Mr. Oliver Heald (North-East Hertfordshire): I beg to move amendment No. 36, in page 47, line 11, leave out `, or is likely to do so'.
The Chairman: With this we may take the following amendments:
No. 37, in page 47, line 13, leave out `, or is likely to do so'.
No. 38, in page 47, line 18, leave out `, or is likely to do so'.
No. 39, in page 47, line 21, leave out `, or is likely to do so'.
No. 40, in page 47, line 25, leave out from `excise' to end of line 27.
No. 45, in Clause 50, page 50, line 14, leave out from `, or' to end of line 16.
Mr. Heald: These amendments deal with the provision allowing an application for permission for a section 46 notice to be served when material has come into the possession of the prosecutor or authority or is likely to do so. The amendments probe the circumstances in which a prospective application can be made. We wish to discover from the Minister why that may be appropriate and give him an opportunity to explain the provision's inclusion to those critical of it.
Our main concern is that fishing expeditions may take place. Clearly, it is necessary to show that such information is likely to come into the authorities' possession. Will the Minister outline the circumstances in which that would be so? Will he also explain more fully whether the purpose of combining a section 46 notice with other warrants or powers is to provide the authorities with power to intercept and serve a section 46 notice at the same time? On the other hand, is the intention to give the authorities power to enter, search and seize and serve a section 46 notice in one operation?
Are the circumstances in which the information is obtained relevant to the granting of permission under schedule 1? How will the judge or Secretary of State go about that?
Amendments Nos. 36 to 40 would delete from clause 46 the words `or is likely to do so.'
Amendment No. 45 is consequential and would delete the provision allowing a secrecy notice in a section 46 notice concerning prospective protected material. It would be helpful if the Minister would respond to that.
Mr. David Ruffley (Bury St. Edmunds): If the deletions proposed in the amendments are not accepted, would that not enable the authorities to go on colossal fishing expeditions in the course of their investigations? What protections are there to prevent such expeditions if the clause is not amended?
The Minister of State, Home Office (Mr. Charles Clarke): The amendments would remove the futuristic element from the power to authorise the service of a section 46 notice—a decryption notice—in all instances in which it may be used. As a result, use of the power could be authorised only after protected material had been obtained. Similarly, amendment No. 45 would prevent a secrecy provision—or tipping-off provision—being included in a decryption notice until protected material had been obtained. Such matters relate to the future circumstances mentioned by the hon. Member for North-East Hertfordshire (Mr. Heald).
The amendments would limit the effectiveness of the decryption power. I have dealt with that in correspondence to Committee members, the main points of which I shall reiterate.
The futuristic element in the phrase
is needed for cases in which there are reasonable grounds for anticipating that a target is using encryption to protect communications or stored data that are likely shortly to be obtained, and reasonable grounds for believing that the location of the key is known. In such circumstances, the clause allows an agency to apply for the power to serve a section 46 notice at the same time as an application is made to use the underlying power, that is, before the encrypted material is in its possession.
It may assist the hon. Member for North-East Hertfordshire to know that we anticipate that it will be possible to apply for a section 46 notice and a search warrant, for example, simultaneously. I give as a hypothetical example the case of a suspected drug trafficker against whom there are sufficient grounds to enable the police to apply for a warrant to intercept his or her communications. There are also reasonable grounds for believing that he is using encryption. There may be a public key in his name posted on the internet, interception of one of his other means of communication may have revealed the use of encryption, or he may have used the technology previously. An informant may have provided intelligence that encryption is being used. Let us suppose that there is such reasonable suspicion that encryption is being used and reasonable grounds for the police to believe that they know where the relevant key is held.
The amendments would remove the ability of the law enforcement agency to act in the circumstances that I have described because the application for the power to serve a decryption notice could be made only after the encrypted material had been obtained under the interception warrant. That could lead to damaging delays in a potentially fast-moving investigation. In the hypothetical case that I mentioned, it could, for example, mean failing to seize a consignment of drugs as it entered the country.
Mr. Heald: At one time, a court order could be obtained only during court hours; in the summer holidays it was difficult to get hold of a judge at any time, but those days are gone. For example, when a child is being taken out of the country or an order is needed for other, urgent reasons, judges are available round the clock. Is the proposal as necessary as the Minister claims?
Mr. Clarke: I agree that the warm beer days of the past have gone, but events move much faster than they used to, for a variety of reasons. People take decisions much more quickly and the speed of communications—it is the very issue that the proposal tackles—means that information on which to intercept a drugs shipment may be obtained very late. Some of our targets—people who are smuggling drugs, for example—are well aware of the regime and of the speed with which it operates and they, too, conduct themselves accordingly. There would be a tangible inhibition of the law enforcement agency in dealing with such matters if the hon. Gentleman's futuristic suggestion were included in the clause.
In response to the hon. Member for Bury St. Edmunds (Mr. Ruffley), I said it before and I will say it again: fishing is not part of the Bill. The ambitions of law enforcement in the matter exclude the fishing expeditions to which the hon. Gentleman referred. There are safeguards in the Bill to guard against them. I hope that the hon. Member for North-„East Hertfordshire will ask leave to withdraw the amendment.
Mr. Heald: We are anxious about the breadth of applications that may be made, and the thought occurs that the Home Office is slightly behind the times in respect of the judicial system. Nowadays, judges are prepared to use the telephone. Even the patent courts, about which I know little, use teleconferencing. Perhaps, with good will on both sides it will be possible for judges to take these decisions. It would satisfy many who worry about fishing expeditions. I shall think about the points that the Minister made. I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
Mr. Richard Allan (Sheffield, Hallam): I beg to move amendment No. 178, in page 47, line 33, leave out from `(3)' to end of line 36.
The Chairman: With this it will be convenient to take the following amendments:
No. 179, in page 47, line 38, after `imposition', insert
No. 41, page 48, line 1, after `detecting', insert `serious'.
No. 180, in page 48, line 1, leave out from `crime' to end of line 2.
No. 177, in page 48, line 2, leave out `in the interests of' and insert
Mr. Allan: This is a group of amendments to a clause with which we are unhappy generally. I will try to keep to the amendments, although I know that a range of issues arises. Perhaps we can talk about the general principles during the debate on clause stand part. Amendment No, 178 would remove subsection (2)(b), which is the type of catch-all clause that we do not like. There is a general power to require disclosure of a key that we think could have serious practical and human rights implications. Steganography, a word to which I have just been introduced, is defined as the art of hiding information. We think that the powers in general will lead to it. The breadth of the powers is a cause of concern to us and it will be for the public generally. Amendment No. 178 would rectify one problem—the restrictive definitions in subsection (3) in relation to the interests of national security, the prevention or detection of crime and the economic interests of the United Kingdom. Those are mentioned throughout the Bill, but we shall debate the specifics in our discussion of the amendments.
We are defining a clear set of criteria. Subsection 2(b) relates to where the imposition of a requirement to disclose a key is likely to be of value for purposes connected with the exercise or performance by any public authority of any statutory power or statutory duty.
So, having defined clearly a legislative proposal that we like, the Minister has taken to himself a power simply to expand that criterion to any aspect of Government activity. In our view, that is most unsatisfactory. The Government seem to come up with things that fall outside certain categories, which, I remind the Committee, are quite broad. I can imagine the Minister saying that something may affect new areas of tax law, or fraud, or that the Government do not know what will happen in the future in terms of the way in which people might use communications for drug dealing and so on. All those things would surely fall within the terms of
It is not serious crime at the moment, although I am aware that it is mentioned in one of our amendments. It is a broad category. I find it hard to imagine categories of new activity that fall outside it.
Mr. Ruffley: I am very much in sympathy with the hon. Gentleman. He makes a powerful argument. Can he give the Committee examples of trivial statutory duties that do not affect in any way national security or the country's economic interests, but could be picked up by the clause? That would bring home the point that the clause is drafted far too widely and illustrate the fact that the Liberal Democrats' amendment might be appropriate.
Mr. Allan: The Minister may be able to fill us in on this. I am thinking of categories of offences that might come within civil law, where a duty to comply is only at civil offence level; I was not thinking of criminal offences. I am uncomfortable with the idea of taking such a serious power —the word ``draconian'' has been used elsewhere—to deal with those categories of offences. We talked in earlier debates about public morals and the like, and about the statutory duty to be moral in public which might be imposed upon us. A range of things that are statutory duties will nevertheless be criminal offences. That step of Members of Parliament defining a criminal offence appropriately in this House on behalf of the citizens is the stage at which we begin to introduce more severe law enforcement powers. If we have chosen not to define something as a criminal offence, the section 46 power should not, in my view, be brought into play. If the Minister or his successors were to introduce measures for which he or they thought that the section 46 power was required, it could be built into primary legislation, which is going to turn into a criminal offence something that is not a criminal offence now. That should be done openly rather than through a catch-all phrase. We hope that the Minister will accept that amendment No. 178 would tidy up the Bill and make the power less unacceptable than it is now.
In amendment No. 179, we are trying to strengthen proportionality. The Minister has admitted that the powers in the Bill are significant. They pose important issues about the invasion of an individual's privacy. Such an invasion is acceptable in European convention on human rights terms only in proportion to the mischief that is being detected. Under the clause, the power must be proportionate and amendment No. 179 would further tighten the definition by adding the words
When the authorities demand a key, we must ensure that the material that will be detected by that key relates to the mischief that they are seeking to discover, thereby strengthening the proportionality provisions. Otherwise, someone in authority could say, ``We believe that serious crime is going on and that it must be investigated using whatever tools or powers are available. We now have section 46 powers, so we can bring them into play and demand disclosure of the key.'' However, that is unacceptable if the demand does not relate clearly to the alleged crime. The proportionality test must be applied in relation to the specific material used, rather than with regard to a general allegation that an individual has been engaged in criminal activities that fall within the scope of the definition in subsection (3).
The linkage between the encrypted material and the demand for the key, and the allegation of crime or other threats to national security or economic well-being is important. I hope that the Minister will make it clear that the power to disclose keys will not be used unless and until it has been established that the encrypted material is crucial to the investigation rather than pertaining to a general sweep-up of information about a suspect.
Amendment No. 180 returns us to the familiar territory of the economic well-being of the United Kingdom and the BMW bugging episodes. The economic well-being of the UK could be served by Government action and the powers could be used to demand the keys to the Government-secure internet in order to establish the Secretary of State's communications with Professor Milberg or other members of the BMW board.
Mr. A. J. Beith (Berwick-upon-Tweed): I hope that my hon. Friend will emphasise that his example is hypothetical and speculative, as the British Government showed a singular lack of knowledge about what BMW was up to.
