Surveillance: Citizens and the State - Constitution Committee Contents


Examination of Witnesses (Questions 219-239)

Mr Gareth Crossman, Dr Eric Metcalfe and Dr Gus Hosein

6 FEBRUARY 2008

  Q219  Chairman: May I on behalf of the Committee welcome Dr Metcalfe, Dr Hosein and Mr Crossman. We are not being televised but we are being audio recorded so could I please ask you to state your names for the record and the organisation that you represent.

  Dr Metcalfe: My name is Eric Metcalfe. I am the Director of Human Rights Policy at JUSTICE.

  Dr Hosein: My name is Gus Hosein. I am a Senior Fellow at Privacy International and a Visiting Senior Fellow at the London School of Economics.

  Mr Crossman: My name is Gareth Crossman. I am the Director of Policy at Liberty.

  Q220  Chairman: Thank you. Would you like to make an opening statement or would you prefer to proceed straight into questions?

  Dr Hosein: We would all prefer to go straight to the questions.

  Q221  Chairman: Could I ask how you would define, if at all, a "surveillance society" and whether you think we live in one?

  Dr Hosein: The surveillance society language has been within academia for a while, which means to say that there is no certain definition. The Information Commissioner's Office started using the language about two years ago, saying that we were sleepwalking into a surveillance society, and at that time we were not too sure if that was a helpful vocabulary. I believe that the common definition would be "pervasive surveillance to which you have no recourse", but we never felt that to be a particularly useful definition or a useful term because it renders the whole debate as though the individual is powerless. We believe that the individual still has rights—under the ECHR, the Human Rights Act, the Data Protection Act—and so we still believe that there is a struggle to be had; we have not given up the fight just yet.

  Mr Crossman: I very much agree with Dr Hosein about some of the language that has been used. Traditionally, you used to try and avoid emotive language the subject of an issue that is essentially about proportionality, but now that the language of surveillance society has entered the consciousness, it is useful and appropriate language to use. If I was going to say where I think things have gone wrong, the question of proportionality is very important. Legitimate state interference into individual privacy is, of course, part and parcel of a democratic society, but as a consequence of a number of factors over the last few years, the concept of proportionality, about the need to justify the need for legitimate purpose, the need to only do things in a way which is appropriate to the situation faced, has fallen away from surveillance, whether it be mass surveillance through a database, whether it be through visual surveillance of CCTV or targeted surveillance through the use of the Regulation of Investigatory Powers Act, so underpinning our concerns over surveillance is that the accountability and proportionality elements have fallen away.

  Q222  Chairman: Could I ask what your response is to the news last week in the annual report of the Interception of Communications Commissioner, Sir Paul Kennedy, that over 250,000 requests for communications data were made between April and December 2006, and whether you think that the level of covert surveillance is getting out of control and, if so, how you would address this?

  Dr Metcalfe: We are certainly very disturbed by the figures which came out last week. I think there was initially, in the media reports, some confusion between the number of interception warrants, that it is to say, communications actually being listened to for their content, and requests for communication data which is the location and identity of the telephone number that you are calling. Nonetheless, it speaks to the very broad use of surveillance powers that are available under the 2000 legislation. In particular, we are extremely concerned about the lack of sufficient legal regulation for the exercise of those powers. I do not mean by that that there is no legal regulation, the Interception of Communications Commissioner plays a role. But the United Kingdom is virtually alone in every common law country in not requiring prior judicial authorisation of interception warrants and indeed, as we found in relation to buggings in prison, there is no prior judicial authorisation of intrusive surveillance either. There is a limited role in relation to police surveillance in which the Surveillance Commissioners play a role but, for example, if MI5 seeks a surveillance warrant in a prison, there is no requirement to go before a judge and seek an assessment of the proportionality of the request in human rights terms, under UK law as it currently stands. So we are extremely concerned about the lack of sufficient safeguards in this area.

