Select Committee on European Union Minutes of Evidence


Examination of Witness (Questions 1380 - 1400)

WEDNESDAY 21 JUNE 2000

MR CHARLES CLARKE MP AND MR HUGH IND

  1380. Thank you for that assurance.
  (Mr Clarke) I would like to re-emphasise that we genuinely believe we cannot make this legislation work unless it is done in partnership with business. That has been the history of our dealings with the telecommunications companies where these arrangements have been in place. I think they would say they have worked reasonably successfully, we certainly feel they have worked reasonably successfully and have not been unduly burdensome, but that is a relationship which has evolved over a long period of time and people have understood how it has operated. We are very keen to get to that position with the other businesses we are talking about as well, but obviously that is an evolving relationship rather than one which already exists, as is the case with telecommunications.

Chairman

  1381. What steps have you taken to try to bring on board what you refer to as a smallish minority which has been most vocal?
  (Mr Clarke) I have met the organisations concerned and the individuals concerned on a large number of occasions. My Bill team, led by Mr Ind, has had far more meetings even than that. I have attended various events and discussed with them the issues. There are one or two who are genuinely utopian who believe we now live in an e-world where law enforcement does not need to exist—

  1382. We have had evidence from some of them.
  (Mr Clarke) But that is a tiny group of people. All the responsible commentators, and I include all the people in the public arena, accept the need for law enforcement and are trying to help us find a way through it. We have had a very large number of meetings and we have modified the actual legislation, both before the Bill was first published and introduced into the Commons, and through the Committee Stage in the Commons and then even in the early stages in the Lords. So we are having a very full debate about these issues.

  1383. Our concern has been that this could interfere with the inward investment on IT in this country and possibly lead to people going away and relocating elsewhere, and these are real, genuine concerns.
  (Mr Clarke) I have heard that argument. I respect it but I do not really believe it. I believe there are very, very many major considerations for IT companies about where they relocate, and this may be one of them but only one of them. I do not believe that what we are doing is eccentric compared with what other major OECD countries are doing in the area, though it is different in character. The most serious allegation on the point you have made which I have heard was in a meeting with the leader of the London Investment Bankers Association who suggested that some of their IT sections might be conveniently relocated, for example, to Switzerland, and we are working actively with them to reassure them on that point, because obviously that would be very serious. I know there are some companies, mainly the major international investment bankers, where there is an issue here which would exercise us. We are working with them. The major issue they have put to us is one we have not discussed so far which is the issue of the integrity of the confidentiality of their dealings and their worries with encrypting the situation so they can be sure their clients' dealings are entirely secure, and a heavy-handed Government which was all thumbs might lead to a situation where they would be forced to reveal information which they have no desire to reveal. I think we can go a very, very long way to meet their concerns by emphasising the requirement that we would place as the plain text, in what would be in almost all circumstances what they are dealing with, and therefore we would not be looking for the encryption keys and so on which they have. I think they will accept that as a means of doing it. We are actively looking at Clauses 46 and 47 of the Bill to find a wording which would offer the reassurance that people are looking for.

  Chairman: Perhaps we can pick that up later.