Mr. Allan: Clearly, the strong encryption was working in this case and the information failed to be detected as it winged through the Department of Trade and Industry on its way to Rover in the United Kingdom.
Mr. David Maclean (Penrith and The Border): Does the hon. Gentleman not realise that if the Secretary of State cannot remember whether he had meetings with BMW last year, he will surely not remember his encryption key and would automatically be liable for a prison sentence?
Mr. Allan: The Secretary of State could be in an even worse position. If his level of computer usage were on a par with the Prime Minister's, he would be unlikely to know what an encryption key was. He would be at a loss, desperately searching around to find out who was working in his Department last year, in order to find out about the key.
I wish to return to my serious point about the provisions on the economic wellbeing of the United Kingdom, which are worrying. Under the conditions specified, an individual such as a BMW executive working in this country could go to the senior management of Rover and demand that the encryption keys be handed over under threat of imprisonment under the Bill so that he could read all the messages passed to the BMW management in Germany on the grounds that they affected the economic well-being of the UK. As I said, we are concerned about such a broad power. Subsection (3)(c)—
is a fairly low test. We must be cautious about putting such a broad provision on the statute book, and amendment No. 180 would limit the requirements
Those who are unhappy about the breadth of the power will find that more acceptable. The power to threaten imprisonment for failing to disclose encryption keys is too much in relation to promoting the economic well-being of the UK.
The amendments make sense. Their general theme is the limitation of broad powers and we shall continue to discuss that theme as our debate proceeds.
Mr. Heald: I rise to speak to amendments Nos. 41 and 177.
When we debated interception warrants earlier, we found that they could be granted on various grounds specified in clause 5(3) as:
for the purpose of ``safeguarding . . . economic well-being''; and for other purposes. However, we have often noted differences between particular categories of activity. For communications data and now for a section 46 notice, the grounds of reasonable belief are specified as
just ``crime'', rather than ``serious crime''. Amendment No. 41 would add the word ``serious'' to make it compatible with part I.
The Bill has been criticised as a mishmash; its powers are not seamless and integrated, but different for particular activities. That will create confusion and will not serve the interests of the industry, the authorities—who will need a law degree to understand the Bill or the public at large, who should be able to understand the laws under which they live. Amendment No. 41 thus seeks to provide some compatibility and consistency throughout the Bill. I look forward to hearing why the Minister believes that a section 46 notice should have a lower test, especially when such a notice will enable the authorities to obtain a key in order to discover information that is sensitive financially or to individuals.
Amendment No. 177 would work in the same spirit, changing ``in the interests of'' to
Again, I should be interested to hear the Minister explain the difference between those two expressions. I suspect that
provides a higher standard than ``in the interests of'', but I would be grateful if the Minister could amplify and explain the rationale more clearly. I look forward to hearing his response.
Mr. Ian Taylor (Esher and Walton): The determining phrase is ``on reasonable grounds''. I understand that section 46 notices must be capable of being served on whomever there are reasonable grounds to believe holds the key to protected information. Will the Minister define his understanding of ``reasonable grounds'' once again, because we are assuming that those grounds might be deduced by any public authority in relation to any statutory power or duty?
Subsection (3)(c) states:
Industry is anxious that the Bill may give too wide powers to the Government—although defining ``reasonable'' is difficult—and that proper commercial transactions may be subject to such a process. By and large, people involved in such transactions will be thought to be innocent. Indeed, if they withhold the key, they are likely to have good grounds for doing so in many commercial operations.
Under such circumstances, how intrusive is a section 46 notice? Such a notice is powerful and could cause a great deal of disturbance in industry, whose purpose is to build confidence and trust in encryption and e-commerce. Will the Minister reassure industry that it is not likely to be jumped on without reasonable grounds by a statutory body or in the broad catch-all concept of the economic interest?
Mr. Charles Clarke: I shall make two points in response to this debate, the first unhelpful to those who tabled amendments, but the second rather more helpful to them.
When we give law enforcement agencies the power to seek information on crime via processes in the Bill that we have discussed at length, should we say that they are not permitted to examine certain categories of information on the grounds of encryption or non-encryption? The amendments would specify that we do not have the power to examine certain types of encrypted information. They would also specify that one would have the protection of not having to show certain types of encrypted information to the law enforcement agencies, even though it is against the law.
Mr. Allan: Will the Minister give way?
Mr. Clarke: I will in due course, but not at the moment
I shall give an example relating to amendment No. 41, but I could give examples relating to other amendments. Paedophile crime is not serious crime as defined in the Bill, but it is crime and an activity in which encryption can and does take place. Should we exclude the possibility of getting that encryption by saying that a different set of tests should apply? My unequivocal answer is no. When the agencies, as defined in the Bill, are entitled to seek information, they are entitled also to seek the means of reading that information, which involves decryption technology.
Mr. Heald: Will the Minister give way?
Mr. Clarke: I will in a second, but first I wish to deal with my second point.
I am being unhelpful in relation to a subgroup of matters covered by the Bill which could be subject to a further test relating to encryption. However, I can be more helpful on industry confidence, which was raised by all speakers, but especially by the hon. Members for Sheffield, Hallam (Mr. Allan) and for Esher and Walton (Mr. Ian Taylor).
I was going to address the matter in the clause 47 stand part debate. However, Committee members may find it helpful if I remind them of an assurance that I gave on Second Reading. I said:
I acknowledge that disclosure of the key should be a higher test than the reasonable issue suggested by the hon. Gentleman. I am therefore considering whether the Bill should clarify that demanding the key would be an exceptional step and set out a definition of ``exceptional'' in such circumstances.
That would meet some of the concerns that have been raised. The matter ought really to be debated in relation to clause 47, but, in the light of our discussion, it would be slightly artificial of me not to say that I had been considering the matter. I am prepared to be helpful in making disclosure of the key exceptional for the reasons given. Unhelpfully, however, I am not in favour of defining more tightly, with reference to encryption, the circumstances in which a key can be sought.
Mr. Allan: It is rather early to be robust. However, it was naughty of the Minister to return to paedophilia. There is nothing in amendments Nos. 178, 179 and 180 to stop the authorities taking action against those whom they believe to have encrypted paedophile material. The amendments deal with non-criminal activities and, if accepted, would leave the category of crime in the Bill. The tendency to slip in the link with paedophile material does not do justice to amendments that deal with non-criminal activities.
Mr. Clarke: Hansard will show that my remarks on paedophilia related to amendment No. 41. I was not suggesting that they related to the hon. Gentleman's amendments. However, the general point remains of whether there should be categories of illegal activity in which encryption prevents the state from getting the information that it seeks.
Mr. Heald: Like so many other parts of the Bill, the clause breaks with tradition. The tradition has always been that the power to enter, seize and search can be granted only for an arrestable offence and on the grounds of reasonable suspicion that a crime has been committed. The definitions of serious crime in part I and of crime in clause 46 do not make reference to an arrestable offence, which would be a useful feature.
If a notice is served on an individual who, for some reason, does not have access to the key or if it is not possible to serve notice on an individual in an urgent case, there is no power to search for the key. That is a weakness of this part of the Bill, which is tackled by a new clause and which was brought to my attention by the National Criminal Intelligence Service. Including an arrestable offence in this part of the Bill would make more sense of the provisions.
Mr. Clarke: I am happy to examine all such matters constructively.
The Bill goes against tradition because matters are moving quickly in the fields of human rights and technology. It aims to set up a framework in which investigatory practice can take place legally. If the Government and state seek to investigate what is taking place in contravention of the law, to what extent should the ability to encrypt inhibit that investigation? That and associated matters are the sole subject of the clause.
I acknowledge that the industry has genuine concerns about such matters, which is why I observed that we should return to them in relation to a later clause. However, I do not accept that there should be a sub-category of offence that may be read by getting access to the encryption keys and another category that may not be so read. If Parliament has decided that state agencies may read communications for the purposes set out in the Bill, it is not right to remove the state's right to examine such communications if they are encrypted. I therefore urge Opposition Members not to press their amendments to a vote.
Mr. Allan: The Minister linked decryption power to the interception of communications. That relates to economic well-being, to which the Conservative amendment refers. Communications should be intercepted only on the grounds of safeguarding the economic well-being of the United Kingdom, so higher tests should be applied. The tests applied in the Bill relate to surveillance, rather than intercepting communications, so there is a mismatch, which is highlighted by the Minister's linkage. Liberal Democrat and Conservative Members have sought to strengthen the argument about economic well being, which is not about illegal activity. I hope that the Minister will look at that again.
Mr. Clarke: I did not want to return to previous debates. The whole point about this is that the decryption powers lie on top of the rest of the structure of the Bill. I gave examples, but they were not designed to be attached to those points. The decryption powers run across the Bill in the way that I have described. That deals with the hon. Gentleman's point. My only apology is for not returning to the economic wellbeing debate, but we went through it at some length earlier. The decryption element of that discussion adds nothing to the substance of the debate on the real point raised earlier.
Mr. Allan: The Minister has raised as many questions as he has answered. Until he referred to the linkage between decryption and the interception of communications, I had not considered relating the two sets of grounds—those that we see and are trying to challenge in this group of amendments and those relating to the interception of communications. It is clear that we are talking about grounds that are comparable with those used for directed surveillance rather than those used for the interception of communications. I will consider whether it is appropriate to relate criteria for establishing permission for surveillance with those establishing permission for requiring decryption.
The Minister failed to answer on amendment No. 178 and I am minded to seek a view from the Committee on that. It tries to remove this catch-all phrase. The Minister did not give us any examples. He continually referred back to illegal activities. I sought to make it clear that we were not seeking to exclude illegal activity, particularly of the sort that he described, but were concerned about the Government's general powers to look at any statutory powers or duties exercised by any public authority. That is much wider and covers activity that is clearly not illegal under the criminal law, and could cover activities that do not create any serious harm to the state.
Question put, That the amendment be made:—
The Committee divided: Ayes 7, Noes 8.
Division No. 7]
Allan, Mr. Richard
Beith, Mr. A. J.
Heald, Mr. Oliver
Luff, Mr. Peter
Maclean, Mr. David
Ruffley, Mr. David
Taylor, Mr. Ian
Clark, Mr. Paul
Clarke, Mr. Charles
Darvill, Mr. Keith
Moran, Ms Margaret
Prosser, Mr. Gwyn
Sutcliffe, Mr. Gerry
Thomas, Mr. Gareth R.
