Examination of Witnesses (Questions 219-239)|
Mr Gareth Crossman, Dr Eric Metcalfe and Dr Gus Hosein
6 FEBRUARY 2008
Q219 Chairman: May I on behalf of
the Committee welcome Dr Metcalfe, Dr Hosein and Mr Crossman.
We are not being televised but we are being audio recorded so
could I please ask you to state your names for the record and
the organisation that you represent.
Dr Metcalfe: My name is Eric Metcalfe.
I am the Director of Human Rights Policy at JUSTICE.
Dr Hosein: My name is Gus Hosein. I am
a Senior Fellow at Privacy International and a Visiting Senior
Fellow at the London School of Economics.
Mr Crossman: My name is Gareth Crossman.
I am the Director of Policy at Liberty.
Q220 Chairman: Thank you. Would you
like to make an opening statement or would you prefer to proceed
straight into questions?
Dr Hosein: We would all prefer to go
straight to the questions.
Q221 Chairman: Could I ask how you
would define, if at all, a "surveillance society" and
whether you think we live in one?
Dr Hosein: The surveillance society language
has been within academia for a while, which means to say that
there is no certain definition. The Information Commissioner's
Office started using the language about two years ago, saying
that we were sleepwalking into a surveillance society, and at
that time we were not too sure if that was a helpful vocabulary.
I believe that the common definition would be "pervasive
surveillance to which you have no recourse", but we never
felt that to be a particularly useful definition or a useful term
because it renders the whole debate as though the individual is
powerless. We believe that the individual still has rightsunder
the ECHR, the Human Rights Act, the Data Protection Actand
so we still believe that there is a struggle to be had; we have
not given up the fight just yet.
Mr Crossman: I very much agree with Dr
Hosein about some of the language that has been used. Traditionally,
you used to try and avoid emotive language the subject of an issue
that is essentially about proportionality, but now that the language
of surveillance society has entered the consciousness, it is useful
and appropriate language to use. If I was going to say where I
think things have gone wrong, the question of proportionality
is very important. Legitimate state interference into individual
privacy is, of course, part and parcel of a democratic society,
but as a consequence of a number of factors over the last few
years, the concept of proportionality, about the need to justify
the need for legitimate purpose, the need to only do things in
a way which is appropriate to the situation faced, has fallen
away from surveillance, whether it be mass surveillance through
a database, whether it be through visual surveillance of CCTV
or targeted surveillance through the use of the Regulation of
Investigatory Powers Act, so underpinning our concerns over surveillance
is that the accountability and proportionality elements have fallen
Q222 Chairman: Could I ask what your
response is to the news last week in the annual report of the
Interception of Communications Commissioner, Sir Paul Kennedy,
that over 250,000 requests for communications data were made between
April and December 2006, and whether you think that the level
of covert surveillance is getting out of control and, if so, how
you would address this?
Dr Metcalfe: We are certainly very disturbed
by the figures which came out last week. I think there was initially,
in the media reports, some confusion between the number of interception
warrants, that it is to say, communications actually being listened
to for their content, and requests for communication data which
is the location and identity of the telephone number that you
are calling. Nonetheless, it speaks to the very broad use of surveillance
powers that are available under the 2000 legislation. In particular,
we are extremely concerned about the lack of sufficient legal
regulation for the exercise of those powers. I do not mean by
that that there is no legal regulation, the Interception of Communications
Commissioner plays a role. But the United Kingdom is virtually
alone in every common law country in not requiring prior judicial
authorisation of interception warrants and indeed, as we found
in relation to buggings in prison, there is no prior judicial
authorisation of intrusive surveillance either. There is a limited
role in relation to police surveillance in which the Surveillance
Commissioners play a role but, for example, if MI5 seeks a surveillance
warrant in a prison, there is no requirement to go before a judge
and seek an assessment of the proportionality of the request in
human rights terms, under UK law as it currently stands. So we
are extremely concerned about the lack of sufficient safeguards
in this area.
Q223 Lord Peston: I have a small
technical question. Are scale, on the one hand, the size of the
thing, and the use of technology, intrinsic to your definition?
I will give you an example at the other extreme, which may seem
ludicrous, but if you live in a small village, as I do, everybody
knows everybody's business. How anybody would ever have an affair
is completely beyond me; we all know what everybody is doing all
of the time. The idea that this is somehow the Stasi writ smallas
that ludicrous article by Mr Heathcoat Amory asked us to believe
generally about our societywe would regard as preposterous.