Viscount Brookeborough

  1384. Minister, in a recent visit to Brussels and Paris, we found that other parts of the EU, or other interlocutors, were very much avoiding this type of legislation at the moment and were rather feeling that we were going out on our own. Why are we going out on our own and why are we not seemingly more prepared to discuss these issues with other Member States prior to doing it?
  (Mr Clarke) I am very grateful for this question because I think there have been a number of misunderstandings in this area. Firstly, many countries do require their telecommunications providers to maintain interception capability, and that includes France, Germany, the Netherlands, Sweden and Australia. Holland provides a similar requirement in the world of the Internet. The Dutch Telecommunications Act, 1998, provided a legal framework for interception by Internet Service Providers who have until April 2001 to instal an interception capability. Of course, in developing our requirements this Government is taking full account of internationally recognised standards such as the International User Requirement for the Lawful Interception of Communications, which was adopted by EU Member States in 1995 and has now also been adopted by the USA, Canada, Australia and New Zealand. I was briefed that you had been to Paris and I thought I would ask for a briefing on the particular situation in that context and it may be helpful if I just set out the situation as I understand it. The French actually introduced and passed legislation requiring mandatory key escrow some years ago, and we all agree I think that that was a mistake. They certainly do. We, as a Government, have ruled out key escrow as part of the Electronic Communications Act and have made that quite explicit, but that was once favoured by many western countries. As I say, the French went as far as to pass legislation on the subject, they then rescinded the legislation in the face of massive industry pressure of the type you are describing, and they are now considering a more middle-of-the-road policy. Since this legislation was only rescinded last year, it is perhaps not surprising they are a little circumspect about replacing it and how they are going to do it, but I would be very surprised if they do not end up with something fairly similar to where we are at in this whole approach. We have recently been in correspondence with colleagues in France and one of the criticisms of the RIP Bill in the House of Lords Committee, the one to which Lord Brooke has already referred, was the arrangements for paying costs which are seen as too vague; the Secretary of State here would be required to make an appropriate contribution. It is interesting to compare that with an equivalent 1996 decree in France when, after mentioning the obligations to take the necessary measures to allow the realisation of legal interceptions, the French decree adds that a convention between the state and the operator should, "guarantee a fair payment to the operator for these measures". This is extremely similar to our proposal and leaves a considerable amount of flexibility for co-operation between the state and the operator. I was grateful for notice you were looking at the question of France because that has helped me look into the situation and get the information. The final point to make in the Brussels context is in the international world, which you are all more familiar with than I am, there is a real difficulty about the relationship with the best and the good, because I think we are all agreed that it would be absolutely correct, certainly across the OECD countries or the G8 countries, to get to a state of affairs where we have a universal and international regime which applies to everybody particularly in relation to this type of business. That would be a desirable course of action but securing such an international agreement, not just in this area but I mentioned money laundering, fraud, people trafficking and so on, is actually extremely difficult, and I do not think we can accept—and the Government certainly does not accept—we should simply delay doing anything in this field until international agreement is reached. At the moment international organised crime in the way I described in my opening statement is active and we believe it does need to be contested, but I hope I can offer some reassurance in saying that I feel strongly that our major OECD allies are very concerned to legislate in this area for exactly the same reasons that we are.

  1385. It seems that within Europe there are quite a lot of reservations and in fact there is the conclusion that, as you say, France has recently rescinded theirs. When you were talking earlier about businesses and trying to cope with their reservations, there is of course another side of it which is the individual users, and it would seem there is no way that any amount of consultation with business would ease the fears which have been generated in the public, maybe in an incorrect way, by the press, and therefore it has become a popular issue which may well mean that other European states do not come anywhere near what we are doing and therefore we are very much out on our own.
  (Mr Clarke) I do not accept we are out on our own. I do accept the point you made, which is absolutely correct, about the confusion. In the same sense there is a tension—I am glad to say not a deep tension but a tension—between the Home Office and the DTI in this country—the DTI with responsibility for promoting business, ourselves with the responsibility of pursuing law enforcement—an absolutely parallel tensions exists in each of the major EU countries in precisely the same kind of way. As I said in my introduction, it is a question of finding a balance in these things, which we think we have achieved here, but I do not accept we are completely out on our own in saying that. I think the Dutch example is a very real one and I can say that both our political and economic allies who are very close to us are looking very closely at working with us on these matters. The individual user point is, I think, a very important and subtle one. You referred to the fears which have been generated, I do believe that there are a number of individuals and organisations which have been positively alarmist in the way they have raised some of these issues, for example by suggesting we are going to look at all the e-mails and all the web hits for everybody in Britain, which is just absolutely not the case; it is completely untrue. But I acknowledge the truth of what you say, that there is a major obligation therefore on us and the Government to explain what we are doing in a frank and direct way to try and overcome some of these fears which people may well have because of the media coverage and other issues which have been raised, both for its own reason and, more significantly, because of the point Lord Brooke raised earlier, about the need to inhibit people to relocate their businesses.

