PARLIAMENTARY DEBATE
Investigatory Powers Bill (First sitting) - 24 March 2016 (Commons/Public Bill Committees)

Debate Detail

The Committee consisted of the following Members:

Chair(s) †Nadine Dorries, Albert Owen

Members† Atkins, Victoria (Louth and Horncastle) (Con)
† Buckland, Robert (Solicitor General)
† Cherry, Joanna (Edinburgh South West) (SNP)
† Davies, Byron (Gower) (Con)
† Fernandes, Suella (Fareham) (Con)
† Frazer, Lucy (South East Cambridgeshire) (Con)
† Hayes, Mr John (Minister for Security)
† Hayman, Sue (Workington) (Lab)
† Hoare, Simon (North Dorset) (Con)
Kinnock, Stephen (Aberavon) (Lab)
† Kirby, Simon (Brighton, Kemptown) (Con)
† Kyle, Peter (Hove) (Lab)
† Matheson, Christian (City of Chester) (Lab)
† Newlands, Gavin (Paisley and Renfrewshire North) (SNP)
† Starmer, Keir (Holborn and St Pancras) (Lab)
† Stephenson, Andrew (Pendle) (Con)
Stevens, Jo (Cardiff Central) (Lab)
† Warman, Matt (Boston and Skegness) (Con)

ClerksFergus Reid, Committee Clerk

† attended the Committee


Public Bill CommitteeThursday 24 March 2016
(Morning)

[Nadine Dorries in the Chair]

Investigatory Powers Bill
  11:03:26
The Chair
Before we begin, I have a few preliminary announcements. Please switch electronic devices on to silent—thank you. Tea and coffee are not allowed during sittings.

Today, we will first consider the programme motion on the amendment paper. We will then consider a motion to allow us to deliberate in private about our questions before the oral evidence sessions, before considering a motion to enable the reporting of written evidence for publication. I hope that we may take some of those formally, without debate. I call the Whip to move the first motion.

Ordered,

That—

(1) the Committee shall (in addition to its first meeting at 11.30 am on Thursday 24 March) meet—

(a) at 2.00 pm on Thursday 24 March;

(b) at 9.25 am and 2.00 pm on Tuesday 12 April;

(c) at 11.30 am and 2.00 pm on Thursday 14 April;

(d) at 9.25 am and 2.00 pm on Tuesday 19 April;

(e) at 11.30 am and 2.00 pm on Thursday 21 April;

(f) at 9.25 am and 2.00 pm on Tuesday 26 April;

(g) at 11.30 am and 2.00 pm on Thursday 28 April;

(h) at 9.25 am and 2.00 pm on Tuesday 3 May;

(i) at 11.30 am and 2.00 pm on Thursday 5 May;

(2) the Committee shall hear oral evidence on Thursday 24 March in accordance with the following Table:

TABLE

Time

Witness

Until no later than 12.00 pm

David Anderson Q.C., independent reviewer of terrorism legislation

Until no later than 12.30 pm

Don’t Spy on Us; Liberty

Until no later than 1.00 pm

International Institute for Strategic Studies; Lord Evans of Weardale

Until no later than 2.30 pm

NSPCC; Mr Ray McClure

Until no later than 3.00 pm

BT

Until no later than 3.30 pm

National Crime Agency; HM Revenue and Customs

Until no later than 4.00 pm

National Anti-Fraud Network

Until no later than 4.30 pm

Lord Judge, Chief Surveillance Commissioner; Interception of Communications Commissioner’s Office

Until no later than 5.00 pm

The Rt. Hon. the Lord Reid of Cardowan; The Rt. Hon. Charles Clarke



(3) proceedings on consideration of the Bill in Committee shall be taken in the following order: Clauses 1 to 6; Schedule 1; Clauses 7 to 10; Schedule 2; Clauses 11 to 48; Schedule 3; Clauses 49 to 61; Schedule 4; Clauses 62 to 74; Schedule 5; Clauses 75 to 96; Schedule 6; Clauses 97 to 207; Schedule 7; Clauses 208 to 212; Schedule 8; Clauses 213 to 231; Schedule 9; Clause 232; Schedule 10; Clause 233; new Clauses; new Schedules; remaining proceedings on the Bill;

(4) the proceedings shall (so far as not previously concluded) be brought to a conclusion at 5.00 pm on Thursday 5 May. —(Simon Kirby.)
  11:03:25
The Chair
Therefore, the deadline for amendments to be considered at the first two line-by-line sittings of the Committee on 12 April is 4.30 pm on Thursday 7 April.

Resolved,

That, at this and any subsequent meeting at which oral evidence is to be heard, the Committee shall sit in private until the witnesses are admitted.—(John Hayes.)

Resolved,

That, subject to the discretion of the Chair, any written evidence received by the Committee shall be reported to the House for publication.—(John Hayes.)
  11:03:54
The Chair
Copies of written evidence that the Committee receives will be made available in the Committee Room.

We will now move to the examination of the witnesses. We have agreed that Mr Starmer will open, but this is very informal, so anyone who wants to speak may do so at any time. Minister, you will wish to join in.

Examination of Witnesses

David Anderson gave evidence.
  11:03:17
The Chair
Welcome, Mr Anderson. Before we start, do any Members wish to make a declaration of interest?
Lab
  11:03:46
Keir Starmer
Holborn and St Pancras
Thank you, Ms Dorries. May I make a declaration of interest in relation to this witness and a number of other witnesses generally? I know this witness and some others; I have worked with them both as a lawyer and as Director of Public Prosecutions. I therefore put that on the record—if I may make a general declaration, it applies to Mr Anderson and quite a number of the witnesses today.
Robert Buckland
The Solicitor General
Ditto. I know many of the witnesses as well.
Con
  11:03:50
Lucy Frazer
South East Cambridgeshire
David Anderson was my pupil master when I was a barrister.
Lab
  11:03:50
Christian Matheson
City of Chester
I do not know this witness, Chair, but Mr McClure, a witnesses this afternoon, is my constituent and is known to me personally.
Con
  11:03:50
Byron Davies
Gower
I was a member of some of the agencies that will attend today.
Con
  11:03:50
Suella Fernandes
Fareham
I was a Treasury counsel, representing Government Departments.
SNP
Joanna Cherry
Edinburgh South West
I was previously standing junior counsel to the Scottish Government, which has some tangential interest to the serious crime provisions.
  11:03:04
The Chair
Okay; that is all the interests out of the way. We will now hear oral evidence from David Anderson QC, independent reviewer of terrorism legislation. Before calling the first Member to ask a question, I remind all Members that questions should be limited to matters within the scope of the Bill, as always, and that we must stick to the timings in the programme motion that the Committee has agreed. For this session, we have until 12 noon. Could the witness please introduce himself for the record?

David Anderson: I am the independent reviewer of terrorism legislation and the author of the report “A Question of Trust”.
  11:03:01
Keir Starmer
Q It is a pleasure to serve under your chairmanship, Ms Dorries. Good morning, Mr Anderson. There are obviously a lot of people around the table whom you know, going by the declarations of interest. May I go straight to one of the central issues in your report, which was the need for an operational case for the powers in the Bill, and particularly the bulk powers? Having now had the opportunity to see what has been published between the Joint Committee report and the publication of the Bill, are you satisfied with the operational cases that have been published?

David Anderson: I was pleased that the Joint Committee recommended that a detailed operational case should be served in relation to each of the bulk powers. I was a little sorry that it did not also recommend a detailed operational case in relation to the police use of targeted equipment interference. I do not think I have seen the case for why that should be necessary in addition to the powers they already have under the Police Act 1997 on property interference.

In terms of the case itself, I salute GCHQ and others for being able to produce a 47-page case in circumstances that are very much about not being fully transparent about exactly how the powers are going to be used. One needs to know what the powers are, and it seems to me that, for public consumption, they have done a pretty good job that should enable Parliament to debate whether those powers are necessary or not.

