31 Oct 2013 : Column 333WH

31 Oct 2013 : Column 333WH

Westminster Hall

Thursday 31 October 2013

[Mrs Linda Riordan in the Chair]

Backbench business

Intelligence and Security Services

Motion made, and Question proposed, That the sitting be now adjourned.—(Gavin Barwell.)

1.30 pm

Dr Julian Huppert (Cambridge) (LD): It is a pleasure to serve under your chairmanship, Mrs Riordan. I thank the hon. Members for West Bromwich East (Mr Watson) and for Esher and Walton (Mr Raab) for supporting me in securing this debate. I also thank the Backbench Business Committee for finding the time for it so quickly after we submitted our bid. I hope that that shows how timely the debate is; the Committee realised that we needed to hold it at the earliest possible juncture. Although the discussion is live in America and much of Europe, Members of Parliament have been fairly mute so far and have not had the chance to discuss it thoroughly.

As technology changes and the capacity of the state and companies to collect and analyse data grows massively, we are in danger of sleepwalking into a surveillance society on a scale that peacetime Britain has never seen. It is not planned, and nor is it the actions of malevolent individuals; it is merely the natural trend of what will happen if nothing is done to stop it.

It can be argued that the definitions of war and peace are no longer the same, and that our enemies are faceless and splintered and will attack our way of life if we give them an inch—that argument is often made by Prime Ministers and Home Secretaries—but if we shape our laws solely in response to that fear, chipping away at our own liberty and privacy, those enemies have already won.

The key questions of security, privacy and liberty in a digital age will come to define the 21st century. The world is changing. All of us carry around tracking devices, in the shape of our mobile phones, wherever we go. We carry devices that can be activated and controlled remotely and that store much of our most personal information. Who can read it? Who has access to that information? How do we want to protect it? We have to agree the rules now, before we lose control completely.

Sir David Omand, former head of GCHQ, said:

“Democratic legitimacy demands that, where new methods of intelligence gathering and use are to be introduced, they should be on a firm legal basis and rest on parliamentary and public understanding of what is involved”.

In no sense do I oppose the people who work in our intelligence and security services; the work that they do is fundamental to our fight against crime and terrorism, not only in the UK but beyond our borders. Their work force make up the front line, and for the most part, they do exactly what we would expect of them, for we have given them the tools through legislation to monitor and take action against those who threaten the fabric of our

31 Oct 2013 : Column 334WH

society. As the Prime Minister said, they deserve to be recognised for keeping us safe while working in the shadows.

Julian Smith (Skipton and Ripon) (Con): Does my hon. Friend agree that the very people about whom he is talking have been put under grave threat by some of the reporting, particularly by The Guardian newspaper, of the leaks?

Dr Huppert: No, I do not. I understand that the secretary who looks at the defence advisory notices has confirmed that nothing has been published in The Guardian that suggests a risk to life. The Guardian has not published photos on its website of anybody who works in the area without pixellating their faces.

Mr Ben Wallace (Wyre and Preston North) (Con): How does the hon. Gentleman know that? He does not have complete oversight of either The Guardian’s material or the intelligence material with which it fits in. He is just assuming that what he has read in The Guardian is fine, safe and vetted by Guardian journalists. That is simply not enough to satisfy people of their personal safety.

Dr Huppert: The hon. Gentleman makes an interesting point. His argument, unfortunately, falls foul of the fact that one could say that about absolutely anything: one can never know whether some innocent revelation has been made. However, it is clear that The Guardian has been in contact with the security services and has spoken to the DA notices committee since 17 June. That is the assurance that it has had.

I think that The Guardian has been deeply responsible. It would have been irresponsible if ithad refused to have any role in the matter and allowed the information to be passed out by other people who might not have the same regard for our security and staff.

Several hon. Members rose

Dr Huppert: I will give way to the hon. Member for Brighton, Pavilion (Caroline Lucas), but then I would like to make further progress.

Caroline Lucas (Brighton, Pavilion) (Green): I am grateful to the hon. Gentleman for giving way, and I congratulate him on securing this debate. Does he agree that the focus on and obsession with The Guardian is extraordinary compared with what is happening in the US, where they are talking about the really important issues, such as mass surveillance and its implications for citizens’ privacy? Should we not get on with talking about that and worry rather less about what seems to have been a responsible use of data?

Dr Huppert: I agree. It is interesting that a clear effort is being made to focus on The Guardian rather than the wider issues, which affect more of us.

We must ensure that the laws and guidance available to the staff of our intelligence and security services are clear, and that we ourselves understand the framework in which we expect them to operate. President Obama put it well when he said that what they are able to do is not necessarily what they should do. He called for

31 Oct 2013 : Column 335WH

additional constraints on how we gather and use intelligence, and said we need to weigh the risks and rewards of activities more effectively. Our Prime Minister agreed in a European statement:

“A lack of trust could prejudice the necessary cooperation in the field of intelligence gathering”.

This is a global issue acknowledged by world leaders. We should be talking about it here.

Lorely Burt (Solihull) (LD): I congratulate my hon. Friend on obtaining this important debate. Next week, the director general of MI5, the chief of MI6 and the director of GCHQ will all give evidence in person before a parliamentary Committee, which is welcome. In light of the reviews being carried out in America following the revelations there, does my hon. Friend agree that if the responses given by those three individuals are not entirely satisfactory, there might be a case for considering a review of accountability in the United Kingdom?

Dr Huppert: There is definitely a strong case for it. I am pleased that those people will appear in public, as there has been a long tradition of reluctance about talking about such issues. A senior Home Office civil servant has even refused to give public evidence at the Home Affairs Committee; that, fortunately, is about to change.

When the Foreign Secretary spoke at the London conference on cyberspace in 2011, he championed freedom of expression and privacy online, and he specifically criticised Governments who incorporate surveillance tools into their internet infrastructure. I agree that that is a problem. He also said at that conference that

“it is increasingly clear that countries with weak cyber defences and capabilities will find themselves exposed over the long term”.

The Foreign Secretary is right. That is why it is a problem when people break encryption systems. If anyone—whether it is the US, the UK or anybody else—puts a back door in an otherwise secure system in order to access it for intelligence purposes, that makes it easier for anybody else to break the protections, whether they are from the intelligence community or cyber-criminals. It makes no sense to argue that we should defend cyber-security and simultaneously be part of the effort to break it. If that means that we can no longer rely on the encryption of financial transactions, for example, that would be catastrophic for the global economy.

Martin Horwood (Cheltenham) (LD): Can my hon. Friend name a single intelligence agency anywhere in the world that he thinks is not trying to break encryption systems?

Dr Huppert: My hon. Friend makes a helpful point. Of course, I do not have a list of every single intelligence service. The difference is between trying to break encryption after things have been encrypted and trying to break the entire system, leaving a back door open, which fundamentally means that anybody can access it. That is different from brute-force methods or other techniques used.

My hon. Friend makes the good point that this is an international issue. How would we feel if it were not GCHQ or the American National Security Agency but

31 Oct 2013 : Column 336WH

the Chinese who were involved? How would we react if the Chinese admitted that they had been tapping the Prime Minister’s phone? Would we be annoyed and concerned, or would we say, “That’s fine; that’s business as usual”? Clearly, we do not take the situation seriously enough.

For example, we allow the Chinese company Huawei to supply a lot of the equipment that makes up the core of our infrastructure. I suspect that our intelligence agents would not miss the chance to install some equipment if we were given the chance to put in the backbone of the Chinese internet, so we should not assume that the Chinese would miss such an opportunity. That was criticised by the Intelligence and Security Committee, which highlighted the disconnect between the UK’s inward investment policy and its national security. If we can understand it sometimes, we should understand it more broadly.

A change is occurring. Individual surveillance is one thing, but the mass hoovering up of information enabled by new technologies has changed the system completely. It means that suspicion no longer comes first. I think that very few people think it inappropriate to target individuals where there is a serious suspicion of wrongdoing, but in the new approach, we are all suspects whose personal histories can be foraged through if ever there is interest in us later.

The Foreign Secretary spoke at the conference of his passionate conviction that all human rights should carry full force online—not just the right to privacy, but the right to freedom of expression. I agree. How we choose to respond to the challenge will define the age that we live in. As parliamentarians and as Parliament, we must be at the heart of this debate.

In America, Dianne Feinstein, the chair of the Senate Select Committee on Intelligence, has spoken out about the revelations that America has been spying on Angela Merkel in Germany and on 34 other world leaders. She said:

“Congress needs to know exactly what our intelligence community is doing.”

She then said:

“It is abundantly clear that a total review of all intelligence programs is necessary.”

She criticised the fact that her committee was not satisfactorily informed. I have not yet heard the Chair of our Intelligence and Security Committee being so outspoken. Perhaps we will hear from him later in the debate, but would he know whether he was not being told things in the way that Dianne Feinstein was not?

There are differences in the debate between the UK and the USA. The US Constitution and Bill of Rights sets out a contract between the state and its citizens with a bias towards favouring individual liberty and privacy. Perhaps that is one of the reasons why the debate is happening so loudly in the US but not here.

In Germany, too, there is a loud debate. It is deeply concerned about what has happened. It has the history of the Stasi, which operated within the law as it then stood, but well beyond the bounds of morality and ethics. I am sure that no member of our current intelligence agencies would dream of following the Stasi’s lead; I do not suggest that for a moment. Germany is aware of what can happen when such systems go wrong.

31 Oct 2013 : Column 337WH

Mr Tobias Ellwood (Bournemouth East) (Con): The hon. Gentleman makes some interesting comparisons between what we do in this country and what is done in Germany, the United States and so forth. Obviously, we can scrutinise only what happens here. Does he agree that it is difficult to find a country where the clandestine community performs so well, but under such scrutiny within the confines of the democratic process?

Part of this debate must be about the use of technology and the internet. I express a concern that, as we rightly debate this matter, we should be careful that we do not place limitations on operations that will expose us to more danger, because of those people who choose to do us harm.

Dr Huppert: It is absolutely right that we should have that debate. We have to agree it—we cannot just give carte blanche to people. I think that view is shared by everybody here. The hon. Gentleman is right. We must be balanced. None of us wants the details of exact techniques to be publicised. None the less, we do need to have the discussion about what is okay, what is not okay and where the line is drawn.

We know that the National Security Council was not even told of the scale and scope of the surveillance on our own citizens. We have heard that there were concerns about what would happen if the public knew what was happening. It was feared that it could lead to public debate and legal challenge—well, so be it. Public debate and legal challenge are an important part of the rule of law, and to avoid accountability through secrecy is simply not the solution.

Dr Julian Lewis (New Forest East) (Con): The hon. Gentleman is being extremely generous in taking interventions. A few moments ago, he said that he did not want detail to be released. The problem with the mass release of thousands of stolen documents is that nobody knows the detail before they release them and propagate them. Is that not rather different from whistleblowing on an individual error or abuse, when one is putting out there hundreds of thousands of documents that one has not even read oneself?

Dr Huppert: The hon. Gentleman is absolutely right to say that it would be irresponsible to publish hundreds of thousands of documents without having a look at them. That is why I am so glad that that is what The Guardian has explicitly not done. It has taken a responsible approach and managed to prevent that. We can imagine what could have happened if there had been a WikiLeaks-style publication. The hon. Gentleman should be concerned about the fact that a contractor was able to get hold of all the information, and that is a serious failure from the NSA and a great disgrace. If it cannot protect information to that level of security, it should be very worried. There are, I think, 850,000 people who could have had access to that information. Was the NSA certain that none of them would pass it on to a foreign power? Frankly, passing it on to The Guardian is probably about the safest thing that could have happened to it.

