Baroness Lane-Fox of Soho (CB)

- View Speech - Hansard -

Copy Link

-

My Lords, I too was not of a member of the committee chaired by the noble Baroness, Lady Morgan, but was compelled to come today. I hope your Lordships will forgive me a short personal detour about why I was particularly keen to come and speak this morning. I have been absent from the House for many months, partly because of severe hospitalisation. I will not bore Members with physical details but I am lucky to have a leg and a life right now, so I feel as if I am winning in being able to stand up here and talk about this subject. I particularly wanted to come this morning because of two personal reflections from that time.

First, as Members are fully aware and as has just been mentioned from across the Chamber, this issue affects people at their most vulnerable. When you are at death’s door, you are at your most vulnerable, and in hospital I met several people who related to me, in waiting rooms or while I was lying on tables in various places waiting for doctors and nurses, how anxious they were about what was happening in the online world, particularly while they were in hospital and unable to cope with the volume of things being sent to their devices. It really struck me how I normally manage this in my daily life, being a relatively competent technology person—so that was the first point.

Secondly, coming back into the working world after a long absence, the volume of text messages and emails—not to my parliamentary account but my personal email, which is in my own name, so I guess it is relatively easy for scammers to come to—was absolutely appalling. I was taken quite by surprise and felt somewhat that the scales had been lifted from my eyes. So forgive the personal detour, but that is why I am so pleased to be able to speak this morning and to make three short points in my contribution.

My noble friend Lord Colville of Culross has already mentioned the first of them, which is that the biggest and most dramatic shift in technology that has occurred not just while I have been slightly absent from the House but over the last few months is that of generative AI and the platform shift happening there. Everyone is reading the headlines and I am not going to repeat what I am sure has been much debated here in the Chamber. But it is striking to me that this report was published last November and I think the committee would probably have put many different points about the use of AI just in the short period of time since. I cannot come up with a solution, but it is important to recognise how fast technology is changing and how innately complicated it is to keep up with the massive developments in how platforms are being used and individuals are able to create and generate content.

My noble friend Lord Colville mentioned the appearance of deepfakes, but this has been amplified exponentially with these new technologies. It is not only the volume and scale but the sophistication: synthetic people can now be created. I was reflecting that my voice is probably the last one a scammer would choose to use, thank goodness—I do not think anyone would fall for an outward call from a “Baroness Lane-Fox of Soho” suggesting an entrepreneurial opportunity. Looking at my own entrepreneurial adventures, they would probably put the phone down immediately.

In all seriousness, as the bank example already given has shown, this is a very complex issue. While I recognise that the report suggests that AI should be used to look at sets of data, and I agree with that recommendation, we also need to proceed with caution and think carefully about the boundaries and guardrails around how the latest wave of technology is used. This is an extremely urgent matter, in my opinion.

My second point is that, as the new president of the British Chambers of Commerce, I think it essential, as the report suggests, that we link up with business. I would like to make a case again for small businesses to have special treatment. It is very hard right now to run a small business: you face cash flow pressures, increasing energy costs, wage inflation and all the other things that I know are debated frequently in this Chamber. In addition, I have noted from multiple conversations with our members their profound anxiety about how the names of their own organisations are being used by others—let alone the things for which they have their own responsibility. While I recognise that corporations need to take responsibility, and I certainly believe that technology and telecoms companies should be doing more, I think there is still work to be done to educate small businesses to build the cyberdefences they need.

I was talking to a small insurance company in Doncaster which had faced a horrible issue where somebody else was using its name for outbound calling. It was not something the company had the capacity to look after and worry about and it did not get help from any of the law enforcement agencies locally. It was providing the already stressed entrepreneur with another point of stress in these economically difficult times.

So, generative AI and small businesses are mentioned; the final thing mentioned frequently through the report is the skills we need to address this challenge being so profoundly lacking across all sectors. I have thought about this deeply over the last decade. We are still in a very profound skills crisis in this country. Just yesterday, the Open University, of which I am chancellor, released a report examining the extremely deep level of skills we need across multiple sectors, including cybersecurity. This is true across many businesses, both in the public and private sectors. We need to make this an urgent part of the agenda. I do not believe we will be able to be as resilient as we should be unless we have a deeper skills strategy. We have local skills investment partnerships, which I understand are working well. We should be using them more and thinking sectorally about how we can make sure that we have the skills we need. Those are the things that struck me from reading the report. I am delighted to be able to share my thoughts again in the Chamber and thank the noble Baroness, Lady Morgan.