Chairman

  1386. Let me just observe on that there are some OECD countries with New Zealand and Australia which have legislation which is not dissimilar from what we are wanting to enact. We felt our major competitors, Germany, France and Italy, were certainly well behind and there was a fear that we might start to see migration towards investment in France rather than here.
  (Mr Clarke) I was at the G8 meeting in Moscow representing the Government in October last year on money laundering and organised crime, and Janet Reno represented the US. The German Government was represented by two ministers who took completely opposite positions on this, in exactly the way Lord Brookeborough is implying, and I had interesting conversations with both on them on just this question.

Baroness O'Cathain

  1387. One was the equivalent of the Home Office and one was the equivalent of the DTI, was it?
  (Mr Clarke) It was not actually, it was more their interior and justice basically. Civil liberties was justice, and the interior was the hard (?) one.

  1388. You are probably aware of Professor Norton who has done so much work on e-commerce. Was he not the one who did E-Commerce: The UK At Its Best? You have seen the quotation where he said, "Individuals in multi-national businesses may find themselves placed in an invidious position through the operation of this Bill. If an employee is served with an order to release high sensitive encryption keys, they are also likely to be served with a `gagging order' preventing them from informing others in the company. This protection does not extend outside the UK to other jurisdictions such as the parent company." The question is, does this not, firstly, endanger UK employees of foreign-based multi-nationals—and the Government, for its part, has been doing as much as it can to encourage inward investment; all Governments have been doing that—and, secondly, does it make the UK and UK-based employees less attractive to such companies?
  (Mr Clarke) I think the short answer to the question is no, but I would like to say that I respect Professor Norton a great deal, he is someone whose opinion I certainly take seriously and the Home Office take seriously and I do not dismiss what he has to say. He is not one of those who I was describing earlier as a scaremonger, I think he is an entirely serious commentator on the situation. That said, I do not believe that the danger in fact exists in reality. I have replied to him specifically on these points very recently at length, because I think his comments deserve a very serious response and, if it would be helpful, I would be happy to arrange for a copy of that reply to him to be sent.

  1389. That would be wonderful. I was going to ask if you could do that. That would be great, thank you.
  (Mr Clarke) Firstly, companies are unlikely to be asked for keys. Secondly, there is a strict limitation on when so-called "gagging orders" can be applied. Thirdly, we expect such notices normally to be served on the directors of companies, so the issue of particular employees would not arise. So a combination of these three factors makes the scenario, we think, very unlikely. If there is something we can do on the face of the Bill to make it clear—and this is why I corresponded with Professor Norton—we are very interested in doing so because we do think there are fears around and if we can help reassure by changes, we are prepared to look at that. I should like to make it clear that a person's duty of confidentiality to another, however it arises, will always be compromised to a greater or lesser extent by national rules requiring disclosure of information. That is always the case in a variety of different areas and certainly international institutions. In this respect, Part 3 of the Bill we do not think does any more than the many disclosure requirements approved by Parliament over the years. Indeed, we believe the effect of a decryption notice on confidentiality should be minimal. So I am grateful for the chance to explain what the Government's view is, but if it would be helpful I am very happy to circulate the correspondence.

  1390. That would be very helpful. As a supplementary to that, can I just pick up one thing you said, Minister, and that was that the fault, so to speak, could not be laid at employees' doors but at the doors of the directors? Can I say that I am sure you are aware, certainly the DTI would be aware, I am not so sure the Home Office necessarily would be, there is a very strong feeling in British business at the moment that with more and more onus being put on directors the right people who would do the job correctly could be reluctant to put themselves forward for the job of director. Anecdotally, I can tell you that I know of three or four cases where people have said that being a director of a large company is absolutely no picnic, "Forget it, I do not need that", because at every turn you find there is yet another potential area where you could be sued or put in a difficulty. I think you have to be aware of that as well.
  (Mr Clarke) That is helpful. I acknowledge the point. We did in fact remove directors' liability in the comments on the Part 3 point to meet some of those points. I only made the point about directors in my response to your first question because there is a line running that somehow we are going to pick individual employees somewhere in the system and directors would not be aware of it. That is why I wanted to place on record that we expect notices normally to be served on directors of companies so it would not arise in that way.