One of the functions of Parliament is to pass legislation and scrutinise the work of the Government. However, if we do not know what is happening, how can there be any scrutiny? We see legislation such as the Regulation of Investigatory Powers Act 2000 being used beyond

31 Oct 2013 : Column 338WH

the original intentions of the House, and that makes it impossible for Parliament to do its job. People say, “If you have done nothing wrong, you have nothing to fear.” I suggest that they say that to the green activists infiltrated by the police or to members of the Lawrence family. Human behaviour changes when people know that they are being watched. Is that the world in which we want to live?

There is also an economic issue. Our actions are hitting our own economic interests. The internet is a huge factor in business here—some £110 billion of GDP. It is a dynamic market, and it can move. If people are concerned about the privacy of their data here, whether their personal information or important company secrets, they will simply move where they store that information. Germany is already launching schemes to encourage businesses to go there instead, with e-mail systems that guarantee that no data will leave German boundaries while e-mails are being sent, so there is not the problem of information going overseas and coming back again to be looked at. That will hit us financially, regardless of anything else.

We must look at the balance between intelligence gathering and privacy. We need to have oversight. Although I am pleased that we are having the heads of the intelligence and security services coming to a public forum, it has been incredibly hard to get that to happen. Of course national security should not be taken lightly, but the public needs to understand what is being done in their name.

Hazel Blears (Salford and Eccles) (Lab): I congratulate the hon. Gentleman on securing this debate. It is essential that parliamentarians from every part of the House debate such issues, including, where possible, classified information. He has talked about balance, which is absolutely central to this debate. It is the balance between security, liberty and privacy and the need to keep our secrets safe and to enable our agencies to do their job. He is a scientist and believes in making decisions on the basis of evidence. There is a real danger here that we have this big debate about privacy almost in a vacuum. Does he accept that virtually every operation that has foiled a terrorist plot in this country has been dependent on communications data over the past decade or so, and that it is essential for our agencies to have those powers, but obviously within a robust legal framework?

Dr Huppert: I thank the right hon. Lady for her intervention. No one is saying that we should make illegal the collection of communications data; that would be a problem. She is also right to say that we need evidence; we cannot have a vacuum. That is exactly why it is helpful to know some of what is being said. We have heard people who say that we should never publish anything that would inform this debate. I want an informed debate, and I am pleased that we can have one.

Mark Field (Cities of London and Westminster) (Con): The hon. Gentleman refers to the Stasi and to the different cultural approach that we have here in the UK towards many of these issues. A view that is shared by people with a similar mindset—perhaps it is one that he thinks is not true—is that somehow the intelligence agencies are able to intercept at will. Will he go into

31 Oct 2013 : Column 339WH

some detail about precisely the protection—the amount of warranty and the legal framework—that is absolutely necessary before any internet account or telephone can be tapped?

Dr Huppert: The hon. Gentleman makes an interesting point, and there are a number of routes to that. For communications data, he will be aware that no warrant is required. He will also be aware that, with the sole exception of evidence collected by local councils under RIPA, there is no judicial oversight of any kind at any stage. I am not aware of exceptions to that, and that is a weakness. There is an internal process—I do not doubt the good intentions of the people who work on this—but there is no independent external oversight from a judicial process, which is what many of us would like to see.

Let me return to the ISC. It works extremely hard, but its reports are redacted by the security services and the Prime Minister, and it is hard to know whether that is done in the interests of national security and not just to avoid embarrassment. Sir Francis Richards, a former senior intelligence official, has said that it is

“not a very good idea”

for an ex-Minister to head it. There is the problem of people being asked to scrutinise the consequences of decisions that they made, and that makes it hard to develop the right sort of relationship.

The ISC is under-resourced and not properly accountable to Parliament. There is a real issue to understanding the detailed technological components of much of this. I am not certain whether there is enough support to ensure that members understand the consequences of fake secure socket layer certificates and how phishing or man-in-the-middle attacks work. I am sure that the right hon. Member for Salford and Eccles (Hazel Blears) will be happy to explain them when she speaks later.

We need better scrutiny generally and not just of the Intelligence and Security Committee. We keep hearing messages about the risk of “going dark”—we heard all about that in relation to the draft Communications Data Bill. It is simply not true. There is far more information available now to the intelligence and security community and to the police than at any time in the past. People now carry mobile phone devices that keep track of where they are almost constantly. I do not blame the agencies. Of course I can see the argument that there will always be for having more information, but we must provide a counterbalance. Dame Stella Rimington, former head of MI5, said:

“It’s very important for our intelligence services to have a kind of oversight which people have confidence in. I think that it may mean it is now the time to look again at the oversight.”

I agree with her.

We have seen further calls for even more information to be collected. The previous Government established the interception modernisation programme to create a vast database designed to log all details of text messages, phone calls and e-mails in the UK. In the interests of cross-party unity, I will not go on about other authoritarian measures: the drive for 90-day detention without charge, ID cards, control orders and allowing people to be forcibly relocated. They are all now things of the past, and I am pleased that that is the case.

31 Oct 2013 : Column 340WH

Given such concerns, I was pleased with much of the coalition agreement. We Liberal Democrats insisted on a particular element, which was a commitment to ending

“the storage of internet and email records without good reason”.

That was accepted by both parts of the coalition. I am not sure whether the Home Secretary saw that, because she then pushed ahead with the draft Communications Data Bill, which would have required the storing of e-mail and internet records for everybody, which blows a hole through the idea of “without good reason”. It was envisaged that an extra £1.8 billion would be spent over 10 years to keep those extra records. That would have allowed the Home Secretary to require internet service providers to keep track of every website that everyone in the country goes to—everything that we do on Facebook or Google—with a huge growth in surveillance.

Martin Horwood: Will my hon. Friend give way?

Dr Huppert: I want to make a little more progress. I am sure Members will want to speak later.

The Deputy Prime Minister insisted that the draft Bill be scrutinised, and the Joint Committee that did so produced a damning report. It stated that the Bill paid

“insufficient attention to the duty to respect the right to privacy, and goes much further than it need or should for the purpose of providing necessary and justifiable official access to communications data.”

The report was a unanimous cross-House report, which described information provided by the Home Office as “fanciful and misleading”. I am pleased to say that that Bill is now dead.

We said that the information was misleading before we knew that the intelligence and security services already had access to much of the information that they claimed was missing. To quote the Chair of the Joint Committee, the former Conservative Home Office Minister, Lord Blencathra:

“Some people were very economical with the actuality. I think we would have regarded this as highly, highly relevant. I personally am annoyed we were not given this information.”

The Home Office needs to be clear with Parliament when asking for new powers.

Even our current laws are incredibly broad. Although we have very welcome reassurances from the Foreign Secretary that the agencies stick to the law—I absolutely credit that—the law is vague and broad. Section 94 of the Telecommunications Act 1984, for example, allows secret directions

“of a general character”

that are

“in the interests of national security or relations with the government of a country or territory outside the United Kingdom.”

So if the US asks for something, we are supposed to provide it. The information does not have to be provided to Parliament, and it gags whoever the directions are served on.

When the Joint Committee looked at this, we had to admit that we could not find any information about how the power was being used. There was no ability to have any oversight. RIPA has drawn lots of criticism for its widespread use. It was originally introduced to take account of technological change, but it is so broad that it led to serious abuses of privacy. It allowed council

31 Oct 2013 : Column 341WH

officials to put children and their parents under surveillance at home and in their daily movements to find out whether they lived in a particular school catchment area. Most of us would not think that that was in the same vein as counter-terrorism. That is clearly disproportionate.

So what now? Before we even consider new powers, whether explicitly granted or acquired through new technology, we need a pause. We need a proper and full investigation into the powers already available to the intelligence and security services, and it has to be done competently and with an element of independence. We should commission independent, post-legislative scrutiny of both RIPA and the Intelligence Services Act 1994, and other related legislation, to see how they interact with each other. We would then have a clear, open understanding of where we stand now.

As Lord Carlile, the former independent reviewer of terrorism legislation said:

“the current legislation, including the Regulation of Investigatory Powers Act 2000, should be re-examined and rewritten to fit the current situation.”

That is not a radical suggestion. In the US, the Obama Administration have realised that proper and competent oversight is needed, and he has established the Privacy and Civil Liberties Oversight Board, which includes those within the Washington system and those outside it. It includes people with experience of working for not-for-profit organisations. It is citizen engagement and shows trust. We could follow that model and create such a board.

We could do much more to fix the loss of trust and confidence. We could publish, as happens in the US, the legal opinions used to underpin the surveillance framework. We could provide a clearer account of such expenditure and lift the legal restrictions on British companies publishing transparency reports about the requests that they receive. We should proactively publish information about the surveillance requests made: in bulk, the broad purpose, with no identifying details.

In the long term, we should look at signing up to the international principles on the application of human rights to communications surveillance. The 13 principles are legality, legitimate aim, necessity, adequacy, proportionality, competent judicial authority, due process, transparency, public oversight, integrity of communications, safeguards for international co-operation and safeguards against illegitimate access.

We should absolutely defend the right of our intelligence and security services to go after the bad guys, to use the powers that they have to protect us and make the UK and the world a safer place. However, it should not be at a disproportionate cost to the liberty and privacy that form the very foundations of our society.

The work that our intelligence and security services carry out on behalf of us all is valued and important, but we should not give them carte blanche. We would not want that. We need to have an open debate about what the rules are, what is acceptable and what we consider goes too far. It has taken us too long to get into this debate, but now that we are here, with so many right hon. and hon. Members, I hope we are now firmly here to stay in this discussion.

Several hon. Members rose

31 Oct 2013 : Column 342WH

Mrs Linda Riordan (in the Chair): Order. The Chairman of Ways and Means has given permission for me to impose a time limit. At least 12 Members wish to speak, so I intend to impose a 10-minute time limit on each speech. Will Members please keep their interventions short?

1.55 pm

Mr Tom Watson (West Bromwich East) (Lab): Information can be the most powerful thing in the world. It has changed everything more quickly and universally than ever before. The internet is all about information. The power of the internet is the power of information. Data can do almost anything. That is why it is so important that they do not end up in the wrong hands, and so important that our data, which we as individuals own, and which are our stake in the data galaxy, just as our vote is our stake in our democracy, are not unnecessarily taken without our consent.

I ask colleagues to remember in the rest of this debate that an individual’s data are just like his or her vote: almost insignificant by itself, privately expressed; but massively powerful when aggregated. We should no more unnecessarily tamper with our citizens’ data than we should impede their ability to vote. The capacity to deduce human behaviour and activity in the modern world of big data is impacting on our daily lives, from insurance premiums and health prevention through to online advertising and traffic management. Corporations are crunching data to learn about the way we live our lives.

At the heart of this cross-party debate today is GCHQ’s own big data programme—Tempora—and its impact on our citizens’ fundamental rights. It is a new and profoundly challenging issue for policy makers. We have to answer questions about the nature, scale and depth of surveillance that should be tolerated in our democracy. My concern about this area of public policy in the UK is that the question has not yet been put. We have avoided discussing this matter in all but whispered tones, while the legislatures of the US, Brazil and Europe have been rocked by the Snowden revelations. Yet in the UK, the main parties have paid scant attention to the issue.

The problem is this: the GCHQ Tempora programme has been mining our internet communications data without public knowledge on a colossal scale. There has been little public and parliamentary debate about whether that conforms to article 8 of the European convention on human rights, which protects the right to private and family life and correspondence. Nor has there been sufficient public or parliamentary debate on whether RIPA legally permits the mass collection of our citizens’ internet data.

Martin Horwood: Will the hon. Gentleman give way?

Mr Watson: I can’t. I have no time.

