|Previous Section||Back to Table of Contents||Lords Hansard Home Page|
In effect, the provision, whether in the form of the current drafting or the amendment of the Minister, all but guarantees that the internet will be considerably less safe for UK users. That must be counterproductive and antipathetic, not only to the Governments intention here, but also to their wider aspiration of making the UK the best place in the world for e-commerce.
It is also worth contemplating what benefit would accrue were the provision to be enacted. As a generality, the vast bulk of criminal and malicious activity will be caught by the first arm of the clause, subject to the test of intent. Presumably, therefore, the likelihood test is intended to apply in instances where the internet is seeded with harmful, or even malicious, code for potential onward use as an adjunct to hacking activity, perhaps by script kiddiesmy noble friend is testing me herecode monkeys and the like. Without delving too deeplythank goodnessinto the psychology of such individuals, it is highly unlikely that the provision would either prove a deterrent for them or that, in reality, the offence could be adequately investigated and so prosecuted in practice. In sum, therefore, the provision will almost inevitably do much more harm than good.
We do not doubt the sincerity of this. Nevertheless, given that my noble friend has not found a single IT professional prepared to endorse the Governments proposition here throughout the two-odd years it has been under consideration, it would be helpful if the Minister could flesh out how the Home Office perceives the industrys attitude towards it.
Lord Dholakia: My Lords, I simply want to thank the Minister for the Governments amendment. I do so because the Government have taken note of a number of anomalies identified by my colleague in the House of Commons, David Howarth, and the amendment is designed to put them right.
The Earl of Erroll: My Lords, I shall speak to this group, and particularly to my Amendment No. 129A. First, I thank the Government for taking into account some of the comments I made about the difference between making and inventing the tools, and supply and distribution of the tools, which is what they are trying to hit.
However, I am afraid that their amendment does not quite go far enough. It is a question of effectiveness and whether it works, and I am afraid to say that it will not. I reassure the noble Baroness, Lady Anelay of St Johns, that things like script
10 Oct 2006 : Column 214
The real problem probably stems from something we have just been talking about. I have just been at dinner with the Hansard Society in the Commons, talking about globalisation, regulation and a few other things. This is a typical example. We think we can regulate, but in a global, internet-based world we cannot. People can host these things abroad. They can host sites which will supply tools to allow you to do this, that and the other, and there is nothing we can do to prevent it. They will be hosted on servers abroad by foreign companies, and you cannot do anything about it. If they were hosted on British servers you could give them notice and tell them to remove them or even prosecute them if you were lucky enough.
Will it work? It will not, I am afraid. It is one of those things that sounds good but will do nothing. What it will do is cause a lot of trouble to large companies that supply perfectly legitimate tools to help people to carry out remote maintenance or use remote access. It will not help parliamentary staff because if someone supplies the tools to them, whereby they can shadow you working on your own terminal in Parliament and thereby help you solve the problem that you just got trapped in, those sorts of tools might be forbidden under the supply rule.
The Home Office response to this is: Well of course we wont chase the good guys. We wont go after them. We are only after the bad guys. The trouble with that is that it is all well until an enforcer trying to achieve some other aim threatens someone. I do not think that, as Parliament, we should be passing laws that give power to enforcement agencies to blackmail companies into doing other things for them because they know they can use something like this against them. It is too much of a blanket power.
Further, it is useful for penetration testingfor instance, people testing to see whether their company systems can be hacked. A typical example of this is phishing. Last week I was sitting next door to a chap called Gary McKinnon, who is the person the Americans are trying to extradite and put in jail for 60 years because he put post-it notes all over the Department of Defense systems. Five years ago he got into their systems because he thought it would be fun to see how good their passwords were. He ran a little program and discovered that a large number of people with Windows access had not bothered to use passwords. For the Department of Defense in America not to check that its stuff was moderately secure and that its senior people at least had passwords to prevent access is stupid. So he thought he would show them how stupid they were.
As a result of that Gary has got into hot water. I will not go into the merits of the case or whatever, but the department should have been using tools like this to ensure its own security was all right long before Gary got there. And so should we. However, it will make these things illegal and large groups, large banks and so on should be testing that their systems are secure. In fact Parliament should. But, under this
10 Oct 2006 : Column 215
I stand very strongly on that, having seen and heard of many incidents where people have been told that unless they comply with something else there is an obscure rule and they can throw the book at a company for something else. I know that there will be efforts made at the European level to reverse this provision if we pass it in this form. I was informed of that by some international companies.