Lord Cavendish of Furness

  1391. Minister, I am immensely encouraged by your obvious determination to make this a good Bill and improve it and listen. I would like to get a flavour of whether this is a pioneering Bill to the extent you appear to be turning your back on one of the experiences, which is the American experience, where the law enforcement agencies are encouraged to develop forensic hacking techniques and thus make more verifiable people with control. Have you looked at and rejected the American experience?
  (Mr Clarke) Fundamentally, we do not see forensic hacking, which is a useful and important device, as an alternative to passive interception. Both are very valuable weapons. Authorisations for such activities in this country would currently be authorised under the Intelligence Services Act 1994 or the Police Act 1997. Interception activities would be organised under the RIP Bill. In all cases the activity would have to be authorised by the Secretary of State or by surveillance commissioners under the Police Act 1997. I do not think that legal controls on forensic hacking are any more stringent or verifiable than those on interception, or vice-versa. I would be surprised myself, although I have not had substantial debate with the industry about this, if industry would be reassured by the encouragement of large scale forensic hacking as an alternative to what we are doing. We think that the interference with industries' systems by an unknown organisation and unknown to the business itself could cause a greater damage to networks if we were going down that course. I think I have to reinforce one point, whichever technique you use, for instance forensic hacking or interception, it is unfortunately the case that surveillance is a more and more important weapon to law enforcement in dealing with international organised crime. So if we were to drop a significant element of our armoury in this regard, we would be seriously damaged. We acknowledge in any case that law enforcement will take a hit simply as a result of the development of Internet technology and the ability of international organised crime to avoid what we are doing, but our aim is to minimise the impact of that.

  1392. Reading this at the Second Reading debate, I am sure you would have got the feeling that the House of Lords is not at all suspicious about your intentions, but it is always the case that the powers might be used by some future administration. I think those who lead innocent lives do not mind being looked at for the greater good, but I think those are the fears, it is giving governments powers which might be abused in the future. My second question is, again looking back over discussions in another place, the Technical Approvals Board, which was I think the Government's own suggestion, has gone quiet. Are you backing away from that?
  (Mr Clarke) We are very interested in the idea but we think—and this was something the Conservative Opposition said in the Commons—there should be an advisory board rather than a formal approvals board. The final say should rest, in our view, with the Secretary of State. We are very prepared to discuss the form of a board and how it should be, because there is a great interest in institutionalising a form of dialogue between business and Government in this area, which would really be well-informed on both sides, and such a structure would be valuable, but industry has told us that they do want a specific approvals board in the Bill. The existing public telecommunications operators do not want that. Also ISPA, the Internet Service Providers Association, and the London Internet Exchange, do not want that and I have discussed it specifically with them. What they have said to us is that they would like something like the Internet Crime Forum, which is a non-statutory body, to take on the role so there is a proper discursive process which can operate. We have had therefore, at industry's instigation, preliminary discussions with the Internet Crime Forum which I believe have genuinely been positive. We see that as a way to develop the relationship. So there is no argument about the concept of having such a vehicle for proper dialogue between the industry and Government, the only point at issue is whether it should actually approve the applications or whether it should be advisory. We think we are with the industry in saying it should not actually approve, that should be a matter for the Secretary of State.

Chairman

  1393. Given the international nature of this, you may be interested to hear that when we were in the OECD they said Britain had played its full part in OECD on e-commerce but there was perhaps not quite the take-up of the facilities that were available to them, the follow-through, from the UK Government. Perhaps there might be something there worth pursuing.
  (Mr Clarke) That is helpful. For the Home Office, which I do not think is the best of partnership organisations, if I can put it like that, we have really welcomed this dialogue with industry which follows from the part of the Bill being passed from the DTI to us. I think Mr Ind and his colleagues would say that it has helped them a great deal in the way the whole thing has developed and also will develop new ways of working into the future which is very positive, and the type of structures I was describing in answer to Lord Cavendish are a means by which we can make that work better, but I will take that as a specific point.