I also believe, because I have seen it, although not read it, that they produced a detailed secret annex to that operational case, which was provided to the Intelligence and Security Committee. I noticed that when Dominic Grieve, the Chair of that Committee, made his speech on Second Reading of the Bill, he said that he—and I think, by implication, the Committee—was satisfied that each of the powers sought was necessary and proportionate. If the Committee has satisfied itself of that by reference to the detailed operational case, including the secret annex, that is very reassuring for all of us. If it has not, no doubt it will wish to do as the Bill completes its passage.
  11:03:27
Keir Starmer
Q May I follow up on that? First, so far as operational cases are concerned, do you think there is still a need for an operational case for the police use of equipment interference powers? Secondly, is your view that the ISC should formally indicate whether it has considered the material and is satisfied with what it has seen, rather than implying it in a speech? Thirdly, do you think there is a need for an independent assessment of the operational case? It is one thing to publish it and to put material before the ISC; it is another to have it independently assessed. Apologies for asking three questions, but should a case be made for police use of equipment interference powers; should the ISC be called upon to formally indicate its response to what it has seen; and do we need an independent assessment of the operational cases in full?

David Anderson: On your first question, I pointed out in my written evidence of January to the Joint Committee that, so far as I could see, there had been no detailed operational case on police use of equipment interference powers. From my point of view, I would like to see it. So far as the ISC is concerned, it is not for me to say what it should and should not do, but I am mindful not only of its duty to serve Parliament, but of the fact that when the courts, and particularly the European Courts, come to look at the bulk powers, as inevitably they will, it will be of great interest to them, one imagines, to see just how much evidence was put forward in relation to the necessity for the case and who considered that evidence.

As to whether there should be, as you put it, independent review in addition, I am not persuaded of the case for that. The ISC demonstrated its independence in the most dramatic way possible in its report of early February when it declared that it thought that there was no need for one of the bulk powers—bulk equipment interference. Now, it may be that there has been some rowing back from that position, judging again from the speech of Dominic Grieve on Second Reading, but I think that it would be very difficult to say that the ISC had not had an independent look at these issues.
  11:03:03
Keir Starmer
Q Can I ask you about bulk powers? From your experience, could you start by giving the Committee an indication of the scope of some of the bulk powers and warrants, perhaps by reference to the equipment and interference bulk powers?

David Anderson: The bulk powers, of course, are extraordinarily broad in scope, although the practical effect of that breadth is greatly limited by what happens after the line has been tapped or the device has been accessed. That is really the stage that makes it proportionate. My concern, particularly in relation to equipment interference, is that, if one looks at the so-called targeted power and, in particular, at its potential thematic use, it is quite extraordinarily broad. We are looking, I think, at clause 90 of the Bill. A so-called targeted equipment interference can be performed—devices may be subject to equipment interference if they are concerned in an operation or an investigation, or if they are in a location not defined.

The code of practice indicates that that power is very broad indeed—so broad that the ISC said:

“The so-called targeted power appears to be very broad. We are not quite sure what, in addition, you would get from the bulk power.”

I think that matters because the safeguards on the targeted power are less than the safeguards on bulk. For a start, you do not need to be aiming only at somebody outside the UK or people outside the UK. You can quite properly target it inside the UK. Secondly, you do not have the safeguard that you have with a bulk power that, if you are going to look in detail at one individual within the UK, you need a full individual warrant as well.

The commissioners have been very cautious in the past in allowing thematic powers to be too broad. One could say, “Let’s put it all on the commissioners. Let’s rely on them to make sure that the thematic power is not too broadly used.” I would feel a little more comfortable if there were more constriction in the statute.
  11:03:19
Keir Starmer
Q One of the safeguards is the need for necessity in relation to bulk powers. From your experience, how easy or difficult is it to demonstrate necessity in relation to bulk powers? Give us an idea of the way the test actually operates in your experience.

David Anderson: I have seen the detailed warrant applications that currently go usually to the Foreign Secretary in relation to a bulk power. They currently have an extremely broad range of purposes that the bulk power is said to serve. I am sure that it is all very carefully considered by the warrant granting department at the Foreign Office and then by the Foreign Secretary. There will certainly be much stronger safeguards under the new Bill, and I welcome that.
Keir Starmer
Q Can I take you from bulk to internet connection records, which you dealt with in your report? There have been comments about and criticism of the definition—or lack of definition—of internet connection record. Looking at the version in the Bill now, do you have any concerns about the definition?

David Anderson: I last looked in detail at internet connection records almost a year ago now, and even an operational case had not been made. There certainly had not been the dialogue with communication service providers that would have been necessary to make it work. I am afraid that I have not followed in the same technical detail as the Joint Committee on the Draft Investigatory Powers Bill and the Select Committee on Science and Technology the arguments on the extent to which they have been properly defined, the extent to which it will be feasible to produce these records or, indeed, how much it would cost. Therefore, I cannot, I am afraid, raise any alarms on that or give you any reassurance, save to say that these would appear to remain live issues.
Keir Starmer
Q ICRs are obviously new and developing in real time, but there are a number of other novel and contentious areas in the Bill. Do you see any role for greater independent authorisation in relation to some of these new techniques or powers?
The Chair
Order. Mr Starmer, can you make that your last question, please, because it is already 11.45 am and I think other people would like to ask some questions?
Keir Starmer
I will do. Thank you.

David Anderson: Do I answer that question, Chair?
The Chair
Yes, but as briefly as you could, please. If not, you can provide a written answer.

David Anderson: Internet connection records are a form of communications data. I said rather conservatively in my report that there were some forms of communications data that should be independently authorised, including novel and contentious ones. One of the respects in which the Bill did not really follow my report—I should add that in most respects it did—was in not providing for that outside the protected categories of journalists, lawyers and so on. I could well understand it if members of the Committee or others were to take the view that ICRs were of such a nature that to allow self-authorisation by the police might not be a sufficient safeguard.
Joanna Cherry
Q It is a privilege to serve under your chairpersonship, Ms Dorries.

Good morning, Mr Anderson. The first question that I want to ask you follows up on questions about the operational case for bulk powers. We heard on Second Reading of this Bill in the Chamber that in the United States of America, the bulk collection of citizens’ data has been heavily curbed, as it was considered to be

“not essential to preventing terrorist attacks”.

Most damningly, the American President’s privacy and civil liberties oversight board said that it was

“aware of no instance in which the”

National Security Agency’s bulk records programme had

“directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack.”

Bearing that in mind, do you agree that a proper independent assessment of the utility and effectiveness of bulk powers would need to look at the experience of their use in other jurisdictions?

David Anderson: What you are referring to is one type of bulk power that I myself looked at the necessity for in a great deal of detail. It is difficult, of course, to read across from section 215 in the US to what we have here, which is rather different. What we have here is service providers being required to keep phone logs, details of when emails were sent and so on.

If you look at my report, “A Question of Trust”, you will see that there are several annexes there and quite a bit of text in which I set out just how useful the police find that power to be. I also found when I was in Germany, where at the time they did not have the power because Germany’s constitutional court had removed it, that the police and the internal security service were crying out for something along those lines. So, that is one aspect.

I cannot speak for the US position—different power, different circumstances—but particularly in dealing with paedophile crime, I was satisfied that this, if you like, plain vanilla element of bulk collection communications data was something for which there was an operational need.
Joanna Cherry
Q So, in your investigations for your report, you looked at the experience of at least some other jurisdictions. Is that correct?

David Anderson: I did, yes.
Joanna Cherry
Q So would you agree that a proper independent operational case for the support of this Bill should look at the experience of other jurisdictions?

David Anderson: Well, we have had three detailed reports. We have had the pre-scrutiny reports, as well. Evidence was heard by some of those Committees from people from other jurisdictions. It is always nice to think one is fully informed about what goes on in the rest of the world. Incidentally, that is very difficult in this field, because very few countries have been as up front as this Bill is about exactly what powers are used and how they are used.

For example, you mentioned the US and section 215, but of course there are other bulk powers that have not been curbed in the way you suggest. There is section 702, which was given a clean bill of health by the privacy and civil liberties oversight board. There is also executive order 12333, about which very little is known, but which seems to give very intrusive and extensive powers outside the US. So I am hesitant about drawing these country comparisons, although I accept that evidence from other countries is always useful.
Joanna Cherry
Q Bearing in mind the pressures of time, may I move on to my next heading, which is the scope of bulk powers? On Second Reading, the Home Secretary said that

“certain bulk powers are predominantly those for foreign usage, rather than in relation to the United Kingdom.”—[Official Report, 15 March 2016; Vol. 607, c. 823.]