In other words, knowing everybody's business is not somehow incompatible
with privacy on a small scale. But what you are saying is, if
I am right, that on a large scale and using technology then it
becomes a problem?
Dr Metcalfe: I think it can be.
Q224 Lord Peston: For example, in
the House of Lords, we all gossip about each other all the time,
but I do not think we think we are living under a Stasi-ist regime
here, even though most people know everything about everybody.
Dr Metcalfe: I would not adopt the description
of the Stasi-like situation. I would not agree with that. I do
agree that scale definitely matters, for example, with medical
reports. Traditionally, your medical reports are held by your
local GP and we have many examples of cases where there is very
poor security around those medical records. However, once you
put those medical records onto a national database, which is accessible
from a wide number of points throughout the United Kingdom, then
you encounter problems of scale and technology.
Q225 Viscount Bledisloe: As I understand
it, there is a distinction between interception of communications
by telephone and overt listening to direct conversationsI
would call the latter "bugging". Is there any control
over that? If you come to my house and I put a bug to record what
you are saying, or if I go to prison and the prison puts in a
thing to record what I am saying, is there any control over that
or at the moment is one free to do what one wants?
Dr Metcalfe: There is legal regulation,
it is the Regulation of Investigatory Powers Act 2000, which is
the primary legal framework governing both surveillance by law
enforcement bodies and interception of communications. It is true
to say that there is a distinction between listening to a private
conversation, or intercepting a private conversation, because
you are concerned with the contents, say, for example, the contents
of a letter, the contents of an email, what is actually said in
the telephone conversation, and surveillance by way of a listening
device which is external to the communications, say, for example,
a listening device in someone's home or office or even their vehicle.
The distinction tends to blur somewhat, and this is a loophole
that we have identified in the interception regime, because it
is perfectly possible to have an external listening device that
records someone using a hands-free device with their mobile telephone,
for example, and we quite often find this in criminal cases where
interception evidence is inadmissible due to Part 1 of the 2000
Act but, nonetheless, if you happen to record someone speaking
into a telephone by an external device and with a hands-free device
if you record what is coming out of the speaker, that is admissible.
Q226 Viscount Bledisloe: I am talking
about actual direct conversations without the use of any machine
at all, putting a bug under the dining room table so that you
can record what people are saying at dinner or, as has been suggested,
putting a bug in a CCTV camera in a shop so that you can hear
the conversation. Is there any control on thatdone by a
Dr Metcalfe: A private individual who
intercepts a private communication commits a criminal offence.
Q227 Baroness O'Cathain: Even in
his own room?
Dr Metcalfe: You can intercept your own
conversation, but if you intercept someone else's conversation,
a private conversation between two other individuals, you commit
Q228 Viscount Bledisloe: If I, without
telling you, record what you say to me, that is all right?
Mr Crossman: It is important to make
a distinction here between interception of communications and
listening. Interception of communications, if you intercept someone
else's communications you commit a criminal offence. If you are
listening in on other conversations, you are not necessarily,
depending on the circumstances in which you might do it; there
might be some civil action involved.
Q229 Viscount Bledisloe: What is
the difference between intercepting and listening in?
Mr Crossman: It is not just the difference,
it is who does it as well because it is the distinction between
a state agent doing it, in which case it falls under the Regulation
of Investigatory Powers Act, and private individuals doing it,
which might fall under the Data Protection Act, or might be unregulated
depending on the circumstances. The reason there are so many problems
in this area is because we have this statutory framework, through
the Regulation of Investigatory Powers Act, which is a framework
but it is phenomenally complex. There are five different types
of surveillance from interception through some of the mid-range
types of surveillance, such as intrusive surveillance, directed
surveillance, human covert surveillance, down to communications
data. As well as having these different levels, you have different
people having access, different authorisation mechanisms, different
post-events accountability mechanisms. My belief is that the reason
we have this Byzantine system is that when the legislation was
passed, rather than taking a view as to how we should put together
a comprehensible and accountable mechanism whereby people who
are exercising these powers know which system to follow, with
proper judicial involvement for the highest level of authorisation,
what in fact happened was that the legislation was built around
the existing framework which had been built up over a number of
years in a piecemeal way, making RIPA one of the most phenomenally
complex and difficult pieces of legislation to follow. We believe
very strongly that there needs to be a wholesale review of RIPA,
I think the events of last week may now make that a stronger case,
and that there needs to be a much greater accountability mechanism.