  Q223  Lord Peston: I have a small technical question. Are scale, on the one hand, the size of the thing, and the use of technology, intrinsic to your definition? I will give you an example at the other extreme, which may seem ludicrous, but if you live in a small village, as I do, everybody knows everybody's business. How anybody would ever have an affair is completely beyond me; we all know what everybody is doing all of the time. The idea that this is somehow the Stasi writ small—as that ludicrous article by Mr Heathcoat Amory asked us to believe generally about our society—we would regard as preposterous. In other words, knowing everybody's business is not somehow incompatible with privacy on a small scale. But what you are saying is, if I am right, that on a large scale and using technology then it becomes a problem?

  Dr Metcalfe: I think it can be.

  Q224  Lord Peston: For example, in the House of Lords, we all gossip about each other all the time, but I do not think we think we are living under a Stasi-ist regime here, even though most people know everything about everybody.

  Dr Metcalfe: I would not adopt the description of the Stasi-like situation. I would not agree with that. I do agree that scale definitely matters, for example, with medical reports. Traditionally, your medical reports are held by your local GP and we have many examples of cases where there is very poor security around those medical records. However, once you put those medical records onto a national database, which is accessible from a wide number of points throughout the United Kingdom, then you encounter problems of scale and technology.

  Q225  Viscount Bledisloe: As I understand it, there is a distinction between interception of communications by telephone and overt listening to direct conversations—I would call the latter "bugging". Is there any control over that? If you come to my house and I put a bug to record what you are saying, or if I go to prison and the prison puts in a thing to record what I am saying, is there any control over that or at the moment is one free to do what one wants?

  Dr Metcalfe: There is legal regulation, it is the Regulation of Investigatory Powers Act 2000, which is the primary legal framework governing both surveillance by law enforcement bodies and interception of communications. It is true to say that there is a distinction between listening to a private conversation, or intercepting a private conversation, because you are concerned with the contents, say, for example, the contents of a letter, the contents of an email, what is actually said in the telephone conversation, and surveillance by way of a listening device which is external to the communications, say, for example, a listening device in someone's home or office or even their vehicle. The distinction tends to blur somewhat, and this is a loophole that we have identified in the interception regime, because it is perfectly possible to have an external listening device that records someone using a hands-free device with their mobile telephone, for example, and we quite often find this in criminal cases where interception evidence is inadmissible due to Part 1 of the 2000 Act but, nonetheless, if you happen to record someone speaking into a telephone by an external device and with a hands-free device if you record what is coming out of the speaker, that is admissible.

  Q226  Viscount Bledisloe: I am talking about actual direct conversations without the use of any machine at all, putting a bug under the dining room table so that you can record what people are saying at dinner or, as has been suggested, putting a bug in a CCTV camera in a shop so that you can hear the conversation. Is there any control on that—done by a private individual?

  Dr Metcalfe: A private individual who intercepts a private communication commits a criminal offence.

  Q227  Baroness O'Cathain: Even in his own room?

  Dr Metcalfe: You can intercept your own conversation, but if you intercept someone else's conversation, a private conversation between two other individuals, you commit an offence.

  Q228  Viscount Bledisloe: If I, without telling you, record what you say to me, that is all right?

  Mr Crossman: It is important to make a distinction here between interception of communications and listening. Interception of communications, if you intercept someone else's communications you commit a criminal offence. If you are listening in on other conversations, you are not necessarily, depending on the circumstances in which you might do it; there might be some civil action involved.

  Q229  Viscount Bledisloe: What is the difference between intercepting and listening in?

  Mr Crossman: It is not just the difference, it is who does it as well because it is the distinction between a state agent doing it, in which case it falls under the Regulation of Investigatory Powers Act, and private individuals doing it, which might fall under the Data Protection Act, or might be unregulated depending on the circumstances. The reason there are so many problems in this area is because we have this statutory framework, through the Regulation of Investigatory Powers Act, which is a framework but it is phenomenally complex. There are five different types of surveillance from interception through some of the mid-range types of surveillance, such as intrusive surveillance, directed surveillance, human covert surveillance, down to communications data. As well as having these different levels, you have different people having access, different authorisation mechanisms, different post-events accountability mechanisms. My belief is that the reason we have this Byzantine system is that when the legislation was passed, rather than taking a view as to how we should put together a comprehensible and accountable mechanism whereby people who are exercising these powers know which system to follow, with proper judicial involvement for the highest level of authorisation, what in fact happened was that the legislation was built around the existing framework which had been built up over a number of years in a piecemeal way, making RIPA one of the most phenomenally complex and difficult pieces of legislation to follow. We believe very strongly that there needs to be a wholesale review of RIPA, I think the events of last week may now make that a stronger case, and that there needs to be a much greater accountability mechanism.