Nor has there been sufficient public or parliamentary debate on whether Tempora is authorised by any other pieces of legislation. In fact, we only know of the existence of the Tempora programme because of the actions of Edward Snowden and The Guardian newspaper. I think that they have acted courageously in the public interest to uncover and reveal a secret Government programme

31 Oct 2013 : Column 343WH

that has gained access to the private communications of millions of individuals without their knowledge. A brave whistleblower and a courageous newspaper have enabled us only now to start to have a full and proper debate about whether such surveillance is proportionate and, indeed, legal under our existing legislation, treaties and agreements. That is the secret state laid bare: the Government acting without the knowledge or permission of their citizens, which is a flagrant breach of individuals’ moral and, probably, legal rights, for what they believe is the common good. Just like when they take away the votes of the misguided, the common good is not a defence. Our basic rights as individuals have to be sacrosanct.

Let us be clear. If the Minister is telling us that the law permits such fundamental abuse of liberty, the law is wrong and must be changed. I suspect that he may point to section 16 of RIPA to suggest that the Tempora programme is legal. Interpreting that section requires the unravelling of a triple-nested inversion of meanings across six cross-referenced subsections linked to a dozen other cross-linked definitions, which are all dependent on a highly ambiguous “notwithstanding.” The section is probably the single most confusing and complex drafting ever put on the statute book, and I have heard that a former GCHQ director said it was drafted in that way intentionally; it is what a computer programme would call “spaghetti code.” There is not a snowball’s chance on a hot day in Strasbourg that the section would pass the tests of foreseeability and quality of law required by the European convention on human rights. The UK already lost a critical test of the case on those grounds in 2008. One thing is abundantly clear: they are not extra safeguards, as is falsely claimed in the section heading; they are intended to allow GCHQ to trawl inside the UK, as Lord Lucas observed in another place on 12 July 2000.

This week we saw a major shift in the policy of the United States when the chair of the Senate intelligence committee, Dianne Feinstein, criticised the National Security Agency’s monitoring of the calls of world leaders. She said:

“With respect to NSA collection of intelligence on leaders of US allies—including France, Spain, Mexico…—let me state unequivocally: I am totally opposed.”

I am sure that the Prime Minister will be relieved that his phone is not the subject of surveillance by an ally, but is the Deputy Prime Minister exempt from surveillance? Will the Minister or Members who have put their necks on the block by taking part in this debate be exempt? What about their researchers or families? The assurance is not good enough for me.

We know that the “five eyes” co-operate closely and that UK data are available to the USA. Can the Minister give us any reassurance today that UK phone records are not routinely handed en masse by companies to GCHQ and, by implication, to the NSA? We know that basic internet logs are also held by Virgin, Sky, BT, TalkTalk and other internet service providers. Will the Government reassure us that those data are not routinely handed over in bulk to British intelligence and the NSA?

Parliament has a right to know what records are handed over and why. Yesterday, The Washington Post claimed that the NSA and GCHQ were tapping into the fibre-optic cables used to supply the data centres of

31 Oct 2013 : Column 344WH

Google and Yahoo! To achieve that, the telecoms companies that provide infrastructure to those organisations had to have knowledge of, and probably collaborated with, the procedure. Was any member of the UK Government aware of that facility?

To make it clear, The Washington Post is saying that telecoms companies have been illicitly aiding the security services to tap into data being processed by internet companies with which they have a commercial relationship. Those telecoms companies, which are the backbone of this wonderful thing called the internet that has allowed two decades of free expression and creativity to explode into the lives of our citizens, have been operating in the shadows to allow our security services to tap all of it.

The security services have clearly made the trade-off that the intelligence obtained is worth the invasion of privacy. They are judged on the quality of the intelligence they obtain and little else. Of course they are going to make that trade-off 100% of the time. I want to know whether the telecoms companies have voluntarily entered into that agreement, or whether they have been obliged to do so under UK or US law.

Before I conclude, I draw the Minister’s attention to a submission to the Select Committee on Defence—I draw hon. Members’ attention to my entry in the register—by the all-party group on drones, which I chair. The submission examines the idea of citizenship stripping in detail. The Bureau of Investigative Journalism has highlighted the uneasy relationship between the deprivation of citizenship, intelligence sharing with the US and the targeting of former British citizens in drone strikes in Somalia.

The concern is that citizenship may remove one obstacle to information sharing for the purposes of targeting British people. In particular, one former UK citizen, Berjawi, was targeted immediately following a telephone call to his wife in London, who had just given birth and was recovering in hospital. Perhaps unsurprisingly, the family allege that Berjawi and his wife’s mobile telephones were tapped and location data were shared with the CIA to target him.

David Omand, the ex-head of GCHQ, in his submission to the Select Committee on Home Affairs wrote about the likely intensification of tension between nations that unilaterally defend their interests with military means, including targeted killings, and those that seek collective security under international human rights law. He mentioned the “ethically ambiguous” position of the British public because they had benefited from the US drone programme, even though it would not be permitted in the UK. That cannot be right. The British public would surely be alarmed to hear that data collected in the UK might end up being used to implement the US targeted killing programme described as a “war crime” by Amnesty International.

I have other questions, but I must wrap up now.

2.5 pm

Mr Dominic Raab (Esher and Walton) (Con): It is a privilege to serve under your chairmanship for the first time, Mrs Riordan. I pay tribute to my co-sponsors, particularly the hon. Member for Cambridge (Dr Huppert).

It is right that this debate should be underpinned by cross-party support. Neither our security nor our freedoms should be the subject of partisan politics. I think we all

31 Oct 2013 : Column 345WH

agree that the burden of responsibility on our intelligence agencies to keep us safe is heavy, and we pay tribute to them.

I had the privilege of working with the agencies, including GCHQ, during my six years at the Foreign Office, and I know first hand that their work is vital. In his recent speech, the MI5 director general, Andrew Parker, set out the current security challenges that Britain faces, and I pay tribute to the officers who, out of the limelight, work unstintingly to protect us from those dangers.

I also pay tribute to Mr Parker for an under-reported aspect of his speech. While discussing trying to reduce the terrorist threat, he observed:

“In a free society ‘zero’ is of course impossible to achieve...A strong record of success risks creating an expectation of guaranteed prevention. There can be no such guarantee.”

As an MP and a citizen, I recognise that bitter truth. We in this House have a duty to ensure that the public grasp it, too.

Similarly, any democratic Government must be accountable to their citizens, particularly if they impinge on their citizens’ freedoms in the necessary pursuit of security. In recent years, UK surveillance of its citizens has increased exponentially, and the legal basis has sometimes, and now regularly, appeared strained at best. Oversight is frayed and legitimate debate is at risk of being drowned out by frankly untested assertions of national security.

In June, The Guardian published revelations by US National Security Agency whistleblower Edward Snowden that GCHQ was clandestinely tapping transatlantic fibre-optic cables, giving almost unfettered access to people’s phone call records, e-mails, Facebook entries and the like. The legal basis for Operation Tempora looks thin at best, and Parliament certainly had no idea of the scale of the use of those powers.

We also learned that Britain receives data from the US Prism surveillance programme, which appears to allow GCHQ to dilute—not circumvent entirely, but dilute—the safeguards that would apply if the same agencies were to gather the information themselves.

Richard Graham (Gloucester) (Con): My hon. Friend mentions that there has recently been increased activity by the intelligence agencies. He is no doubt aware of the number of serious attempts at major acts of terrorism; there have been about two a year since 2000. Some 330 people have been convicted of serious terrorist activity, and there were four major threats in the first half of this year, including a 7/7-type attack. Twenty-four terrorists were convicted in the first half of this year alone.

Does my hon. Friend understand the extent of the frustration, particularly among those working in the Gloucestershire-based GCHQ, that such suspicions are raised against their activity when, actually, they are trying to protect British people from catastrophic terrorist attacks?

Mr Raab: I thank my hon. Friend for his intervention, but he is wrong as a matter of fact. According to the terrorist threat assessment given publicly in annual speeches by successive director-generals at MI5, there was a spike—

Richard Graham indicated dissent.

31 Oct 2013 : Column 346WH

Mr Raab: My hon. Friend is shaking his head, but this is what the MI5 director-general said, so we ought to pay it some heed. There was a spike after 9/11, but it then dipped. In the most recent speech, given this month, the director-general said that the threat had not got worse.

My hon. Friend is certainly correct to pay tribute to the unstinting work of the intelligence agencies and law enforcement. In fact, however, the conviction rate for terrorist offences has reduced dramatically, which is also a real issue—the question of prosecution, rather than intelligence, if we are not only to keep track of, but to disrupt and deter, terrorist activity.

In this month’s speech, the MI5 director-general also lambasted The Guardian for handing terrorists a “gift”—he used a potent word. More recently, Ministers have claimed that the disclosures have put lives at risk. I want to take that seriously, because Mr Parker claimed that making public

“the reach and limits of GCHQ techniques”

breaches national security. To be clear about what was being discussed, the newspaper was not disclosing interception techniques—the technical aspect—or revelations of sources or operatives, which would clearly be a major source of concern, but simply revealing our intelligence “reach”. I find the assertion that was made difficult to take at face value. The contention may be true, but it cannot be taken on mere assertion.

Any serious terrorist groups assume that their phones, e-mails and internet use will be monitored. That is no secret, and learning that Western spies drain the swamp of their own citizens’ data in the process does not aid terrorists in any tangible way. If national security had been materially breached, why has no one at The Guardian been charged or even arrested since the search of its offices back in July? Why was David Miranda not arrested and bailed, following his detention for several hours at Heathrow, in August? Either UK law enforcement is surprisingly slow—given the assertions—or national security is being used as a fig leaf to muzzle disclosures that are just plain embarrassing.

I accept, by the way, that the disclosure that 850,000 contractors can access data from Project Tempora represents a security concern, but of course that vulnerability is entirely of the Government’s own making.

I am prepared to be proven wrong about all that, but Ministers and intelligence chiefs need to understand that the bald assertion of national security cannot be used to guillotine all debate. We are here to correct that understanding. Without revealing details that would prejudice the work of the security services, we need a coherent explanation of the damage to national security, not only vague and opaque assertions.

Mr Wallace: Will my hon. Friend give way?

Mr Raab: I will not give way, because I am conscious of time. If I get through my speech, I will be happy for my hon. Friend to intervene.

From reports in The Guardian, we also know that the Government are concerned about the legality of the powers that they are using—fears that public debate might lead to litigation, fears about legal challenge under the Human Rights Act. Those are legitimate concerns. I recall similar ones from my own experience

31 Oct 2013 : Column 347WH

of working with the agencies as a Foreign Office lawyer. Those, however, are altogether more nuanced concerns than the shrill and unsubstantiated suggestion that we have somehow lost track of terrorist plotters as a result of the revelations.

The issues need to be debated in Parliament, not stifled by the blanket assertion of national security. Scrutiny is vital. In the US, as mentioned, the Democrat chair of the Senate Intelligence Committee, Dianne Feinstein, has called for a total review of NSA surveillance:

“Congress needs to know exactly what our intelligence community is doing.”

This week, on a bipartisan basis, a USA Freedom Bill was proposed in Congress, with support from more than 80 Congressmen—including, no less, the architect of the US Patriot Act, Republican Jim Sensenbrenner. The Bill would block collection of bulk data on American citizens, insert judicial oversight—something missing in this country—and increase transparency and reporting on the part of companies and Government. If that is good enough for the Americans, why here in Britain would we settle for anything less? Congress and the public in America have woken up to the scale of unfettered surveillance, and it is time that we in this House did the same.

What do we need to do next? First, we need a proper account to Parliament of the exercise of existing surveillance powers. Why and where are they deemed inadequate? Will the Minister, when he has the opportunity to speak, confirm that no MPs have been subjected to such surveillance, given that the House has not been informed of any change to the Wilson doctrine? Will Ministers clarify the extent to which GCHQ was involved in what has recently been reported about the NSA tapping Google and Yahoo! communications, without consent or any observation of the authorisation procedures agreed with those companies?

Secondly, if there are shortcomings—we need to be alive to those, on both sides of the debate—we need a clearer explanation of their impact on national security. Successive Governments have been remiss in proposing such broad data communications legislation, beyond the imperatives of national security or of access by police and the intelligence agencies, as most people and most Members of the House accept. That has undermined parliamentary and public support for the more forensic task of plugging any holes in our intelligence capabilities.