Q230 Lord Rodgers of Quarry Bank:
Going back, if I may, to these comparisons with the Stasi state,
in the particular article which many of us have read by Timothy
Garton-Ash, describes some of what he calls "the necessities
of having dykes of the tide of surveillance", refers to the
need to tear down in the name of terrorism, crime, fraud, child
molestation, drugs, religious extremism, racial abuse, taxation,
etc., fly-tipping and too many garbage bags, and the apparent
logic, as I would see it, that the surveillance state is becoming
a "nanny" state. Would you share that view, or would
you think that what Timothy Garton Ash says is a good deal of
Mr Crossman: There is a great deal of
hyperbole. I do not think hyperbole helps, which is why I always
try to avoid phrases like Orwellian, 1984, Big Brother, because
I do not think they help with legitimate criticisms. If you take
an issue such as the profiling of information, which is where
you basically process data without human intervention to see whether
it fits in set parameters. That could be done for the most absolutely
legitimate reason such as, for example, taking census information
to determine a particular area where there might be social exclusion
requiring the targeting of resources. I do not think anyone would
argue with that as being a perfectly legitimate use of profiled
data. Similarly, you could use profiled data for criminal justice
purposes. The Home Office have said that they see this as being
a legitimate way of determining whether or not crime may be taking
place: no human involvement, just the profiling of otherwise innocuous
data to see if some anomaly might throw up some criminal activity.
Now, you are doing the same thing, but it is the purposes for
which you do it, so if you are talking about nanny stateism, it
depends whether you think that is a good thing or a bad thing.
Is nanny stateism ensuring that people do not fall through the
net or is it basically placing too much emphasis on unjustified
state control? It can be both. The legal mechanisms are in place,
it is the policy drivers of the Government that determine how
they are put into effect.
Q231 Lord Lyell of Markyate: Just
to try and pin down the ambit of what we are dealing with, the
five different methods of surveillance that you outlined are set
out in paragraph 53 of the first paper we received from the Ministry
of Justice and, as you say, they deal with phone tapping, telephone
call records, bugging in private accommodation, catching people
out in the open with these special microphones, and covert entry
onto private property and interference with private property.
Does the 250,000 figure given by Sir Paul Kennedy cover the whole
lot of this, and how does it break down between them? Can you
give the Committee some idea of the extent of each of those that
is going on?
Mr Crossman: The vast majority, in fact,
the one you did not mention, which is communications access; data
access, which is the lowest level of surveillance; email traffic;
mobile traffic; telephone traffic, not the content but just the
record that they were made, that accounts for the vast majority
and it is authorised at a very low level, for example, by officers
within local authorities. I think the question that was asked
earlier was, were we shocked by the number that there were? No,
because even though it might have been a news story, the Interception
of Communications Commissioner's reports for the last few years
have shown the levels have remained relatively constant, at about
300,000 to 400,000 applications a year. The much smaller quantity
is the higher levelthe intercepts and the buggingthey
run into thousands a year, rather than hundreds of thousands.
It would be very misleading to be giving the idea that there were
hundreds of thousands of buggings, or interceptions, taking place
every year; those account for a very small number of the total.
Dr Hosein: We were talking about 200,000-plus
accesses to communications data, although it is treated by the
law as relatively innocuous information, this information is quite
detailed. It is every location where you use your mobile phone,
or where you are taking your mobile phone. It is every interaction
you have done online, which is stored by the internet service
provider, it is every phone call you have ever made in the past
two years and where you were when you made that phone call. It
is very detailed information. The advocate in me says that this
is highly sensitive information that can show a map of your private
life. But the academic in me would note that the vast majority
of those accessesthe 250,000 accesses by local authorities
and government departmentsare usually just for subscriber
information. That is, who was in this vicinity at that moment?
So they go through all the mobile phone records to identify the
individual. They do not ask who was calling, they just want to
know who the individual was. Who just called this Government authority?
Well, we will go to BT and find out who owns that telephone number.
It is that kind of data. That is not to say that matters are going
to get worse, but I am saying that is what it is now because the
local authorities and the police are not fully aware of their
own powers to get access to the type of data that is being retained
under terrorism law in this country.