To close, I was reflecting on being at lastminute.com back in 1999. I clearly remember a moment when I found a fax on our fax machine—despite the appearance of incredible technology, we were using fax behind the website—that had a customer’s credit card details on it. I was about to fax it to the supplier to get the booking confirmed. I remember thinking “Maybe this is not such a good idea”. Fast-forward to now: we never imagined that this is where the technology would have led us—to the incredible speed, pace and ability to create this fraud at scale. It is depressing. It is not what I think the technology landscape should have tilted towards, but we are where we are. The massive shift in generative AI recently, as I have said, combined with the economic climate we face, makes these recommendations vital. I hope we can go further and faster than the report suggests.

Baroness Lane-Fox of Soho (CB)

- Hansard -

Copy Link

-

I declare my interests as noted in the register. With an increase in harms to children online during this pandemic, the pushback of the online harms Bill and no date yet set for the code of conduct so tirelessly campaigned for by my noble friend Lady Kidron, when will the Government commit to filling the gaps left by these pushbacks and delays?

Baroness Lane-Fox of Soho (CB)

- Hansard -

Copy Link

-

My Lords, even just a few years ago it would have seemed slightly surprising that a dotcom entrepreneur was speaking in a debate about national security. Now it would seem surprising if I were not. In fact, I am looking forward to contributing as a new member of the Joint Committee on the National Security Strategy. I also declare my interest as a director of Twitter and co-founder of Doteveryone, a charity fighting for a fairer internet.

The world has changed irrevocably and irrefutably with the immensely rapid rise of the internet and digital technologies. When Brent Hoberman and I started Lastminute.com 20 years ago, we were grappling with the early technologies to make credit card payments safe on the web, and the largest cloud we faced was the drama that the potential of the millennium bug was presenting. Now we face a set of complex and interrelated challenges unprecedented in human history, and all exaggerated by the global and borderless nature of the technology that is woven so deeply into our everyday lives.

There are many themes relating to security and it would take far more time than I have today to describe even just what has happened in recent history. Look at what we have faced in the last few months: NHS data breaches; WannaCry ransom attacks; ATMs hijacked; fake news; Jihadi content on YouTube. Now let us think for a moment of a potential future: more use of big data; autonomous vehicles hitting our roads; the internet of things being implemented all over the place; and more and more machine learning, underpinning all our systems.

I want to tick off three areas: first, the role of the large tech platforms; secondly, the levels of digital understanding in Parliament; and thirdly, the wider digital security of our citizens. First, on the large technology businesses—the so-called platform businesses —I am the last person to rush to the defence of the monopolies that dominate our consumer internet. Indeed, it is one of the greatest surprises of my life that more of the original promise of the web, to redistribute and enable many more voices to be heard, has not been fulfilled. Five large companies dominate our online world and they have unimaginable power: Google, Apple, Facebook, Amazon and Microsoft.

However, I find the lack of sophisticated debate about the internet and security in the media—and, in parallel, the knee-jerk reaction by parliamentarians—extremely serious. Too often, all the internet is lumped together and blamed for an attack in the real world. It has recently been felt that, as long as we turned the internet off, we would all be safe. This weekend, I was lucky enough to hear John Kerry give a masterful Ditchley lecture in which he highlighted this point, calling for elected representatives to be honest with us all about the real causes of extremism—and he specifically talked about social media. He reminded the audience that the young people demonstrating in Tahrir Square during the Arab spring organised themselves using Twitter, and they were not terrorists. They needed the anonymity of social media to stay safe. As Professor Peter Neumann and Dr Shiraz Maher have written earlier this year, big social media platforms have cracked down on jihadist accounts, with the result that most jihadists are now using end-to-end encrypted messenger platforms, such as Telegram. This has not solved the problem, it has just made it different. Moreover, few people are radicalised exclusively online; blaming social media platforms is politically convenient and intellectually lazy.

