Damian Hinds

- Hansard -

Copy Link

- - Excerpts

Prosecuting authorities have to make judgments. The Bill is specifically about national security, but within that it is about countering state threats. It gives us a whole new set of tools and weapons to add to our arsenal, and, notwithstanding the right hon. Gentleman’s body language, I think that that is much to be welcomed.

My hon. Friend the Member for Wycombe (Mr Baker) asked a specific question about police stations. Because of the new arrest power in the Bill that can last up to 14 days, the Secretary of State may be required to designate specialist sites to meet the operational need, but I want to reassure my hon. Friend that this has nothing to do with extraordinary rendition. The provision mirrors those in the Police and Criminal Evidence Act 1984 and the Terrorism Acts to ensure that appropriate facilities are available. However, it is not possible to designate such a place outside the United Kingdom. The Government are clear about the fact that torture, mistreatment and arbitrary detention are contrary to human rights law.

Damian Hinds

- Hansard -

Copy Link

- - Excerpts

I have not finished my speech, but go on.

Damian Hinds

- Hansard -

Copy Link

- - Excerpts

I do not think that this is an appropriate forum in which to discuss the detail of such measures, but I hope I can reassure my hon. Friend on that particular point. As I have said, this is to allow for cases in which such capacity is required owing to operational need, and it cannot be outside the United Kingdom.

A number of Members on both sides of the House have referred to the so-called STPIMs. These are a tool of last resort to prevent, restrict and disrupt an individual’s involvement in state threats activity. In the most serious cases, that could include restricting where an individual can reside, whom they can associate with, and where they can work and study. An STPIM will be used when intelligence exists to confirm that highly damaging threat activity is planned or being undertaken but prosecution is not realistic. As my hon. Friend said, with such measures it is extremely important to have the appropriate safeguards.

I want to reassure the hon. Member for Cumbernauld, Kilsyth and Kirkintilloch East (Stuart C. McDonald) that STPIMs will not be imposed through ministerial decision making alone. There will be a process through the courts. A decision by the Secretary of State to impose an STPIM, once they are satisfied that the five conditions set out have been met, will be referred to a judge, and the court’s permission will be sought before an order can be made. The court is specifically tasked with checking that the ministerial decision is not flawed.

My right hon. and learned Friend the Member for Kenilworth and Southam (Sir Jeremy Wright) and others spoke about civil legal aid for terrorists. Through the Bill, we will take action to restrict access to civil legal aid in England and Wales for individuals convicted of terrorism or terrorism-connected offences since 2001. However, I can assure my right hon. and learned Friend, my hon. Friend the Member for Bromley and Chislehurst (Sir Robert Neill), the hon. Member for Garston and Halewood (Maria Eagle) and others who have spoken about this that the restriction of access of civil legal aid applies only to offences involving a sentence of more than two years. In any event, all individuals subject to the restriction can apply for exceptional case funding, and applications will be assessed according to the legislative framework of whether an individual’s human rights may be breached without legal aid. The type of terrorism offence that had been committed would not have bearing on the exceptional case funding decision.

I need to spend a couple of minutes going through the amendments to the Serious Crime Act 2007, an important subject that a number of colleagues have brought up, including my right hon. Friend the Member for Haltemprice and Howden (Mr Davis) and my hon. Friend the Member for Wycombe. The context, of course, is that our intelligence and security services and armed forces do and must work in close partnership with international partners to maximise UK capabilities and their ability to protect national security on our behalf. A key part of that is sharing intelligence and data to support joint objectives.

However, it is possible that such intelligence, when shared in good faith and in accordance with all domestic and international law, could still be capable of contributing, even in a very small or indirect way that was not intended at the time it was shared, to an international partner’s engaging in activity that the UK would not support. The Serious Crime Act 2007 creates an offence where an act is done that is

“capable of encouraging or assisting…an offence”.

That means that in this scenario there is a risk of individuals facing criminal liability, even when they have operated in good faith and in accordance with the guidance and proper authorisation.

Put simply, the Government believe it is not fair to expect the liability for that unforeseen eventuality to sit with an individual officer of our intelligence services or member of the armed forces who is acting with wholly legitimate intentions. Instead, the liability should sit with the UK intelligence community and the military at an institutional level, where they are subject to executive, judicial and parliamentary oversight. The amendment at clause 23 therefore removes that liability for individuals, but specifically only where the activity is necessary for the proper exercise of the functions of the security and intelligence services or the armed forces. It does not remove liability at an institutional level for any activity.

