Parliament’s Intelligence and Security Committee (ISC) has now published its detailed assessment report on the Draft Investigatory Powers Bill, with the latter representing the first major piece of legislation governing the security and intelligence agencies’ powers in over 15 years.
Given the debate over the past few years regarding both the necessity and extent of those agencies’ capabilities, it’s essential that the legislation receives proper consideration and independent scrutiny by both Houses of Parliament.
While the Joint Committee chaired by Lord Murphy of Torfaen is providing formal pre-legislative scrutiny of the draft Bill published by the Government last November, the ISC has provided detailed scrutiny of those aspects which relate to the agencies’ investigatory powers.
Dominic Grieve QC MP, chairman of the ISC, said: “The Committee supports the agencies’ use of investigatory powers where necessary and proportionate. We also support the Government’s broad intent to provide greater transparency around those powers through new legislation, and note that the draft Bill incorporates a number of the recommendations in our 2015 report on Privacy and Security. In particular, it provides explicit authorisation for Bulk Personal Datasets, Bulk Communications Data and Computer Network Exploitation for the first time.”
Grieve continued: “Against that backdrop, it’s nevertheless disappointing that the draft Bill doesn’t cover all of the various agencies’ intrusive capabilities, as the Committee duly recommended last year. This means that the various powers and authorisations remain scattered throughout different pieces of legislation and, as a result, the draft Bill is limited in terms of the extent to which it can provide a comprehensive legal framework.”
He added: “In our view, this is a missed opportunity. Taken as a whole, the draft Bill fails to deliver the clarity that’s so badly needed in this area. The issues under consideration are undoubtedly complex. However, it has been evident that even those working on the legislation haven’t always been clear as to what the provisions are intended to achieve. The draft Bill appears to have suffered from a lack of sufficient time and preparation.”
Grieve also stated: “Therefore, while we’re fully conscious of the time constraints upon the Government due to the sunset clause in the Data Retention and Investigatory Powers Act 2014, we would urge the Government to take its time when bringing forward the new legislation in order to construct a comprehensive and clear legal framework for authorising the actions of the intelligence agencies.”
Approach towards privacy protections
Turning to the detail of the provisions, the ISC’s report focuses on those areas of the document where it believes “substantive amendment” is required. The first such change relates to the approach taken towards privacy protections.
“We had expected to find universal privacy protections applied consistently throughout,” explained Grieve, “or at least an overarching statement at the forefront of the legislation. Instead, the draft Bill adopts a rather piecemeal approach which lacks clarity and undermines the importance of the safeguards associated with these powers. On this basis, we’ve recommended that the new legislation contains an entirely new section dedicated to overarching privacy protections. This should form the backbone of the draft legislation around which the exceptional powers are then built. That will ensure privacy is an integral part of the legislation rather than an add-on.”
Grieve and his colleagues* on the ISC also recommend major changes to the powers contained in the draft Bill in the following three areas:
At present, the draft Bill only covers the agencies’ ability to conduct Equipment Interference to obtain information (Computer Network Exploitation). Other IT operations will continue to sit under the broad authorisations provided to the agencies through the Intelligence Services Act 1994 regime.
“This discrepancy is unnecessary and counter to transparency,” insisted Grieve. “We recommend that all IT operations are brought under the same legislation, with the same authorisation process and the same safeguards. In relation to the authorisation process, we haven’t been provided with sufficiently compelling evidence as to why ‘Bulk’ Equipment Interference warrants are required. In our opinion, ‘Targeted’ Equipment Interference warrants can be drawn sufficiently broadly that a separate ‘Bulk’ warrant is unnecessary. We recommend that Bulk Equipment Interference warrants are removed from the legislation.”
Bulk Personal Datasets
The draft Bill provides for the security and intelligence agencies to obtain a Class warrant allowing them to collate any number of Bulk Personal Datasets of a general class or type (for example, travel data). As a general principle, the ISC considers that class authorisations should be kept to an “absolute minimum”.
