threats we face from terrorists and organised criminals.
The Bill I am publishing today will therefore put beyond doubt the fact that the existing legal framework, which requires companies to cooperate with UK law enforcement and intelligence agencies, also extends to companies that are based overseas but provide services to people here in the UK. I will make copies of the draft Bill available in the Vote Office. I will also make available the Regulatory Impact Assessments and the draft regulations to be made under the Bill, in order to allow the opportunity for the House to scrutinise these proposals in full.
The Parliamentary timetable for this legislation is inevitably very tight. My Rt Hon Friend, the Leader of the House, has just provided details of the prospective timetable for the Bill’s consideration. But it is crucial that we must have Royal Assent by summer recess.
The government has therefore sought to keep this Bill as short as possible. It is also subject to a sunset clause that means the legislation ceases to have effect from the end of 2016. This means that the Bill solves the immediate problems at hand and gives us enough time to review not just the full powers and capabilities we need – but also the way in which those powers and capabilities are regulated – before Parliament can consider new, and more wide-ranging legislation after the general election.
Mr Speaker, it is right that we must balance the need to prevent criminal exploitation of communications networks with safeguards to protect ordinary citizens from intrusions upon their privacy.
That is why, alongside the legislation I am publishing today, the government will also introduce a package of measures to reassure the public that their rights to security and privacy are equally protected.
We will reduce the number of public authorities able to access communications data. We will publish an annual transparency report giving as much detail as possible – within obvious parameters – about the use of these sensitive powers. We will appoint a senior former diplomat to lead discussions with other governments to consider how we share data for law enforcement and intelligence purposes.
We will establish a Privacy and Civil Liberties Board, based on the US model. This will build on the role of the Independent Reviewer of Terrorism Legislation and the Board will consider the balance between security and privacy and liberty in the full context of the threat we face from terrorism.
And we will review the interception and communications data powers we need – as well as the way in which those powers and capabilities are regulated – in the full context of the threats we face. The government is discussing in the usual channels the precise form this review might take but I hope that an initial report will be published before the next election.
The threat context
Madam Deputy Speaker, I have said many times before that it is not possible to debate the correct balance between security and privacy – and more specifically the rights and wrongs of powers and capabilities such as access to communications data and interception – without understanding the threats that we face as a country.
Those threats remain considerable. They include the threat from terrorism – from overseas and from here in the UK – but also the threat from industrial, military and state espionage practised by other states and foreign businesses; the threat from organised criminal gangs; and the threat from all sorts of criminals whose work is made easier by cyber technology.
In the face of such a diverse range of threats, the government would be negligent if it did not make sure the people and the organisations that keep us safe – the police, other law enforcement agencies, and the security and intelligence agencies – have the legal powers to utilise the capabilities they need. They are clear that we need to act immediately. If we do not, criminals and terrorists will go about their work unimpeded, and innocent lives will be lost. That is why I commend this statement – and this Bill – to the House.