Lord Woolmer of Leeds

  1394. May I return to the United States, Minister? The general perception is in the United States the approach is different from that being adopted here in the UK, could you just for the benefit of the Committee tell us how you would characterise the American approach and how it differs from the UK approach?
  (Mr Clarke) It is difficult to answer that question in the sense that the whole legal structure of the States and the political structure of the States are so fundamentally different from our approaches. I have discussed this with Janet Reno and from the law enforcement agency side we have a very common shared agenda and there is a very strong relationship in these issues between the UK and the US, which is very well developed. But when you come to the question of how you regulate, which after all is the imposition of the requirements of the Human Rights Act and the European Convention of Human Rights, it is simply a fundamentally different regime simply because the legal structures with the Supreme Court and so on are different. So I am not quite sure how I can characterise the answer more than that. I think there is an absolutely common purpose between the Governments, including law enforcement, in both the US and the UK to hit organised crime in these areas, and there is very strong practical co-operation, but the legal and judicial arrangements around it, which of course is what this is all about, vary so much; they are quite fundamentally different in style.

  1395. Is it possible to characterise the United States as one where the political process is not willing to give to the executive powers of intrusion into the activities of business or of individuals, and that they are placing emphasis upon the security service's ability to hack, as it were, whereas here we go the other way around? Is that reasonable?
  (Mr Clarke) I think it is a reasonable picture. The fact is their whole system is based on the triumvirate of the legislative, executive and judiciary, which have a completely different set of relationships from our legislative, executive, judiciary. One of the biggest debates we had in the Commons on this, as I alluded to earlier in responding to Lord Brooke, was this key issue about the relationship between the executive and the judiciary and who has the power to deal with these matters. The conventional view here on these matters has been these are matters for the executive. The view in the States, as you say, has been more focused on the role of the judiciary. I do not think that is so much a consequence of the issues being addressed in this legislation as of the fundamentally different legal and political structure of the two countries.

  1396. Will that not lead to a very different way in which the United States will seek to tackle these issues in practice compared to that in the UK? If that is the case, why can we not in the UK adopt the same approach as in the United States? Or are you suggesting that the American system will not work, in other words they are deemed to fail because they are not adopting the more detailed intervention technology and techniques which we are proposing?
  (Mr Clarke) Not at all. Firstly, they have legislation before Congress; the Cyberspace and Electronic Security Act is before Congress for consideration. I do not think they are bound to fail at all. I may be missing the point, in which case I apologise, but it is the fact that the constitutional structure of the United States, founded as it is in a written constitution Bill of Rights, which involves the Supreme Court and so on, is fundamentally different in character from our constitution. That comes to a sharp point when one is talking about the role and powers of the state in relation to individuals, which is of course what this legislation is about. I make no criticism whatsoever of their system, it is their system and it works extremely well and extremely effectively, but our system also works well and is effective but it is different. I would not say we should junk our historical approach to this and switch to the American system—I am quite in favour of President Blair but not that much in favour of President Blair - any more than I would suggest they should junk theirs and come over to ours. The systems have evolved out of different constitutional structures. I think that is the reality which is in this Bill. There are some people, the Liberal Democrats in particular, who argued in Committee and on the floor in the Commons, perfectly legitimately, making the case we want to give the judiciary a much greater role in the British system for a variety of different reasons. That is fine, but it is not a view which traditionally either the Labour Party or the Conservative Party have accepted. So there was not much progress made on that area. Am I missing the thrust of your point in my response?

  1397. Slightly, but I would like to move on to one last point. Which bodies concerned with individual civil liberties have been consulted in this legislation and have any of those expressed any concerns about the proposed legislation and, if so, in which areas?
  (Mr Clarke) The main organisations are Justice and Liberty but also a range of other organisations involved as well. The Foundation for Information Policy Research, the FIPR, is also concerned with civil liberties in this area. We have had very extensive conversations with them and their main concerns—there may been some more minor and specific ones—have been the points you have addressed about the issues of burden of proof, where does that lie, how do you relate to the judiciary, should things be decided by the executive in its various guises subject to judicial review or authorised only by the judiciary. That whole area has been the main thrust of their concerns. I do not think I am overlooking anything. Could I perhaps ask Mr Ind about what those organisations have been saying?
  (Mr Ind) They also talked about arrangements for commissioners and tribunals and judicial oversight.