Would I be correct in understanding that most of the bulk powers proposed in the Bill could, in fact, apply to the data of UK citizens?

David Anderson: The way it works, as I understand it, is that the use of the bulk powers must be motivated by a desire to retrieve data relating to people outside the UK. Of course, there will be what fishermen call a “bycatch” of people in the UK whose data are unavoidably retrieved during that process. The safeguard for people inside the UK is that if anyone wants to look at the content of that stuff, they need an individual warrant relating to that person.
Joanna Cherry
Q But would we be correct in understanding that, for example, bulk personal datasets will comprise the personal data of United Kingdom citizens?

David Anderson: That is certainly true.
Joanna Cherry
Q Would we also be correct in understanding that bulk communications data will comprise data relating to British citizens?

David Anderson: Indeed, that is true and has been the position for, we now know, some 10 or 15 years.
Joanna Cherry
Q So if an impression were to get about that bulk powers are merely about obtaining information on people who live overseas, that would be incorrect.

David Anderson: That would be incorrect, but of course neither of the two examples you gave me was about the content of people’s communications. The first was about lists and registers, and the second was about communications data.
Joanna Cherry
Q My third heading is legalities. You will be aware that the United Nations special rapporteur on the right to privacy has expressed concern that some aspects of the Bill may not comply with either European Union law or the UK’s obligations under the European convention on human rights. He expressed particular disquiet about bulk surveillance and bulk hacking, and suggested that those powers prima facie failed the benchmark set by the European Court of Justice in the Schrems case and by the European Court of Human Rights in the Zakharov case. Have you had a chance to consider his report?

David Anderson: I have.
Joanna Cherry
Q Do you have any view on what he has said in that regard?

David Anderson: I think he is advancing one view of what European law or international law might require. I do not think that it is the only possible view, and I would apply the same comment to the letter signed by 250 very distinguished lawyers and sent to The Guardian.

May I give you an example of the latest case in Europe to deal with these issues? In Szabó and Vissy v. Hungary, which was decided in January, the European Court of Human Rights described

“the massive monitoring of communications susceptible to containing indications of impending incidents”

as “progress” and suggested only that these powers needed proper legal safeguards, with which I think any sensible person would agree.

I think that there are two views at the moment, even within the European Courts. Where I disagree with the rapporteur and the 250 lawyers is on the suggestion that the position is now clear. It may of course become clearer, perhaps as soon as this summer when the Davis and Watson case is determined in Luxembourg, but I do not think that the case law has yet solidified.
Joanna Cherry
Q So your view would be that there are potentially two competing arguments as to where the case law is heading, but we do not know ultimately what the situation is, although we may have a better indication when there is a judgment in the Davis and Watson case later this year.

David Anderson: There are also the Strasbourg cases of Big Brother Watch and Liberty. I do not know when those judgments will come, but there are two views, basically. One is that bulk access to content, even only by machines, is just wrong and that, however strong the operational case for it and however minimal the actual intrusion into people’s private lives, it cannot be justified. The other, more pragmatic view is that it is a question of proportionality and that one ought to look at the strength of the operational case, just as one ought to look at the degree of intrusion into privacy.
Joanna Cherry
Q I want to ask you briefly about bulk personal datasets. It is possible, is it not, that medical information pertaining to every single citizen of the United Kingdom could be scooped up in a bulk personal dataset?

David Anderson: I do not believe that there is any statutory exclusion. Whether there is a justification for doing such a thing would depend, first, on whether the Secretary of State signed off on it and, secondly, on whether the judge was prepared to approve it.
Joanna Cherry
Q It would also be possible for bulk personal data sets in relation to children to be scooped up under this legislation as currently drafted. Is that right?

David Anderson: Again, I do not believe that there is any statutory exclusion.
Joanna Cherry
Q Do you agree that in the investigation of threats to national security and terrorism there can really be no justification for scooping up personal data in relation to children?

David Anderson: I am going to duck that one because bulk personal datasets were outside my remit. The use of bulk personal datasets, we now know, has been subject to annual review by the Intelligence Services Commissioner for several years. Perhaps he is the appropriate person to ask about that.
Mr John Hayes
The Minister for Security
Q Thank you for coming, David. On bulk personal datasets, I note that you say that the members of the intelligence community that you have met, and what you have seen and heard from them, have confirmed the view that was expressed by the ISC and others. Are you clear about their efficacy and utility?

David Anderson: I think what I said was that bulk personal datasets had been looked at by the Intelligence and Security Committee and by the Intelligence Services Commissioner. I have read what they have said about that, including in closed hearings, and I said that what I was shown by the agencies was consistent with that, but I was not trying to do the same exercise that they had done of deciding whether these things were necessary or proportionate.
Mr Hayes
Q As a follow up on that, obviously you appreciate that your recommendations on the operational case being made have been built in to what we are doing. Further to what you said about the Chairman of the ISC’s recognition of their proportionality and necessity, I suppose you would accept that any publication of that operational case will obviously be limited, because it is an operational case and as soon as you make it public to the point where it ceases to have value, it could compromise operations.

David Anderson: Yes, the agencies’ ability to protect us relies quite heavily on people not knowing exactly what it is they can and cannot do.
Con
Victoria Atkins
Louth and Horncastle
Q I will ask just a couple of questions, if I may, Mr Anderson. Looking at the operational case for bulk powers, the Home Office has stated:

“There is clear evidence that these capabilities have…played a significant part in every major counter terrorism investigation of the last decade, including in each of the seven terrorist attack plots disrupted since November 2014...enabled over 90% of the UK’s targeted military operations during the campaign in the south of Afghanistan…been essential to identifying 95% of the cyber-attacks on people and businesses in the UK discovered by the security and intelligence agencies over the last six months”.

They have also been of great use in serious organised crime and paedophilia investigations, as we know. Are those factors that you and others have taken into account when assessing whether we need bulk powers, and how critical they are to national security and serious organised crime investigations?

David Anderson: I saw and heard enough to persuade myself of the necessity of bulk interception powers and bulk data retention of the type we were describing—phone logs and emails and so on. I did not look at equipment interference, for example, because that was outside my remit, and the query that I raised on that earlier was really the same query that the Intelligence and Security Committee has raised. If you define the targeted powers so broadly as to encompass almost anything, what is the additional utility of a bulk power? I am not persuaded on that simply because I did not do the exercise.
Victoria Atkins
Q By way of conclusion, you gave evidence to the Joint Committee scrutinising the draft Bill in November 2015 and at that time you said it gave effect to 90% or more of the recommendations in your report entitled “A Question of Trust”. Now that the Government have responded to the Joint Committee’s report and made further amendments, how much closer is the Bill to your report’s recommendations?

David Anderson: If I may say so, I thought that it was an excellent report and I was very pleased to see that the Government had given effect to the great majority of those recommendations.
Suella Fernandes
Q I have two questions. On the double lock and the judicial review test, concerns were expressed by witnesses to the Joint Committee about two issues. The first is the access to evidence by the judges and by the Ministers or the Home Secretary in the process of considering warrants. What would be the access to evidence by both parties involved in the double lock? Would it be the same or different?

David Anderson: I would certainly assume that the judges would have access to all the evidence that the Home Secretary or the Secretary of State had access to. I believe I have actually had a private assurance that that would be the case. I am afraid I have not checked to see whether that is in the code of practice, but plainly it ought to be, because this is not a rubber-stamp and nor is it simply a test of rationality or process. If it needs to, it should involve a proper look into these issues of necessity and proportionality. I was delighted to note that the Foreign Secretary said as much when he wound up the debate on Second Reading last week.
Suella Fernandes
You have pre-empted my second question, which is about the concerns that various witnesses have raised about the level of scrutiny involved in the judicial review test. Are we looking at a Wednesbury level of scrutiny?
The Chair
Order. I am afraid we have reached the end of the time allotted for the Committee to ask questions. On behalf of the Committee, thank you very much for your time and for giving evidence today.

Examination of witnesses

Eric King and Sara Ogilvie gave evidence.
  12:03:51
The Chair
Q We will now hear oral evidence from Don’t Spy On Us and Liberty. For this session we have until 12.30 pm.

Welcome, and thank you for coming. Will the witnesses please introduce themselves for the record?