As we have heard, some of the big tech businesses have now come together to form the global internet forum to continue to fight extremism. They will work on four strands. First, there will be sharing and developing new software to detect terror-related content. I must spend a moment explaining that this is harder than many realise. To use Twitter, an example that I know well, if we run an algorithm that we believe has 90% accuracy in finding inappropriate content, we might wrongly remove 50 million tweets—at 90% accuracy. Secondly, they will research bringing academics, industry and government together to share intelligence on the nature and scale of problems. There will be knowledge-sharing with smaller companies, as many tech companies find themselves suddenly with huge user bases and without the infrastructure to deal with those new legal and policy issues. This group will share best practice and help them to set up internal systems. Lastly, it will focus on counter-speech, boosting efforts by working in communities.

The noble Lord, Lord King, talked of the German Government’s recent decision to impose massive fines on these businesses. Although I believe that that might be the wrong solution and hard to implement, it is imperative that Governments hold those companies’ feet to the fire and make no apologies for them. They have been too slow to realise the gravity of the content created on their watch. Nevertheless, we cannot undermine a free and secure internet for political expediency, or allow the systems underpinning our daily lives to be weakened. It was refreshing to hear Robert Hannigan, the ex-head of GCHQ, speak so eloquently just this morning on Radio 4 about why the idea of a so-called “back door” into encryption is flawed and shows the gap between the reality of this dangerous activity online and perception.

That brings me to my second point. How will we ensure that we make the right decisions if our parliamentarians do not have the experience from which to understand these issues? I find it hard, and I have devoted my life to the technology sector. I believe that the gap between innovations driving the pace of change in citizens’ lives and the ability of policymakers to keep up is one of the most pressing questions that we face. Do we need new global institutions? Do we need more-focused parliamentary education programmes? As a local example, Doteveryone, the charity that I started, runs an MP mentoring programme; a small cohort of MPs were matched with digital mentors to help to increase their knowledge. It was a huge success. Corporate boards now have digital security in all its forms as a top priority. Compared to a few years ago, it would be as unacceptable if a CEO claimed that she did not understand its seriousness as it would be if she said that she did not understand the balance sheet. This has to be true in the public sector, too. Every new Minister should have the tools to ask the right questions when they start a new brief or run a new department; only then will we avoid such a situation as the mammoth failure to upgrade departmental software witnessed in the NHS.

Finally, I was very struck by research that I read about at the weekend, undertaken by Haifa University. Do random cyberattacks increase feelings of anxiety and panic? It is surprising to me that that was the first such study of the wider impact of cyberattacks; it is unsurprising that the results overwhelmingly showed that when an attack happens cortisol levels are raised and people immediately feel more anxious. Perhaps most interestingly, those feelings then led to a formation of more-militant political beliefs.

I end with that, as we are only at the beginning of understanding how these cyberthreats will affect us all. Noble Lords will have heard me talk before about the urgent need to increase skills in citizens who do not understand technology, but that is not enough. We must be relentless in encouraging digital understanding at all levels, for everyone. Only then will we be able to talk honestly about the threats that we face and make the right decisions, both individually and nationally, to keep us safe. I fervently believe in the power of an open internet to help in this endeavour. We cannot allow an already fearful public to become more fearful of technology. I urge the Minister to do what she can to tone down the alarmist rhetoric that comes from many parts of government and the media so that we can engage in a well-informed debate.

Baroness Lane-Fox of Soho (CB)

- Hansard -

Copy Link

-

My Lords, I declare my interest as in the register. The internet is also the place of initiatives that help to counter terrorism—think of the incredible relief that many victims of terrorism have felt by using social media and gathering information and news. Does the Minister agree that it is as essential to protect an open and free internet as it is to make sure that we take down the videos to which the noble Lord, Lord Naseby, referred? Can I ask that, in the digital charter announced in the manifesto and in the Queen’s Speech, we do as much to revert to some of the original spirit of the internet as we do to address the challenges that we face in 2017?

Baroness Lane-Fox of Soho (CB)

- Hansard -

Copy Link

-

My Lords, I apologise for not being able to speak at Second Reading. I was detained at a board meeting.

This House has given me many occasions to feel both alarmed and surprised. Today is no exception, first, in describing Tinder to my Back-Bench friends during an earlier part of the debate and, secondly, in rising to speak against four noble Lords for whom I have the greatest respect and who have offered me enormous friendship since I entered your Lordships’ House. I should like to cite three brief reasons why I oppose the amendment.