Thirdly, we need to consider any exposure of our agencies to “fishing expedition” legal challenges—I understand that concern. GCHQ has cited the Human Rights Act, a concern that I suspect stems from the expansion in the right to privacy under article 8 of the convention. If there is broader concern about the HRA, that must feed into the debate about its future.

Finally, I am not convinced that the Intelligence and Security Committee is able to provide the oversight that we need. I say that without casting any aspersion on current or former members, least of all its formidable Chair, who is present today. I do not believe, however, that the ISC has the tools or the independence to do the job properly. It is billed as a creature of Parliament, but through its appointment and accountability, and under the statutory regime, it is ultimately and really beholden

31 Oct 2013 : Column 348WH

to the Executive. It needs to develop into more of a Committee of the House, tailored in a bespoke way, but acquiring more of the powers and independence of normal Select Committees, if it is to deliver the kind of oversight capable of commanding public confidence.

Above all, we must take this debate forward, away from the polarised and untested assertions on either side, and place the work of those who would protect us on a firmer footing. Karl Popper said:

“We must plan for freedom, and not only for security, if for no other reason than only freedom can make security more secure.”

We need to pursue our security in a way that respects our freedoms, limits incursions to genuine cases of national security and does so under a regime that commands the rule of law. Failing to do that would be the real gift to the terrorists—a victory for everything that they believe in and a blow against everything we stand for.

2.17 pm

Mr David Winnick (Walsall North) (Lab): I suspect that there will be a sharp divide in the Chamber, not necessarily on party lines, as in previous debates on intelligence and security over many years, even before the agencies were put on a statutory basis. Like everyone else, I do not for one moment doubt the need for the security and intelligence agencies to work as required. That would be so even were we not faced by the threat of acute terrorism. Let no one be in doubt that I entirely accept the necessity for such activities, as other Members have said.

There have, however, been scandals in the past. During my own parliamentary career, we had the “Spycatcher” episode, in which Peter Wright and other MI5 officers acted outside the law and in a way that was a disgrace to the organisation; the Government of the day tried to ban the book that Wright wrote, but finally “Spycatcher” was published. Some in the security agencies took the view that Harold Wilson was possibly a long-time Soviet mole. In 1988, Edward Heath—as a former Prime Minister, he probably knew what he was talking about—told the Commons in a debate that if some in the security services

“saw someone reading the Daily Mirror, they would say, ‘Get after him, that is dangerous. We must find out where he bought it.’”—[Official Report, 15 January 1988; Vol. 125, c. 612.]

Some would say that that was a long time ago, which indeed it was, but to bring ourselves more up to date, in February 2010, just before the election, there was the case of Binyam Mohamed, who had been the subject of extraordinary rendition. He was tortured. He had lived in Britain for many years, but he was not a British citizen, and there was no doubt that he was tortured in Pakistan. A federal court in Washington confirmed and upheld his story that he had been severely tortured.

The then Master of the Rolls, Lord Neuberger, and his fellow judges concluded in 2010—not in the 1980s—that MI5 had misled the Intelligence and Security Committee and went on to say:

“Some Security Services officials appear to have a dubious record”

when it comes to human rights and coercive techniques. I would not have thought for one moment that when the then Master of the Rolls and his fellow judges made that comment they doubted the need for the security

31 Oct 2013 : Column 349WH

services. They were not in the business of trying to undermine the protection of our security against terrorism, but that was a very strong indictment, to say the least, of some officials. It was not argued that MI5 officials had been involved in torture. There have never been such allegations, but the argument was that MI5 officers were a party to it, knew what was going on and did not tell their political masters. In other words, they condoned it. So the security services have a record that we condemn.

This debate has arisen largely as a result of Edward Snowden’s disclosures and much of what has appeared in The Guardian. The general attitude of the authorities—politicians, the Government and others—is that we should not know about such matters, that The Guardian should not have published what it did, that Snowden is a traitor and that revealing what he did is not in the interests of the United States, Britain or other allies, so The Guardian has done a disservice. I could not disagree more.

Mr Adam Holloway (Gravesham) (Con): If in the last few weeks, we had lost a city to nuclear terrorism or there had been a gigantic mass casualty, I wonder whether the hon. Gentleman’s constituents would see Edward Snowden as a trendy, cool whistleblower or as a traitor.

Mr Winnick: I do not believe for one moment that The Guardian published material that would help terrorists. There is no evidence of that. It is all very well the hon. Gentleman acting as a spokesperson for those who want to damage The Guardian, but they do not produce any evidence. They simply say, as the hon. Gentleman has just done, that if there were some atrocity, The Guardian should be held responsible. Where is the evidence, and why would The Guardian or any other newspaper want to help terrorists? The hon. Gentleman is saying that The Guardian is totally irresponsible and willing to publish something that could aid terrorism, when there is not the slightest evidence of that.

On Friday, The Guardian published information that the German Chancellor’s mobile phone had been monitored for years by the US National Security Agency. Is he suggesting that that information will help terrorists, or that the international terrorist network is now in a better position to cause harm to us or our allies as a result of that information? Should we not know that that has occurred? If the hon. Gentleman wants to respond, I will give way.

Mr Holloway: I welcome this debate. I was making a simple point about Edward Snowden and whether the hon. Gentleman’s constituents would think he was a terrorist in the event that what I described had happened. I did not even mention The Guardian.

Mr Winnick: My hon. Friend the Member for West Bromwich East (Mr Watson) spoke about the latest technology. I opposed my own Government on identity cards because I thought they would be an intrusion into civil liberties. Such documents should not be introduced, except perhaps in war time, because they would not assist in the struggle against terrorism in any way. I was pleased that they dropped the proposal, but the growth in information technology to which reference has been made several times during the debate and the amount of

31 Oct 2013 : Column 350WH

information that the intelligence agencies can accumulate would have been unthinkable even 10 years ago and in some ways that dwarfs the dangers posed by identity cards. That is why I take the view that it is unlikely that the parliamentary oversight that we are debating today, despite some of the changes that I am pleased about, including the additional powers that have been given to the Committee, will be effective, but oversight is essential.

Going back to The Guardian, during Monday’s debate on the Prime Minister’s statement on the European Council, he said:

“I do not want to have to use injunctions, D notices or other, tougher measures; it is much better to appeal to newspapers’ sense of social responsibility. However, if they do not demonstrate some social responsibility, it will be very difficult for the Government to stand back and not to act.”—[Official Report, 28 October 2013; Vol. 569, c. 667.]

That is the most blatant threat to the press in recent times. It says in effect, “Do as I say or the Government will take the necessary measures.” That is all the more unfortunate while we are debating a royal charter that is being described as no threat to the press. What the Prime Minister said on Monday is very much a threat to the press. I tabled a question to the Prime Minister asking what information had appeared in The Guardian on intelligence matters that the Government objected to on security grounds. The answer, which I could have given when I tabled the question, was that he had nothing to add.

Mr Wallace: I do not think the suggestion is that any newspaper should be above the law, whether it is The Guardian or a Murdoch newspaper. They are all subject to the law, as are all citizens of this country.

Mr Winnick: Indeed. No newspaper should be above the law, as I understand the position at the moment. I must be careful because something that is taking place in the courts is sub judice, but it demonstrates that newspapers are not above the law. When they break the law, they can be charged like any individual. I believe in a free press and I have mentioned the paper that is in the spotlight at the moment. If it were The Sun, the Daily Mail or The Times, I would take the same view. I do not take the view that I do because the newspaper in question happens to be The Guardian. I take it because a newspaper has the right to publish material that it believes is in the national interest. That is a free press, which I happen to be in favour of. I would have hoped that the hon. Gentleman was also in favour of that. In the argument on another subject, it has been said that we have had a free press for more than 300 years. It has had many setbacks during those 300 years, but I am keen that we should continue to have a free press and not something that is more like what happened in the past in eastern Europe.

I have two hopes about the present situation. I hope that The Guardian will not give way, and that it will demonstrate that it will continue to publish what it believes is important. It is interesting that the Prime Minister said in response to a Conservative Member that the paper had agreed not to publish certain matters, so suggestions of irresponsibility are not relevant.

I also hope that there will be sufficient parliamentary support for what the paper is doing. If we believe in a free press, and no one on the Government side or

31 Oct 2013 : Column 351WH

members of the Intelligence and Security Committee would disagree for one moment that there needs to be a free press, I hope that we will uphold the right of

The Guardian

to do what it is doing and resist the Government’s pressure and blackmail. It is absolutely essential that the information that Snowden has revealed, which is not helping the terrorists, but which we should know about—really, to a large extent, it was done in our name—should be in the public domain, and I am glad that it is.

2.30 pm

Julian Smith (Skipton and Ripon) (Con): It is very important during this debate to reassure the public that in Britain we have one of the best oversight regimes in the world. That has evolved not only under this Government but under Labour. There has been a great deal of consensus about how such improvements should be made.

Let us also reassure people that our intelligence services have been accused of no crime. There has been no comment in any articles in recent weeks that GCHQ or our intelligence service have behaved illegally. That is not to say that improvements do not need to be made, particularly in terms of metadata and how they are analysed. We should also consider the types of people who are commissioners. Why do we not look outwith the judiciary and start looking at, say, a retired bishop or somebody from another walk of life? However, in terms of the subject today—the oversight and framework of our intelligence services—I am afraid that the responses to the debate have been way off the mark.

I want to focus my attention on an important challenge to our security services, and that is our excellent British press. Almost every newspaper has played an important role in challenging the intelligence services over recent months with their reporting on the Snowden leaks. That is an important role, but the point that I want to make today is that one newspaper, in seeking to raise important issues, and absolutely having the right to do so, has overstepped the mark to such a degree that the very thing that our intelligence services are trying to protect—our national security—is threatened. Before I continue with my remarks, I should say that I enjoy The Guardian. I respect many journalists on the paper, and this is not an attack onthe right of The Guardian to report on Snowden.

I want to raise two or three issues today. On 4 October, The Guardian reported on the Tor network—the black internet—where child pornography, drug trafficking and arms trading take place. Please look at the detail of that report. If people look at the trial, in June, of one of the most active child pornographers in Ireland, they will see that the NSA and the activities of the intelligence services were key to apprehending and hopefully—it is likely—putting him away. However, on 4 October, The Guardian went into a level of detail that the previous head of GCHQ decried as being wrong, and which many people in the police world feel will cause major issues in terms of picking up people engaged in organised crime.

Rory Stewart (Penrith and The Border) (Con): Will my hon. Friend expand on the question whether there is a distinction between organised crime and terrorism, in

31 Oct 2013 : Column 352WH

terms of the kind of measures that it is reasonable for a security organisation to take, and the kind of surveillance that it can operate?

Julian Smith: I am going to push on, but it is important to say that the intelligence services are doing critical work in both categories, and we need to support that work.

On the issue of the documents that The Guardian holds, when hon. Members talk about prosecutions not happening and things not really being that bad, I ask them to look at the online discussions that Guardian editors have had. They have admitted to sending internationally the most detailed documents and underlying data about GCHQ specifically. I do not want to talk too much about David Miranda today, but his data were on a games console. Those data, in data dumps throughout the world, are still out there, and hackers claim that they have access to it. The Independent, which also had access to those documents, started reporting on them but then stopped because it realised that to do so was problematic. The issue with The Guardian is current; the data are out there and are a danger to our national security.

The third element that I want to discuss today is the fact that The Guardian is not talking to the Government. If it really was confident in its position, and I believe that there is quite a lot of tension at The Guardian on the approach it has taken, it would have a discussion with the Government, who have been very clear. Look at the witness statements for the Miranda trial. They have been so careful about ensuring that they do not interfere with The Guardian as a newspaper and with its right to report. However, The Guardian should come forward now and tell the Government what intelligence data it has overseas and where those intelligence data are. Is there identifying information about our agents in the data? What protections are there in TheGuardian offices to look after that material?