I would prefer to see the amendment of the noble Earl, Lord Northesk, go through and remove the provision altogether. I do not think it will do any good. It is a waste of time. It will not allow you to do anything effective against enforcing what you want. However, I believe that the Minister will not allow that. Therefore, I would suggest that you should either say more likely than not if that is what you mean. I suggested last time using the word primarily; this time I suggest using principally. We are looking at the objective of the people supplying or trying to sell these tools. If it is principally to sell it to the hacker community, I do not have a problem. In which case say so in the Bill. We know these things are likely to be used. If the Government mean that it is more likely than not, then they should say more likely than not.
I would like to push this issue at some stage. I know that there is only one more stage of the Bill. It concerns me greatly that we should leave the matter in this form. Therefore, I would like to hear what the Government have to say.
Lord Bassam of Brighton: My Lords, I am going to read what the Government say and I will try to say it as best I can. I am pleased with the half vote of support from the noble Earl, Lord Erroll, and I am most grateful to the noble Lord, Lord Dholakia, for his customary courtesy and thanks for the amendments that we have tabled in this group. Although the noble Baroness, Lady Anelay, did not say that she was ever so pleased about what we were moving this evening, I thought that perhaps there was some grudging acknowledgement that we had recognised part of what the noble Earl, Lord Northesk, sees as a problem. Obviously, we will never satisfy the noble Earl, Lord Northesk. Sometimes, I would be worried if we did. However, I congratulate him on his continued persistence. By tabling amendments such as this, he makes us think much harder about what we are trying to do better to perfect the legal framework with which we try to cover the difficulties.
In general, we are pleased with the support for creating a new offence to cover those who make or adapt, supply or offer to supply articlesso-called hacking toolsintending that they be used to commit
10 Oct 2006 : Column 216
The amendment tabled by the noble Earl, Lord Northesk, goes further and would also exclude those who supply or offer to supply articles believing that they are likely to be used to commit an offence. The noble Earl, Lord Erroll, proposes that the new offence is amended to replace believing that it is likely with believing that it will principally be so used. The use of the term principally has similar difficulties associated with it to that which the noble Earl preferred in Committee, which was primarily. I am not sure that it is capable of legal definition. Clearly, I am not an expert in these matters, but it is not a word with which I am familiar as being used in statute to describe a particular state of affairs.
Such tools are increasingly sophisticated and damaging. They are increasingly available and increasingly used to commit crime. We cannot support the approach taken by noble Lords because we believe that it is important that the offence covers the supply of such articles for criminal use even beyond the narrow circumstances of criminal intent. We also believe that principally refers to the extent of the usage. In other words, some of the time, the article will be used for legitimate purposes but the person believes that it will be principally used for Computer Misuse Act offences. Whereas, in our view, likely reflects a belief that there is a strong possibility that the article will be used for Computer Misuse Act offences.
The Earl of Erroll: My Lords, does the Minister accept that, actually, the sort of tools that are used to test systems and gain remote access are normally used by hackers to gain access to systems illegally? All of them are very likely to be used for that purpose. That is the trouble. If the Government do not intend to catch all these tools, why does likely mean more likely than not? These systems will be used for that, whether you like it or not.
Lord Bassam of Brighton: Well, my Lords, that may well be the case, but I invite the noble Earl to consider that we are trying to write terminology into the Bill that has a proven track record of being tested in a court of law. That is very important. I do not know how the noble Earl can make that judgment about those tools being used primarily or only by hackers. I am not sure how he reaches that conclusion. In a sense, that is otherwise from this debate. That is his view, but I invite him to bear with me while I complete my commentary so that he can better understand where we are coming from.
As I said, having listened to the debate in Committee and to industry, we accept that it would not be reasonable in all cases for the manufacturer of
10 Oct 2006 : Column 217
Obviously, those in the legitimate IT security sector make, adapt and supply these tools as part of their daily work. They rightly need the confidence that the new offence will be used appropriatelyone might also argue proportionatelyto ensure that their practices and procedures fall entirely within the law. The DPP will write and publish guidance on how the new offence will be dealt with, with particular focus on the factors that prosecutors will take into consideration in determining, in accordance with the code for Crown prosecutors, whether there is sufficient evidence to prosecute and whether it is in the public interest to do so.