Eric King: I am the director of Don’t Spy On Us, a coalition of non-governmental organisations in London who are concerned about surveillance.

Sara Ogilvie: I am a policy officer at Liberty, which is a UK-based human rights organisation.
  12:03:47
Keir Starmer
Q Because we do not have much time, I would like to ask Eric King some questions about bulk powers and then Sara Ogilvie some questions about internet connection records.

Eric King, do you have any concerns about the definitions and scope of the bulk powers in the Bill?

Eric King: It is important to understand the level of interception that takes place by our agencies and that will continue to take place under the warrants. My view is that bulk interception as it is currently practised by GCHQ is not a proportionate act and is not strictly necessary. The reason why is that, at the moment, we know from the ISC that there are just 10 warrants, which are authorised every six months, that permit the interception of 50 billion pieces of communication every single day. As a lawyer looking at that, I struggle to be imaginative enough to understand how you could craft a warrant that would appropriately assess the proportionality equation at that moment, given the scope of what is taking place.

The reality of how our signals intelligence agencies work is that, once those 50 billion communications are intercepted, the vast majority of GCHQ’s expertise is in automatically processing that and analysing it into what it calls query-focused datasets. We do not necessarily need to understand all that, but it suffices to know that GCHQ touches it in such a way that it results in significant intrusion on those communications.
  12:03:32
Keir Starmer
Q Can I press you on that? To some extent, we are proceeding on the basis that there are two exercises involved when it comes to bulk powers. The first is the acquisition or holding of the data, and the second is, at some subsequent time, the accessing of those data, subject to different thresholds. Is it as simple as two distinct exercises, or is there more to it than that?

Eric King: There is considerably more to it than that. The intermediary stage—the point at which you have collected the material—is really just the first assessment. From that point, GCHQ’s computers begin processing the material and providing analytics on it—for example, voice transcription or keyword analysis, or they might be doing facial recognition on certain imagery.

There is one programme that we know about called Optic Nerve that resulted in GCHQ intercepting 50 million pieces of webcam traffic, which included 3% to 11% of material that was undesirable nudity. Once that was collected, GCHQ deployed facial recognition on it. There is no warrantry stage at that point. It has already been collected under those 10 warrants. All the processing is done without any authorisation. It is only at that final bit that you highlighted, when an analyst may wish to look at it, that we have an additional safeguard.
  12:03:43
Keir Starmer
Q Given your concerns, do you have alternatives that you think would serve the same purpose as some of the bulk powers?

Eric King: My starting point is that there needs to be formidable intrusive powers for our agencies to operate, but they must be targeted. When you are targeting it can be difficult and you can have some additional collateral around the targets you are seeking to obtain communications about, but it has to be proportionate collateral. At the moment, I just do not see how we can put our hands on our hearts and say that we are doing that properly.

I think there are a number of different models we could be looking at. In the US they have judicial authorisation of selectors that are put in place, all of which focuses on warrants being targeted at individuals, rather than on infrastructure or cables, which I think is not proportionate.
  12:03:55
Keir Starmer
Q When you refer to selectors, I think you are referring to what happens in that middle period, between initial acquisition and later access.

Eric King: That is exactly right. We know that GCHQ has 50 billion targeting identifiers—these are the selectors. A simple one would be an email address or a phone number; a more complicated one might be an email signature or something like that. That is the reality of how the systems are genuinely processed, and those are the sort of places our law should be constructed around. It should be constructed around the technical and operational reality of how our agencies work, to ensure that our law is constraining how our agencies operate, rather than the technical ingenuity of the engineers at that point.
  12:03:55
Keir Starmer
Q Your evidence is that much of this happens before the final access thresholds apply.

Eric King: Absolutely. GCHQ analysts do not wish to look at most material themselves. The main reason for that is that it is time consuming. If you can programme a computer to do the heavy lifting, to do the intrusion, the processing and the analysis, that is to their advantage, and that is where they have put that. The problem with that is that our legal framework does not recognise that shift in massive computing power intruding on those communications in a very sophisticated way.
  12:03:00
Keir Starmer
Q Can I turn to you, Sara Ogilvie, on internet connection records, in particular? I know that Liberty has got a number of concerns about the powers in the Bill in relation to internet connection records. Could you give us a brief summary of the main headline issues from your point of view?

Sara Ogilvie: The problem with internet connection records, from what we have seen, is that they do both more than they are supposed to and less than they are supposed to.

In terms of doing more, it is clear that they will create a database of the internet connections that take place day in, day out of every person across the country. That is a terrifying amount of information to store either in one place or across a number of different databases. It creates a clear impression of what you are doing, with whom you are communicating, what issues you have in your life. That can involve some very confidential and private information. I have real concerns about that.

In terms of doing less, I am not as technologically minded as Eric but it has been made clear to me that what these powers are supposed to do is deliver certain information that can be used by law enforcement or the security services, perhaps to deal with paedophiles and undercover unlawful internet site usages. It seems clear that, given the bulk nature of these powers, they will not deliver that kind of information in a helpful manner. If anything, it seems more likely to drive criminals to use bits of the internet that will not be captured by the service. On the one hand, we have clear evidence of the things that law-abiding citizens are doing, but on the other hand, we do not have evidence on what criminals are likely to be doing.
Keir Starmer
I can see other hands going up, so I will end there.
  12:03:55
Joanna Cherry
Q To be clear, Mr King, is your evidence in relation to bulk interception and collection of data that there is intrusion and analysis of them by computer programs prior to any warrant being applied for?

Eric King: No. There will be warrants at the collection stage but at the moment it is simply 10. Those 10 warrants that are authorised every six months permit the agencies to intercept at an extraordinarily large scale: 50 billion connections every single day, and growing. We know that, in the past five years, that has increased by 7,000%. I say that those 10 warrants do not appropriately assess the proportionality requirements, and I do not think they are necessary in the current climate.
  12:03:55
Joanna Cherry
Q Once the intercept has been collected, there is a stage of the process at which it is analysed by a computer, and that stage is not currently the subject of any legal regulation.

Eric King: That is right. It is internal authorisation by the agencies. We have no visibility on that. There has been no published material about that. In various court cases, disclosure has been sought better to understand those points, but we have not got it. The best I can gather, the internal authorisations inside GCHQ are at a very low level, mostly analyst by analyst even rather than going up to senior directors inside the agency.
  12:03:55
Joanna Cherry
Q Just so we can be clear, does anything in the Bill involve legal regulation of that stage of the process?

Eric King: No, not at all. Our model is the same as it was 15 years ago. It is a very simplistic model that applies interception at one stage and then, when a human looks at it, an additional safeguard. However, that does not match the reality and, as a result, our warrantry, in my view, does not allow you to assess proportionality and necessity to an adequate level.
  12:03:16
Joanna Cherry
Q We know now, because it has been avowed, that previous Administrations had unacknowledged arrangements for bulk interception of the internet in the United Kingdom. Can you tell us whether those resulted in the collection and analysis of ordinary British citizens’ communications?

Eric King: In the Bill and previous practice, there was a lot of focus on the fact that this would be foreign-focused—that the goal is to collect material outside the United Kingdom. The practical reality is that you cannot do that any more. All our communications slush around through the exact same undersea fibre optic cables as foreigners’. In terms of GCHQ’s collection programme, we do not know the exact percentage. I would encourage the Committee to try and seek out how many British communications are collected into this, but there is no way for them to distinguish between them at this point. When there is a foreign-focused power, at least for interception, the reality is that it is a massive amount of British communications. Your communications are not exempt from that and neither are mine, no matter quite what we might try.
  12:03:27
Joanna Cherry
I would like to ask Ms Ogilvie a couple of questions if I may, Madam Chairman.
The Chair
Order. Time is very short now, because we have seven more people waiting to speak.
  12:03:36
Joanna Cherry
Q I will ask one question briefly then. Liberty looked at the investigation by the Intelligence and Security Committee into the brutal murder of Fusilier Lee Rigby in May 2013. Did those inquiries suggest that if the security services had had more resources to cover lower priority level targets, the outcome could or would have been different?