Dr Huppert: I thank the hon. Gentleman for giving way. I could pick up on a lot of his points. He says that The Guardian should be talking to the Government about this. Is he aware that it has been talking to the DA notice secretary? They have been in touch for many months, talking about these things. Does he think that part of the onus should be on the Government to provide advice if they are concerned about such things? The Guardian, as I understand it, is quite happy to talk about how to make sure the data are secure, and frankly, the NSA should never have lost them in the first place.

Julian Smith: If my hon. Friend looked at witness statement 1 by Oliver Robbins, he would see the approach to the Miranda trial. He would see the approach that The Guardian has taken, which, essentially, in the first two reports in June, was not to get clearance from the Government. Following a reasonable discussion with the Government, that was just ignored and documents were sent overseas.

I urge Mr Rusbridger today to begin an open dialogue with the Government to tell them where the dumps of data are, and to come clean on whether they contain information that could lead to the identification of our security agents. I also urge Mr Rusbridger, his board and his editorial team to talk to the Government before

31 Oct 2013 : Column 353WH

publishing any further reports on our security services, intelligence gathering and our activity, because

The Guardian

, which had every right to report on the issue and has raised important topics of debate in a digital, global, interesting way, with good journalism, has threatened the security of our country, and stands guilty today, potentially, of treasonous behaviour.

2.38 pm

Mr George Howarth (Knowsley) (Lab): I compliment the hon. Member for Skipton and Ripon (Julian Smith) on making a measured, thoughtful speech. It is important, when we have this debate, that we are measured and thoughtful in how we approach it. I congratulate the hon. Member for Cambridge (Dr Huppert) on the timeliness of the debate. It is important that we have an opportunity to discuss these issues, although some of the hon. Gentleman’s comments might not have been as well informed as they might have been. I will come to that in a moment.

For once, I wholeheartedly agree with the hon. Member for Brighton, Pavilion (Caroline Lucas); I hope that that is not the start of a pattern. In her intervention, she said, “For goodness’ sake, can we stop concentrating entirely on The Guardian, as if it is all about The Guardian? To get that issue out of the way, my view is that if we ask whether The Guardian was entitled to publish what it did, the answer is probably yes. If I am wrong about that, the authorities will take the necessary action. I do not believe that it has done anything wrong. However, if we ask the question, “Was it wise for it to publish what it did? Was that a responsible thing to do?”, I think that the answer is no. For the purposes of this debate, I will leave it at that as regards The Guardian.

I said that I would come back to the hon. Member for Cambridge. In an interesting exchange between him and the hon. Member for Wyre and Preston North (Mr Wallace), the latter asked, “How does he know?”, and the hon. Member for Cambridge, in a roundabout way, admitted that he did not know. In a way, that poses the dilemma of this debate, because not everyone can know. Some people have to know, and the rest of us have to take it on faith that some people know and are acting responsibly. That is the issue on which I want to concentrate in terms of the Intelligence and Security Committee, of which I have been a member for the past eight years.

The hon. Member for Cambridge did, in passing, refer to the new Act. He served on the Public Bill Committee that considered it. However, it is almost as if the Act does not exist in his speech. He does not seem to accept that the powers, resources and capabilities of the Intelligence and Security Committee have changed almost beyond recognition, in my experience on the Committee. However, we will leave that to one side. The difficulty is that because the hon. Gentleman does not know a great deal about it, he is in danger of arriving at rash judgments about what is wrong and what could be done.

Let me demonstrate that by reference to the issue that the hon. Gentleman has talked about at some length, and legitimately so. I am talking about the Prism programme—what the UK’s involvement in it was and so on. Not once during his speech, unless I missed it, did he refer to the fact that the Intelligence and Security Committee, which he considers to be inadequate, has already looked at the Prism programme and what our

31 Oct 2013 : Column 354WH

own agencies’, and particularly GCHQ’s, involvement in and knowledge of that was. We issued a statement—an interim statement, I might add—in July. In the course of that statement, which has not been referred to so far, we arrived at some important conclusions. The first one was:

“It has been alleged that GCHQ circumvented UK law by using the NSA’s PRISM programme to access the content of private communications. From the evidence we have seen, we have concluded that this is unfounded.”

For obvious reasons, it is impossible for me to go into detail about all the evidence that we were able to look at, but we did look in detail at very important pieces of information and we were able also to look at what authorisations were involved in the process of accessing the information, particularly the communications within it. The law has not been broken.

Mr Watson: I am reassured by my right hon. Friend’s thoroughness in the investigation. Was July the first time that the Committee had examined Prism, and was that after the Guardian revelations? [Laughter.]

Mr Howarth: It was after the Guardian revelations. The hon. Member for Cambridge seems to think that that is funny. Actually, he would still be sitting here today if we had not gone and looked at this matter after the allegations emerged. He would be accusing us of being inadequate in our responsibilities.

Rory Stewart rose

Mr Howarth: I will give way to the hon. Gentleman, but then I must make some progress.

Rory Stewart: Will the right hon. Gentleman clarify why the Committee did not look into Prism before The Guardian published its allegations?

Mr Howarth: Let me answer the hon. Gentleman very carefully; I hope that he will forgive me for being none too specific in my answer. Part of our responsibility, which did not just emerge after the revelations about Prism, is to look at what the agencies do, what their capacities are and how they use those capacities. It is a continuous process. We have in the head of GCHQ. We take evidence. We probe what it is doing and what it is capable of doing. Therefore, it is not that we did not have any concerns or any interest in what GCHQ was capable of. That is an ongoing process, but inevitably, when something new emerges, it is appropriate that, as a Committee, we look into it.

I have answered the hon. Gentleman’s question perhaps not as accurately as he would have liked, but—I am not being evasive when I say this—if I went any further, I would be going into detail that at this stage I do not think is relevant.

I was talking about the conclusions that the Committee reached in July. The second conclusion was this:

“We have reviewed the reports that GCHQ produced on the basis of intelligence sought from the US, and we are satisfied that they conformed with GCHQ’s statutory duties. The legal authority for this is contained in the Intelligence Services Act 1994.”

The third conclusion was that

“in each case where GCHQ sought information from the US”—

this is an important conclusion—

31 Oct 2013 : Column 355WH

“a warrant for interception, signed by a Minister, was already in place, in accordance with the legal safeguards contained in the Regulation of Investigatory Powers Act 2000.”

Let us be absolutely clear as regards our own agency. We were able to look in detail at how it had used the information and we were able to conclude, with a high degree of conviction, that it was not breaking the law.

Hazel Blears: My right hon. Friend is making a very thoughtful and comprehensive speech and speaks, no doubt, for many of us on the Committee. It is an essential part of the debate that the agencies were operating within the existing legal framework of British law. Whether—my right hon. Friend might want to comment on this—the existing framework needs review was also a matter considered by the Committee, and that appears to be the heart of this debate. Yes, the agencies have conformed with the existing legal framework. It is legitimate debate to say, “Is that, in this modern age, still appropriate?” But the Committee clearly also went on to consider exactly that issue.

Mr Howarth: It is almost as though my right hon. Friend read my speech in advance. With remarkably good timing, she leads me on to my next point. In our report, as she well knows, under the heading “Next Steps”, we say:

“We are therefore examining”—

this is future work to be done—

“the complex interaction between the Intelligence Services Act, the Human Rights Act and the Regulation of Investigatory Powers Act, and the policies and procedures that underpin them, further. We note that the Interception of Communications Commissioner is also considering this issue.”

In terms of who is doing their job and who is not doing their job, our Committee is doing our job; and, by the way, the commissioner is doing his job. There is, I think, a debate to be had—I cannot remember where this was raised—about the role of the commissioner.

One of the things that the right hon. and learned Member for Kensington (Sir Malcolm Rifkind), the Chair of our Committee, has brought about—it is partly to do with the legislation and, I think, partly to do with his own feelings about the way we need to act—is our becoming more outward facing as a Committee. As has been noted, we are to have the first open session, at which we will be interviewing in public the three heads of agencies, a week today.

It is important that we have made that change. It is important that when we can say what we know in public, we do so. In addition, although I would not necessarily go along with the formulation put forward, there might be a case for trying to persuade the interception commissioner to become slightly more outward facing. But that—

Mrs Linda Riordan (in the Chair): Order. To allow all Members who have indicated that they wish to speak to do so, I intend to reduce the time limit on speeches to eight minutes.

2.50 pm

Mr Ben Wallace (Wyre and Preston North) (Con): I congratulate the hon. Member for Cambridge (Dr Huppert) on securing the debate. I regret that it does not address the real problem of how to rebuild trust in the work of

31 Oct 2013 : Column 356WH

our intelligence services, to protect our country and our spies from the many allegations that circulate around them, against which they cannot defend themselves.

Let us be clear that spies spy. That is no big revelation. Britain spies, as do other countries, to protect itself and to further its interests. If we were to discover that banks in, say, Liechtenstein were hiding British taxpayers’ money and refusing to reveal which British citizens were avoiding paying tax, I believe that it would be perfectly legitimate for British intelligence services to go there and find out who those tax avoiders were. To do so would not protect us against terrorism, but it would protect Britain’s interests.

I venture to suggest that it is right for our spies to go abroad and find out which countries are not playing by the rules—which countries are cheating and stealing our secrets—to protect British industry, British jobs and British national security. That is what spies do, and we should be proud of the fact that we do it particularly well. In fact, we do it better than most across the globe, and it gives Britain a place at the top table. That is not to be sniffed at.

I am not a member of the Intelligence and Security Committee, but I worked in intelligence in Northern Ireland before half the legislation, which the hon. Member for Cambridge seems to have missed, came into play. I also worked for QinetiQ before I first came to the House. While the hon. Gentleman was a biological scientist, I was a computer geek. I wrote COBOL from the age of seven or eight, which was about the time when he was born. The debate is often couched in a language of, “Wow, can we do that?” and people are surprised by what is possible. Already, without being a member of a security service or a Government, I can find out how every person in this room shops, where they live, when they bought their car and what their credit rating is. I can probably get hold of everybody’s details without very much effort.

Interestingly, I have heard no criticism of the fact that we do not regulate the private sector. No one has expressed fear about that or demanded that we do so. The big capitalist companies in America—the Googles and the Facebooks—harvest our data without a by-your-leave, sell it on and on through intermediaries and make billions of pounds. However, I have not yet heard anyone mention that they all keep their servers offshore to avoid tax. That is the area that needs regulating to protect people.

I am proud of the fact that our security services are regulated, and I would rather have the state than the international private sector grooming through my internet capabilities. I am aware that each of us is subject to oversight, because we are democratically elected. The Home Secretary is appointed by the Prime Minister, in a Government who are is created through a democratic process.

Additional oversight is provided by the relevant legislation. The Intelligence Services Act 1994 mentioned the intelligence services as though they were simply a normal body. The Regulation of Investigatory Powers Act 2000 attracts a lot of criticism, but I operated before it was introduced, and I did not have to sign off anything, keep a log or register with anybody the things that I wanted to do. RIPA did not give people new powers; it made them register how they use their powers. It is a good piece of legislation, not a negative one. My

31 Oct 2013 : Column 357WH

former colleagues still hate it, which is a good sign, because it means that they are accountable for how they use their powers.

Mr Robert Buckland (South Swindon) (Con): To amplify the point, RIPA and the Police Act 1997, which predated it, were a response to rulings by the European Court of Human Rights that the previous regime was not compliant with the convention. They were introduced to bring the United Kingdom into compliance with the convention.