Dr Metcalfe: Just to clarify about the
numbers, Mr Crossman referred to interceptions, which are the
most detailed, the most intrusive type of surveillance in relation
to private communications. The numbers have remained relatively
stable, somewhere between 1,700 and 2,000 interception warrants
are issued a year. However, it is worth noting that the numbers
can be slightly misleading. An interception warrant can target
one of two things. It can target either a named individual, so
all of that individual's private communications can be the subject
of a warrant, that is to say, all my telephone calls, all my emails
and all my text messages, and so forth. Or, it can refer to a
single premises, which means that if you seek an interception
warrant for, say, for example, the newsroom of a national newspaper,
you would capture all the people working in that office and all
their private communications to and from that premises. So, in
fact, the number of private communications being intercepted may
not be accurately reflected merely by the number of warrants.
However, I would agree with what has been said, the much broader
number refers primarily to communication data and a far smaller
number refers to the number of actual interception warrants given
Q232 Lord Rowlands: I think it was
Dr Metcalfe who said that we stand out as a small minority which
do not apply prior judicial warrants. I do not know the history
of our legislation. What case has been made out for being different?
Dr Metcalfe: We did a very detailed report
in 2006 on interception of communications which is probably the
paradigm case, where the security service and the intelligence
services have always been extremely keen to keep judicial and
legal proceedings to a bare minimum because they are extremely
concerned that allowing intercept material to be used in court,
for example, would disclose methods of interception. Why they
would resist prior judicial authorisation, I think, similarly,
there is a concern to keep the number of people who need to know
the information to the absolute minimum. There has been a very
strong history of political authorisation going back to before
1640: one of the earliest Home Secretaries made interception in
the 17th century to authorise the interception of mail. It is
a very longstanding practice of political authorisation for interception
of communications. There is limited independent authorisation
for police surveillance, but otherwise I would say that the history
of this country has been much more comfortable with political
authorisation. The interesting comparison is with where we require
judicial authorisation. A search warrant of your house would require
a magistrate, so for someone to come into your house and search
your premises, it would require a magistrate. However, if MI5
wants to place a bug in your house, for example, that can be done
as a warrant by the Home Secretary. We do not think that is a
very good situation to be in.
Q233 Chairman: Before I call on Lord
Norton, could I ask what your view is of the so-called Wilson
doctrine, which is opposed by Sir Paul Kennedy and many others,
that Members of Parliament and Peers should not have their communications
interfered with by anybody.
Mr Crossman: It is a good general principle,
in that there are certain people such as parliamentarians, such
as lawyers, who would expect as a matter of principle that they
are not subject to surveillance, whether or not it be a doctrine,
as in the Wilson doctrine with no legal base, or on a more formal
legal basis such as communications between lawyers and clients.
That is not to say I think it should be an absolute. I believe
that with any individualwhether they be MP, lawyer or member
of the general publicif there is a suspicion that they
are involved in criminal activity and there is justification for
surveillance, that there should be a bar on that. What has happened
in the last week has been extremely useful, especially for the
likes of organisations such as ourselves who try and raise interest
in these issues, that the events of last week have shown the problems
that there are with the current process. I would not, however,
want it to become "about the Wilson doctrine". From
our perspective, it is not about parliamentarians in particular,
it is about the 60 million people in this country who are not
parliamentarians and they are not protected by any particular
Dr Metcalfe: I agree with what Mr Crossman
has said. We agree with the general principle and the Wilson doctrine
reflects a sensible, rather sound public interest in ensuring
that Members of Parliament and Members of the House of Lords are
able to carry out their business without fear that they are likely
to be surveilled. This is particularly true because what you are
more likely to be discussing in your private communications or
communications with the general public is likely to be of more
interest in intelligence terms, even in very general terms, than
the conversations of ordinary private individuals. That said,
I do not think it is necessary to frame it as a blanket prohibition,
if there is real and compelling evidence that a Member of Parliament,
for example, was involved in serious criminality, I do not see
why it would not be possible to seek authorisation for an interception
of their communications, so you would fall back on the general
point that a sound case has to be made out. This is an example
of the doctrine which reflects privacy as a public good, which
is a point we had made in our written evidence. This is the idea
that privacy not only serves the interests of the individuals
themselves but it serves the interests of society as a whole.