Mr. Heald: I beg to move amendment No 43, in page 48, line 3, leave out subsection (4) and insert—
(a) be in writing in the prescribed form and be addressed to the recipient of the key and be signed and dated by a person with appropriate authority as described in Schedule 1;
(b) detail the specific protected information required; and
(c) name the person or persons who have the appropriate permission to serve the notice and order the decryption of the specific protected information sought.'.
The Chairman: With this it will be convenient to take the following amendments: No. 42, in page 48, leave out lines 3 to 9.
No. 181, page 48, line 4, leave out
(i) that produces a record of it having been given,
(ii) that produces a record of its having been received, and
(iii) that incorporates an electronic signature using a format and key which has previously been communicated to the recipient in writing;'.
No. 173, in page 48, line 6, leave out from `(a),' to `and' in line 7 and insert
Mr. Heald: The amendment is important. It provides that a notice under the clause requiring disclosure of a key must be in writing in the prescribed form. Amendment No. 173 provides for the Secretary of State to prescribe by regulations what that form shall be. The notice should be addressed to the recipient of the key and be signed and dated by a person with appropriate authority under schedule 1. It should detail the specific protected information that is required and name the persons who have the appropriate permission to serve the notice and order the decryption of the specific protected information sought. Amendment No. 173 requires that the form shall be prescribed in regulations by the Secretary of State.
There are a number of reasons for the amendments. The first is that those who use encryption to do business do not do so to be awkward or to help criminals. Predominantly, they do so for sound commercial reasons and in the interests of the privacy of the individual. If we are to avoid intrusive abuses of individual privacy, the notices should be clear and unambiguous and should set out the information that I have outlined. There should be a standard form of notice in a form that has been approved and has security information in it that can be checked. I have already mentioned the techniques that can be used in documents to enable them to be verified by using ultra violet light, for example. Someone who receives a notice can thus have confidence that it is genuine.
The Minister may argue that they will all be genuine and that there is no need to worry, but there is. One of the worries of those who deal with security for major banks and institutions is that individuals, including private investigators, approach them from time to time asking for confidential information. They are keen that they should be able to verify who is asking for the information and that the application is genuine. The Minister will know that I attended a meeting of EURIM, the European Informatics Market, which a number of his officials also attended. It has pointed out that
It does not want to give private information out to servers of bogus section 46 notices.
Mr. Ian Taylor: That is particularly important. In the good old days of the movies a man would turn up wearing a particular sort of mackintosh and one knew that he was from the police. But such people wear different clothes now. The key business interest is first to find out whether the authorised person is genuinely authorised and secondly whether he is authorised to seek the key or the plaintext.
Mr. Heald: The Minister's recent concession when he said that he was considering putting a requirement in the Bill that the key should be obtained only in exceptional circumstances will have knock-on effects for section 46 notices. I imagine that he is suggesting that one category of section 46 notices would require the plaintext and a different section 46 notice would require the giving up of the key, but only in exceptional circumstances. If that is the case, my hon. Friend is right. There would need to be a protocol or set of guidelines on how institutions should be approached for either category of section 46 notices.
It is hard to overstress the importance of this. The reason why more than 80 per cent. of institutions use encryption is to do business effectively. Many commentators, including the London Investment Banking Association, are anxious that there should be proper protections and the ability to verify.
Individuals, too, are worried. The data protection commissioner, who briefed the Committee said:
It was surprised to learn that the data protection commissioner frequently comes across attempts to obtain unauthorised access to private data using deception, but that is why the amendments are necessary.
Amendment No. 173 is flexible enough to meet any requirements that the Minister or his officials feel are necessary, so we are not being unreasonable. The Minister will say, ``Oh well, we will tackle the matter in the codes of practice,'' but although the Bill states that the person serving the notice can choose its form, that is not in the interests of business or of the individual. The Minister must take the powers to prescribe the form; they should all be the same and easily verifiable as such. I hope that the Minister will listen to my plea.
Mr. Allan: I rise to speak to amendment No. 181. I have much sympathy with the arguments advanced by the hon. Member for North-East Hertfordshire on the important issue of how requirements are to be given to the individual. Amendment No. 181 would tighten up the clause in terms of how the notification is given. There is a general description in subsection (4)(a), which we assume refers to a form of electronic transmission. It states that a notice
We assume that that refers to electronic communication. We suggest an alternative wording in which the electronic means should be the alternative method to writing. That is consistent with the provisions of the Electronic Communications Bill, which specifies an electronic alternative to a traditional, paper-based way of doing things. That is not being too technology-specific; it merely describes an electronic means rather than a specific electronic means. There are important criteria to be established in that respect and it is consistent with the principles of the Electronic Communications Bill.
Mr. Heald: Did the hon. Gentleman share my anxiety last week about the Godfrey case, involving Demon internet, in which an internet provision was used to post obscene and foul messages purporting to come from Dr. Godfrey, which were not from him? The case showed that it is possible to use electronic means to impersonate someone. Does that not highlight the point made by the Data Protection Commissioner and by businesses?
Mr. Allan: It was helpful of the hon. Gentleman to draw our attention to that case. The joy of the internet is that one can be whomever one wants to be, and use a different name, gender and so on. If the Government intend to use electronic means of communicating and there is a threat to liberty if people fail to comply with the law, individuals must be certain that it really is the Secretary of State who is taking action, not a spoof Secretary of State. It is not just a matter of whom one appears to be; someone could appear to come from a different place—
Mr. Ruffley: Sounds like the right hon. Member for Tyneside, North (Mr. Byers) to me.
Mr. Allan: I shall not be drawn down that route again.
There is a problem in establishing identity when electronic means are used; as the court case shows, that can be important. One issue raised in the Godfrey case was the extent to which the company had been informed about what was going on; much of the communication took place in the form of e-mail. If one gets it right, an e-mail saying, ``Can you sort this out?'', for example, is better than paper-based methods in terms of leaving a trail. The amendment includes three elements that are readily available in systems: first, the communication must produce a record of its having been given—in other words, the original copy must be stored—; secondly, it must produce a record of its having been received—e-mail is a much better way of producing a record of receipt than the recorded delivery postal system because it is done automatically; and thirdly, it should incorporate
Thus, the individual can be confident that communication is secure, which is the Bill's intention. The amendment includes safeguards; tighter definitions than those in the clause are important if individuals are not to challenge the way in which notification is received.
Mr. Heald: Does the hon. Gentleman share my anxiety that what is likely is a document from the Customs and Excise in one form saying, for example, ``Customs and Excise section 46 notice'' and a document in another from a different authority? That will be hopelessly confusing. One of the public authorities will decide to be terribly modern and with-it and start sending notices in a completely different electronic form. Business must be able to rely on the document and it will not do to have a multiplicity of documents. There should be a standard form.
Mr. Allan: The hon. Gentleman makes a useful point. The way in which the notification is made is important. When we discussed electronic signatures in the Electronic Communications Bill Standing Committee, it became clear that the issues would have to be tested in court. There is no case law by which, if someone challenges an assertion that he received something electronically, we can be absolutely certain that a document went from one individual to another. A person may say, ``I never received that document. Someone pretending to be me received it, not me''. The relevant case law will have to be built up when the Electronic Communications Bill is enacted.
The amendment would bring the notices within the general framework of established case law on electronic signatures. It is important that that applies to all public authorities and that the notices do not go off at half cock, being sent out in different ways which will be challenged in court. For example, if the wording on a parking ticket is wrong, someone will find out sooner or later and 5,000 parking fines will have to be repaid. Such things will continue to happen if someone decides to take a detailed look at the matter.
A notice involving serious criminal sanctions for non-compliance is an important issue and the three criteria in amendment No. 181 would assist the Government in making notices legally enforceable and consistent with a pattern of case law that we expect to be established when electronic communications are substituted for written communications.
Mr. Ruffley: Why are there no provisions that describe how a person can show proof of receipt of such a notice?
Mr. Charles Clarke: I agree with much of what has been said by the three hon. Members who contributed to the discussion. We had a similar debate, in a different context, in chapter II of part I, which dealt with communications data. The hon. Gentleman will recall that I responded to amendments calling for greater clarity regarding notices served under clause 22 and the detail that they should contain. I agreed that there should be a single agreed format of notice—a central point made by the hon. Member for North-East Hertfordshire—in order to simplify the processes for the agency facing the requirement and those receiving the notices. There should be a similar agreed format in relation to clause 46. Most important of all, there should be a similar process of consultation with industry to arrive at a suitable format for the notices. The hon. Gentleman makes perfectly legitimate points about security officers, banks and so on and they reinforce for me the reason why we felt that it was important that all the codes of practice should be developed in close liaison with industry rather than prescribed in the Bill. That is why we have proposed the development of codes of practice in clause 62 of the Bill. The debate on that clause is the place for consideration of formats and precise contents of notices.
I agree with the point made by the hon. Member for North-East Hertfordshire that there needs to be consistency between the codes as they are developed and that they need to be developed in conjunction with industry so that we understand its preoccupations and concerns. Over time, the codes may be amended in conjunction with industry.
I do not know whether it would help the hon. Gentleman, but I would be prepared to see whether clause 46(4) could look rather more like clause 22(2), which addressed the same points in the context of communications data. They are similar in character, but there are some differences. I am prepared to look at that in the light of this debate to see whether we can achieve more consistency across those points. We may or may not be able to.
We have included the specific question of electronic signatures and whether or not they should be appropriate for signing notices in order to future-proof the Bill as far as possible. I need to place it on record, however, in the light of the justified concerns that have been raised by the hon. Gentlemen, including the question of receipt, that before we could make any use of electronic signatures detailed legal and practical considerations would need to be tackled. They would include the specific questions of security and certainty raised in particular by amendment No. 181.
Mr. Ian Taylor: To be helpful, this will not be rocket science because many of the financial institutions, for example, are setting up checks and balances in the domain of encrypted and electronic signatures. I am sure that consultation with industry will bring the Minister up to speed with the latest standards. It is important that those standards are respected on both sides. That is the key.
Mr. Clarke: I agree absolutely with the point made by the hon. Gentleman. It is why we rest a great deal on consultation with industry. I agree, too, with his point about rocket science. The fact is that this work is being done routinely now to develop the right approach. It would be unconscionable for the state, in the form of the Home Office or the DTI, to take a different set of approaches to what was being developed by industry. That is why we emphasis developing a code of practice in conjunction with industry.
I have said that I agree with the fundamental points; that there needs to be a single consistent form that runs across all this.