Mr Wallace: RIPA is not perfect. It has its flaws, like any legislation, but it was an attempt to put on a statutory basis what we were doing to protect our agents, our personnel and the functions that we carry out. Let us remember that spying is dangerous. It is about risk. Our men and women in Cheltenham, in Vauxhall and all over the country put their lives at risk to protect Britain, and there is a serious downside to getting it wrong. If they get it wrong, they do not get charged the wrong price, or something of the sort; if they get it wrong, people die. If that happens, constituents get very upset, and the country becomes less secure. Terrorists start to win; countries that are not our friends or allies start to win; and British industry starts to lose out. Spying has a strong role to play, but getting it wrong carries great risks.

I will not go on about The Guardian, but I will make one or two points. First, the newspaper has yet to specify any crime committed by the British Government, authorities or spies, even though that is what its public interest defence hinges on. It has yet to produce any evidence that British spies are breaking British laws. It is welcome to do so at any time, and I would be delighted to discuss that in a meeting with the editor of The Guardian. Until he publishes such evidence, however, the reports amount to saying, “Yahoo! Look how exciting technology is. Look what we can do.” That is not a public interest defence; that is an attempt to sell more newspapers.

Secondly, how do we know the whole picture? I am assured that grown-up people in The Guardian are sitting down in a sealed room and looking through all the evidence. Perhaps they could have asked for help from their former features editor, Richard Gott, who had to resign in 1994 after allegations emerged that he had taken money from the KGB. He would have been a good man to review the evidence.

Who should be the judge and jury in this case? I venture to suggest that a state with some form of oversight would be a better judge and jury than a whole load of journalists locking themselves up in a room with the evidence. Until The Guardian produces evidence of a crime that our agents are supposed to have committed, it has no public interest defence. That is all that it has to answer, and I will defend its right to publish if it produces evidence of a crime.

Mr Winnick: What sort of oversight was there in the case that I have mentioned of Binyam Mohamed, who was tortured with the knowledge of MI5 officers? I am not aware that such information was reported to the Intelligence and Security Committee, or that it took the initiative in trying to find out whether other such cases occurred. To a large extent, oversight has been defective,

31 Oct 2013 : Column 358WH

either because of indifference on that Committee’s part or because the security agencies have not been willing to provide the relevant information. The hon. Gentleman is putting a total gloss on the practices of the past—I hope that they are in the past—which were unacceptable to Parliament and to the British public.

Mr Wallace: I totally agree that there have been failures, which is why we introduced new legislation to give greater powers to the Intelligence and Security Committee. It does not have to take things at face value; it can appoint an investigator to go in and do what it wants to do, not what it is told to do. I recognise that there have been failures in the past, but that is why, step by step over the past 20 years, we have seen layer on layer of new legislation and new oversight. Yes, there were failures and no one is perfect, but our state has oversight and a democratic legitimacy that many of our opponents do not.

Let us remember that Mr Snowden could have gone to Switzerland—the Americans have been after Roman Polanski for decades and they have never got him back—but, no, he went to China and Russia. I am not sure whether he is a traitor, but I question his judgment about the countries to which he decided to run off. Russia, for example, is killing journalists and lawyers as we speak. We must keep in mind the motives behind that so-called whistleblower.

The world will become increasingly vulnerable to abuse of communications data, which will be used by more and more people for criminal reasons. I am conscious of the sub judice rule here, but I must point out an irony regarding communications data that is so viciously opposed by several colleagues. Should we ever, have to investigate, say, a couple of journalists exchanging e-mails, if we were to go to an internet company to ask for the e-mails between Mr A and Mr B, there is no guarantee that it will have kept that data. Internet providers currently have no obligation to keep records in the same way as mobile companies. The hon. Member for West Bromwich East (Mr Watson)may want to reflect on that.

I have issues with the way that intelligence is used as evidence by politicians. I risked my life in Northern Ireland to avoid shortcuts and the imposition of 28 or 90-day detentions without charge, which I opposed, ID cards, which were a complete waste of time, and detention without trials. Spies have risked their lives to keep us within the law. Politicians have a duty to ensure that they do not bend the law to try to cut corners on good intelligence gathering, to turn it into evidence to get a conviction in court.

[Mr Graham Brady in the Chair]

3.1 pm

John McDonnell (Hayes and Harlington) (Lab): I welcome what The Guardian has done. It is heroic. The publication of this information has opened up a wide debate. There is talk of treason—Michael White is here, but I want to drag him off to the Tower for being a running dog of the bourgeoisie, not for treason. This is ludicrous. Allegations of treason are being bandied about, but what has actually happened is simply an exposé of what is taking place and what we should have been informed about in terms of parliamentary procedures.

31 Oct 2013 : Column 359WH

In America, there has been cross-party agreement that the status quo is unacceptable. Obama has set up a full review of surveillance activities and has established a privacy and civil liberties oversight board. The author of the Patriot Act has said that the revealed activity is

“well beyond what the Patriot Act allows.”

The chairperson of the Senate Select Committee on Intelligence has called for a total review of all intelligence programmes. That is exactly what we are calling for here. Others with experience have also commented. Lord King, the former Secretary of State for Defence and former Chair of the Intelligence and Security Committee, straightforwardly said:

“Legislation has to keep up to date with all these things and the way people use them. I think it is most important that all the legislation in this area is under regular review.”

Interestingly, he also said that a member of the Opposition should chair the ISC to give it more credibility. Lord Carlile said that

“the current legislation, including the Regulation of Investigatory Powers Act 2000, should be re- examined and rewritten to fit the current situation.”

The principles of what we are seeking were set out clearly by a former director of GCHQ, Sir David Omand, in a recent Demos report:

“Democratic legitimacy demands that where new methods of intelligence gathering and use are to be introduced they should be on a firm legal basis and rest on parliamentary and public understanding of what is involved, even if the operational details of the sources and methods used must sometimes remain secret.”

All we are asking for is a review and for structures to be put in place based on those principles. The general public also want this debate. A recent ComRes poll for Big Brother Watch found that 71% of people believe a debate about surveillance law is in the public interest. We need to respond to that public opinion, because recent revelations have undermined credibility.

I want to run through several practical suggestions proposed by some independent bodies. I have been moving amendments to the High Speed Rail (Preparation) Bill, so I came late to this debate; I am sorry if others have already mentioned them.

The legal opinions used to underpin the ongoing surveillance framework should be published, as the US Government have done. The budget and investigatory capacity of the Intelligence and Security Committee, the interception of communications commissioner and surveillance commissioners should also be published. Is it true that the ISC’s current resource is a retired Metropolitan police officer on a part-time basis?

The Investigatory Powers Tribunal should be reformed so that it is presumed that its hearings should be held in public, that it should state the reasons for reaching its decisions and that its judgments can be appealed in court. We should end the need for Secretaries of State to approve appearances of the heads of agencies before parliamentary Committees and allow agency and service heads to give evidence in public where appropriate. The legal restrictions on British companies publishing transparency reports about surveillance requests should be lifted.

31 Oct 2013 : Column 360WH

Rory Stewart: I support much of what the hon. Gentleman proposes. Does he agree that, as a minimum, we should aim to meet the US standards relating to this kind of activity?

John McDonnell: That is exactly my point. Much of our intelligence services are integrated in many respects anyway, so we must ensure a common standard approach. The Americans have said that they are looking at a root-and-branch reform and we need at least to start along that pathway in order to mirror what is happening in the US.

I will be brief as others need to speak, but the other proposal is that we publish details of the use of surveillance powers broken down by agency, rather than the single UK figure currently published, including the scale of international intelligence sharing.

All those proposals are simply practical. In addition, we should enhance whistleblower protection for those who want to come forward from within the services, because that protection clearly seems inadequate at the moment.

Who will lead the reform programme? Does it have to be Parliament? To be frank, and with respect to existing members of the Intelligence and Security Committee and its Chair, having on the ISC and as its Chair former Ministers who were previously responsible for the security services leads to concerns about conflicts of interest. It could be that members are providing oversight on decisions that they made when Ministers.

There needs to be a demonstration of openness and transparency. There needs to be a fundamental review. The ISC needs to be led by those who are above all potential charges of conflicts of interest, which means, I am afraid to say, not the current members of the ISC.

One proposal suggests a discussion in Parliament about what sort of agency should be taking the issue forward and I think it should be parliamentary. The initial discussion could come through a Speaker’s Conference, in which all parties are brought together to examine the options available. The chosen option needs to have independence, resources and expertise and must be as open and as transparent as possible, while also avoiding conflicts of interest.

Mr George Howarth: I speak as a member of the Intelligence and Security Committee. Can my hon. Friend provide an example of such a conflict of interest?

John McDonnell: That is the problem. Who knows? I do not know what the Intelligence and Security Committee does half the time, because half the time it is not exposed to the public. We cannot determine whether a conflict of interest has occurred or whether—

Mr George Howarth: We publish reports.

John McDonnell: I am afraid that, as has been demonstrated previously, the ISC did not know half the things that were going on until it read The Guardian. Confidence in the way forward needs restoring and that should come through a frank discussion led by Parliament. That is why I suggest a Speaker’s Conference to bring the relevant parties together with the expertise to develop a way forward that can establish the structures, procedures and legal basis on which to rebuild the

31 Oct 2013 : Column 361WH

confidence in our oversight over intelligence and security in this country and some parliamentary and democratic control over it.

3.8 pm

Martin Horwood (Cheltenham) (LD): I congratulate my hon. Friend the Member for Cambridge (Dr Huppert) on securing the debate, which has been helpful in several ways. First, it allows us to reflect on the changing nature of communication in our society; these days, the best way of achieving secure communication is probably to send an open postcard rather than putting it on Facebook.

Secondly, the debate enables us to correct the slightly partial accounts of the current state of things such as article 8 of the European convention on human rights. The hon. Member for West Bromwich East (Mr Watson) correctly quoted the section relating to the right to private correspondence, but he left out the second half, which refers to exemptions for national security and the fighting of crime.

Thirdly, the debate allows us to correct a few of the really inaccurate assertions in the wider debate, such as the one about the presentation on “Mastering the internet” that was portrayed as some Orwellian plot to dominate cyberspace when it was actually about enabling people to use search engines better. Much nonsense has been talked in the wider debate, but the issues are serious.

I must declare an obvious constituency and family interest in this debate. My parents both worked at GCHQ and, before that, at Bletchley Park. My father, Don Horwood, was involved, under Tommy Flowers, in building Colossus, the world’s first programmable electronic computer. He was one of the people who kept it secret for decades, enabling the Americans, God help us, to take credit in the meantime for building the first electronic programmable computer.

My mother went back to Bletchley Park with me only recently, after 60 years’ absence. Only then did she reveal to me that she had not just been a linguist, as I had always thought, but had interpreted intelligence as well. The habit of keeping secret things that need to remain secret is one of the enormous debts we owe that generation of code breakers.

That continued in GCHQ during the cold war. We cannot know about all the secret victories our intelligence services won then, and are winning now, because they must, quite properly, remain secret. If we cast too much sunlight on some of these things, they stop working; it is not so much that we would always endanger agents’ lives, as that talking too much in public about precise techniques and sources makes those sources disappear and those techniques more difficult to apply. That endangers people in different ways.

I would love to think that we had entered a safe post-war world, where that level of secrecy was unnecessary, but that is simply not the case. We still face hostile states and hostile state intelligence services. Frankly, if the cyber-attacks and counter-attacks going on now took place in some physical realm, they would, in some instances, almost constitute an act of war. Some states are certainly engaged in hostile activity towards this country, but there are also the new threats of terrorist networks and organised crime.

31 Oct 2013 : Column 362WH

It is not only the threats but the technology that is changing. We cannot make it childishly simple for those who would do us harm to evade surveillance. We must move with the times, and we must give our intelligence services the capability, under proper oversight, to access the communications they need to access.