There are other examples of this: Members of Parliament are immune
from suit in relation to statements they make on the Floor of
the House. That reflects similarly a public interest in making
sure that Members of Parliament are free to speak their minds
without fear of suit. It reflects the idea that there are good
public policy reasons for protecting individual privacy, not merely
the individual self interest.
Q234 Lord Norton of Louth: This really
follows on from that and to some extent Dr Metcalfe may have previously
answered the question because in your evidence, if we look at
the fundamentals of why this matters in terms of public interest
versus individual right to privacy often they are seen as mutually
exclusive but your argument you just developed is that in fact
they are not, the individual right to privacy is also a public
good. Do you want to develop that and also explain whether you
think there are cases when one can make a public interest argument
for violating the right to privacy and if so, the fundamental
question is, where do you draw the line, what is the basis on
which one does that?
Dr Metcalfe: Let me answer the last part
first. I certainly agree that there are cases where it is in the
public interest to interfere with an individual's privacy. Unfortunately,
the argument that I am making does not actually add any additional
means for identifying or resolving the difficult conflicts that
will arise. What it does and the reason why we presented the argument
was because we are very concerned that the argument is very much
framed in an oppositional state public interest versus the individual
private interest. The point that we were trying to make is that
the individual not only benefits but society as a whole. In fact,
in a more basic and rather more abstract and philosophical sense,
privacy matters to the exercise of our freedoms, of our ability
to be autonomous. We tend to make our most important decisions
not on the public stage but in private, which is why we deliberate
privately. Voting, is a very good examplea primary democratic
rightit is something that we do in secret; we are free
to disclose how we voted. The opposite case is Members of the
House of Lords and Members of Parliament who vote in public. The
principle there is that you are representing a public interest,
or in the case of Members of Parliament, an individual constituent,
so if I vote for a Member of Parliament, I am entitled to know
how they voted in the House. But my own vote remains private.
The idea is that society as a whole benefits from individuals,
each individual having his own privacy in their personal affairs.
By contrast, if we remove that, or if we interfere in that too
much, then we lose the benefits which flow from that as a whole.
Q235 Lord Norton of Louth: To pick
up on that point, which you say anyway is almost a philosophical
point rather than a practical one, is it not the case that the
argument for public good reinforces the importance of the right
to privacy and therefore is a case for the height of the threshold
that you impose before that right can actually be violated? In
other words, it is in the interests of society not to violate
the individual's right to privacy and therefore it is a case that
just reinforces the high threshold.
Dr Metcalfe: Absolutely, and in particular,
for us it reinforces the need to have very tight, very clear restrictions
on when privacy can be interfered with. If, for example, you do
not have prior independent authorisation in cases of directed
surveillance, then it is a problem.
Q236 Lord Peston: Could I read out,
because the wording is important, some written evidence from JUSTICE:
"the government frequently seems more concerned with whether
it could establish a new database, etc., and not with the
more important question of whether it should". I would
like some clarification of that, starting with the should.
Wearing my academic hat, should could mean at least two
things, one is whether it is ethically right or whether it serves
a valuable purpose. Which did you have in mind when you were using
Dr Metcalfe: I think I was aiming at
the normative aspect of it. I am concerned with the ethical considerations.
Q237 Lord Peston: So, you are not
saying that they should first ask whether this database serves
a valuable purpose.
Dr Metcalfe: If you look at the legal
test, the proportionality test, establishing legitimate purpose
is part of that exercise, so I would tend to roll that together
in the proportionality question.
Q238 Lord Peston: Going back to the
could, I read could to mean whether it was technically
possible to set up this particular database, but one of my colleagues
interpreted it to mean whether it was legally the thing to do.
Which did you have in mind?
Dr Metcalfe: When we wrote our evidence
I had in mind your meaning, however, I can certainly consider
the additional question. Obviously the Government would not want
to introduce something which it considered unlawful.
Q239 Lord Peston: Does this then
amount to a general view that whether it is a new database in
the broad sense, and I am quite interested in what is a database
as you could tell from my earlier question because I would [not]
regard the six pages in my diary with names, addresses and telephone
numbers as a database: if I put them on the computer it does not
suddenly become a database where it was not one before. So you
are really talking not about databases in any small sense, you
are reallyto go back to my earlier questiontalking
about something big always when you are discussing this?
Dr Metcalfe: It is the collection of