Sara Ogilvie: The Intelligence and Security Committee report found that there were a number of failings that may or may not have led to the murder, but basically, the two suspects had both been known to the security services at various points. It had been decided not to treat them as priorities. When that decision was later changed and a warrant was sought to place one of the individuals under surveillance, delays meant that that warrant was not granted in enough time for that individual to be under surveillance at the appropriate moment. Those are absolutely not the powers in this Bill, or the use of powers in this Bill, that we have any exception with at all. That seems to us to be absolutely the right way to use powers. It was not a lack of information or a lack of target in this case; it was the fact that there was perhaps too much information to be used.
Con
  12:03:12
Simon Hoare
North Dorset
Q Mr King, I am not a lawyer, so forgive me. Are you a parent?

Eric King: Pardon?
  12:03:48
Simon Hoare
Are you a parent?

Eric King: No.
  12:03:13
Simon Hoare
Q I am—I have three daughters. I just wonder where the balance is between the sort of purity test, for want of a better phrase, and what law enforcement have told us—that, without ICRs, they would be unable to identify at least 600 child abusers in the UK alone. What weight should we attach to that?

Eric King: The police definitely have capability gaps at the moment, particularly around the resolution of IP addresses. I think that is really what the statement goes to: when they obtain these IP addresses, they are seeking to resolve them. There are lots of different ways you can do that, however, and I am not convinced that ICRs are the answer to that problem. This was not a proposal by the police for ICRs; it was a Home Office answer to the problem. Last year, we had the Counter-Terrorism and Security Act 2015 that put in place new powers for IP resolution—they have not yet been put into use. My starting point would be that we should use them. They should be deployed. We should see how well they work and from there look at what the other options are. It seems to me that that important issue does need to be addressed and has been addressed, but we have not given it time to see whether or not it works.
  12:03:07
Simon Hoare
Q You are right that there are a number of clubs in the golf bag of the law enforcement team and the agencies, but given that we live in an incredibly fast-moving, technological world, where international boundaries are not recognised and so on, would you agree that the more facilities that the agencies have available to them, the better—that is, the wider that the net can be cast, the more ne’er-do-wells one is going to identify and hopefully apprehend?

Eric King: Respectfully, as you acknowledge, there are different ways to solve a problem. Casting a very wide net is not always the right thing to do. IP resolution is certainly a very narrow technical issue that you need to resolve. Collecting all sorts of additional information in additional areas would not help resolve that narrow issue. I think you have to look at it on a case-by-case basis.

That is part of the reason why we need to scrutinise properly the operational cases for the variety of these powers, to understand which bits of them they help solve and which bits they do not. Certainly, intrusive powers need to be available to our law enforcement and agencies, but we need to understand which bits work and which bits do not.
  12:03:26
Suella Fernandes
Q This is a question for Sara. In evidence to the Joint Committee, Shami Chakrabarti criticised the Bill on behalf of Liberty, saying that judges would not have the same access to evidence as Ministers in the warrant process. We have just heard evidence from the independent assessor of the terrorism legislation, David Anderson QC, that that is not the case. The Home Secretary has said on the record that that is not the case, and that they would have the same access. Do you withdraw that criticism of the legislation?

Sara Ogilvie: No. This is one of the areas where there has been a lot of discussion and to-ing and fro-ing. If the Home Secretary wishes to satisfy our concerns, those are the kinds of provision that should be dealt with on the face of the legislation. It seems to us that judicial review remains an inherently limited jurisdiction. That is quite a legal term to say that there are only so many things that it can do. We think that a much broader power needs to be granted to the judicial commissioners in order to satisfy public concerns that the powers be used appropriately and to match human rights standards. This is an area on which the Home Secretary has sought to give lots of reassurance, in which case I think it would be best if she put that reassurance in legislation.
  12:03:09
Suella Fernandes
Q Evidence was given to the Joint Committee by Sir Stanley Burnton, the Interception of Communications Commissioner, and Lord Judge, the Chief Surveillance Commissioner. Both said that the double lock involves an intensive analysis including analyses of necessity and proportionality. It is not simply rubber-stamping. Again, do you maintain your disagreement with those senior judges?

Sara Ogilvie: I respect and agree with the fact that an extent of necessity and proportionality analysis will be done, but there is still very limited capacity for judges and judicial commissioners to undertake this exercise. We have seen, and judicial review case law tells us, what level of scrutiny can be applied to different kinds of decision, and we know that where a decision does not involve a restriction on the physical liberty of an individual, a lesser scale of judicial review scrutiny will be applied.

We also know that where cases involve national security, judges must apply a lesser level of review. Although I recognise that there is a difference of views, I think it needs to be much clearer in the legislation. Judicial review should be avoided as a standard in this circumstance.
  12:03:07
Christian Matheson
Q I will ask only one question. Mr King, you talked about the astonishing amount and huge volumes of data that are collected. Can you both comment on the statement that the sheer volume of information means that there is less of a threat to personal privacy, simply because individuals’ personal data are almost swamped within the mass of data collected?

Eric King: It is an interesting idea, isn’t it, that the more widespread the intrusion, the less potentially bad it is. That is not a view that I can understand myself, particularly now. Computer analytics of such material is going to increase. It is going to get better and faster. The more data being collected, the more intrusion will be applied year on year as GCHQ engineers find cheaper, better and faster ways to process it. Perhaps five years ago, swamping agencies with material might have resulted in people passing through, but every day, that becomes less likely and less real.

We have seen in the last five years a 7,000% increase inside GCHQ of the analytical capability on material. That means that 7,000% more material is being touched, analysed and scrutinised by those agencies. Perhaps it was an idea that could be comprehended 20 years ago, when it involved physical piles of paper that no one ever looked at, but now it is all being automated, and I am not sure that the notion stands up today.

Sara Ogilvie: I clearly agree with what Eric has said. The only thing I would add is that I ask you to consider the fact that we are not just concerned about the state having this information. All this information that is stored somewhere can be accessed by other individuals for nefarious purposes. We have seen the TalkTalk hacks this year. We have seen the VTech hacks. There are real and legitimate concerns about the way this vast amount of personal information can be used, not just by the state but by other people who really do wish to do us harm.
  12:03:49
The Chair
Can we keep questions and answers as brief as possible to get everybody in, please?
Lab
  12:03:48
Peter Kyle
Hove
Q I, too, am not a lawyer but, unlike Mr Hoare, I do not apologise for it. Mr King, it was quite striking when you gave a flavour of the quantity of data that is being harnessed. Do you know whether that has ever led to an unlawful arrest, or a wrongful arrest?

Eric King: No. At the moment we have almost no visibility on how our security and intelligence agencies work on a day-to-day basis with our National Crime Agency. We know that they co-operate very regularly and we know there is a lot of material that is shared around, particularly for organised crime circumstances. I imagine that lots of the relevant material is passed to the NCA and others, and that will lead to arrests and occasionally presumably also unlawful arrests. But no, that is not material that is in the public domain.
  12:03:38
Victoria Atkins
Q Mr King, there was a phrase you used quite a few times during your evidence. That is, “We don’t know.” How long have you worked for the security services?

Eric King: I don’t work for the security services.
  12:03:41
Victoria Atkins
Q What security clearance do you have?

Eric King: None.
  12:03:52
Victoria Atkins
Q How many intercept warrants have you prepared or reviewed?

Eric King: None.
  12:03:55
Victoria Atkins
Q So, it would be fair to say that there is a great deal about the workings of GCHQ and other security services that you simply do not know about.

Eric King: Yes. In my evidence that I wrote to the Joint Committee I set out my frustration at my inability to be able to probe at the heart of the issues on this. We are in a much stronger position now democratically, I believe, with so much more material that is available. That has led to court cases and the Investigatory Powers Tribunal that has found unlawful actions by GCHQ. Without that material being published, we would not have been successful in those cases. I wish there were more but I do not have it all, I am afraid.
  12:03:46
Victoria Atkins
Q I am driven to ask, Mr King, against your evidence that you do not know much about how security services work, how many lives you are willing to sacrifice for your very pure plan of privacy?

Eric King: None. I do not think that any lives should be sacrificed for a pure view of privacy. We need both; we need security and privacy. Both are values that we hold in this society and are values that we should be ensuring that we get right in the Bill. That is why it is so important that we have long scrutiny on this because we should not simply provide an unlimited set of powers to our security and intelligence agencies. They must have some, and they must be formidable powers, but they need to be checked.