  Q230  Lord Rodgers of Quarry Bank: Going back, if I may, to these comparisons with the Stasi state, in the particular article which many of us have read by Timothy Garton-Ash, describes some of what he calls "the necessities of having dykes of the tide of surveillance", refers to the need to tear down in the name of terrorism, crime, fraud, child molestation, drugs, religious extremism, racial abuse, taxation, etc., fly-tipping and too many garbage bags, and the apparent logic, as I would see it, that the surveillance state is becoming a "nanny" state. Would you share that view, or would you think that what Timothy Garton Ash says is a good deal of hyperbole?

  Mr Crossman: There is a great deal of hyperbole. I do not think hyperbole helps, which is why I always try to avoid phrases like Orwellian, 1984, Big Brother, because I do not think they help with legitimate criticisms. If you take an issue such as the profiling of information, which is where you basically process data without human intervention to see whether it fits in set parameters. That could be done for the most absolutely legitimate reason such as, for example, taking census information to determine a particular area where there might be social exclusion requiring the targeting of resources. I do not think anyone would argue with that as being a perfectly legitimate use of profiled data. Similarly, you could use profiled data for criminal justice purposes. The Home Office have said that they see this as being a legitimate way of determining whether or not crime may be taking place: no human involvement, just the profiling of otherwise innocuous data to see if some anomaly might throw up some criminal activity. Now, you are doing the same thing, but it is the purposes for which you do it, so if you are talking about nanny stateism, it depends whether you think that is a good thing or a bad thing. Is nanny stateism ensuring that people do not fall through the net or is it basically placing too much emphasis on unjustified state control? It can be both. The legal mechanisms are in place, it is the policy drivers of the Government that determine how they are put into effect.

  Q231  Lord Lyell of Markyate: Just to try and pin down the ambit of what we are dealing with, the five different methods of surveillance that you outlined are set out in paragraph 53 of the first paper we received from the Ministry of Justice and, as you say, they deal with phone tapping, telephone call records, bugging in private accommodation, catching people out in the open with these special microphones, and covert entry onto private property and interference with private property. Does the 250,000 figure given by Sir Paul Kennedy cover the whole lot of this, and how does it break down between them? Can you give the Committee some idea of the extent of each of those that is going on?

  Mr Crossman: The vast majority, in fact, the one you did not mention, which is communications access; data access, which is the lowest level of surveillance; email traffic; mobile traffic; telephone traffic, not the content but just the record that they were made, that accounts for the vast majority and it is authorised at a very low level, for example, by officers within local authorities. I think the question that was asked earlier was, were we shocked by the number that there were? No, because even though it might have been a news story, the Interception of Communications Commissioner's reports for the last few years have shown the levels have remained relatively constant, at about 300,000 to 400,000 applications a year. The much smaller quantity is the higher level—the intercepts and the bugging—they run into thousands a year, rather than hundreds of thousands. It would be very misleading to be giving the idea that there were hundreds of thousands of buggings, or interceptions, taking place every year; those account for a very small number of the total.

  Dr Hosein: We were talking about 200,000-plus accesses to communications data, although it is treated by the law as relatively innocuous information, this information is quite detailed. It is every location where you use your mobile phone, or where you are taking your mobile phone. It is every interaction you have done online, which is stored by the internet service provider, it is every phone call you have ever made in the past two years and where you were when you made that phone call. It is very detailed information. The advocate in me says that this is highly sensitive information that can show a map of your private life. But the academic in me would note that the vast majority of those accesses—the 250,000 accesses by local authorities and government departments—are usually just for subscriber information. That is, who was in this vicinity at that moment? So they go through all the mobile phone records to identify the individual. They do not ask who was calling, they just want to know who the individual was. Who just called this Government authority? Well, we will go to BT and find out who owns that telephone number. It is that kind of data. That is not to say that matters are going to get worse, but I am saying that is what it is now because the local authorities and the police are not fully aware of their own powers to get access to the type of data that is being retained under terrorism law in this country.