Mr. Keith Darvill (Upminster): I have been listening to the points made by Opposition Members today and I agree with them. Does the Minister agree that, for those who have been affected by notices and for the appropriate persons as defined in schedule 1, and indeed the judicial authorities, it would be much more appropriate to have a standard notice to which all parties could agree?
Mr. Clarke: I very much agree with the point made by my hon. Friend. As he has implied, the thrust of the point comes from a similar direction to that of the amendments, which is to achieve clarity, simplicity and best practice with industry. We are for that and will seek to establish it. The discussions on the code of practice will achieve that. I am prepared to see whether clause 46(4) could more resemble clause 22(2) in its exact formulations.
I hope that I have been able to reassure the hon. Member for North-East Hertfordshire and hope that he will seek leave to withdraw the amendment.
Mr. Heald: Obviously, I am pleased that the Minister will try to make more coherence between clause 46(4) and clause 22(2). That is good news. Industry, however, has made this point so forcefully to us about notices that I am not satisfied with their being dealt with in codes of practice. I think that they should be dealt with by order. I do not wish to be churlish with the Minister, but I do feel strongly about the matter, particularly as not just the industry but the Data Protection Commissioner backs it up. I would like a vote on this.
Question put, That the amendment be made:—
The Committee divided: Ayes 7, Noes 8.
Division No. 8]
Allan, Mr. Richard
Beith, Mr. A. J.
Heald, Mr. Oliver
Luff, Mr. Peter
Maclean, Mr. David
Ruffley, Mr. David
Taylor, Mr. Ian
Clark, Mr. Paul
Clarke, Mr. Charles
Darvill, Mr. Keith
Moran, Ms Margaret
Prosser, Mr. Gwyn
Sutcliffe, Mr. Gerry
Thomas, Mr. Gareth R.
Amendment proposed: No. 173, in page 48, line 6, leave out from `(a),' to `and' in line 7 and insert
Question put, That the amendment be made:—
The Committee divided: Ayes 7, Noes 8.
Division No. 9]
Allan, Mr. Richard
Beith, Mr. A. J.
Heald, Mr. Oliver
Luff, Mr. Peter
Maclean, Mr. David
Ruffley, Mr. David
Taylor, Mr. Ian
Clark, Mr. Paul
Clarke, Mr. Charles
Darvill, Mr. Keith
Moran, Ms Margaret
Prosser, Mr. Gwyn
Sutcliffe, Mr. Gerry
Thomas, Mr. Gareth R.
Mr. Allan: I beg to move amendment No. 182, in page 48, line 9, at end insert
The Chairman: With this we may discuss the following amendments: No. 172, in page 48, line 9, at end insert—
No. 183, in page 48, line 9, at end insert—
(i) the protected information,
(ii) a sample of the protected information sufficient to identify all of the keys which may be relevant to putting it into intelligible form, or
(iii) some other means to identify all of those relevant keys.'.
No. 184, in page 48, line 9, at end insert—
( ) must identify the person who gave the appropriate permission and the paragraph of Schedule I under which it was given;'.
No. 185, in page 48, line 9, at end insert—
Mr. Allan: I am pleased to introduce this group of amendments, which would ensure that the way in which the notices are given under the clause is fair to the individual against whom they are given.
Amendment No. 182 seeks to write into the Bill that when a notice is given to require disclosure, reasonable regard be given to the technical difficulties in performing the disclosure. It is an important safeguard and I hope that the Minister will make it clear on the record that that is the Government's intention anyway. It would make no sense from their point of view to impose an order that said, ``Deliver this data within 24 hours'' when it was clear that it would take longer to do so. I hope that it is not the Government's intention to impose unreasonable requirements on individuals.
At the same time, I accept that the Minister may wish to argue that the Government do not want people to have a get-out clause if they are putting unreasonable barriers in the way of making a disclosure. However, as we move into more complex areas of computer technology, individuals against whom notices are given who may wish to comply and have no will to thwart the Government in their intentions will nevertheless be able to put forward a strong case as to why it will take time to deliver the data or the encryption procedures required of them.
Some of this will be purely as a result of the fact that technology is improving in this area and the whole point of having data encrypted is to make it difficult for other people to read. People in the economic or business sectors may well be using complex forms that require considerable work to deliver plaintext to an individual from the ordinary procedures, and they will wish to argue that when a notice has been given. We think that it would be helpful, therefore, to make it clear that if there is a dispute between an individual against whom a notice has been given and the authority that wishes to give it, the authority has a statutory duty to have reasonable regard to that point and respond to it. The authority may not simply say, ``No, I want this within four hours and I am not prepared to engage in any debate with you about the technical difficulties.'' Having such a safeguard in the Bill is important to make it work. It does not say that the notice may not be issued but that when it is issued, the time scales specified must be realistic.
Amendment No. 183 provides another important safeguard. We do not want notices to be issued in such a way that an individual has technical difficulty complying with them. The amendment seeks to ensure that when a notice is issued, it is clear what information needs to be decrypted and that there is sufficient information to collect all the relevant keys.
We foresee a situation in which notices are given where the individuals who were perhaps associated with the creation and encryption of those data in the first place are no longer available. We have talked in previous debates about the possibility of an individual no longer having the key. Not only that, the people who put the thing together may no longer be there and if a notice came to a business asking to see a certain category of information, without being very specific about what it was, one might have non-compliance, not through malice but through simple technical inability to understand exactly what the authorities were looking for.
Such a provision would also be an important safeguard against fishing. The authorities should supply to the individuals in the context of their notice what they wish to see decrypted so that it is absolutely clear. Otherwise one can imagine a notice being issued that specified a general category rather than a specific piece of protected information.
Clause 69 is also important in that context. It brings in liability of directors and others. The power is clearly envisaged so that the liability goes throughout an organisation, and the people against whom the notice may end up being issued will be people within the organisation with that kind of responsibility, whereas the technicians who put the thing together are long gone. It is important that an individual who has a notice issued against him under clause 46 is given every opportunity to comply and that we do not catch people who would wish to comply but find themselves technically unable to do so within the provision.
I remind the Committee again of the seriousness of the offence in clause 49 which carries a sentence of up to two years imprisonment on indictment. With an offence of that gravity, we must be absolutely certain that an individual is given every opportunity to comply. Amendment No. 182 deals with the time scale and amendment No. 183 ensures that the individual has sufficient information to decrypt the data. They are two important safeguards to allow that technical requirement to be fulfilled.
Amendment No. 184 is about the type of notice. It is fair to the individual to be told why the decryption is required. A set of grounds is defined within the clause and we have debated those grounds. Is it too much to ask that the individual be given a notification of those grounds—not about the specifics of the investigation but a general idea of why the state is taking such a power against him? I have said in earlier debates, and shall say again when we come to scrutinise part IV, that we believe that more information should be given to the citizen on whose behalf the agencies are acting about why their public servants are acting in that way than is currently the case. That can be done without compromising the security of investigations. The citizen is told by the agents why they feel that they need to exercise their serious power and require him to decrypt data and co-operate in that way. They carry a small stick that says, ``If you don't co-operate, by the way, we will take powers to take you before the courts and perhaps imprison you.'' That is an interesting position for any individual, and people deserve, and are entitled to, a degree of information at that point. That information should be enclosed within the notice, specifying both the grounds and the person who has authorised the investigation. A wide range of authorities is set out in schedule 1.
Amendment No. 185 covers what the Minister said earlier about requiring the actual key only in exceptional circumstances. That was a useful exchange that was appreciated by Opposition Members. Amendment No. 185 tries to reach the same point by saying that the notice itself must make it clear to the individual that the plaintext can be provided as opposed to keys. We argue that the provision of unencrypted data is generally less of an imposition on an individual than providing his keys, which can be used for a whole range of other things. That carries security implications. It is also a greater invasion of one's privacy when we are trying to establish a principle that the state is intervening in the most gentle and restricted way, only asking for the data in which it is interested. Clearly, the disclosure of a key rather than of unencrypted data casts a wider net than we believe is strictly necessary. Amendment No. 185 seeks to achieve something similar, and clause 47 may render it unnecessary. Clause 47(2)(b) says that an individual can be taken to have complied if, by the time he was supposed to disclose the key, he has disclosed the data in intelligible form. We want to take that much further and establish the intelligible form of data, rather than the key, as being the preferential method of complying with a notice. Clause 46 specifies the notices and amendment No. 185 makes it clear that the individual has that right.
I hope that that will be the case and that it will be strengthened further by what the Minister has to say on clause 47, with a clear indication to the Committee that the Government accept that there is a preference for disclosing an intelligible form of data rather than the keys themselves. In the light of amendment No. 185, I hope that he will also make that clear on the notice, so that it is not a notice to hand over a key but rather to hand over data in intelligible form, with a clear indication that the key may be one way of doing that. However, it is the data in intelligible form that the agents of the state want rather than the key as, and of, itself, and certainly not for any wider purpose than rendering intelligible that which is unintelligible and that which the state has lawfully obtained or has a lawful right to access.
Mr. Heald: Our amendment No. 172 covers the same ground as amendment No. 184, which the hon. Member for Hallam has adequately covered, so I am merely interested to hear the Minister's reply.
Mr. Charles Clarke: Following the last two votes, I am inclined to urge my hon. Friends to spring an ambush vote, because Opposition Members have departed for other climes.
Mr. Allan: They are not far away.
Mr. Clarke: I am delighted to hear it.
The main subject here is similar to the discussion that we had on the previous amendment. I remain of the view that such practical details, which I acknowledge are important, should be dealt with through the code of practice following consultation with the industry and all concerned in the way that we have set out. I am aware from what the hon. Member for North-East Hertfordshire said during the previous debate that he does not accept that point and he is, of course, entitled not to do so.
Mr. Heald: Consultation is an excellent idea and there are places in the Bill where the Minister has an order-making power and tells us that he will consult. I do not therefore see why, if he has an order-making power, he should not consult. There is no problem with that, is there?
Mr. Charles Clarke: One can consult on anything in any way. One can consult on primary, secondary, tertiary, quad—and whatever other form of legislation.
Mr. Allan: Quaternary.
Mr. Clarke: I am grateful to the hon. Gentleman for his culture in putting me straight on that.
The question is what is the right legal vehicle for what we are doing. I understand the point made by the hon. Member for North-East Hertfordshire. We believe that the code of practice, which is a more flexible device, is the right way to deal with these things in a fast-moving situation. That is a perfectly reputable position and I place on record again, as I have on many other occasions, that we want to consult industry about what we do. Nevertheless, I shall deal with some of the specific points made in the amendments.