They need to be provided for by Parliament. We need to have proper authorisation and oversight for that. That has been my work for the past five years. So, no, while I do not hold a security clearance, it does allow me to come before you and talk about all the things that I do know. Regrettably, if I did hold a security clearance, I would not be able to be in that position.
Con
  12:03:06
Matt Warman
Boston and Skegness
Q Building on that, the Joint Committee did ask for an operational case for bulk powers to be published, and that has been seen and assessed by the ISC who do have the security clearance that you do not have, who do have visibility on all of the things that you are not able to see. The ISC says that they are happy with that operational case. It seems to me that the more people know about this, the more comfortable they are with that operational case. I wonder whether you are questioning their judgment or simply saying that you disagree.

Eric King: No. It is certainly true that the more you see about some aspects of agency practice, you do get more reassured. Certainly, in the process of Investigatory Powers Tribunal cases that have taken place, I was pleased that there were areas that had safeguards when I did not originally think there were.

I have also been fantastically disappointed in other areas, where I thought there should have been very obvious safeguards, such as areas of legal professional privilege that were found wanting and unlawful by the IPT. I am afraid I have become a terrible judge on which bits I think the agencies have got right and which bits they have got wrong. I seem to be very poorly predicting it. On the operational case, I think the issue here is that we need a whole range of experts outside the ISC to be looking at this. I am not sure that it is the perfectly placed organisation or body to be looking at this. It has known about these powers and approved of them right the way through. I think that at this time, now that they are being put before Parliament plainly for the very first time, we should be looking to do what they have done in the US, which is to have an independent scrutiny of many of those cases, so that you can test them.

It is not enough simply to provide a list of cases where this worked. They need to be really looked at, because, as we found in the US, some powers that many thought would work, like the bulk acquisition of communications data, turned out not to be terribly effective. The 64 cases that the agencies in the US put forward, to say that these were powers that were needed, turned out to be false. Only one was of relevance, and it was not a terrorism case. So it is vitally important that we scrutinise them and have the time to do so.
  12:03:57
Lucy Frazer
Q I would like to pick up on something that you said in your evidence was about internet connection records. I would just like to ask you first of all, do you respect the work of David Anderson?

Sara Ogilvie: Absolutely.
  12:03:59
Lucy Frazer
Q Have you had the opportunity to read his report?

Sara Ogilvie: I have.
  12:03:08
Lucy Frazer
Q Are you familiar with paragraph 7.51 where he talks about Operation Notarise?

Sara Ogilvie: You will have to tell me what it says.
  12:03:13
Lucy Frazer
Q Are you familiar with Operation Notarise?

Sara Ogilvie: I am not sure that—
  12:03:27
Lucy Frazer
Q In that operation 600 suspected paedophiles were arrested, and 92% of the communications data requested proved helpful in tracking down suspects. That what he says in the report. Do you accept therefore that he has found evidence that the ICRs are helpful?

Sara Ogilvie: Those were not evidence for ICRs, as far as I am aware. I think that is to do with different communications data.
  12:03:45
Lucy Frazer
Q I am just reading from the report, and that is what it says. It gives the figure of 92% of communications data and says the questions provided were helpful.

Sara Ogilvie: Communications data are quite different from internet connection records. A significant amount of the powers that we have in the current Bill are ones that are replicating powers in RIPA, and I think the comms data ones you talk about are those. Internet connection records are actually something quite new, and something that David Anderson—
  12:03:08
Lucy Frazer
Q Do you accept that, if some communications data in an old form of technology is helpful, then in a modern form of technology exactly the same powers will also be useful?

Sara Ogilvie: I agree that there are powers that are absolutely necessary and helpful. I do not think that there is a direct comparator between old and new powers in this case. I completely agree that the security services and law enforcement need targeted powers to gather communications data, so maybe they can use those to target particular websites where we know that paedophile information is provided. They can be used to target suspected criminals. That is all completely adequate use of powers; but what we have is this broad power in the Bill that targets absolutely everyone and is not focused on those individuals, and that is what I have the problem with.
  12:03:43
Byron Davies
Q Mr King, you have mentioned a couple of times now, in the first part of your evidence, you talked about formidable intrusive powers. You quite agree that the agencies should have these powers. So in view of what has happened recently in Paris and in Brussels, I am really somewhat confused as to what you are trying to tell us in your evidence as to what the agencies should have. Do you know? Are you clear in your own mind what these powers should be?

Eric King: Yes. The Bill’s structure—some of the core powers there—you do not disagree with. The question is often about the scale of the powers—how they are used and the safeguards that are put in place around them. To my mind, the mass collection of material in a generalised form for analysis is not a proportionate activity, and I think this is something that particularly the European Court are confirming. I heard David Anderson say that there was a split view on that. It will be important to hear the judgments later this year, but they have to have very strong powers; but it is how they are used, and the scale of them, and the targets of them, which are so vital to get right. I am afraid that for me this is the bit in the Bill that is not in the right place at the moment, I suppose.
  12:03:14
Byron Davies
Q But criminals and terrorists would not regard it in that respect.

Eric King: They would not—
  12:03:26
Byron Davies
Q They would not see it the way you see it, obviously.

Eric King: I do not know what criminals and terrorists would think about this Bill.
  12:03:53
The Chair
If there are no further questions for Members, I thank the witnesses for their evidence, and we will move on to the next panel.
  12:03:09
Joanna Cherry
On a point of order, Ms Dorries. In any forum that I have appeared in where the witness is being asked a question about a document, particularly a lengthy document, it is customary to afford them the courtesy of having a copy of the document in front of them. Might I suggest that if we are going to ask further witnesses about documents, we afford them that dignity?
Simon Hoare
Further to that point of order, Ms Dorries. To put the contra view to that expressed by the hon. and learned Lady, should not the Committee expect witnesses who are giving evidence to be properly briefed and to have in front of them documents on which they are likely to be cross-examined?
  12:03:50
The Chair
I shall answer the substantive point of order. The information that the witnesses bring with them is their responsibility. It is not the normal procedure for them to have documentation in front of them or for the panel to know what information they have with them. As we decided at the start, they can always follow up in writing if they feel they did not have the right information.
Joanna Cherry
I am very grateful to you, Ms Dorries, for clarifying that questions and answers can be followed up in writing.

Examination of witnesses

Nigel Inkster and Lord Evans gave evidence.
  12:03:07
The Chair
Q We will now hear evidence from the International Institute for Strategic Studies and Lord Evans of Weardale. For this session we have until 1 pm. Will the witnesses please introduce themselves for the record?

Nigel Inkster: Good afternoon. I am the director for future conflict and cyber-security at the International Institute for Strategic Studies. I retired from the Secret Intelligence Service at the end of 2006 as the assistant chief and director of operations.

Lord Evans: I am a former director general of the Security Service, MI5, between 2007 and 2013. I was also a member of the Royal United Services Institute independent panel on surveillance. By way of context, I have not had as much time to prepare as I might have done as a result of the fact that I was formally invited to attend only yesterday. I apologise if there are any gaps in my knowledge.
  12:03:59
The Chair
Welcome, and thank you.
  12:03:05
Keir Starmer
Q Lord Evans, I think this one is for you. The bulk powers in the Bill are used differently by different agencies. Some are relied on by the security and intelligence agencies more than others. There is a notion that the bulk powers operate in the sense that there is a power to acquire or hold a great deal of data and then, at some later stage, there is targeted access on a different threshold, and that those are different safeguards. The reality is that quite a lot happens between those two stages, whether one calls it analytics or anything else. Can you tell us from your experience what happens in practice in that middle bit between first hold and later access?

Lord Evans: This is not a real example, but it might exemplify how one might use the power, certainly from a counter-terrorism point of view and from MI5’s point of view. If you look at the current situation, we are obviously very concerned about what has happened in Belgium and we are very concerned that there might be other IS active units in the UK. We do not want any of them to attack here, but we may not know who they are. In a sense, we are therefore trying to find individuals who might be members of IS and who might threaten us, but we do not necessarily have much information about who they are in specific terms.