  Dr Metcalfe: Just to clarify about the numbers, Mr Crossman referred to interceptions, which are the most detailed, the most intrusive type of surveillance in relation to private communications. The numbers have remained relatively stable, somewhere between 1,700 and 2,000 interception warrants are issued a year. However, it is worth noting that the numbers can be slightly misleading. An interception warrant can target one of two things. It can target either a named individual, so all of that individual's private communications can be the subject of a warrant, that is to say, all my telephone calls, all my emails and all my text messages, and so forth. Or, it can refer to a single premises, which means that if you seek an interception warrant for, say, for example, the newsroom of a national newspaper, you would capture all the people working in that office and all their private communications to and from that premises. So, in fact, the number of private communications being intercepted may not be accurately reflected merely by the number of warrants. However, I would agree with what has been said, the much broader number refers primarily to communication data and a far smaller number refers to the number of actual interception warrants given out.

  Q232  Lord Rowlands: I think it was Dr Metcalfe who said that we stand out as a small minority which do not apply prior judicial warrants. I do not know the history of our legislation. What case has been made out for being different?

  Dr Metcalfe: We did a very detailed report in 2006 on interception of communications which is probably the paradigm case, where the security service and the intelligence services have always been extremely keen to keep judicial and legal proceedings to a bare minimum because they are extremely concerned that allowing intercept material to be used in court, for example, would disclose methods of interception. Why they would resist prior judicial authorisation, I think, similarly, there is a concern to keep the number of people who need to know the information to the absolute minimum. There has been a very strong history of political authorisation going back to before 1640: one of the earliest Home Secretaries made interception in the 17th century to authorise the interception of mail. It is a very longstanding practice of political authorisation for interception of communications. There is limited independent authorisation for police surveillance, but otherwise I would say that the history of this country has been much more comfortable with political authorisation. The interesting comparison is with where we require judicial authorisation. A search warrant of your house would require a magistrate, so for someone to come into your house and search your premises, it would require a magistrate. However, if MI5 wants to place a bug in your house, for example, that can be done as a warrant by the Home Secretary. We do not think that is a very good situation to be in.

  Q233  Chairman: Before I call on Lord Norton, could I ask what your view is of the so-called Wilson doctrine, which is opposed by Sir Paul Kennedy and many others, that Members of Parliament and Peers should not have their communications interfered with by anybody.

  Mr Crossman: It is a good general principle, in that there are certain people such as parliamentarians, such as lawyers, who would expect as a matter of principle that they are not subject to surveillance, whether or not it be a doctrine, as in the Wilson doctrine with no legal base, or on a more formal legal basis such as communications between lawyers and clients. That is not to say I think it should be an absolute. I believe that with any individual—whether they be MP, lawyer or member of the general public—if there is a suspicion that they are involved in criminal activity and there is justification for surveillance, that there should be a bar on that. What has happened in the last week has been extremely useful, especially for the likes of organisations such as ourselves who try and raise interest in these issues, that the events of last week have shown the problems that there are with the current process. I would not, however, want it to become "about the Wilson doctrine". From our perspective, it is not about parliamentarians in particular, it is about the 60 million people in this country who are not parliamentarians and they are not protected by any particular doctrine.

  Dr Metcalfe: I agree with what Mr Crossman has said. We agree with the general principle and the Wilson doctrine reflects a sensible, rather sound public interest in ensuring that Members of Parliament and Members of the House of Lords are able to carry out their business without fear that they are likely to be surveilled. This is particularly true because what you are more likely to be discussing in your private communications or communications with the general public is likely to be of more interest in intelligence terms, even in very general terms, than the conversations of ordinary private individuals. That said, I do not think it is necessary to frame it as a blanket prohibition, if there is real and compelling evidence that a Member of Parliament, for example, was involved in serious criminality, I do not see why it would not be possible to seek authorisation for an interception of their communications, so you would fall back on the general point that a sound case has to be made out. This is an example of the doctrine which reflects privacy as a public good, which is a point we had made in our written evidence. This is the idea that privacy not only serves the interests of the individuals themselves but it serves the interests of society as a whole. There are other examples of this: Members of Parliament are immune from suit in relation to statements they make on the Floor of the House. That reflects similarly a public interest in making sure that Members of Parliament are free to speak their minds without fear of suit. It reflects the idea that there are good public policy reasons for protecting individual privacy, not merely the individual self interest.