Of course, much of the discussion is about when access crosses the line into surveillance. A lot is said, and a lot of allegations are made, about mass surveillance, but if it was really taking place, it would—apart from being wildly impractical—be straightforwardly illegal. In his statement to the House, the Foreign Secretary made it clear that he still regarded the situation in this way:

“To intercept the content of any individual’s communications in the UK requires a warrant signed personally by me, the Home Secretary, or by another Secretary of State…Warrants are legally required to be necessary, proportionate and carefully targeted, and we judge them on that basis.”

He added that all those authorisations were

“subject to independent review by an Intelligence Services Commissioner and an Interception of Communications Commissioner, both of whom must have held high judicial office and report directly to the Prime Minister.”—[Official Report, 10 June 2013; Vol. 564, c. 32.]

As Members have pointed out, we have a sophisticated system of democratic oversight. The Labour Government passed the Intelligence Services Act in 1994, establishing the Intelligence and Security Committee. RIPA has been referred to. The coalition’s Justice and Security Act 2013 became law only in April, further refining and defining that Committee’s responsibilities.

There is a degree of anger at GCHQ and among my constituents. People at GCHQ understand that there will inevitably be some misunderstanding of what they do, because it is not very public, and that there may be some naivety and inaccuracy. However, they find it difficult to forgive the accusations of bad faith and illegality. Their perception is that they operate under one of the most exacting sets of laws and systems of ministerial and independent oversight applied to any intelligence agency anywhere in the world.

Of course, there are things that will remain secret, and there are things that are done that would surprise us if they became public. Hon. Members have referred to the interception of Angela Merkel’s mobile phone communications by the NSA. I find that very surprising, although anyone who knows West German intelligence history will know that the Federal Chancellor’s office has not always been the most secure place. I am sure my hon. Friend the Member for Cambridge (Dr Huppert) could find similar stories of insecurity in unexpected places.

Of course, Angela Merkel’s intelligence agency—the Bundesnachrichtendienst—employs 6,000 people and has a sophisticated electronic capability, so I would be amazed if she, even with her East German background and the obvious sensitivities that go with that, was as surprised at what has been going on as she has made out in public.

John McDonnell: Would the hon. Gentleman be surprised at this morning’s reports that the Pope was bugged as well? Is that a venial or a mortal sin?

31 Oct 2013 : Column 363WH

Martin Horwood: The hon. Gentleman makes a humorous point, but the activities of the Vatican bank and other things have been the subject of conspiracy theories, so who knows? Yes, of course, it is surprising that the Pope was bugged. However, the point is that we do not know the rationale for any of the intercepts, the precise thinking behind them or the precise techniques involved.

Quite apart from the overall democratic oversight, there is a sophisticated whistleblowing process, leading right up to the independent tribunals outside the intelligence services. The test for the hon. Member for Walsall North (Mr Winnick) is not whether Edward Snowden is obviously a traitor, but whether we would have thought he was a traitor if, instead of going through the medium of The Guardian, he had simply handed thousands of pages of top-secret documents directly to foreign intelligence agencies or terrorist networks, because that is, in effect, what he has done. In those circumstances, if he had not used the media as a medium, nobody would have hesitated to call him a traitor.

Mr Winnick: Does the hon. Gentleman recollect what happened in the 1970s, when Daniel Ellsberg released papers relating to the Vietnam war? He was described as a traitor at the time by some in the United States—certainly in the Nixon Administration—but he is now considered to be a hero who did a great service for his country.

Martin Horwood: Given my age at the time, I do not actually recall that. However, the principle here is that if illegality is alleged, there are methods by which people can address it. In our system, the powers of the tribunal in RIPA are very broad. It is able

“to consider and determine any reference to them by any person”.

It is

“the appropriate forum for any complaint if it is a complaint by a person who is aggrieved by any conduct falling within”

the relevant subsections

“which he believes…to have taken place in relation to him, to any of his property, to any communications sent by or to him, or intended for him, or to his use of any postal service, telecommunications service or telecommunication system; and…to have taken place in challengeable circumstances…on behalf of any of the intelligence services.”

The tribunal has a broad remit, and systems have been set up in addition to all the democratic oversight through the Intelligence and Security Committee, and the fall-back processes involving the commissioners. People can use those processes in a responsible way, rather than act in the way we have seen.

In terms of having a debate, quite properly, about whether the oversight processes are working properly, the hon. Member for Hayes and Harlington (John McDonnell) made some important points, including about whether people are overseeing decisions they made in office. There is an issue there, and perhaps there is further refinement and definition of the Intelligence and Security Committee’s work to be done. However, if we are to find needles in a haystack, we need to allow people to look at the haystack. We need to accept that there is a balance to be struck between access and surveillance, but that access is an important part of that balance.

31 Oct 2013 : Column 364WH

When Winston Churchill talked about the role Bletchley Park played in the second world war, he called the staff there the geese that laid golden eggs and never cackled. We owe similar respect to the staff of GCHQ now.

3.18 pm

Mr Michael Meacher (Oldham West and Royton) (Lab): It is extremely welcome that Parliament is at last having a debate about the fact that a state employee can select on a computer any item about an individual—their address, phone number, mobile number, e-mail, passport number, credit card number or any of their log-ins to a web service—and thus access the content of their communications and details of who they communicate with, the full range of their internet use, their location and a great deal else. Of course, GCHQ is proud to insist that none of that is at all likely, because it always acts within the law—if only. Yes, the computer operator must provide a justification for the information that he is seeking, but that is not too hard when he is conveniently offered a drop-down menu to prompt his thoughts.

All such activity is supposed to be firmly controlled by the Regulation of Investigatory Powers Act 2000 but that Act is, I think, more about facilitating such exercises than curtailing them. RIPA is so poorly drafted—one almost wonders whether that was deliberate—and is open to such broad interpretation that it allows Government agencies such as GCHQ to do whatever they like. We are assured by the Home Office that it is concerned only with the metadata—the technical wherewithal of communications systems, rather than the documents—but the Snowden documents, as reported, tell us the truth:

“GCHQ policy is to treat it pretty much all the same whether it’s content or metadata.”

We are repeatedly given assurances that privacy is fully safeguarded, until we discover that the National Security Agency in the United States spends £250 million a year on weakening encryption. No doubt GCHQ is acting similarly on breaking commercially available security products.

The truth is, and has been for a long time, that the NSA in the States, via the Prism programme, and GCHQ in the UK, via Tempora, have acquired the capability to hoover up vast, untold quantities of personal data from the undersea cables that carry internet data on a colossal scale in and out of the UK, and to do that without any check or accountability. Does that matter? I think that it does. Tempora already allows GCHQ the capacity to collect more than 21 petabytes a day. To put that in context, it is the equivalent of sending all the data in all the books in the British Library 192 times every 24 hours. Two years ago, there were already 550 British and American analysts ploughing through the Tempora database. The balance between safeguarding personal safety and tracking down terrorism and serious crimes has unquestionably been drastically breached. The security agencies are operating under outdated law, despite the recent changes that we all know about, without a genuine public mandate.

What should be done? It was decided at the end of the previous Parliament that all Select Committees, except one, should be elected by the House, and not selected by the Whips and beholden to the party leaderships, as hitherto. The one exception was of course the Intelligence and Security Committee, which operates in a totally

31 Oct 2013 : Column 365WH

different way, untouched by the wave of accountability that swept through the Commons in 2009-10, in response to the revelations of the expenses scandal.

Dr Lewis: I hope that the right hon. Gentleman will—I suspect that he will—enlarge on that point, but will he mention the fact that that one Committee is different from all the others, because it is the only one that has access to highly classified material? Surely, that is the relevant point.

Mr Meacher: That is perfectly true. The real issue is whether that justifies its being outside the system of accountability of the Houses of Parliament. In my submission, it does not. Safeguards might be required, but not the construction of a different type of Committee, whose Chair and members are appointed by the Prime Minister, to replace as and when he or she wishes, and which sits in private.

Sir Malcolm Rifkind (Kensington) (Con): The right hon. Gentleman cannot get away with that. Is he completely unaware that the Parliament of which he is a Member passed legislation providing that from now on Parliament will have the last word on who is appointed to the Intelligence and Security Committee? If Parliament does not like the names recommended by the Prime Minister it can reject them, and continue to reject them until it is satisfied with the names brought forward.

Mr Meacher: The right hon. and learned Gentleman is correct, but the question is whether that is an effective way for the legislature to make the choice. It is all very well to say that there is a provision that will work if it is used diligently and systematically by the House. I submit that it is not, and that we need to change it.

Dr Huppert: It might help the right hon. Gentleman to know that clause 1 of the Justice and Security Act 2013 states:

“A person is not eligible to become a member of the ISC unless the person…is nominated for membership by the Prime Minister, and…is not a Minister of the Crown.”

Mr Meacher: Of course, that is the point. The House can reject a name that is proposed by the Prime Minister. It cannot propose its own name, as happens with the other Select Committees.

When the Committee has completed an inquiry, often, of course, at the behest of the Prime Minister—although I am aware that it can pursue its own investigations—it sends its report directly to the Prime Minister. That is a secret back channel within the existing power structure, with no direct accountability to the public. The Prime Minister can modify the report in any way he or she chooses and then publish it without any indication of the changes, or publish it in redacted form, or not publish it at all. That is not serious scrutiny. It is a safe cover for the Prime Minister, to give the impression that a difficult and sometimes, for the Government, embarrassing issue has been properly investigated, when, in fact, MI5 or GCHQ disclose to the Committee only what they choose, and the Prime Minister reveals what he or she wants to. Genuine accountability in such matters is needed, and is long overdue.

31 Oct 2013 : Column 366WH

The Intelligence and Security Committee should, like all other Select Committees, be elected by Parliament, although I think that the Government should choose the Chair. Where the security services are unwilling to disclose documents on national security grounds, the Committee should have the right to ask the Information Commissioner to review the documents and decide whether their disclosure would genuinely put national security at risk—in which case of course there would be no question of their being revealed—as opposed to merely being inconvenient to the security services or the Government, as has so often proved the case in the past. The Information Commissioner’s decision would be final, and the Committee’s report, once finalised, would be issued to the House for public consumption, not to the Prime Minister.

It will be said that we should trust the security services, which look after the nation’s safety—a vital role—and let them get on with the job. We did that, of course, and then found out, not from them but from the Snowden files, what the NSA in the US and GCHQ in Britain were really up to, including monitoring the phones of Angela Merkel and 35 other world leaders—one wonders how much else—and that all assurances about privacy were not worth the e-mails that they were written on. The Intelligence and Security Committee never found out or told us. We were assured by its current Chair—whom I greatly respect—that the security services always acted strictly in accordance with the law, that all operations were officially approved and that there was nothing to worry about. It was only later that we discovered that in fact GCHQ, through the Tempora programme, had devised a way of obviating all that.

It is high time, not for the ISC to tweak its existing work programme to respond to the global furore, as seems to be proposed, but for an independent committee of inquiry to be established to examine the issue thoroughly and systematically, taking full account of international experience, particularly in the United States, and to report to the House, not to the Prime Minister.

3.29 pm

Sir Malcolm Rifkind (Kensington) (Con): These are serious matters, but may I start on a slightly lighter note? It has been reported today that Mr Snowden has obtained new employment in Moscow—this is quite true—on a Russian website. We have been told that which website it is could not be revealed on the grounds of security, so there is clearly a need for a Russian whistleblower, if not Mr Snowden.

In the time available, I will concentrate on two matters. The first is that the ISC is quite willing to be criticised, but I think that all its members would prefer to be criticised by people who have taken the trouble to find out what Parliament has approved in the past 12 months and how the new ISC has been constituted.

When the current Committee came into existence at the beginning of this Parliament, our first work was to review all the existing powers. We came to the conclusion that the original 1994 Act was out of date and needed to be replaced. We put a series of recommendations to the Government, who accepted 99% of them, and the Opposition were of a similar mind.