The Minister for Security and Borders (Damian Hinds)

- Hansard -

Copy Link

- - Excerpts

It is a pleasure to serve under your expert chairmanship, Sir Mark. I thank my hon. Friend the Member for Bridgend (Dr Wallis) for securing today’s debate and bringing this important issue to Westminster Hall. I am also grateful to all colleagues who have taken part. It strikes me that this is a good example of bringing to bear on Parliament not just opinions or political points but real depths of expertise from the outside world. I think it has been a very good debate.

I thank the SNP spokesman, the hon. Member for Cumbernauld, Kilsyth and Kirkintilloch East (Stuart C. McDonald), and the Opposition spokesperson, the hon. Member for Halifax (Holly Lynch), for the constructive way that they engaged with the important discussion. I reassure everybody that it will feed into the review, which I will come back to later. I confirm to my hon. Friend the Member for Bridgend that I would be pleased to meet with him and a group of colleagues to discuss the issue further—I look forward to it.

As the Minister for Security and Borders, I am keenly aware of the scale of the cyber-crime threat facing our citizens and businesses. Keeping them safe is a key priority for the Government and our operational agencies and I take this opportunity to thank all those who work tirelessly to protect the public.

The threat from cyber-crime has intensified over the last couple of years. As the hon. Member for Halifax said, the pandemic meant that even more of our lives were spent online, and, inevitably, criminals have sought to exploit that shift. The statistics bear out the scale of the threat, with computer misuse now accounting for an estimated 15% of all crime. That opportunism is despicable and underlines how crucial it is that we have a robust and effective response. The Computer Misuse Act is primarily about hacking into someone else’s computer, but clearly there are more crimes that involve misusing computers for criminal means—most fraud, for example. Later today we have the Second Reading of the Online Safety Bill, which is an ambitious and forward-looking piece of legislation that will tackle online harms around fraud and fraudulent advertising.

I turn to some of the points made by the hon. Member for Strangford (Jim Shannon) about protecting individuals and small businesses. I reassure him that comprehensive advice is available from Cyber Aware. We encourage everybody to act on that, starting with three key things: protecting email security with a password made up of three random words; using two-factor authentication where that is available; and keeping operating systems up to date—often when an update comes around it is to see off some weakness that has been found.

I want to note important steps taken by industry that can make what hacking yields of less utility—things such as the banking sector’s deployment of the confirmation of payee system. We have sector charters in place with key industries, including retail banking. While Northern Ireland has a different policing arrangement, in this part of the UK we have the regional and national cyber-resilience centres, supported by policing, to help give extra support and guidance to small businesses that may have less wherewithal to invest in cyber-security expertise.

I also want to respond to my hon. Friend the Member for Barrow and Furness (Simon Fell) about skills; he is absolutely right that although the issue is about machines, it is ultimately about people. It is people who improve our defences. There are key pathways and standards in the Institute for Apprenticeships and Technical Education system, including under the cyber-security technologist umbrella and more broadly with the introduction of T-levels. Indeed, the critical T-level is digital business services, which includes a minimum of nine weeks of industry placement. I strongly encourage firms operating in the area—in cyber-security and in-house digital technology—to support that to make sure we all work together to bring on that next generation of experts who will help keep us all safer.

Damian Hinds

- Hansard -

Copy Link

- - Excerpts

I am grateful to my hon. Friend. I shall add that to my bedtime reading list, which is not uncrowded at present. I will look forward to getting to that.

In the last year, we saw a number of high-profile ransomware attacks around the world, including attacks on local authorities and schools in the UK. The National Cyber Security Centre has reported that in just the first four months of 2021, it handled the same number of ransomware incidents as for the whole of 2020. The National Cyber Security Centre has improved our understanding of the threat and provides a unified source of advice and support to Government and business.

I am afraid that the threat posed by cyber-attacks continues to grow in scale and complexity. That is why the national cyber strategy, mentioned by a number of colleagues and published in December, sets out how the Government will invest £2.6 billion over the next three years to develop a whole-of-society approach to increasing national cyber-security and resilience, including reducing the risk and opportunity for cyber-crimes and disrupting cyber-criminals. As part of that funding, we will continue to invest in the law enforcement cyber-crime network at national, regional and local level. In the face of such a broad and complex threat picture, law enforcement agencies must have the powers they need to investigate online criminality. It is also essential that we have robust legislation in place to enable action to be taken against the perpetrators.

My hon. Friend the Member for Wycombe (Mr Baker) was right about how much has changed since 1990, and my hon. Friend the Member for Barrow and Furness pointed out that the world is more interconnected than ever. Next year, it will be even more interconnected again. All that is correct and we must make sure we are up to date and up to pace. However, as my hon. Friend the Member for Boston and Skegness (Matt Warman) pointed out, it is also the case that over the last 30 years, the Computer Misuse Act has generally proven to be a far-sighted piece of legislation for tackling unauthorised access to systems. As the threat has changed, so too has the Act, which has been updated a number of times—most recently in 2015, where the offence of unauthorised acts causing, or creating risk of, serious damage was introduced.

