The Minister of State, Home Office (Lord Bates) (Con)

- Hansard -

Copy Link

- - Excerpts

My Lords, with the leave of the Committee I will also speak to the Regulation of Investigatory Powers (Interception of Communications: Code of Practice) Order 2015.

Members will know that on 4 November 2015 the Government published draft legislation relating to the security, intelligence and law enforcement agencies’ use of investigatory powers for pre-legislative scrutiny by a Joint Committee of Parliament. The intention is for the Bill to be introduced early in 2016 and enacted before the sunset provision in the Data Retention and Investigatory Powers Act 2014 takes effect on 31 December 2016. In the mean time, the Regulation of Investigatory Powers Act 2000 and the codes of practice made under it provide the legal basis for the essential investigatory techniques necessary to acquire the communications of those who mean us harm. Today we debate two codes of practice made under the existing legislation: an update of the existing code of practice on the interception of communications and a new code on equipment interference.

Interception is a vital tool that helps law enforcement and intelligence agencies to prevent and detect serious or organised crime and protect national security. It is also among the most intrusive powers available to law enforcement and the security agencies. For that reason, it is subject to strict safeguards in the Regulation of Investigatory Powers Act 2000 and the code made under it. Interception warrants are issued and renewed by the Secretary of State for a small number of agencies and for a strictly limited range of purposes. RIPA also provides for independent oversight by the Interception of Communications Commissioner and an impartial route of redress through the Investigatory Powers Tribunal.

The interception of communications code of practice first came into force in 2002 and needs updating. There is now far more that can be said about the safeguards that apply to security and law enforcement agencies’ exercise of interception powers and the revised version of the code includes that extra detail. On what is new in the code of practice, the safeguards described in these codes are not new in themselves. In respect of the interception code, the law enforcement and intelligence agencies have always had robust internal arrangements, overseen by the Interception of Communications Commissioner. The draft code provides more detail about those arrangements.

First, it provides additional information on the safeguards that exist for the interception and handling of external communications under Section 8(4) of RIPA—that is, the ability to undertake bulk interception. Secondly, it sets out further information on the protections afforded to legally privileged material and other confidential material. To give an example, the code requires the Secretary of State personally to consider the likelihood that privileged material will be intercepted when determining whether it is necessary and proportionate to grant a warrant. It also requires additional internal safeguards to be applied in cases where legally privileged material is intercepted, including that where such material is retained it must be reported to the independent Interception of Communications Commissioner. Thirdly, it includes minor changes to reflect developments in law and practice since the code first came into force in 2002. For example, it reflects regulations introduced in 2011 which amended RIPA to create the power for the interception commissioner to impose a fine for certain kinds of unlawful interception. Much of the new material on the safeguards that apply to the exercise of interception powers reflects information disclosed during legal proceedings in the Investigatory Powers Tribunal, and it is right that this information is included in codes of practice so that it easy for members of the public to access it.

The equipment interference code of practice is new. Equipment interference is a set of techniques used to obtain a variety of data from equipment. This includes traditional computers or computer-like devices such as tablets, smartphones, cables, wires and static storage devices. Equipment interference can be carried out either remotely or by physically interacting with equipment. It allows the security and intelligence agencies in particular to keep pace with terrorists and serious criminals, who increasingly use sophisticated techniques to communicate covertly and evade detection. Equipment interference has been instrumental in disrupting credible threats to life, including those against UK citizens. MI5 has relied on this capability in the overwhelming majority of high-priority investigations it has undertaken over the past 12 months.

The Security Service Act 1989 and the Intelligence Services Act 1994 provide the legislative basis for the security and intelligence agencies to interfere with computers and communications devices. Warrants may be issued by the Secretary of State only when he or she considers the activities to be authorised are necessary and proportionate. The use of the powers is subject to independent oversight by the Intelligence Services Commissioner. Prior to the draft code, which we are debating today, equipment interference powers have not had their own bespoke code of practice.

The code does not confer new powers, but simply makes public the robust internal safeguards that the intelligence agencies already apply. It brings greater transparency to the robust processes that the agencies adhere to when interfering with computer equipment to prevent terrorism, disrupt serious crime and identify and stop others who seek to harm us and our country. For the first time, this code of practice publicly sets out the stringent safeguards that the intelligence agencies apply to their use of equipment interference. This includes strict rules on how data acquired through equipment interference must be handled, how they must be securely and safely stored, and how they must be destroyed when it is no longer necessary or proportionate to hold them. The code also explains the consideration of necessity and proportionality that the Secretary of State must take before authorising any use of equipment interference. That ensures that this vital capability may be used only when the scope of the interference has been carefully considered and compared to the potential benefits of the operation. Furthermore, the code explains that equipment interference should not be considered a proportionate power if other less intrusive methods of acquiring the same data are possible.

Akin to the interception code of practice, this document also provides reassurance that the acquisition of legally privileged and confidential information is subject to even greater oversight and safeguards. The code sets out a series of tests that must be applied before any authorisation is granted and then the subsequent handling arrangements, should confidential material be acquired.

Finally, the code also provides information regarding the use of equipment interference targeted at equipment outside the British Isles. This section ensures that the public have a comprehensive guide to the use of equipment interference powers by the intelligence agencies and the range of safeguards and oversight that applies to such important activity.

The codes of practice contain no new powers; instead, they reflect the current safeguards applied by the relevant agencies. The purpose of the codes is to make more information publicly available about the stringent safeguards that the agencies apply in their use of investigatory powers. They ensure that the powers can be used only when it is necessary and proportionate and when it will help keep us safe from harm. I commend the orders to the House.