I remind right hon. and hon. Members, or those who are apparently not aware of them, of the fundamental changes that have been made. First, under the new

31 Oct 2013 : Column 367WH

legislation, we now report to Parliament, not to the Prime Minister. Secondly, as I have said, Parliament has the last word on who the Committee members are. Thirdly, contrary to the suggestion by the right hon. Member for Oldham West and Royton (Mr Meacher) that the Prime Minister should continue to appoint the Chairman, the Committee will in future choose the Chairman from among its own members. That is a big change.

My second point is that the powers have been transformed. For all the years since the Committee came into existence, we could not require intelligence agencies to give us information that they did not wish to provide. We could make requests, to which they often acceded, but we could not require them to do so. The new legislation requires them to respond and give us the information we seek.

Until now, the legislation did not even mention the most important part of agencies’ activities—their operations. Any Committee involvement in operations was incidental or at the request of the Prime Minister, or it was done voluntarily when agencies were willing to co-operate. Now we have not just the opportunity but the right to demand from the agencies all information regarding nationally significant operations, including retrospectively. They cannot refuse; it is our right.

The right hon. Gentleman and other critics may not be aware of this, and perhaps there is no reason why they should be, but I must tell them that one of the changes taking place—for example, in respect to our current inquiry on Woolwich—is that, although as part of our investigations the agencies normally sent us a report with such raw material or parts of their files as they thought appropriate, we now have the right, which we are exercising, to send our staff into GCHQ, MI5 or MI6 to look at files that are relevant to our investigation and they, not the agencies, decide what the Committee might want to see. To be fair to the agencies, we are doing so with their full co-operation. It is a cultural revolution in the agencies’ work to allow people who are not even part of their staff or involved in government into their building. That transformation in the Committee’s powers ought to be borne in mind by those who say that the present Committee—not the former one—does not have the powers to do the required job.

Mr Meacher: Will the right hon. and learned Gentleman explain why the Committee did not find out about the Tempora programme when it began to operate?

Sir Malcolm Rifkind: The right hon. Gentleman does not have the faintest idea whether the Committee was aware of programmes of any kind. We are given classified information, and the whole point of an independent Committee having access to top secret information, whatever that is, is that we do not announce what such information is. If he can devise a system whereby secret information can be made available to all law-abiding British citizens, without its being simultaneously made available to the rest of the world, I am interested in hearing about it, but I do not think that he is likely to meet that requirement.

In the short time available, I want to deal with the fundamental challenge mentioned by the hon. Member for Cambridge (Dr Huppert), who secured the debate,

31 Oct 2013 : Column 368WH

as well as by those who have supported him. Like others, they have said that we are living in a society in which, to use their term, there is “mass surveillance”. If that means anything, it is an accusation: the implication is that all our e-mails are or will be examined by GCHQ—as it chooses and by its own methods—as though something like that was now available. They seem totally to misunderstand or not to refer to the reality of what happens with modern technology, so in the brief time available, I will share with them what they ought to know. It is not secret, but is in the public domain.

Modern computers, which can indeed digest vast amounts of e-mails or communications data, are programmed to run using certain selectors, such as an e-mail address that might belong to a terrorist or some other information relating to terrorism. They are programmed to go through millions and millions of communications and to discard, without their having been looked at—no human eye looks at any of the e-mails—all those to which selectors are not attached.

Of the totality processed by computers, perhaps 0.01% will have selectors that the computer has been programmed to look for. The communications of the other 99.99%— covering virtually every citizen of this country, bar a very small number—are never even looked at by the computer, other than in relation to a selector, such as an e-mail address. Even for the tiny minority identified by the computers as potentially relevant to terrorism, if GCHQ, MI5 or MI6 want to read the content of any of the e-mails, they have to go to the Secretary of State for permission. Under the law, only if they are given permission can the content be read.

To say that we are living in a mass surveillance society is to make a wonderful allegation that sounds vaguely sinister, but the reality is that the e-mails of pretty well everyone in the Chamber are not being intercepted or read.

Mr Watson rose

Mr George Howarth rose

Sir Malcolm Rifkind: I am happy give way to the hon. Member for West Bromwich East (Mr Watson).

Mr Watson: I understand what the right hon. Gentleman is saying about algorithmic searches and the ability to obtain lifestyle information based on metadata, but the point is that the mass analysis of those data might identify patterns of behaviour that we do not know about and so give people leverage. It is the very use of such algorithmic search terms that raises people’s fears.

Sir Malcolm Rifkind: The hon. Gentleman’s point may be a very strong one with regard to matters unrelated to national security—for example, what companies do in sharing commercial data—but I must tell him that the intelligence agencies have far more important things to do than to look at patterns of behaviour, unless they are directly relevant to a terrorist threat or serious crime. That is their function and legal duty, and if they go beyond it, they are committing a crime—even if they had the time, which they do not have, or the inclination to do so.

31 Oct 2013 : Column 369WH

I am not arguing that there are no legitimate issues for public debate; I am saying, as my hon. Friends have done, that there is a legitimate public debate. The Intelligence and Security Committee has already said that it will conduct an investigation into whether the three Acts—the Human Rights Act, RIPA and the Intelligence Services Act—remain appropriate, given the dramatic changes in technology over the past few years. We will do that work, as it is right to do, to identify whether, in our view, the balance between security and privacy is appropriate.

Unlike in the past, some of the inquiry’s sessions will be in public; they cannot all be, for obvious reasons. Unprecedentedly, we will have public evidence sessions so that everyone can be part of the debate. There has been a revolution in oversight, and right hon. and hon. Members should acknowledge and recognise that fact.

It is no coincidence that, as the technological capabilities available to not just the intelligence agencies but terrorists and criminals have expanded dramatically over the past 20 years, oversight has also expanded dramatically. I say without fear of contradiction that, with the one exception of the United States—it has intelligence oversight powers that are not exactly the same in detail as ours, but are comparable to them—no other country in the world, including democratic ones, has both substantial intelligence agencies and such a degree of oversight.

Mr Watson: Will the right hon. and learned Gentleman give way?

Sir Malcolm Rifkind: I am sorry, but I cannot at this stage.

Given our willingness to have our first public hearing with the intelligence chiefs next week in front of the cameras, plus other public sessions, as well as the new powers we are already exercising, I ask right hon. and hon. Members to test whether we use such powers properly. They should not say that we do not have those powers in the first place, because there is not a single new power that they have suggested should be given to the Intelligence and Security Committee that we do not now have.

Dr Huppert: Will the right hon. Gentleman give way?

Sir Malcolm Rifkind: I cannot, unfortunately.

Right hon. and hon. Members should by all means scrutinise whether we use the powers properly, but they should please do so on the basis of knowledge about the Act that Parliament approved within the past 12 months.

3.40 pm

Mr Robert Buckland (South Swindon) (Con): It is a pleasure to serve under your chairmanship, Mr Brady, and to follow my right hon. and learned Friend the Member for Kensington (Sir Malcolm Rifkind), the Chair of the Intelligence and Security Committee. He is right to make important points about the Committee’s increased powers and remit. I add that the Committee now has a remit to examine not only operational issues relating to the three intelligence agencies but it can examine the Office for Security and Counter-Terrorism within the Home Office, the Ministry of Defence’s intelligence arm and the Cabinet Office. Its ambit has been radically and importantly widened.

31 Oct 2013 : Column 370WH

In a nutshell, the ability to oversee operational activities for the first time is helping strike an important balance that we as legislators and politicians need. It is up to us to set strategy, and it is up to the professionals—the people whom we trust in places such as GCHQ and our other agencies—to get on with the job, but oversight is vital.

Mr Ellwood: My hon. Friend mentioned GCHQ, which has been mentioned numerous times in this debate. Does he share my concern that university syllabuses overlap by only 15% on cyber-technology? We need greater agreement on what is required if we are to create the experts needed now and in future.

Mr Buckland: My hon. Friend is right. The challenge will get ever more complex, so the skills needed will be the sort that we may not even have thought of yet. It is that type of environment. In a nutshell, the status quo will never be an option when it comes to intelligence and security, which is why I welcome warmly the Committee’s intention to consider the operation of the Regulation of Investigatory Powers Act 2000, or RIPA, as we have been calling it all afternoon.

As I said earlier in an intervention, RIPA was a response to what was seen as a deficiency in United Kingdom law in a number of cases that the Strasbourg Court considered relating to the interception of communications. RIPA was seen as an important consolidation of powers that had already been given to the police that, as we have heard, were extended to other agencies in a way that caused controversy and proper concern. The Government have done much work to roll that back, but RIPA itself is now in need of an update.

On both sides of the argument that we have heard in this debate, there is agreement that, for whatever motive, RIPA needs careful consideration. The intention behind the Government’s proposals on data retention and collection involved the need to update RIPA. Using that consensus gives us the potential to ensure that the Act is as up-to-date as possible. The challenge will be how to future-proof it. I do not have an easy answer. As we know, in the world of information technology, to use a well-worn phrase, change is the only constant.

We all know that we have moved from an era when privacy in our own homes and of our personal chattels was important into an era when our personal data are the most valuable thing that we possess. When it comes to the retention of our personal data, the right to privacy is under challenge as never before. Article 8 has been mentioned, quite properly, by several Members including, among others, the hon. Member for West Bromwich East (Mr Watson) in an eloquent speech, as we have come to expect from him.

However, it has also been rightly pointed out that that right is qualified on grounds not only of national security but of crime prevention, health protection and, lastly and importantly, protection of the rights and freedoms of others. Herein lies the passion with which my hon. Friend the Member for Wyre and Preston North (Mr Wallace) addressed the House earlier. He believes firmly and rightly that the activities of the security services are meant to guarantee the freedoms of all of us. Therefore, the qualification in article 8 is emblematic of the balance that must be struck when we come to such issues.

31 Oct 2013 : Column 371WH

I will focus on one aspect of the debate on which we have not touched today. It concerns schedule 7 of the Terrorism Act 2000, which is particularly relevant in the David Miranda case. I will not dwell on that matter specifically, but I will discuss the important work of David Anderson QC, the independent reviewer of terrorism legislation, who makes important and helpful recommendations to the Government about how we can get the balance right on significant issues such as terrorism prevention and investigation measures, control orders and the use of schedule 7.

I am a member of the Joint Committee on Human Rights. We have considered carefully the Anti-social Behaviour, Crime and Policing Bill, which recommends, among other things, that schedule 7 be changed to get the balance right. We broadly welcome the Government’s intention to reduce the scope of that provision, but there is an important point to note when it comes to use of the more intrusive powers in schedule 7. Whereas reasonable suspicion must be the threshold for the police and other authorities to stop, question and search travellers, there is concern that the same threshold is necessary for the use of more intrusive powers, such as detention for up to six hours, search and seizure of personal electronic devices or the taking and retention of DNA samples or fingerprints without consent.

Our Committee’s view was that the threshold of reasonable suspicion should come into play at the point when a person is formally detained, which under the new provisions in the Bill will be one hour after questioning. That is a small but important example of the need to ensure that when powers are exercised, as they properly should be—the Committee welcomed the use in principle of those powers—we as a state use identifiable and understandable thresholds before going down the line of intrusive use of power. We urge the Government to consider that point carefully in their response to the Committee.

Much has been made of the revelations concerning Edward Snowden. The right hon. Member for Knowsley (Mr Howarth) put it well. The issue of whether The Guardian has broken the law is a moot point; the Official Secrets Act 1989 requires several thresholds. It requires the leave of the Director of Public Prosecutions or the Attorney-General before prosecutions can commence, and it requires that any disclosures be damaging.

I do not think that we can comment properly about the rights and wrongs and the weight of the evidence in this particular case, but the right hon. Gentleman was right to ask whether, in the general circumstances, the actions of The Guardian were wise. I do not think so. Newspapers, like any other part of our mosaic of a society, must balance and weigh carefully the need to be irritating and robust in their journalism with the wider responsibility to bear in mind the qualifications to the right to privacy in article 8.