First, I wholeheartedly agree that we need a more detailed, complex and timely debate around this enormously complicated issue. The Government were slow to react compared to the quick review by America of the oversight and security services post-Snowden. This Government have looked lacklustre in their response. However, different processes are under way.

I declare an interest as being part of a panel set up by the Deputy Prime Minister and administered by the Royal United Services Institute. The Information Commissioner work is also continuing and we have the emergency legislation referred to as DRIP, which has already been talked about this afternoon. I believe it is very important that those pieces of work reach the next stage and that the debate in Parliament puts all of them into the mix.

Secondly, it is easy to underestimate the power of the public’s view on this subject. The noble Lord, Lord West, mentioned that he thinks that the public are fairly disinterested in this issue but I disagree wholeheartedly. A YouGov survey found that only 6% of people believe that the Government have a coherent data strategy but that it affects them directly. Another poll whose results I saw recently said that just 2% of people trust the Government when it comes to their data. That is immensely important for the reason that the noble Lord, Lord Paddick, most eloquently espoused earlier—to build trust and engagement among exactly the groups that this legislation is trying to reach.

More than that, perhaps I may give two technical examples that make me believe that such trust is so vital. There is now a move towards more and more use of the dark web—a place where it is very difficult to collect any data—and towards more and more encryption. At one end of the spectrum is a small start-up—actually it is not so small any more—called Wickr. This was started by a woman in the US and it enables communications to remain completely secure. Imagine sending a message that is never stored on any server anywhere. Not only does it disappear remotely in your hand but also it never stays on the network. She has had enormous success in building her app—quite understandably for many people, who believe that they should have a private mechanism for communication and that the Snowden revelations have shown that systems are not safe or secure. Then, more in the mainstream, we have Facebook, which has recently asserted that it is starting a sub-site on the dark web—the unregulatable and uncontrollable web—so that its customers can feel safe.

If we do not listen to what the world is doing and move and engage with it, allowing people to feel that their concerns around security are being addressed, there is a danger that we will take a retrograde step with communications Bills, such as with this amendment.

Finally, I believe that we need to engage much more deeply with both civil liberties groups and the industry itself. Here, I agree with a recent statement by President Obama, which I hope the Committee will forgive me for repeating. At the press conference in Washington which he shared with our own Prime Minister, he said in answer to a question about surveillance and about whether there was a swing to security from privacy:

“In six years I and the Prime Minister have seen a constant threat stream across our desks—the pendulum doesn’t need to swing but we need a consistent framework. There needs to be a debate about the laws and the discussion needs to involve the tech industry, who have responsibilities not only to security but also to the customers who use their products, and it also needs to involve the civil libertarians who are tapping us on the shoulder”.

I urge the Government to address the very real concerns of the general public on the one side and the security services on the other, particularly about the boundaries and framework for data collection, but I urge them not to do so by way of this amendment.

Baroness Lane-Fox of Soho (CB)

- Hansard -

Copy Link

-

My Lords, when Tim Berners-Lee famously typed his message “this is for everyone” at the start of the 2012 Olympic ceremony, I do not think he could have imagined just how prescient that statement would be and why. Tim has always striven for an open, transparent and universal web, one where people are able to have private conversations and assume complex identities. Nowadays his Olympic optimism could be read instead as a statement of the irrevocable powers of Governments and commercial organisations to know everything that people are doing in their digital lives.

I do not think that many of us who were around at the beginning of the web’s development imagined that the landscape would so quickly look as it does today. I certainly thought that, as the web became more mainstream, it would open up enterprise, policy-making and the monopolies that had characterised our society. The power for individuals to disrupt the status quo and to create better services—both public and private—seemed significant. Instead, it is remarkable how quickly the freedoms that I found so energising are in danger of being eroded.

In this context, I want to talk about three aspects of the Bill: first, the digital skills needed within Parliament to achieve proper scrutiny; secondly, the timing of the sunset clause; and, finally, the nuances of Clause 4. I spend a great deal of my working life encouraging large organisations to embrace the digital world, particularly the pace of digital change. Generally, I am on the side of speed, and I am often mocked for setting an unfeasible and unreasonable timeframe to complete a project. As noble Lords have said, the timeframes for this Bill are alarming.