In this case, given that each Bulk Personal Dataset potentially contains personal information about a large number of individuals – the majority of whom will not be of any interest to the intelligence agencies – the Committee considers that each dataset is sufficiently intrusive that it should require a specific warrant. The ISC recommends that Class Bulk Personal Dataset warrants are also removed from the legislation.
“The approach to the examination of Communications Data is currently inconsistent and confusing,” outlined Grieve. “The Committee considers it essential that the same safeguards are applied to the examination of all Communications Data, irrespective of how it has been acquired. This must be clearly set out within the legislation. It’s not sufficient to rely on policy and good practice.”
In conclusion, Grieve said: “In addition to these substantive issues of principle, there are a number of more detailed matters requiring specific amendment addressed in our report, such as ‘operational purposes’, time frames and the ‘extra-territoriality’ of the draft Bill. We consider these changes necessary if the Government is to bring forward legislation which provides the security and intelligence agencies with the investigatory powers they require, while at the same time protecting our privacy through robust safeguards and controls.”
Responses from Big Brother Watch and Liberty
Following the publication of the ISC’s report on the Draft Investigatory Powers Bill, Renate Samson (CEO at Big Brother Watch) commented: “The Intelligence and Security Committee has dealt a serious body blow to the Draft Investigatory Powers Bill. Once again, the proposals have been defined as too broad and lacking in clarity.”
Samson continued: “The Committee’s recommendation for privacy protections to be made the ‘backbone’ of any future drafts of this Bill are welcome, as are its concerns regarding bulk powers. Powers the Committee highlight could impact all UK citizens, suspect or not. That the list of ‘operational purposes has not yet been finalised’ for bulk powers is, quite frankly, absolutely staggering. How can these intrusive powers be fit for purpose if we don’t know what that purpose is?”
In addition, Samson opined: “We now await the findings of the Joint Committee, but for two Parliamentary Committees to have expressed serious concern about so much of the draft Bill indicates that the problems facing any future legislation may well be insurmountable.”
Bella Sankey, policy director for Liberty, explained: “This forensic and damning critique supports what Human Rights campaigners and ‘tech’ sector experts have been saying for months. So far, the Home Office has made a dangerous mess of this important legislation. Its overly broad bulk powers must be scrapped.”
Continuing this theme, Sankey stated: “This Bill will affect every single person in the country. The Committee has branded sections of it “misleading”, “unacceptable” and “a missed opportunity”, recommending a redraft. The Government clearly needs to put the brakes on immediately and give this Bill the time and thought it deserves.”
*The ISC is a statutory committee of Parliament with direct responsibility for oversight of the UK’s intelligence community. The Committee was originally established by the Intelligence Services Act 1994, and has since been reformed by way of the Justice and Security Act 2013.
The Committee oversees the intelligence and security activities of the UK, including the policies, expenditure, administration and operations of the Security Service (MI5), the Secret Intelligence Service (MI6) and Government Communications Headquarters (GCHQ).
The Committee also scrutinises the work of other parts of the UK’s intelligence community, among them the Joint Intelligence Organisation and the National Security Secretariat in the Cabinet Office, Defence Intelligence in the Ministry of Defence and the Office for Security and Counter-Terrorism within the Home Office.
The Committee consists of nine members drawn from both Houses of Parliament. The chairman is elected by its members. The members of the Committee are subject to Section 1(1) (b) of the Official Secrets Act 1989, and are routinely granted access to highly classified material in the course of carrying out their duties.
The Committee’s present membership is as follows: Dominic Grieve QC MP (chairman), Sir Alan Duncan KCMG MP, George Howarth MP, The Lord Janvrin GCB GCVO QSO, The Marquess of Lothian QC PC, Fiona Mactaggart MP, Angus Robertson MP, Keith Simpson MP and Gisela Stuart MP.
The ISC sets its own agenda and work programme. It receives evidence from Government ministers, the heads of the intelligence agencies, officials from the intelligence community and other witnesses as and when required.