Finally, we have made amendments to Clause 43 that make transitional provisions to ensure that the changes which the Bill makes to the Computer Misuse Act 1990 do not have an impact on offences committed before the Police and Justice Act comes into force.
A question was asked about the assessment made by the noble Earl, Lord Northesk, of the clauses impact. The assessment, which was given ample voice by the noble Baroness, Lady Anelay, differs from ours. We have consulted industry members and the CBI on these provisions and have had no representations from them suggesting that the provisions will force them out of the UK market. In fact, the provisions will not criminalise general applications such as browsing, as it is used more legitimately than criminally. Therefore, no one could believe it likely that they will be so used. We have taken industry views into account and, as I say, have not received the sort of representations to which the noble Baroness alluded.
That said, I simply invite the noble Baroness to withdraw the amendment in the name of the noble Earl, Lord Northesk, and the noble Earl, Lord Erroll, not to move his amendment. I hope that they will accept the government amendments.
Baroness Anelay of St Johns: My Lords, I am grateful to the Minister for his considered response. I also appreciate the expertise of the noble Earl, Lord Erroll, but ask him to be a little cautious when using words such as script, kiddies and code monkeys. I read them out only because I had such confidence in my noble friend. I did not think he had put them there for a joke and assumed that they were real. He was right to draw attention to the fact that phishing should be of concern to all of us, and that
10 Oct 2006 : Column 218
Lord Lawson of Blaby: My Lords, I apologise for intervening. I am concerned about how this wording will be interpreted. It is clear that anythingwhether it be a fast motor car or what we are talking about in this debatethat can be used for a malign purpose is likely to be used by someone of evil intent for that purpose. The wording of the Governments amendment is,
which means anything that is capable of being used. That goes much further than this House should be comfortable with. I hope that the government will therefore give it consideration. With this amendment, they seek to narrow the conditions, but they are not narrowing them at all. Another look at this is warranted. I apologise for intervening.
Baroness Anelay of St Johns: My Lords, that was a welcome intervention. It is precisely why my noble friend Lord Northesk felt that the government drafting could not be improved: he felt that it was so defective that one could not achieve the right result, so he wants to take out that section. I know that the noble Earl, Lord Erroll, was trying his best to find a better definition that could adequately deliver the safety of use for those properly using the toolsthe good guys as opposed to the bad guys, as my noble friend put it.
I agree with my noble friend that there should be further time for consideration. I know that there is not much time between Report stage and Third Reading, but there will be one week and one day, which is more than there is occasionally. An e-mail will wing its way to my noble friend from me tomorrow, but I am sure that by the time this is on the internet at lunch time he will already be reading the results of our deliberations. I am sure that he will contact all of us to see what needs to be done betwixt now and time for tabling amendments at Third Reading next Tuesday. In the mean time, I beg leave to withdraw the amendment.
( ) A person is guilty of an offence if he supplies or offers to supply any article believing that it is likely to be used to commit, or to assist in the commission of, an offence under section 1 or 3.
The noble Earl said: My Lords, I am not sure whether I am speaking at the right time, but now seems logical. The noble Lord, Lord Lawson, is right. I do not believe that the courts will interpret the word likely as meaning more likely than not, because it does not say that. This is trying to catch people advertising on the internet who say, Here you are. Here are some great hacker tools. Why do you not download these? The trouble is that people who are trying to supplypossibly without sellinga subsidiary company or part of a group things that will help to maintain, assist or test computer systems will be caught also by this wording. It is impossible to write something to maintain a computer system remotely or test the security of a computer system which can be used only for that purpose. Everything written for that purpose can be turned around by someone who wishes to use it for hacking. As the noble Lord, Lord Lawson, said, it will be used by hackers.
Therefore, the word likely means that everyone is prosecutable by the courts. I have heard people say, They can look at what the Minister said, but unless it is ambiguous there is no requirement to look at the parliamentary debate. The word likely is unambiguous. Therefore, I am afraid that the courts will find that the Government have a case just to say, Well, we can prosecute you. They do not even need to look. The intention behind this was not to prosecute the good guys. Nowhere in the Bill says that. Another sentence saying, If you are a good guy, we wont prosecute you, would perhaps be all right. Between now and Third Reading, the Government need to think of something that means more likely than not or the primary purpose or something like that. Otherwise, I will come back with something at Third Reading myself.
|Next Section||Back to Table of Contents||Lords Hansard Home Page|