For instance, although this is not a real example, using bulk access you might say, “Let’s have a look at all individuals from the UK who are known to have travelled into or out of the middle east and the area around Syria over the past six months. Let’s look at everybody who has a mobile telephone and has been in Syria or northern Iraq, and it’s pinged so we know that there is a telephone in that area.” We might say, “Let’s look for data on individuals who have been in Molenbeek,” because it looks as though quite a lot of the problems have emerged from that particular part of Brussels.

Put all those elements of data together and you will end up with perhaps a few dozen, some scores or one or two hundred individuals or, at least, telephones or something that might be relevant. You might then say, “Let’s take all those phones and see which of those telephones has been in first or second-order contact with known extremists.” Either they have been in touch directly with someone known to be a violent extremist, or they have been in touch with somebody who in turn is in touch with violent extremists. That might refine it down from 150 to half a dozen. Then you might start to think, “Actually, there’s quite a high likelihood, although one cannot be certain, that these half a dozen might be people of security interest in their own right.”

At that point, having gone through those various layers of putting different sorts of data together, comparing, contrasting and seeing what comes out, you might say, “Perhaps for those half a dozen, some more targeted form of surveillance is justified, so we can see who they are.” Once you have done that, if you get the appropriate authorisations, you might then find that some of them are self-evidently not, because they are BBC journalists who have been following the story or similar, so you can put them aside. But you might find that you have one or two who look as though they might be IS activists who have been in touch with the relevant people, so you put some resource into establishing what they are doing and who they are associating with.

That sort of process is very much the way in which MI5 has used these sorts of capability over the last 10 years or so, and it has been an absolutely central part of how we have identified individuals who have been involved in terrorist planning. That is then fed through into more intensive investigations, enabling us with the police to prevent attacks from taking place.
  12:03:53
Keir Starmer
Q In a sense, what you have described is a stripping away of the bits you do not want to look at so that you can focus on the bits you do want to look at, in the particular context that you gave.

Lord Evans: Correct.
  12:03:19
Keir Starmer
Q Is there any general analysis done to data in order to assist that? All data must be put through a level of analysis to make it easier to carry out the sort of exercise you have just described.

Lord Evans: I cannot think that there is that sort of general analysis. You could imagine starting from lots and lots of data and trying to work your way through a general process to identifying unknown terrorists. That is something that books and so on have talked about, and we have looked at it, but in general, in a non-specific sense, trying to identify patterns that in themselves indicate that somebody is a national security threat is very difficult, because you will have so many false positives. It tends to be used to answer specific operational questions rather than a wholesale review of data ab initio, because if you do that, the chances of finding somebody that you are really concerned about are very low.

In terms of operational reality, the problem for MI5—it certainly was during my time as director general, and I suspect it is still the case—is not finding people with no known connections who have ill intentions; it is finding out more about people who are already associated in some way with violent extremism. It tends to be in support of particular operational requirements and particular investigations, rather than a much more generalised process.
  12:03:54
Keir Starmer
Q Can I turn briefly to equipment interference bulk powers? I do not think you were here when David Anderson gave his evidence—this may apply to you as well, Mr Inkster—but he raised a concern about the breadth of those powers. In particular, I think he said that what is called targeted is in fact so wide that it does not really fit with the notion of targeting. That chimes with the suggestion that it is very difficult to define necessity and proportionality in relation to those particular bulk powers. Can you assist the Committee with why, with those bulk powers, there is that problem of definition that David Anderson is concerned about?

Nigel Inkster: I will do my best to assist the Committee, but I should emphasise that I do not have a signals intelligence background and we are talking about capabilities that were in their infancy when I was still part of the intelligence community, so I am looking at this more from an academic perspective and with no privileged access—I no longer have any security clearances.

The issue is that the technologies are evolving so fast and in so many different directions that it can be very difficult to start from a clear perspective of what represents a proportional approach in certain cases. It seems to me that, in this particular set of circumstances, we have to make some allowance for a degree of trial and error—to see whether certain things actually deliver the kind of outcomes that were hoped for, but to be ready to cease using them and move elsewhere if they do not deliver the sort of results that would justify the kind of level of intrusion that we are talking about.

It is very context-specific. For example, if you are looking to try to thwart the attempts by a particular regime to illicitly acquire nuclear weapons capability, your target set defines itself relatively more easily than in certain other cases—transnational terrorism would be one of those where it is much more difficult.
  12:03:35
Keir Starmer
Q I have one final question for either or both of you. Am I right in thinking that, as far as internet connection records are concerned, although the security and intelligence services would not say, “There are no circumstances in which we’d really need them,” in reality, they are relied on much less by the security and intelligence agencies than by law enforcement, as a separate component?

Lord Evans: It is not impossible that they could be of value in an intelligence sense, but I think the principal driver for using them or for obtaining them is for evidential purposes, and that is made clear publicly. It is principally a law enforcement and evidential issue to inform cases coming before the courts more often than it is an intelligence issue. You could construct a scenario in which it might be of value, but the purpose of putting them in the Bill, as I understand it, is law enforcement and providing criminal evidence.
  12:03:51
Joanna Cherry
Q Lord Evans, I want to ask you about the savage murder of Fusilier Lee Rigby and the Intelligence and Security Committee investigation into that. It reported to Parliament that his killers had previously come to the attention of the Security Service on multiple occasions and that, in its view, intelligence reports were mishandled. I think I am right in saying that its inquiry suggested that, if the Security Service had more resources to cover more and lower-priority level targets, the outcome could or would have been different. Would you like to comment on that?

Lord Evans: The Lee Rigby murder took place after my time as director general—not that there is any connection between those two—so I am not very close to the actual facts. In general, one of the critical decisions—certainly for MI5, but it applies by logic to other people on counter-terrorism—is what you do not do. We have more leads which might connect to possible terrorist attack or to violent extremism than we can thoroughly investigate at any one time, so the service has created a quite rigorous triage process that ranks the seriousness of the available information, which is updated on a regular basis, and that drives therefore the allocation of resources.

The difficulty here is self-evident: obviously, sometimes you are working on the basis of fragmentary intelligence or unclear intelligence, so you have to make the judgment as to whether you put resources in to pursuing that or whether you put the resources in to something else. The fact is that sometimes you make a judgment on the available best evidence and then find out later that, actually, the situation was more serious than was apparent. That appears to have been the case with Lee Rigby.

Exactly the same issue came out after the 7 July bombings in London. Mohammad Sidique Khan had appeared in the context of Security Service investigations and police investigations a couple of years before. At that stage, he was assessed to be not a very serious threat and therefore he was put aside so that we could come back to him later while we did other things that were more immediately pressing, but in the interim his activities developed.

It is a problem. The question of course is: how do you get around that problem? The first thing is to use the best quality information available. The second is that the more resources you have, the more yesses you can give as to whether we investigate any one individual, but then you get into a judgment about how many people we think it is proportionate and necessary to investigate. If you doubled the resources of the Security Service again, there would still be cases where you might say, “We don’t have the resources to pursue that.” You ultimately get into a political judgment as to how much resource you want put into this and how much intrusion you have into the activities of people who might not be quite as threatening as others. That is a judgment that has to be made.
  12:03:51
Joanna Cherry
Q If the Government had given you more resources for more boots on the ground, would it have been possible for the security services perhaps to have had targeted surveillance on lower priority targets prior to this particular dreadful murder?

Lord Evans: There is no doubt that to some extent intelligence activity in counter-terrorism is scalable. What has happened since 9/11 is that the resources available to the Security Service and the other agencies have increased very considerably under both Governments—or all three Governments, if you want to put it in those terms. We have therefore probably got within the Security Service three or four times as much resource as we had previously.

There has been a very considerable uplift, but it is not just a question of people. Importantly, it is also a question of powers. Your capability to cover and monitor threats is not very often, although it sometimes is, a matter of boots on the ground; it is a matter of the overall toolbox available. One of the attractions of digital intelligence and the sort of powers that are outlined in the Bill is that it enables considerable coverage of threats without having to deploy lots and lots of people following people around and so on, which in some ways would be more intrusive.
  12:03:28
Victoria Atkins
Q We talk about the security services and the other agencies as block organisations, but of course the quality and effectiveness of an organisation depend on the people who make up that organisation. Could you give us, as far as you are able, an assessment of the qualities and character of the people who work for the agencies that you have led?