I agree with all noble Lords who have raised the point, as well as with the World Wide Web Foundation, which said that,

“we fundamentally disagree with the lack of consultation and the speed with which the Bill will be rushed through. Full and frank public debate that informs the legislative process should have occurred by now—after all, these issues have been making headlines for over a year and the relevant ECJ judgment was delivered in April”.

Putting aside whether it is proper parliamentary process, this rush seems to highlight an issue of growing importance which we, as parliamentarians, face. I consider myself fairly digitally literate and yet I have struggled to understand the nuances that are informing this legislation. Whatever our political persuasion and whatever we feel about the subjects, we can all agree that these are complex areas which are understandably unfamiliar to many parliamentarians who are being asked to consider them. I felt as if I had a head start, yet I struggled to assimilate the different areas addressed in the Bill. As the noble Lords, Lord Knight and Lord Hodgson, demonstrated so effectively, even the meaning of metadata is complicated. Contrary to popular belief, it can very easily and quickly lead to individual identification.

Through no fault of their own, parliamentarians may well be making judgments on areas which are rapidly evolving and where technology is changing the art of the possible. For example, ways of intercepting and recording data that do not exist today will undoubtedly be invented. There are many products launching right now which will change the boundaries again. How do wearable technologies, such as Google Glass, which collect data fit into this new picture? It therefore makes me extremely nervous that Bills which require such deep technical expertise are given so little time.

The digital capability of the other place and of your Lordships’ House is something that will become more and more profoundly significant. All pieces of legislation will soon have aspects of technology at their core and our ability to scrutinise effectively will rely on a deeper understanding than currently exists. As someone from the digital sector, it is also disappointing to watch as legislation that directly affects that sector is so cursorily debated. It only goes to further people’s belief that neither House understands the modern world nor cares about their digital lives. It is a tough problem to crack, but may I suggest to the Minister that it would be interesting to consider a review of our own skills which might lead to some actions to improve them?

The lack of time to scrutinise the Bill is what makes the sunset clause so vital. If debate about these issues is as important as the Government reassuringly claim that it is, why would a sunset clause not come into force much more quickly than after two and a half years? The pace of technological change is so great that to be certain of anything two years out is brave. The questions under discussion are becoming more, not less important to citizens. Many in the technology community, including Jimmy Wales, the founder of Wikipedia, are calling for a six-month sunset clause. Despite the six-month reviews included as part of the amendments made yesterday, that would seem extremely sensible and desirable.

My final point is on Clause 4 of the Bill. If this clause is seeking to preserve the status quo, it is a status quo that has never been clear or legal. It is a status quo which, as has been intimated by other noble Lords, read in conjunction with Section 8(2) of RIPA would allow for the blanket interception of all data from international technology companies. Like the noble Baroness, Lady Kennedy, I would appreciate clarification as to whether this complies with the ECJ judgment.

I am not clear why, in an age where all data can be collected, all data should be collected. We require reasonable suspicion and an individual search warrant in order to enter someone’s home. Why cannot the same be true in respect of someone’s online property? No one would suggest that, where appropriate, Governments should not be able to target individuals about whom they have suspicions. The security of citizens is paramount. I have felt reassured that, where necessary, the security services have the ability to track an individual who may pose a threat, using all the available new platforms. However, I believe that this Bill is building on a modus operandi that has been going on for too long without clarity or transparency, and because it has been happening it does not mean that it should go on happening. In some ways it could be argued that at least Clause 4 puts a legal framework around something that, as the Home Secretary herself has said, was just previously assumed by Government, but at least let us be honest about the extent and genesis of these powers.

When the Snowden revelations broke, President Obama immediately set up an expert panel to examine oversight of the security services. That showed how far the political discourse in the UK lagged behind that of the US. No such steps were taken here. This panel looked into claims by the NSA about the necessity of data gathering. It found only one case where the bulk collection of phone records was helpful—itself a money laundering incident. Allegations that GCHQ and the NSA undermined encryption alarm everyone who trusts the web with their medical, financial or personal records. Public trust is at an all-time low and I fully understand why. We ignore people’s anxiety at our peril.