Amendment No. 182 suggests that a person served with a notice should be given a reasonable time to comply with it and that the authorising officer should take account of the technical difficulties of performing the disclosure. I would hope that this would always happen and I would also expect to see the matter dealt with specifically in the code of practice. It is important to emphasise that the Bill includes a safeguard against unreasonable demands being made by providing at clause 49(3)(a) a defence to the offence of failure to comply.
Amendment No. 183 deals with how the relevant key will be identified in the notice. The notice must be specific enough for the person receiving the notice to be able to act upon it, and, in some circumstances, that could mean that it will have to be accompanied by some or all the protected information. These are the sorts of practicalities that we will work out with industry and that are better committed to a code of practice that can be revised as technology moves forward.
I do not, however, agree with amendments Nos. 184 and 172, which require that a notice should explain the grounds upon which it was granted. The authorising officer has a number of considerations to make before signing a notice and will be subject to audit by the commissioner. The recipient of the notice is not required to make a judgment about supplying the key based upon the facts of the case and disclosure of the grounds would add nothing to the process. It is possible that such disclosure would give away operational details unnecessarily. For instance, it may disclose to the recipient that an interception warrant is in force.
What the recipient needs to know is that the notice has been properly authorised, which is why it is entirely sensible for the notice to carry the name of the authorising officer as proposed in the amendments. We shall carry that forward into the code of practice.
Finally, amendment No. 185 proposes that a notice should remind the recipient that he has a right to provide the plaintext unless a direction has been given to the contrary. I agree and I have made points on that already as the hon. Member for Hallam acknowledged. The Bill already deals with this specifically in clause 47(2), but as I said earlier, we are prepared to look at exactly how that should operate.
Mr. Allan: The Minister discounted giving the grounds on the notice and referred to the fact that the commissioners will oversee the whole process. Will he tell us whether it is likely that the commissioners would in any way indicate how many notices have been given within each category? That sort of information would also be important to the public in order to know to what extent these powers are being used for the detection of crime in the interests of national security and in the interests of economic well-being in the United Kingdom as broad categories.
Mr. Clarke: I think that I shall stick with the Government's rather boring, conventional position on this. It is not right to give more detailed information about what has happened in the area because it may be of use to those who are concerned about being looked at in this way. I have made one concession during the course of the Committee on that point in relation to mutual assistance, but I am not inclined to go down the road suggested by the hon. Gentleman.
With that, I hope that colleagues who proposed the amendments will seek the leave of the Committee to withdraw them.
Mr. Allan: This has been a useful debate, but we have gone back to the issue of codes of practice and Opposition members of the Committee will look with interest at them once they are published. However, the Minister argued that he would consult effectively in such a reasonable manner that it would be inappropriate to press the amendments at this stage. We will wait to see the codes of practice and hope that he personally will be in charge of the consultation. He has now gone on record as saying that he will take it seriously and he will have to do so as an honourable man.
I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
Mr. Heald: I beg to move amendment No. 44, in page 48, line 13, leave out
The Chairman: With this it will be convenient to discuss amendment No. 186, in page 48, line 14, at end insert
Mr. Heald: The amendment deals with the person to whom the notice shall require disclosure to be made. The provision in subsection (5) is that
I can understand that you would not want disclosure to be to anybody other than the person giving the notice or a person specified in the notice, but I cannot understand to what the words
refer. I know what they mean, but I do not understand what the Minister has in mind there. This is a probing amendment because I am concerned that if a business or individual receives a notice, they should feel confident about the person to whom disclosure is required to be made. The words as they appear at present are vague and raise unnecessary doubts.
Mr. Allan: Amendment No. 186 seeks to probe to whom the key will be passed. Within subsection (5) there is a clear indication that it can either be the person who has authorised the notice or another person specified by them to whom they would like the key to be disclosed. Throughout our proceedings, the Minister has made it clear that the Government are keen not to cause any embarrassment to themselves or anyone else by allowing material that they have intercepted using these powers to go astray. We feel that there is that potential in this case, in particular for keys to go astray, which would be a serious problem.
The amendment seeks to establish that anyone who issues a notice should ensure that a person they nominate to receive a key is of appropriately high rank. We have talked about it in the context of the amendment as being an equivalence of rank. We wish to put on the record our concern that very junior officers in any organisation could get hold of keys, not through any malice on the part of the security services, but simply because the job is delegated too far into an area where there are no security procedures. We assume that intercepted communications and decryption keys will be kept in a secure environment, and those tend to be associated with specific ranks and groups of officers. Will the Minister assure us that such functions will not be delegated to insecure areas, from where keys could leak out, causing damage to the individual and serious embarrassment to any Government agency responsible?
Mr. Charles Clarke: Again, I have great sympathy with both the amendments and the sentiments expressed by the hon. Members by whom they were tabled. They both address the practical question of to whom a key should be handed over once a notice has been served under clause 46. The intention is to narrow the range of persons to whom keys can be handed. I understand that there are good reasons of security and trust for narrowing the range of persons as far as possible. The point was well made by both hon. Members. However, the range of persons has already been narrowed down significantly. The hon. Member for North-East Hertfordshire said that this was a probing amendment, so I shall explain how the process might work.
We need to consider what arrangements will be required in a system where a notice is delivered by hand and there is no possibility of an electronic response. We must also consider situations in which notices may be delivered electronically and electronic responses are acceptable. The person who serves the notice might not have the technical capability for secure handling of the keys, but it would be correct for him to serve the notice because he has control of the investigation and overall recognition of whether the notice is proportionate. The judgment of proportionality is a key element throughout the process.
Perhaps the easiest example to consider is the Government Technical Assistance Centre, which we have announced we intend to set up to deal with these matters. It is conceivable that the person serving the notice will want the key to be transferred securely to the centre, which would be the most secure way of dealing with the situation. Undoubtedly, part of the exercise of setting up the centre will be to ensure that there are secure communications both to and from it. Industry and others who hand over their keys would expect nothing less, and that consideration must defeat the aim of amendment No. 186. For good reasons, we might want keys to be directed to the centre, even when another public authority has identified the need for a key and, for example, convinced a circuit judge that a section 46 warrant is justified.
That consideration might not be fatal to amendment No. 44. It might be that the relevant address or person at GTAC can be specified in a notice. However, in instances where GTAC cannot or need not handle the key, it might none the less be appropriate for the individual who serves the notice to identify another secure location to which the key should be disclosed. The slightly broader range of possibilities identified by subsection (5)(b) is required to ensure that there is sufficient latitude to allow for all the arrangements that might ultimately be put in place.
I emphasise that we are not talking about having lax arrangements for handling keys—quite the opposite. The thrust of the remarks that have been made is that there are worries about the arrangements being too lax, which is why the desire to narrow matters is set out in the amendments. For the reasons that have been stated, it is in everyone's interest that there are no breaches of security arrangements. The Government Technical Assistance Centre will go a long way to ensuring the security of items.
We also need secure handling requirements for any items that do not go to GTAC. The requirement is clear and will be adhered to. We are concerned not to limit flexibility too far and jeopardise the possibility of secure arrangements in all cases. On the basis of that clarification, I ask the hon. Gentleman to seek the Committee's leave to withdraw the amendment.
Mr. Heald: The Minister mentioned GTAC, and I was looking for a convenient moment to ask about it. Clearly, this is a matter of great concern. Banks and other financial institutions have told me that a key that is delivered should be stored in safe conditions. GTAC's purpose is to advise the Government on such matters and to provide a secure storage facility. However, can he assure us that industry will be able to satisfy itself about the arrangements that GTAC makes or will it simply have to take it on trust that GTAC provides a secure facility? An official who deals with GTAC was at the EURIM meeting, and he was robust in saying that it would be secure. However, will industry be consulted on or able to verify that? If so, how? Furthermore, will GTAC be provided with a decent budget? It will be necessary to spend money to ensure that security is adequate.
Mr. Allan: I remind the Minister that the wording of amendment No. 186 looks familiar because it is taken from clause 22, which contains similar provisions for the disclosure of communications data. Clauses 21 and 22 refer to this. Clause 22 refers to the notices that are given for the disclosure of communications data and specifies similarly that the data itself must be disclosed to either the person giving the notice or to some other person. It also states that the person to whom it is given must be someone of similar rank. Our amendment No. 186 is similarly worded.
I understand what the Minister said about GTAC. There is a comparable point here in that the communications data, in that context, or the key in this context may then be used, and analysis take place in the presence of an officer in such a specialist centre. We think that it should be an important point of principle that the Government's receiving officer who will sign a declaration that on behalf of agency A, B or C that he has acquired the key be an officer of appropriate rank. He may afterwards wish to use officers of a lower rank, and technicians, so as to use the data—or, in this instance, the key. But we shall be most concerned if the provision has been so drafted that the senior officer will be able to make the authorisation but the authorisation will state that he should send his key to a very junior officer. That would indicate to us that at no stage would a senior Government officer be confirming that he had received the key. What happens to it after that is a separate issue. It is an important point of principle that senior officers request, and receive, the key. One element of that is missing here although it was present in our discussion on communications data. We know that a senior officer will state that he has received the communications data and that he may pass it to GTAC for analysis. Perhaps the Minister will reconsider. I hope that he will consider a similar provision for clause 46.
Mr. Heald: There were two other points about GTAC about which I intended to question the Minister. The first—a point that was raised at the EURIM meeting—was about the way in which security keys in transit will be dealt with. Secondly, will there be circumstances, as the Minister suggested, when the keys will not be handled by GTAC? I had not quite appreciated that there might be other storage locations and authorities dealing with the handling of the keys. I thought that all of it would be done by GTAC.
Mr. Clarke: As with all of this, the development of GTAC will be undertaken very much in conjunction with the industry, for the reasons that were given in the previous debate by the hon. Member for Esher and Walton, which were that the expertise and technical competence are there and we want to work with that grain rather than against it. By way of reassurance, adequate budgets will be available. The hon. Member for North-East Hertfordshire may be aware of some of the announcements that we made following the Budget statement the week before last. We have made that acknowledgment already, and I can reassure him and others that the organisation will be properly funded.
Mr. Heald: Is that the £25 million?
Mr. Clarke: Yes.
The subject of security keys in transit is a grade 1 point. It is extremely important, as the hon. Gentleman implied, and will be a specific aspect of the discussion with the industry about the establishment of GTAC. We do not generally envisage keys going anywhere other than to GTAC, but there is the possibility of establishing a local accreditation centre—for example, in Wales where they would be overseen by, and under the authority of, GTAC. We are considering that and other issues in that wider context, hence the slightly loose language of my earlier response.
