House of Commons Hansard Debates for 6 Mar 2000 (pt 10)

Mr. Straw rose--

Miss Widdecombe: The right hon. Gentleman now has the answer to my point about social security.

Mr. Straw: I was checking whether my recollection of the matter was correct. Recently, there was a large case in Lancashire. In most cases of serious social security fraud, the police are involved. There is no problem in the police making an application through the National

6 Mar 2000 : Column 779

Criminal Intelligence Service--they do that through an intermediary. There would be no impediment to that system for applications in cases of serious benefit fraud.

Miss Widdecombe: I am grateful to the right hon. Gentleman for that attempt at elucidation, but the situation remains exactly as I described it. The head of social security cannot apply for an interception warrant. I invite the right hon. Gentleman to consider whether there are cases that might not necessarily be dealt with at one remove through the police and whether there might thus be some circumstances in which that individual should be able to apply for an interception warrant.

The Internet Services Providers Association believes that

in order to allow enforcement agencies to carry out their work, there should be provision to allow interception of communications.

The association is not against the Bill in principle. The Federation of the Electronics Industry has said:

FEI does not question the objectives or underlying reasons for the proposed legislative reforms.

The Alliance for Electronic Business has said that

the Alliance strongly supports the Government's objective in regulating the interception and monitoring of electronic communications.

Therefore, there appears to be general support for the principles, but that puts upon us an even greater responsibility to listen to what those bodies say about the improvements that are needed to the Bill.

Too many times during the Bill's consultation process, the views of industry have been overlooked. A balance has to be struck between allowing law enforcement to operate--as it must and the House would expect it to--allowing industry to deliver what the Bill asks of it and avoiding over-regulation.

Clause 12 will enable the Home Secretary to require communication services providers to have an interception capability and, by notice, to require certain technical steps to be taken to achieve that. The industry is concerned that the steps proposed by the Home Secretary may be either technically flawed or disproportionate. The technical difficulties involved should not be ignored.

Mr. Fabricant: My right hon. Friend is absolutely right to point out the practical difficulties of interception. Is she aware that up to 100 million e-mails are sent every day and that the routes that they take are quite extraordinary? If I were to e-mail her, it is quite probable that the message would go via California or Australia. What are the practical difficulties in intercepting such communications?

Miss Widdecombe: It is precisely for that sort of highly complex operation that we need to examine carefully the provisions in the Bill.

Mr. Fabricant: And there is the cost.

Miss Widdecombe: My hon. Friend also refers to the cost and he is right to do so. Cost is a significant consideration and I shall come to it shortly.

6 Mar 2000 : Column 780

It will not be good enough simply to have the ability to intercept data. We must have the technical capability to read it and, as the Home Secretary has acknowledged, that is something completely different. Messages on the internet are split and sent by different routes, as my hon. Friend the Member for Lichfield (Mr. Fabricant) has just pointed out. It is also possible to hide messages in other signals. That raises technical issues about the nature and proportionality of what the Home Secretary can propose. There is a balance to be struck, therefore, between the possibility of substantial over-regulation and the practicalities of law enforcement. Through amendments that we shall table in Committee, we shall seek to try to redress that balance where we think that it has gone awry.

Clause 13 enables the Home Secretary to contribute to the cost of providing an interception capability, but it does not give us any clue as to what the Government's approach will be. It is important that the information technology industry has proportionate technical steps to take and that the costs are not so burdensome that they kill fledgling businesses at the cutting edge of technology. The Internet Services Providers Association has said:

if ISPs in the UK are made to carry the burden of the costs of interception, at best they will be at a disadvantage compared to their European and international competitors and at worst will be unable to operate. It does not seem that this position would help make the UK "the best place in the world for e-commerce".

I therefore want to ask the Government three questions. Are they committed to making payments to providers so as to obtain an interception capability? If so, on what basis will payments be made? Will they at least pledge that no communications services provider will be faced with such costs that it will simply be unable to continue?

There is also concern about over-regulation of communications data--for example, billing logs and other logs of communications traffic. Clause 21 will enable designated persons from security services, Customs and Excise and any other authority specified by the Home Secretary to obtain "communications data". Concern has been expressed by operators about the wide range of persons who will have access to that information and about the wide range of information involved.

Modern software enables a very detailed pattern of a person's communications to be obtained, detailing every aspect of life if sufficient communications data are made available. That is a massive invasion of privacy. Although that power could be justified in a serious case, it should be carefully restricted, and the Opposition will want to table amendments in Committee to make sure that it will be. We do not think that the power should be available simply to any public authority. To give an obvious example, it would not be justified to extend such a power to local authorities investigating council tax arrears.

There is also an important technical issue. Communications services providers could be required to build special software and hardware, and it is not at all clear what the extent or cost of that would be. Yet the penalty is a conviction for a criminal offence. The boundaries of what is proposed need to be clarified and they need to be proportionate.

There is a great deal of controversy surrounding clauses 46 to 49. Clause 46 enables authorities to require a person to provide either the key necessary to decode an encrypted message or the information in the message in an

6 Mar 2000 : Column 781

intelligible form. Clause 49 creates the offence of failing to comply with such a notice. Yet the nature of the offence is such that the burden of proving an innocent explanation for failure to provide the key is laid at the door of the accused; in other words, people are presumed guilty unless they can prove that they are innocent.

Mr. Ian Bruce: Is my right hon. Friend aware that approximately half the calls to the parliamentary video and data network, which controls the computers in this place, are from people who have forgotten their password, and there is a routine to get people back into the system? Surely that is one of the practical problems associated with what the Home Secretary is trying to achieve.

Miss Widdecombe: That shows that people can forget, but I think that it is fair to imagine that where we are talking about highly complex encrypted messages, some care will have been taken to look after the key.

The crucial point is that people will be presumed guilty until they can prove themselves innocent. That is questionable justice. The Home Secretary shakes his head, but British justice relies on people being presumed innocent until proved guilty. To put it in terms that he might prefer, the provision is probably in breach of the European convention on human rights. He might take that point seriously, if he will not take seriously the point about British justice.

There is no defence allowed where someone might demonstrate to a court that they have shown due diligence in storing the key that is being requested via a section 46 notice. Immediately after the debate, we intend to table a new clause to replace clause 49 which would introduce such a defence.

The offence, as drafted, does not meet the needs even of law enforcement because the penalty is modest: a maximum of two years' imprisonment. Once tightened up to allow the innocent to defend themselves, that could substantially rise. If it does not rise, a serious offender would be likely to refuse the key to encrypted information and hope that he could establish that he had either lost or forgotten it. If he failed to establish that, the relatively modest sentence would be more acceptable to him than the likely outcome if the evidence of serious wrongdoing were uncovered and led to prosecution for a more substantive offence.

The burden of proof should be the normal one of presumed innocent until proved guilty, but the penalty should then be vastly greater, so that it does not pay to lose a key in the hope of escaping a much more serious penalty for a more serious offence.

The Home Secretary has said that he cannot imagine an innocent person discarding the key, but the provisions will apply to anything that has happened in the past, and he will be aware that a common practice of encryption is frequent changing of the keys. The key being sought might therefore have been discarded. Under the guilty until proved innocent proposals, a person who had discarded a key might be at risk of an unsafe conviction.

Next Section

Index

Home Page