As many noble Lords are aware, this year is the 25th anniversary of the world wide web. It is essential that we do not charge headlong into decisions about the relationship between citizen and state in the new world that will influence us for the next 25 years. I am an optimist, but I must confess that I am uncharacteristically depressed. The web I want seems to be disappearing. Addressing the ECJ ruling and planning this Bill far earlier could have been an extraordinary opportunity to instigate a wide-ranging and sophisticated review about the future, a review which carefully considered the implications of data collection, the role of surveillance and the trade-off between privacy and security. Instead, we are being catapulted into legislation that builds on the badly understood and arguably dysfunctional RIPA legislation.

This Bill sets a precedent from which, even with reviews and a sunset clause, I believe it will be hard to row back. I sincerely hope that we do not regret it. I look forward to the Minister’s response.

Baroness Lane-Fox of Soho (CB)

- Hansard -

Copy Link

-

My Lords, I thank the noble Baroness, Lady Meacher, for proposing this debate and particularly for being so encouraging about participating in it. I have two areas of experience that I hope may be relevant. I have been a funder and trustee of several charities that deal with the fall-out from drugs, including Reprieve, IntoUniversity and Storybook Dads. My involvement has also made me think about the impact of the internet on this issue, which, as some noble Lords may know, is my particular interest.

One charity that I know well, Just for Kids Law, provides invaluable support for children and young people, many of whom are in care, looked after or at risk of exclusion from school. As well as legal help, it offers services ranging from securing housing to finding work. The organisation is a vital resource for the most vulnerable in our society. One of the most distressing and relentless aspects of the lives of the children that JFK helps is being stopped and searched by police. We know from police statistics that 50% of all searches are to look for drugs. We also know from police data that the searches take place disproportionately among the BME population. Some JFK clients talk of being stopped more than three times a day. Not only is this hugely destructive to the lives of the children but it is expensive. JFK worked with another not-for-profit organisation, StopWatch, to produce a smartphone app that allowed the kids to register every time they were stopped, whether there was an arrest and how the police treated them. The stop-and-search app allowed young people to get some control over what they felt was persecution. It also showed the high number of searches that did not result in any substances found, data that could be very useful to the police when prioritising work.

It is interesting to reflect on that development. Technology is changing with great speed the relationship between the supposed criminal and the authorities. But could we not be even bolder in thinking about how the internet could inform some of the solutions for the enormity of the challenges facing drugs policymakers? It feels as though those currently illegally controlling the drugs industry certainly already are. Only yesterday on the Radio 4 “Today” programme there was a discussion on the increasingly high level of digital capability. Marc Goodman, an ex-officer who now studies crime and terrorism, said in his TED talk in 2012,

“all the drug dealers and gang members with whom I dealt had”,

a cell phone,

“long before any police officer I knew did”.

He also talked about how hard it is for the police to stay ahead of drug cartels. For example, in Mexico there is a national encrypted radio station and telecoms network run by a group of dealers that is completely out of the reach of any state. I think it might be even harder to access remotely than the parliamentary e-mail system.

The internet is rapidly changing consumer behaviour, and this brings me to the Silk Road. This is not the beautiful route stretching through central Asia, well trodden by Marco Polo, but the website of the same name, mentioned earlier by the noble Lord, Lord Howarth, sometimes called the Amazon.com of drugs. Launched in 2011, the site was operated on Tor, a “dark web” service that anonymises users, making it much more difficult for them to be tracked. The site allowed users to buy a huge range of semi-legal and illegal substances using the digital currency Bitcoin. The FBI closed it down last month.

Rather than a terrible crime, using Silk Road could be seen as a better approach to drug sales—a more peaceful alternative to the deadly violence that street deals have led to for decades and which, as the APPG report’s notes show, has led to many thousands of deaths at unbelievable cost. As many of commentators have written, the site was credited by its creators and users as mitigating gangs and cartels, providing quality drugs and going some way to breaking dependency cycles. It did this by breaking people’s relationships with dealers on the street and with the police—all objectives of the unsuccessful so-called war on drugs that, as has been documented today, has cost Governments around the world trillions of pounds.

I very much respect the work of the APPG, but in future work might it be possible to take the different but linked experiences of Just for Kids Law and the Silk Road to think boldly about how technology might help facilitate a different, more successful global drugs policy?