In response to the hon. Member for Hallam, I can only re-emphasise that there is no intention to go to a lower level of authority other than in the context of GTAC and its function, which I have described. I shall, as he suggested, look at the wording of clause 22 and compare it with clause 46, to see whether I can give him further assurance. But I repeat for the record that the Government have no intention of lowering the threshold of information on this basis.
Mr. Allan: If we were to have an equivalent for GTAC, a designated receiving officer or officers of appropriate rank could work in GTAC and pass the key down to junior officers. But there would be a helpful and important safeguard in a procedure whereby the only person who could sign off and state that he had received the key was an officer of appropriate rank.
Mr. Clarke: I hear what the hon. Gentleman says. I will re-examine the provision. I assure him that we have no desire to reduce the threshold in this context. I hope that the amendment will be withdrawn.
Mr. Heald: It was a probing amendment. It has been useful to learn a little more about GTAC although I should like to have learnt even more . I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
Mr. Heald: I beg to move amendment No. 176, in page 48, line 20, at end add—
( ) A notice under this section may be renewed for periods not exceeding one year by authorisation by the person with appropriate authority under Schedule l, and any such renewal shall be notified to the person in writing.'.
The Chairman: With this it will be convenient to take the following amendments:
No. 174, in schedule 1, page 81, line 43, after `relates)', insert
No. 175, in schedule 1, page 81, line 43, after `such', insert
No. 46, in clause 50, page 50, line 20, at end insert—
(2B) A requirement made under a section 46 notice to keep anything secret may be renewed for periods not exceeding one year by authorisation of the person with appropriate authority under Schedule 1, and any such renewal shall be notified to the person in writing.'.
Mr. Heald: The amendments deal with limiting the life of notices, permissions and the like. We discussed authorisations for surveillance on clause 41, and the Committee will recall that we discovered that authorisations had a life: 72 hours in one instance, a year in another and three months in yet another, so there was a limit on their time.
Concern has been expressed to me about the provision for a notice under clause 46 not having a life. It will be indefinite and perhaps governed by the permission element in schedule 1. Amendment No. 176 would limit the life of a notice to one year and provide for extensions of a further year. Why is the notice open ended? Surely prompt service is essential if the circumstances are not to have changed between permission being given and the notice being served.
The purpose of amendments Nos. 174 and 175 is to limit the life of a permission to serve a section 46 notice to one year, or such shorter period as the judge provides for. Amendment No. 46 would provide that a
It also provides for renewals of the requirement in cases where there was some reason for the notice, permission or secrecy provision to continue. It would merely allow a check on things after one year, to ensure that notices, permissions and secrecy provisions do not go on ad infinitum. Given that the principle seems to have been agreed anyway for surveillance, I cannot see why the Minister would not agree to it in this instance. I chose a year, which is a long time in respect of investigations of the type that we have in mind. Forty-eight hours is often the time limit that matters. I chose a year so that the subject could be aired. If the Minister thought that 48 hours was a suitable limit I would not disagree, but I feel that there should be some time limit. That is especially important on the secrecy issue. Companies that have a security requirement are concerned that notices may be served on an individual in the organisation, perhaps for proper reasons. Their view is that the requirement should not last for longer than necessary. They will be aware of their own requirement that if a key has been given up to the authorities, what they might consider to be a risk to their own security must be known, and dealt with. Many such companies have complicated arrangements with other companies which require information to be kept confidential. I will give a flavour of the type of comments that have been made to me. LIBA has stated to me that it remains
LIBA made the point to me that a key that is used to decrypt one message may be capable of being used to decrypt other messages that are not covered by the permission and do not relate to the matter under investigation, although such use by a law enforcement officer would of course be unlawful under clause 51(2)(a).
LIBA notes that the Government are taking steps to protect the confidentiality of keys, but the sensitivity of the information that is held by investment banks is such that it will be essential for the legislation to include provisions on the relationship between key disclosure and the firm's liability under civil or criminal law for the disclosure of confidential information, which would need to apply to the disclosure of decrypted information as well as encryption keys.
The Minister may say, ``We have marvellous GTAC. They will look after the keys at their central site or in Wales'', but there is a concern that even the best authorities are hacked into. Their security is not absolute. We have all heard that 12 year-old boys were able to hack into the Pentagon. In the Terrorism Bill that is before the House, one of the points made in the notes that I happen to be reading is that there is a threat to institutions such as water companies and power companies from e-terrorists who seek to hack into control systems to create civil disorder and chaos.
Given that criminals are sophisticated and prepared to try it on, most companies would want to know at the first available opportunity whether a key had been given up to the security services or the authorities so that they were aware of the risk to the confidential information that they held.
The Minister will remember that at the ``scrambling to safety'' conference that he attended, a number of banks asked him about civil action. They said, ``We understand that if we act in accordance with a clause 46 notice in the United Kingdom, we should be able to point to the requirement under clause 46 and say that as we were required to do that by the law enforcement authorities, we would not be liable''. They believed that they would be immune from civil action.
Where there are joint arrangements between a company in the United Kingdom, say, and one in California, what would be the position if a breach of confidentiality was litigated in Los Angeles? I recall that at the ``scrambling for safety'' conference, the Minister was unable to answer.—[Interruption.] Perhaps I am being unfair, but I did not feel that he answered the question fully. Could he amplify the point? Many people in the business world are looking to find out the answer. The point was made to me not only by LIBA, but by EURIM and others. They go on to point out why this is so important. They say:
Of course, the powers are out of line with other major financial centres. I am sure that the Minister would be prepared to confirm that he is leading the way bravely. There is concern and I should be grateful to know how he would answer the points that I have made.
Mr. Charles Clarke: I am grateful for the attention that the amendments draw to how long notices should endure. There has been a perception that all decryption notices will last for ever and I welcome the opportunity to explain the Government's thinking behind the Bill.
It would clearly not be right for a decryption notice to last beyond the period for which any information being sought could be justified as ``necessary''. A series of measures in the Bill are designed to achieve that. First, clause 46(2) states that a person may serve a notice only where he believes that the imposition of such a requirement is necessary or likely to be of value, and is proportionate to what is sought to be achieved. Clearly, a notice with a long duration would not be appropriate in minor cases. Secondly, clause 46(4)(c) requires that the notice specify the time by which the disclosure is to be made. Again, a notice that required disclosures to be made ad infinitum would be hard to justify on proportionality grounds. Thirdly, and most important, clause 51(2)(a) requires that a key disclosed in pursuance of a notice is used to access information only in relation to which power to give such a notice was exercised, or could have been exercised, if the key had not already been disclosed. In other words, the duration of notices will in general be tied explicitly to the duration of the underlying statutory power. Where an interception warrant is authorised for three months, the notice will expire shortly after the date when the warrant expires, or be renewed along with it. Search warrants under the Police and Criminal Evidence Act 1984 usually expire after 28 days; again, the notice would expire shortly afterwards. Fourthly, the code of practice for part III will set out in greater detail appropriate duration periods for different types of notice. We shall consult on this code, which is, of course, also subject to the affirmative resolution procedure.
Amendment No. 46 would limit the tipping-off offence to a maximum of one year, subject to renewal. In effect, that would amount to subject notification—an idea considered and rejected in relation to warrants under parts I and II for three main reasons. First, it could alert a suspect to recent law enforcement interest, thus potentially putting at risk ongoing investigations; secondly, it might jeopardise future investigations into the same individual; and, thirdly, it might compromise sensitive operational methods and techniques. A requirement to keep things secret will be included in a notice only where there is a genuine need to protect the security of covert operations. No issue of confidentiality will arise, for example, where a notice is served ancillary to a court-issued warrant.
I have attempted to set out the main considerations and I hope that I have provided the clarity that the hon. Member for North-East Hertfordshire seeks. On that basis, I hope that he will withdraw the amendment.
Mr. Heald: Will the Minister explain the secrecy notice more fully? He said that because the secrecy provision would need to be renewed after a year, it might alert the subject to its existence. However, I cannot understand how that could happen because under schedule 1 the conditions do not require notification of the application. In those circumstances, would it not remain as secret as it was from the start? Under the LIBA provisions, a company should be made aware as soon as possible that a key has been disclosed to the authorities. Will the Minister say a little more about that?
Mr. Clarke: On the first point, circumstances in which secrecy continues beyond a year are likely to be unusual because of the considerations limiting the time period to which I referred earlier. In such cases, there will be concern to ensure that there cannot be any further notification. I understand the hon. Gentleman's point, but that explains the wording.
I addressed the LIBA issues as fully as I could at the conference to which the hon. Gentleman referred. I apologise if he thinks otherwise, but I have sought to address the issues as directly as possible in what I said to the Committee today
Mr. Heald: LIBA is interested in whether the joint contractual arrangements would allow successful suing in Los Angeles when the authorities have followed what is required under our laws.
Mr. Clarke: The position is not new. Any right to confidentiality will be subject to numerous statutory duties in the United Kingdom, California and elsewhere. What effect that will have on company rights and obligations is a matter for Californian law in the LA example given by the hon. Gentleman. As a practising lawyer, he is familiar with the principles of conflicts of laws. [Interruption.] He must be familiar with them, because I have discovered that lawyers know everything about every aspect of everything in life
I have attempted to address the hon. Gentleman's point and apologise if I have not satisfied him. However, the concerns of LIBA and others are not well founded.
Mr. Heald: It is touch and go, but I shall ask for leave to withdraw the amendment. It is good news that the codes of practice will deal with time limits. I would be grateful if the Minister wrote to me on civil liability, as I have received an awful lot of correspondence on the matter, which is a major concern for banks and others.
Mr. Clarke: I will write to the hon. Gentleman on the matter.
Mr. Heald: I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
Question proposed, That the clause stand part of the Bill.
Mr. Allan: I have tried to stick to the amendments and keep away from general principles, Mrs. Michie, as I knew that you would rule that we should not have such a debate at this stage. However, the general principle of clause 46 merits a short debate. Will the clause have the effects desired or will it have undesirable effects? Is such a provision legally appropriate?
I shall not tackle all the issues, as some relate to later clauses. At this stage, I wish to deal with the principle of issuing a notice and whether that will work. Will the Minister identify the mischief that he is seeking to rectify, as it is important to do so when introducing a new power? We have heard several anecdotes about what the clause's power to decrypt would do. However, we have not been given clear evidence about what the points of mischief are.