  1398. Just as in relation to business, quite properly, you have been seeking to ensure the business community are reassured, would you say that those bodies concerned with civil liberties have been equally reassured, or are there still elements of the Bill you are seeking to address to meet any such concern?
  (Mr Clarke) If I was being frank, I would say they had not been completely reassured, because they believe that only by the kind of change in arrangements which we are talking about, which is shifting to the judiciary, could we reassure them, and we are not doing that for the reason I have indicated. There are numbers of minor changes we have made throughout the Bill which have given them reassurance in terms of putting various protections in beyond what was the case. Mr Ind mentioned the point about commissioners, we have made proposals to reduce significantly the number of commissioners who are there and have a common office providing guidance, so there is common guidance across all the types of regulation and investigatory practices which operate. I think those kind of changes we have made through the course of the Bill have given some reassurance and have helped the argument. But, at the end of the day, I cannot put my hand on my heart and say to you that they feel the issues have been resolved. I did regard it as significant that in the Commons, the Liberal Democratic Party—and Simon Hughes, the member for Southwark North and Bermondsey, in his speech was very clear about this—nevertheless took the view they would at Third Reading vote in favour of the Bill in the Commons because, on the balance of judgment they were looking at, they thought that is what they should do. They in political terms are the people who made the arguments most strongly in relation to the organisations you are referring to, and we made a number of amendments which did give some reassurance but I cannot, as I say, honestly say to you that we have gone as far as those organisations would have wished.

Chairman

  1399. Minister, we are coming towards the end but just one final question on the effectiveness or otherwise of the legislation when it is put in place. As I understand it, the major obligation will be placed on the 20 largest ISPs and we have 400 or so ISPs operating, some of them very small indeed, but there have been no such obligations placed on them. Does it not undermine the objective of the legislation if you are focusing primarily just on the big ones? The criminals, for example, can decide simply to use the smaller ones and move around.
  (Mr Clarke) Our experience is very much based on what has happened with the telecommunications operators. We have had very satisfactory results being achieved at the moment, as we speak, by requiring only a small proportion of telecommunications operators to maintain reasonable capacity. Others merely have an intercept plan which could be put into operation were an intercept warrant to be signed in relation to communications carried on their network. We expect a broadly analogous situation to apply in relation to Internet Service Providers. It is only our critics who say that we wish to read every e-mail in the UK and to conduct mass domestic surveillance or put a black box in every Internet service provider. Those statements are wrong. We do accept there will be gaps in coverage, we acknowledge completely that is the case, not least for resources issues. The idea that we could go through the whole lot is just laughable, it is unimaginable. That is why the whole warranting process which takes place is very selective and goes in the areas where we think we can get the most impact in reducing crime. For example, 52 per cent of heroin seizures in 1998 were the result of interception, and similar statements could be made across other areas of organised crime, but we can only hit it by specifically focusing on the biggest priority areas, and that is what we do and what is what we continue to do. You said it was the final question but I would like to take the opportunity of really emphasising as strongly as I can that if it came to be that the Internet was seen, that e-commerce was seen, as being a major benefit for international organised crime organisations, or even at what may seem a more trivial level, children's issues in relation to paedophilia or whatever it might happen to be, I think that would be damaging to the whole of e-commerce business. That is why e-commerce business has said to us that they want to work with us to reflect this situation. There are particular examples, for example preventing terrorism, where it could be said that businesses would be the prime beneficiaries of our intercept intelligence. Coming back to your core point, Lord Brooke, we are seeking authority, we will seek authority, only in a very small number of cases where we think we can get the best benefits in our fight against organised crime so we do not make the claim—in fact we specifically reject the suggestion—we have some sort of blanket, universal coverage which can deal with the situation.

  1400. Minister, it has been very helpful indeed. Thank you very much.
  (Mr Clarke) Thank you.





 
previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2000