Nigel Inkster: In the United Kingdom, we like to maintain the position that intelligence and security work is a high-status profession. We look for quality people who might otherwise go into areas such as the law, merchant banking and that sort of thing. That is the level that we are pitching for, and that is not always the case around the world. In that regard, the United Kingdom distinguishes itself in the right way, in my view. We have very well educated and well motivated people. In my service, for example, we had people joining us in the wake of 9/11 who had taken very significant salary cuts and left high-paid jobs in the City to come and do this work precisely because they were motivated by and committed for what we regarded as the right reasons.

During my time in SIS, I was responsible inter alia for compliance with all the different oversight mechanisms to which we were subject. I had extremely long conversations with the various commissioners responsible for overseeing those activities. In all cases, their judgment was that the people we employed were highly motivated, took their responsibilities seriously and understood the powers that they had, the need to act lawfully and the need to use those powers in a wise, measured and proportionate manner. I think we are very fortunate as a country.

Lord Evans: I would agree with that. I think we have employed people who are intellectually able, are motivated by public service and are ethically sensitive. It might be useful to the Committee to invite the Clerk to find comments made by Lord Brown of Eaton-under-Heywood, a former Supreme Court judge and former intelligence commissioner, when the 2015 Counter-Terrorism and Security Bill was being discussed in the House of Lords. He gave a very, very strong endorsement of his experience of the quality and integrity of the members of the intelligence services that he had seen. If you want an independent voice, rather than a voice from inside the agencies, that might be worth finding.
  12:03:37
Victoria Atkins
Q In the nightmare scenario that there was a wrong ’un in the agencies, how would they be able to find that person and prevent them from misusing their powers?

Lord Evans: It is inevitably the case that you cannot ensure that everybody in the service is brilliant and saintly, because it’s human nature. As a result, we maintain a strong, continuing vetting procedure. Your vetting is reviewed on a regular basis and it is built into the way we do our appraisal to raise security-related issues. Also, particularly in the management of access to sensitive information, there are arrangements to ensure independent oversight of what is being done on the systems that the service has in place. In the same way that, if you were running a trading system in a bank or something, you would monitor the activities of the traders to try to identify improper activity, something similar is applied to the systems operating within the intelligence services. We rely on good recruitment and on continuing security vetting, but we also have some wired-in ways of trying to identify misuse of official resources for personal use or whatever.
  12:03:44
Peter Kyle
Q I would like to turn your attention from the efficacy and professionalism of your staff to that of the politicians you have had to deal with over the years. You have had to have relationships with several different Home Secretaries in your time. Have you always been able to get the time and attention you need from each of them at the moment at which you need it?

Lord Evans: I served under four Home Secretaries from both the Labour party and the Conservative party. I saw the Home Secretary without fail once a week, and quite often twice a week. All of them took a great interest in the work that the service was doing and its operations, and were regularly briefed. From that point of view, I think we were given very good airtime. In addition to that, there is the question of the time to look at warrants. They were not presented by the director general but were processed and nominally presented by the Home Secretary’s officials, so on top of that there was a lot of time spent by Home Secretaries on warrants. I can say, without going into great detail, that they did not all go through with a tick. Occasionally, warrants would come back and they would say, “Actually, the Home Secretary doesn’t want to sign this.”
  12:03:14
Peter Kyle
Q You have answered my second question, which does great service to your profession. Does the same stand for you, Mr Inkster?

Nigel Inkster: Yes. Obviously, our service’s interaction was more with the Foreign Secretary, but our experience is comparable. I cannot think of a single case of a Foreign Secretary who did not take a serious and sustained interest in this area of work. I cannot think of a Foreign Secretary who did not take a serious and sustained interest in the kind of warrants and submissions that they were asked to approve. My experience, like Jonathan’s, is that these did not go through on the nod. There was lot of self-policing in the system, because we knew that a weak case would not stand. There was no point in putting it forward, because its fate would be clear, so one did not do that. The only other thing I would add is that my experience has been that, without fail, the senior politicians involved in this business owned the decisions that they took, stood by them and did not, as they well could have done in many cases, try to fend them off on to somebody else.
  12:03:20
Peter Kyle
Q My final quick question is: is there much difference in the behaviour towards issuing warrants between Home Secretaries, or do you find it a consistent experience?

Lord Evans: Broadly speaking, all the Home Secretaries took a similar view on this. I have never come across a Home Secretary who was pro-terrorism, obviously. I suppose, in practice, what happened early on in the time of a Home Secretary being in post was that you tended to get more questions, which is entirely as you would expect. If a new Home Secretary came in, quite often they would say, “I don’t understand that. Bring me somebody to explain it.” So they are doing their job. Of course, that is an iterative process because if you understand that a Home Secretary has particular concerns about area x, you will put a little bit more effort into explaining it and making the case. You would tailor it to some extent to the particular concerns of any particular Home Secretary, but the overall threshold employed was roughly the same.

I would say one other thing. I do not want to name names for this purpose but I can remember at least on one occasion briefing a new Home Secretary on something we were doing that was really quite intrusive, although it was lawful. I said, “I need to tell you about this.” Their initial reaction was, “That’s fine,” and I said, “No it isn’t. You need to think about this. You cannot just say ‘This is fine.’ You need to be aware that this is potentially quite audacious. May I suggest that you look at this in a little more detail rather than go with something off the top of your head?” We did try to ensure that Ministers really were internalising this. We were not just trying to get it past them without them thinking about it, not least because if something then comes up, you do not want to be in a position where the Home Secretary says, “You never told me this could get me into trouble.”
  12:03:23
The Chair
Okay, we have to move on to the Minister now.
  12:03:56
Mr Hayes
Q On Second Reading, Mr Starmer said that you do not know that someone is a suspect until they are a suspect and that at that point you need to know who they are speaking to. The filtering process that you described in your earlier remarks is about taking very large amounts of data and, through that filter, in the end dealing with very small amounts. We have heard a lot of concerns and paranoia about bulk powers. Would it be fair to say that that filtering process is as much about excluding people as it is about including them?

Lord Evans: It is essentially about that. The purpose of the whole machinery is to put the surveillance on people who are actually a direct threat to our national security. You do not want anybody else in the system. You need to get everybody else out of the way as early as possible; otherwise you will get distracted by things that are a waste of resources. That puts you in a very vulnerable position, of course, because something will go wrong. Yes, you are quite right that we are trying to clear away all the things that are not relevant so that you can focus down on to what is relevant.
  12:03:57
Mr Hayes
Q Another of Mr Starmer’s arguments was on equipment interference. Does equipment interference become more important as, for example, encryption makes other means by which you would get to the same destination more difficult?

Lord Evans: I am not a siginter so I would find that slightly difficult to know. The fact that we have a multiplicity of devices that any individual will be operating on at any one time means that selecting out those that are really significant becomes a more and more important process. That is certainly the case and I suspect that is part of that bulk process. Because these are overseas powers, this is fundamentally a sigint issue. Therefore I do not feel fully able to answer your question.
  12:03:23
Keir Starmer
Q I have just a short supplementary question on bulk datasets. There is a great sensitivity about some datasets. People might not mind if their flight details are kept, but they do mind a great deal if, for example, their mental health records are collected. If there was some extra provision in the Bill for sensitive or highly sensitive data, would that cause you any concern, assuming that in any given case you can get over the threshold?

Lord Evans: Our internal processes when we were going down this path did take these issues into consideration. As you say, health records are extremely sensitive, so you would need an extraordinarily high level of justification. If you wanted to externalise that into the process—I have not talked to anybody about this so this is my feeling on it—then as long as you are really talking about very, very intrusive datasets, I would not have thought that having an additional safeguard would be a showstopper.
  12:03:42
Keir Starmer
Q So if it was to externalise what was internal practice, which is obviously based on experience, that would not be a showstopper.

Lord Evans: I would not have thought it was a showstopper. You are going to hit definitional issues. It is a bit like journalists and politicians kind of stuff.
  13:03:49
The Chair
I am afraid that brings us to the end of the time allotted for the Committee to ask questions. On behalf of the Committee, I thank our witnesses for their evidence.
The Chair adjourned the Committee without Question put (Standing Order No. 88).
Adjourned till this day at Two o’clock.

Contains Parliamentary information licensed under the Open Parliament Licence v3.0.