  Q234  Lord Norton of Louth: This really follows on from that and to some extent Dr Metcalfe may have previously answered the question because in your evidence, if we look at the fundamentals of why this matters in terms of public interest versus individual right to privacy often they are seen as mutually exclusive but your argument you just developed is that in fact they are not, the individual right to privacy is also a public good. Do you want to develop that and also explain whether you think there are cases when one can make a public interest argument for violating the right to privacy and if so, the fundamental question is, where do you draw the line, what is the basis on which one does that?

  Dr Metcalfe: Let me answer the last part first. I certainly agree that there are cases where it is in the public interest to interfere with an individual's privacy. Unfortunately, the argument that I am making does not actually add any additional means for identifying or resolving the difficult conflicts that will arise. What it does and the reason why we presented the argument was because we are very concerned that the argument is very much framed in an oppositional state public interest versus the individual private interest. The point that we were trying to make is that the individual not only benefits but society as a whole. In fact, in a more basic and rather more abstract and philosophical sense, privacy matters to the exercise of our freedoms, of our ability to be autonomous. We tend to make our most important decisions not on the public stage but in private, which is why we deliberate privately. Voting, is a very good example—a primary democratic right—it is something that we do in secret; we are free to disclose how we voted. The opposite case is Members of the House of Lords and Members of Parliament who vote in public. The principle there is that you are representing a public interest, or in the case of Members of Parliament, an individual constituent, so if I vote for a Member of Parliament, I am entitled to know how they voted in the House. But my own vote remains private. The idea is that society as a whole benefits from individuals, each individual having his own privacy in their personal affairs. By contrast, if we remove that, or if we interfere in that too much, then we lose the benefits which flow from that as a whole.

  Q235  Lord Norton of Louth: To pick up on that point, which you say anyway is almost a philosophical point rather than a practical one, is it not the case that the argument for public good reinforces the importance of the right to privacy and therefore is a case for the height of the threshold that you impose before that right can actually be violated? In other words, it is in the interests of society not to violate the individual's right to privacy and therefore it is a case that just reinforces the high threshold.

  Dr Metcalfe: Absolutely, and in particular, for us it reinforces the need to have very tight, very clear restrictions on when privacy can be interfered with. If, for example, you do not have prior independent authorisation in cases of directed surveillance, then it is a problem.

  Q236  Lord Peston: Could I read out, because the wording is important, some written evidence from JUSTICE: "the government frequently seems more concerned with whether it could establish a new database, etc., and not with the more important question of whether it should". I would like some clarification of that, starting with the should. Wearing my academic hat, should could mean at least two things, one is whether it is ethically right or whether it serves a valuable purpose. Which did you have in mind when you were using that should?

  Dr Metcalfe: I think I was aiming at the normative aspect of it. I am concerned with the ethical considerations.

  Q237  Lord Peston: So, you are not saying that they should first ask whether this database serves a valuable purpose.

  Dr Metcalfe: If you look at the legal test, the proportionality test, establishing legitimate purpose is part of that exercise, so I would tend to roll that together in the proportionality question.

  Q238  Lord Peston: Going back to the could, I read could to mean whether it was technically possible to set up this particular database, but one of my colleagues interpreted it to mean whether it was legally the thing to do. Which did you have in mind?

  Dr Metcalfe: When we wrote our evidence I had in mind your meaning, however, I can certainly consider the additional question. Obviously the Government would not want to introduce something which it considered unlawful.

  Q239  Lord Peston: Does this then amount to a general view that whether it is a new database in the broad sense, and I am quite interested in what is a database as you could tell from my earlier question because I would [not] regard the six pages in my diary with names, addresses and telephone numbers as a database: if I put them on the computer it does not suddenly become a database where it was not one before. So you are really talking not about databases in any small sense, you are really—to go back to my earlier question—talking about something big always when you are discussing this?

  Dr Metcalfe: It is the collection of information.


 
previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2009