The Minister's example of paedophile pornography is a classic case of how power to decrypt section 46 powers may be used appropriately, as individuals engaged in such activity may have encrypted data, but not to such an extent that the power would not work. Business records are another category for which the power may be used. We have already discussed whether section 46 powers would be workable in investigations into dodgy business deals using a mainstream form of encryption. Section 46 powers are less likely to work and may be being oversold in relation to terrorists and important drug dealers, who are engaged in serious, calculated crime and will increasingly use methods that will not be caught by the section 46 notice.
We are anxious about undesirable effects in relation to the economic well-being of the United Kingdom. Evidence put to us by the technology industry clearly suggests that the clause is not in the interest of the economic well-being of the UK because of the impact that it may have on business confidence. Earlier, I mentioned the Prime Minister, and have since felt guilty about his technical expertise, as I freely acknowledge that he is quite a good ambassador for the United Kingdom on electronic commerce. However, he must take the hits as well.
Mr. Taylor: We are impressed by the fluency of the hon. Gentleman's arguments, but not quite so much by the sycophancy of his last comment, which was obviously provoked by off-the-record comments that there was a Lib-Con coalition.
Mr. Allan: I was even more cunning than that, as I was setting up the Prime Minister to have a quick knock at him, as is always the way in politics.
The Prime Minister rightly talks about wanting Britain to be at the heart of electronic commerce. It is our duty to hold him to that. If Departments under his control introduce legislation that work against his aim, it is our duty to point to those inconsistencies. The concerns about economic well-being and the impact of the clause should be taken seriously.
Many of the people who will come into electronic commerce will not even know that they are using cryptography. They will use systems that to them as end users will be straightforward and simple to use. Strong encryption that they will not know about will be going on behind the scenes. They will simply use a system such as on automated teller machine in the wall which sends encrypted data to the banks. They do not know about that; they simply want to key in a number and get some cash out. There may be problems with implementing clause 46 when people do not have a technical understanding of what they are doing and have problems complying.
How will the system be used? Often, notice will be used not against an individual sender or a recipient but against an intermediary. In many cases, the internet service providers or some other intermediaries will hold the cryptography keys and will be responsible for the cryptography. People will sign up to a service, which may be a package service. The Government or an agent may wish to intervene to read data but those people may not be responsible for the encryption that occurred along the way.
If ISPs are competing to offer greater security, they will try to give people protection from the clause by telling them that they will take on the responsibility for encryption and that they are no longer liable for it. That is a legitimate commercial response. Commercial companies will try to offer an edge. Any bank or anyone offering online services will claim to be more secure than anyone else. There will be questions about the extent to which a section 46 notice, which is envisaged as being issued to a sender or a recipient, will cover keys held by third parties, who are neither a sender nor a recipient.
Steganography is a great word, but it is not a new concept. It seems that we are taking out electronic data and a separate category is being created. However, steganograpy as the art of hiding information has always taken place. People have done that in a huge range of ways, which is why PACE was brought into force. It is why we have powers to require people to disclose information and to search their premises. It is odd that we are taking electronic data out and dealing with that differently.
Why was consideration not given to using the provisions in the Police and Criminal Evidence Act 1984? Under paragraph 1 of schedule 5 of PACE a judge can require data to be supplied in a ``legible and visible form''. It would be better to adapt the general principles of how to overcome information hiding when there are allegations of criminal activity and individuals are hiding data. We have general provisions for securing physical pieces of information and requiring them to be provided in an intelligible way. It seems odd that we are introducing a completely different way of approaching one category of data, rather than adapting existing provisions.
Those are our general concerns. I hope that the Minister can explain the Government's position. He has done it before and I know that he will do it again. It is important on clause stand part to establish these points of difference and to make sure that they are on the record. I do not expect the Minister suddenly to start agreeing with me.
One issue that was not covered in the amendments arises in subsection (6). It deals with keys that are used only to generate electronic signatures. There are technical issues relating to the circumstances in which the distinction between an electronic signature and encryption is not always as clear as the Bill suggests. Have the Government considered the use of public signature verification keys, which are used both for a signature and for a form of encryption? The signatures themselves may be encrypted within the internal system being used.
That is my final point on that issue. However, I would like to place on the record the fact that we see where clause 46 will be used, and how it will affect certain target groups, some of which have been referred to earlier. Could that not have been achieved by another method more consistent with the general principles of data regulation? We believe that the clause could cause negative business impacts. It could give a clear signal to the industry to set up strong, perfectly natural commercial drivers in a highly competitive market, by setting up steganographic systems as fast as they can and offering people forms of technology that would make them immune to the provisions of clause 46.
Mr. Heald: I shall make a couple of points on clause stand part. The London Investment Banking Association is concerned about clause 46(6), which states:
(a) is intended to be used for the purpose only of generating electronic signatures; and
(b) has not in fact been used for any other purpose.
LIBA also raises several points relating to whether the provision will be effective in certain circumstances. Will the Minister comment on the practice of destroying keys automatically when they expire? The public key system for many companies involves ensuring that only the key's owner has access to it. What would happen if the only way to comply with the request were to ask the key's owner for it? Would that fall foul of the tipping-off provisions? Some systems now employ perfect forward secrecy, which means that if the key is compromised it cannot be used to decrypt messages encrypted by it before it was compromised. There also exists a practice of generating new session keys for each message. How does that fit into the provisions? Finally, how will the provisions apply to systems that contain tamper-proof boxes?
Mr. Charles Clarke: I shall first respond to the invitation made by the hon. Member for Hallam, because, among the many issues that we have discussed, encryption is one of the most important.
I want to place on the record the evidence that we have received. Some people tend to dismiss the issue of whether this provision is relevant to paedophilia in a significant way. I do not mean that they dismiss the crime of paedophilia itself; rather, they dismiss its relevance to the Bill. The Committee has not yet discussed the incidence of that to any significant degree. However, we have received joint evidence from Barnardo's, Childline, the Children's Society, the National Children's Bureau, NCH Action for Children, the National Council of Voluntary Child Care Organisations and the National Society for the Prevention of Cruelty to Children.
In their evidence, those organisations set out their concerns relating to the provisions. Hon. Members will have seen that evidence, but, so far, we have not discussed the issue significantly, and I think that it is right that we should do so. The evidence makes several points. First it states:
Secondly, it states:
Thirdly, it states:
clause 46 is the one that we are now discussing—
Finally, it refers to the hope that we will
Mr. Heald: Will the Minister give way?
Mr. Clarke: I shall not give way now. I shall give way when I have finished what I have to say on this matter. For the reasons given, the organisations concerned—reputable and strong organisations—believe that
Mr. Heald: Will the Minister give way?
Mr. Clarke: I shall give way when I have finished what I have to say about the children's organisations, but not before then.
The organisations emphasise that the internet is not without its dangers for children. They say:
They give examples from recent United Kingdom cases:
The organisations argue:
The organisations then give examples from across the Atlantic, where the Federal Bureau of Investigation, United States Customs and the United States Department of Justice have been involved in various activities.
I give those examples, which have not been discussed previously in the Committee in this way, not to suggest that anyone in the Committee does not take them all seriously, but simply to make the case that encryption is essential in tackling crimes of this type and that giving the state the power to decrypt messages is important.
I want to return to some other points, but I shall now give way to the hon. Member for North-East Hertfordshire.
Mr. Heald: I do not know whether the Minister has read the organisations' conclusion, in which they say:
We will soon come to new clause 1, which increases the sentence for known criminals, and new clause 4, which provides a new power of search to help the authorities in serious cases. Will the Minister look at those new clauses very carefully in the light of the evidence from the children's societies?
Mr. Clarke: I will. As the hon. Gentleman suggested, that is a matter for his new clause 1, whose motivation I entirely understand. We shall address it when we come to it.
The point of this intervention in the clause stand part debate is to emphasise and place on the record the fact that encryption is a serious issue involving serious crime, which the state needs powers to deal with. I acknowledge that these are difficult powers to define, but they are necessary for a variety of reasons. Before I develop the point, I shall give way finally to the hon. Member for Hallam.
Mr. Allan: I hope that it was clear from my contribution that child pornography is one area where the powers would be used, because a number of people hold encrypted images. Has the Minister considered whether PACE could be used in such cases? In the Gary Glitter type of case we are talking about collecting evidence. A personal Computer has evidence of child pornography on it and one wants to be able to require a person to produce the images, if they are encrypted, so that a prosecution can be brought. Surely PACE could be used in those circumstances.
Mr. Clarke: I do not think that PACE could be used in those circumstances. That is why we have established the powers that we have. I acknowledge the difficulties inherent in those powers. I shall come in a moment to the hon. Gentleman's point about economic well-being, but we have introduced the Bill because we believe that we need powers to deal with that problem. As I have said, encryption is already causing difficulties for law enforcement in areas other than paedophile activity. I have cited those examples because of the powerful evidence that we have had from the children's charities and protection organisations.
The measures also counter a future threat that may arise as the technology develops, and I make no apologies to the Committee for that. Introduction of the new powers was specifically recommended in last year's Cabinet Office report on encryption law enforcement, for reasons such as those that I have given, and we expect increasing problems as encryption becomes more readily available and easier to use. Law enforcement worldwide is unanimous about that. Every day we are faced with evidence that criminals and their organisations latch on rapidly to the latest technology in their efforts to evade detection. We must address the problem now, before it becomes unmanageable. Therefore, the general case for the Bill, and for the clause in particular, is well made.
The hon. Member for Hallam made the point about economic well-being. I acknowledge that the Bill will place burdens on industry. I have stated as clearly as I can that the Government wish to work with industry in a variety of ways and not against it. I believe that most members of the Committee acknowledge my integrity in saying that and accept it. However, I want to make a further point, which may not be accepted.
It is crucial to the development of the e-commerce revolution that people are satisfied that crime cannot flourish on the internet and that the state is taking the maximum powers to prevent that happening. Serious economic well-being issues would arise if we were to acknowledge that crime could develop on the internet. I had a letter in my local paper the other day from a young girl at a school just outside my constituency; but still in Norwich, who said that she did not want to use the internet and did not feel confident about using it because of the issues of paedophilia. I have written back to her privately saying that she does not need to be worried, because we are trying to address the issues through the provisions in the Bill.
I have been impressed by industry's commitment to sorting out these issues effectively, but unless it acknowledges, as I believe it does, the need for a secure business structure, its future will be threatened from a different angle.