We are firmly and fully committed to ensuring the legislative framework that underpins our efforts to address cyber-crime remains relevant and effective. That is why last May the Home Secretary announced a review of the Computer Misuse Act. The Home Office subsequently launched a call for information, which marked the first step in that process. The purpose of the call for information was to seek views of interested stakeholders across the piece, including in industry, academia and the agencies, on the Act and the associated investigative powers available to law enforcement. The Home Office has received responses covering a range of interesting and complex issues and we are grateful to those who have sent in their views. We are considering the feedback submitted and continue to engage with partners to determine whether changes are needed. We will provide an update on the initial findings of the review shortly.

I want to touch on a couple of key points directly relating to the Act that will influence the approach we take on defences. First, the Act is based on the principle that the owner of the computer and computer data has the right to say who can access it. I want to stress that point, which was made repeatedly during the development of the Act. Authorisation to access a system is the prerogative of the owner. It is that person who is responsible for the operation of the system and bears the cost of securing it.

Equally, the Government are rightly seeking to ensure that system owners take more responsibility for the security of their systems and the content held on them. Therefore it is right that the system owner has the protection of the law from those who obtain or attempt to obtain unauthorised access to computers and their data. We encourage firms to agree to having their systems tested for vulnerabilities by third parties but the fundamental point is that it is the choice of the legal property owner to determine that.

Secondly, we need to ensure that the Act continues to criminalise those who take unauthorised action against computer systems and provides the legal basis for relevant legal authorities to act.

In launching the review, we have been clear that we are open to changes to the Act that enhance our approach to that threat. However, I must also emphasise that any such changes should be well-considered and well-evidenced. We must guard against taking any action that would undermine the ability of law enforcement agencies and prosecutors to investigate criminals and prosecute them.

I have heard the views of Members on defences. My hon. Friend the Member for Boston and Skegness identified the nuance very well, as my hon. Friend the Member for Wycombe did the nuance of the registration of industry professionals. We are still considering the question of defences, but I am sure that Members would agree with me that we cannot put in place measures that would act as a mechanism for criminals and state actors to hide behind. That is why we need to tread cautiously. An ill-conceived defence could leave prosecutors with the burden of trying to prove a negative, for example, in needing to prove that cyber-attacker X was not, in fact, intending to protect a computer system when they attempted to access it without permission.

It is also worth pointing out that there are already defences in the Act that apply to cyber-security activity. If a person has the authorisation of the system owner to access the system, no offence is committed. In addition, any decision on prosecution is a matter for independent law enforcement and prosecuting agencies who take into account all relevant facts of the case. We must also ensure that any changes to the Act do not permit or encourage retaliatory cyber-activity, sometimes known as “hack back”. There is a danger that such a defence could embolden so-called hacktivists, or commercial entities who wish to offer such services, if they believe their actions could be protected under the law. The UK does not condone unlawful cyber-attacks of any kind.

Some responses to the call for information set out proposals for a review of sentences, and we have also had suggestions for new powers for law enforcement agencies to take action against criminals online. We are considering them as part of the review, including whether sentencing guidelines are needed to ensure that the harms caused by those committing Computer Misuse Act offences are appropriately considered during sentencing.

The hon. Member for Halifax asked a direct question and yes, state threats in this area are absolutely a prevalent and growing issue. I know she would not expect me to give a commentary on a specific security matter, but I want to reassure her and the House that the Government take extremely seriously the question about state capability in this area.

There is absolutely no doubt that the UK needs a Computer Misuse Act that is fit for purpose and can rise to the challenges of the present day. As colleagues know, the Home Office is engaged in a review that is charged specifically with ensuring exactly that.

The context of the war in Ukraine makes that work more important than ever, as the shadow Minister said quite rightly. I am acutely conscious of that, but we cannot rush this. That would only serve to help our adversaries. We are, therefore, approaching the exercise with the careful consideration that the public would expect and which these sometimes complex issues demand. Through the review, and as part of business as usual, we are listening attentively to law enforcement agencies and National Cyber Security Centre experts on what is most likely to enhance our national cybersecurity. Of course, we are also studying the approaches of other countries.

I thank my hon. Friend the Member for Bridgend for securing the debate, which has been interesting and insightful. I am grateful to have had the opportunity to outline our activity in the space and, as I said at the start of my remarks, I look forward to meeting my hon. Friend and colleagues to discuss it further.

Damian Hinds (East Hampshire) (Con)

- Hansard -

Copy Link

- - Excerpts

It is a pleasure to serve under your chairmanship, Mr Amess. I congratulate the hon. Members for West Bromwich West (Mr Bailey) and for Islwyn (Chris Evans) on securing this important and timely debate, which coincides with co-operatives fortnight. I will talk about financial mutuals, particularly credit unions. This is a promising time for financial mutuals, in the wake of the banking crisis and against the backdrop of the big society agenda and the emphasis on debt affordability at all levels.

Financial mutuals remain large, in spite of what has happened over the past couple of decades, and still serve one in three of the population through building societies, mutual insurers and friendly societies, co-operative financial services and credit unions. Credit unions, sadly, come at the bottom of that list, because it is ordered by number of members or customers or by assets under management. If the list were ordered by number of individual institutions, credit unions would come at the top. There are 48 building societies in the UK, with more than £300 billion in assets. The number of credit unions is about 10 times higher, at 426, but they hold assets of less than £1 billion.

Nevertheless, despite their relatively small size, credit unions in this country have been growing rapidly. Over the past 20 years, from 1990 to 2010, the number of members has grown from 54,000 to 800,000 and assets from £17 million to £750 million. However, there is an awfully long way to go. Compared with other countries such as the United States, Ireland, Australia and elsewhere, the penetration of credit unions among the UK population is small indeed. I see that as an opportunity rather than a problem.

Credit unions are traditionally mutuals owned by their members, who are savers and shareholders, and managed or overseen by a board of directors elected on the traditional one-member, one-vote basis. Critically, the interest rate at which they can lend is capped. It is about the only part of the financial sector that has such a cap. Historically, it was 12.7%, but it is now 27%. That still means, however, that anybody borrowing from a credit union knows that they are getting their loan at a reasonable rate. It is very important, because the market in which they operate features many other operators that charge a good deal more.

Payday lenders are a part of the financial market that the hon. Member for Walthamstow (Stella Creasy) might mention later. They represent an area of growth in the market and have received a lot of attention, but there are plenty of others. Home credits, for example, are a much larger part of the sub-prime market, have been around in this country for much longer and serve many more customers. Other parts of the market may not appear to have the same sky-high rates of interest, but they end up being just as bad a deal in terms of their overall charging structure. I am thinking in particular of some rent-to-own operators.

There are some brilliant opportunities for credit unions at the moment, and some strong and encouraging news from the Government, particularly the £73 million that they are making available in the modernisation fund for credit unions. Many areas of modernisation need to be looked at, but I think that what the sector finds most exciting is the development of the back-office platform and the potential to interface with the Post Office. That opens huge opportunities to bring credit union services to a much larger part of the population and for them to be much more visible in the marketplace.

Another critical piece of the jigsaw is the legislative reform order, for which the credit union sector has been waiting for some time. The issue has straddled the change in Government and we hope that it can now progress with great speed. It will enable critical changes in the sector to facilitate its further development. First, it will soften the common bond requirement—which relates to where someone lives or works, who they work for, or which organisation they are a member of—to become a member of a credit union. Secondly, it will enable credit unions to offer services not just to individuals, as is the case at present, but to organisations, particularly charities and voluntary organisations, although it might also apply to firms. Thirdly, it will enable credit unions to offer a fixed rate of interest to savers, if they wish. That will make them more attractive and enable them to provide a better range of financial services.

There are other issues. The sector looks to Government for a proportionate approach to regulation. They are, relatively speaking, only little and have not had the problems that the big banks had during the crisis. They want an appropriate level of regulation that matches their size and role.

There are also new opportunities, such as the big society bank, which is a wholesale bank that needs organisations on the ground to administer its funds. I am sure that community development finance institutions will play a big part in that, as will credit unions, in a post-legislative reform order world. Not all credit unions will find that appropriate, but some of them may. Credit unions could also play a role with the son or daughter of the social fund, in its new, evolved form. Local authorities will be more responsible for elements of that. They do not have a long history of dealing with crisis loans and so on, but their local credit unions could help them in that regard.

Looking to the future, I think there will be some blurring of the exact lines between credit unions, CDFIs, social lenders and microfinance institutions. It would be good to see the development of more microfinance institutions of one sort or another in this country, as well as internationally. Technology may also help us to broaden the boundaries of credit unions and to bring more people in, particularly as savers, which will allow them to expand their business. That is also applicable to microfinance and, eventually, to retail investors in social impact bonds.

Two key developments will enable that. They might involve a role for Government, but they might not—they might come from entirely different parts of the social finance sector. The first is the development of a social ISA, which I wrote about some years ago in a Bow Group pamphlet on credit unions and increasing the capitalisation available for them. Others have written about similar things in relation to all sorts of other projects. It sounds very much like an idea whose time has now come, to enable ordinary retail investors to put their money behind socially worthwhile projects and accept a slightly lower financial return as a result.