Mr. Ian Taylor: On this occasion, I support the Minister. When I held responsibility in the DTI between 1994 and 1997 I found a clear need for the authorities to be able to decrypt information in regulated and carefully constrained circumstances, which is the purpose of the Bill. The Minister has been reasonable in emphasising his concern to achieve the right balance with industry and the authorities. As long as he continues to do that, the industry will have greater confidence that we will get there. That is precisely why we have tabled amendments. I simply ask that the safeguard is enshrined in the Bill, so that the Minister's personal assurance is upheld by his successors.
Mr. Clarke: I appreciate the hon. Gentleman's remarks, which are correct. I re-emphasise his point that industry accepts the general issue and is also keen to get the balance right. I have met no one involved in this debate who has not acknowledged that there are serious law enforcement issues which must be addressed. The discussions have been about how that is done, rather than about core issues of principle.
I wanted to deal with those important general matters, because this is the first point in the Bill at which it is appropriate to discuss them. I shall now deal rapidly with specific points. First, on the intermediary point raised by the hon. Member for Hallam, the technology enables a third party to have the relevant key, but internet service providers are unlikely to be in that position. They have told us that they will not have keys stored themselves, although the reference is included in the Bill because other issues may arise.
Clause 46(6) deals with keys for electronic signature—the public signature ratification keys. Subsection (6) says that there will be no access to keys which have been used only for digital signature processes. On the signatories generally, public keys are, by their nature, public and would not need to be the subject of notice. Private signature keys are subject to access only if they have been used in respect of confidentiality. We believe, and I think the industry agrees, that it is good practice to have separate keys for those purposes.
The hon. Member for North-East Hertfordshire referred to perfect forward secrecy and session keys. We acknowledge that we cannot demand keys if they do not exist. Perfect forward secrecy is an example of that. We would like to be able to legislate to do that, but feel that we cannot. We have said that session keys will suffice where they decrypt information of concern to us. I hope that that meets the point.
Mr. Heald: There was the point about subsection (6). LIBA was interested to know how a firm could demonstrate that a signature key had not been used for another purpose.
Mr. Clarke: That would be part of the normal process and the normal exchanges. In discussing the clause, the hon. Gentleman has cited LIBA several times. I make no criticism of him for doing so, but I draw from our discussion the need for a specific conversation with LIBA to reassure it on these points. I shall ask my officials to do that in due course, in case any outstanding points are not being properly dealt with in the consultations, although I believe that they all are.
I have tried to state of the principles behind the clause at the same time as dealing with the points that have been raised. I hope that the Committee will agree that the clause should stand part of the Bill.
Mr. Allan: I wish to come back on a couple of points so that the record is straight. One reason why we are arguing for a PACE type of process rather than the provisions in the clause is to deal with the kind of cases to which the Minister has referred. As we said on clause 14, on ``Restrictions on the use of intercepted material'', if we are talking about interception and encryption, the kind of data that have been collected will not be admissible in court. Therefore, there must be advantages to using the other approach. We are trying to collect evidence to catch people accused of carrying out specific activities. That will be much more effective if we are looking for illegal images that will be admissible in court. That will be a better approach than using the powers in the Bill. Therefore, it is a question of having the most effective method of law enforcement, and I am grateful to the Minister for acknowledging that.
As we said in early debates about intrusive surveillance, our view is that the better approach is the IT-based, intrusive surveillance method, rather than these decryption powers. We propose alternatives which we believe would be more effective and would not have the clause's negative effect of generating an avoidance industry. We are not saying, ``Do not enforce the law''; rather, we are saying, ``Use these alternative methods'', which we continue to argue will be more effective than the powers in the clause.
Mr. Heald: On Second Reading, my right hon. Friend the Member for Maidstone and The Weald (Miss Widdecombe) said that our party supported the Government's efforts to establish such powers. However, we should ensure that they are in a form that is as convenient and fair to industry and to the users of the technology as possible.
In some ways, we are proposing the toughening of the Bill and the provision of greater powers to the authorities, but we do so in the belief that human rights should be preserved and that the interests of companies should be properly respected by avoiding over-regulation. I hope that the Minister will accept that, when we propose amendments or raise points on behalf of important bodies—the London Investment Banking Association, the Federation of the Electronics Industry, the Alliance for Electronic Business and all the other organisations that I have mentioned—we do it not because we do not support the idea of giving crime fighters the powers that they need to do their job but because we want to scrutinise the Bill properly and ensure, as far as possible, that the powers that the authorities have are those that they need and that there is no carte blanche allowing them to take on powers far wider than is strictly necessary.
Question put and agreed to.
Clause 46 ordered to stand part of the Bill.
Mr. Heald: I beg to move amendment No. 23, in page 78, line 22, leave out from `office' to end of line 24.
The Chairman: With this it will be convenient to take the following amendments: No. 24, in page 78, line 28, leave out from `warrant' to `contained'.
No. 25, in page 78, line 31, leave out `or authorisation'.
No. 26, in page 78, line 33, leave out `or authorisation'.
No. 27, in page 78, leave out lines 45 to 47.
No. 28, in page 79, leave out lines 7 to 18.
Mr. Heald: Although there are quite a few amendments in the group, they fall within a narrow compass. The basic point is that, at present, permission is given not just by a judge, under paragraph l, or by the Secretary of State, as provided for elsewhere in the schedule; it can also be given by others. The amendments would delete references to the granting of permission by anyone other than the Secretary of State or a judge. That would underline the importance of the decision to grant permission for a section 46 notice, and ensure that the matter is in the hands of a judge or, in the case of the Secretary of State, someone who understands the sensitivities involved.
Mr. Clarke: The amendment would remove from the regime the ability, under paragraph 2, to grant appropriate permission for decrypting material acquired under part III of the Police Act 1997. The schedule sets out the levels of permission required to authorise the serving of decryption notices under clause 46. It is a complicated schedule, and it is worth spending time to focus on the philosophy behind it.
On previous occasions, I have laboured the point that the provisions will not allow the police, or any other agency, to get their hands on data that they cannot acquire at present. In that sense, there is no new power. We should bear it in mind that all the data that we are discussing can now be lawfully acquired and read by the police or other agents. In view of the existing powers and the data which can be acquired, we need to consider ways of decrypting that data.
There are two choices; either we can rely on the existing levels of authority to acquire the data and decrypt it, or we can specify a different level of authority—higher or lower—that will always be required to order decryption. It is an interesting choice, but it is not straightforward. Some commentators have made the point that an individual applying encryption to data is, by definition, adding an extra level of privacy. They contend that that privacy should be respected and higher levels of consideration given to decryption of that data than apply to its acquisition. I understand that point, and the schedule makes some concession to it by requiring the permission of a circuit judge in all situations other than those specified. However, if : we pause to think for a moment, we must acknowledge—as I am sure that the hon. Member for North-East Hertfordshire would—that the technology is developing rapidly. Very soon, encryption may be a standard feature on all desktop personal computers and mobile phones. It is true that an individual might have to apply the encryption specifically each time he wants to use it, but he might not. It could be a standard feature. In five years' time, encryption could be the norm.
Reference to future developments has already been made in Committee. We must bear them in mind when legislating now. Encryption is a facility that will make communications and other data more secure than has been possible to date. That will be good news and a boon to e-commerce, but the casual, or even the determined, hacker will be considerably disadvantaged by this technology.
However, the Bill is not really about hackers. It is about law enforcement and about agencies that already have the power to get their hands on the data in question. Those powers have often been specifically approved by Parliament, in the expectation that the granting of that approval would give proper access to the data in question. Parliament took the trouble to specify the levels that would be appropriate in acquiring that data.
The amendment would require the police to go to a circuit judge to decrypt data obtained in these circumstances. A chief constable could authorise entry to my house and interference with my property, but if that happened to include my computer a circuit judge would need to authorise its decryption. I do not accept the distinction. This is about proportionality. If a chief constable is required to authorise an operation, he should be the one to authorise directly consequential activity. If prior approval of a surveillance commissioner is required, he should also be the one to authorise decryption. That provision is contained in paragraph 2 of schedule 1. Judicial oversight of this power will be provided by the surveillance commissioners. For those reasons, I hope that the hon. Member for North-East Hertfordshire will withdraw the amendment.
Mr. Heald: I certainly want to think over what the Minister has said and I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
Mr. Heald: I beg to move amendment No. 29, in page 79, leave out line 23.
The Chairman: With this it will be convenient to discuss the following amendments: No. 30, in page 79, line 24, leave out `any resident magistrate' and insert
No. 31, in page 79, line 26, leave out `or of a justice of the peace'.
Mr. Heald: The amendment would delete references to magistrates giving permission to serve a section 46 notice. That would ensure that those decisions were made at a higher level, reflecting their seriousness.
Mr. Clarke: These proposals are similar to those that we have already discussed and I do not want to labour the points that I made earlier.
The amendment would insist that policemen have to apply to a circuit judge for decryption of the data, notwithstanding the fact that the search itself had been authorised by a magistrate. The amendment would move these circumstances into paragraph 4 of schedule 1, not paragraph 1 as intended. In that case, a superintendent would authorise the decryption. As I have said, I do not want to labour the point, but I would not favour a superintendent's authorisation in these circumstances. I hope that the hon. Gentleman will withdraw the amendment.
Mr. Heald: Again, I would like to think over what the Minister has said. It was helpful of him to outline his position so clearly. I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
Mr. Heald: I beg to move amendment No. 32, in page 80, leave out lines 1 to 31.
The Chairman: With this it will be convenient to discuss amendment No. 33, in page 81, leave out lines 1 to 36.
Mr. Heald: The amendments would delete paragraphs 4 and 6 from schedule 1, which provide for section 46 notices where data have been obtained without a warrant. That would eliminate the difficulty that the Minister just raised. There is no requirement for the Secretary of State or a judge to approve a section 46 notice in these circumstances, and we do not approve of that.
Mr. Clarke: Amendment No. 32 would remove the possibility of police forces authorising themselves to decrypt data. Amendment No. 33 would remove the conditions applying to internal authorisations. The question is whether the restriction should also apply to police, Customs and Excise and Her Majesty's forces. The answer is no, for the following reasons: police officers are already entrusted with the power; encryption will become pervasive; the ability to decrypt will be restricted to a high level; and oversight will be the specific responsibility of the chief surveillance commissioner. I hope that the hon. Gentleman will therefore withdraw the amendment.
Mr. Heald: I make much the same comment as I did last time. I shall think over what the Minister has said. I am grateful to him for the way in which he has made those points. I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
Schedule 1 agreed to.
It being One o'clock, THE CHAIRMAN adjourned the Committee without Question put, pursuant to the Standing Order.