Eric King and Sara Ogilviegave evidence.

We will now hear oral evidence from Don’t Spy On Us and Liberty. For this session we have until 12.30 pm.

Welcome, and thank you for coming. Will the witnesses please introduce themselves for the record?

Eric King: I am the director of Don’t Spy On Us, a coalition of non-governmental organisations in London who are concerned about surveillance.

Sara Ogilvie: I am a policy officer at Liberty, which is a UK-based human rights organisation.

Because we do not have much time, I would like to ask Eric King some questions about bulk powers and then Sara Ogilvie some questions about internet connection records.

Eric King, do you have any concerns about the definitions and scope of the bulk powers in the Bill?

Eric King: It is important to understand the level of interception that takes place by our agencies and that will continue to take place under the warrants. My view is that bulk interception as it is currently practised by GCHQ is not a proportionate act and is not strictly necessary. The reason why is that, at the moment, we know from the ISC that there are just 10 warrants, which are authorised every six months, that permit the interception of 50 billion pieces of communication every single day. As a lawyer looking at that, I struggle to be imaginative enough to understand how you could craft a warrant that would appropriately assess the proportionality equation at that moment, given the scope of what is taking place.

The reality of how our signals intelligence agencies work is that, once those 50 billion communications are intercepted, the vast majority of GCHQ’s expertise is in automatically processing that and analysing it into what it calls query-focused datasets. We do not necessarily need to understand all that, but it suffices to know that GCHQ touches it in such a way that it results in significant intrusion on those communications.

Can I press you on that? To some extent, we are proceeding on the basis that there are two exercises involved when it comes to bulk powers. The first is the acquisition or holding of the data, and the second is, at some subsequent time, the accessing of those data, subject to different thresholds. Is it as simple as two distinct exercises, or is there more to it than that?

Eric King: There is considerably more to it than that. The intermediary stage—the point at which you have collected the material—is really just the first assessment. From that point, GCHQ’s computers begin processing the material and providing analytics on it—for example, voice transcription or keyword analysis, or they might be doing facial recognition on certain imagery.

There is one programme that we know about called Optic Nerve that resulted in GCHQ intercepting 50 million pieces of webcam traffic, which included 3% to 11% of material that was undesirable nudity. Once that was collected, GCHQ deployed facial recognition on it. There is no warrantry stage at that point. It has already been collected under those 10 warrants. All the processing is done without any authorisation. It is only at that final bit that you highlighted, when an analyst may wish to look at it, that we have an additional safeguard.

Given your concerns, do you have alternatives that you think would serve the same purpose as some of the bulk powers?

Eric King: My starting point is that there needs to be formidable intrusive powers for our agencies to operate, but they must be targeted. When you are targeting it can be difficult and you can have some additional collateral around the targets you are seeking to obtain communications about, but it has to be proportionate collateral. At the moment, I just do not see how we can put our hands on our hearts and say that we are doing that properly.

I think there are a number of different models we could be looking at. In the US they have judicial authorisation of selectors that are put in place, all of which focuses on warrants being targeted at individuals, rather than on infrastructure or cables, which I think is not proportionate.

When you refer to selectors, I think you are referring to what happens in that middle period, between initial acquisition and later access.

Eric King: That is exactly right. We know that GCHQ has 50 billion targeting identifiers—these are the selectors. A simple one would be an email address or a phone number; a more complicated one might be an email signature or something like that. That is the reality of how the systems are genuinely processed, and those are the sort of places our law should be constructed around. It should be constructed around the technical and operational reality of how our agencies work, to ensure that our law is constraining how our agencies operate, rather than the technical ingenuity of the engineers at that point.

Your evidence is that much of this happens before the final access thresholds apply.

Eric King: Absolutely. GCHQ analysts do not wish to look at most material themselves. The main reason for that is that it is time consuming. If you can programme a computer to do the heavy lifting, to do the intrusion, the processing and the analysis, that is to their advantage, and that is where they have put that. The problem with that is that our legal framework does not recognise that shift in massive computing power intruding on those communications in a very sophisticated way.

Can I turn to you, Sara Ogilvie, on internet connection records, in particular? I know that Liberty has got a number of concerns about the powers in the Bill in relation to internet connection records. Could you give us a brief summary of the main headline issues from your point of view?

Sara Ogilvie: The problem with internet connection records, from what we have seen, is that they do both more than they are supposed to and less than they are supposed to.

In terms of doing more, it is clear that they will create a database of the internet connections that take place day in, day out of every person across the country. That is a terrifying amount of information to store either in one place or across a number of different databases. It creates a clear impression of what you are doing, with whom you are communicating, what issues you have in your life. That can involve some very confidential and private information. I have real concerns about that.

In terms of doing less, I am not as technologically minded as Eric but it has been made clear to me that what these powers are supposed to do is deliver certain information that can be used by law enforcement or the security services, perhaps to deal with paedophiles and undercover unlawful internet site usages. It seems clear that, given the bulk nature of these powers, they will not deliver that kind of information in a helpful manner. If anything, it seems more likely to drive criminals to use bits of the internet that will not be captured by the service. On the one hand, we have clear evidence of the things that law-abiding citizens are doing, but on the other hand, we do not have evidence on what criminals are likely to be doing.

I can see other hands going up, so I will end there.

To be clear, Mr King, is your evidence in relation to bulk interception and collection of data that there is intrusion and analysis of them by computer programs prior to any warrant being applied for?

Eric King: No. There will be warrants at the collection stage but at the moment it is simply 10. Those 10 warrants that are authorised every six months permit the agencies to intercept at an extraordinarily large scale: 50 billion connections every single day, and growing. We know that, in the past five years, that has increased by 7,000%. I say that those 10 warrants do not appropriately assess the proportionality requirements, and I do not think they are necessary in the current climate.

Once the intercept has been collected, there is a stage of the process at which it is analysed by a computer, and that stage is not currently the subject of any legal regulation.

Eric King: That is right. It is internal authorisation by the agencies. We have no visibility on that. There has been no published material about that. In various court cases, disclosure has been sought better to understand those points, but we have not got it. The best I can gather, the internal authorisations inside GCHQ are at a very low level, mostly analyst by analyst even rather than going up to senior directors inside the agency.

Just so we can be clear, does anything in the Bill involve legal regulation of that stage of the process?

Eric King: No, not at all. Our model is the same as it was 15 years ago. It is a very simplistic model that applies interception at one stage and then, when a human looks at it, an additional safeguard. However, that does not match the reality and, as a result, our warrantry, in my view, does not allow you to assess proportionality and necessity to an adequate level.

We know now, because it has been avowed, that previous Administrations had unacknowledged arrangements for bulk interception of the internet in the United Kingdom. Can you tell us whether those resulted in the collection and analysis of ordinary British citizens’ communications?

Eric King: In the Bill and previous practice, there was a lot of focus on the fact that this would be foreign-focused—that the goal is to collect material outside the United Kingdom. The practical reality is that you cannot do that any more. All our communications slush around through the exact same undersea fibre optic cables as foreigners’. In terms of GCHQ’s collection programme, we do not know the exact percentage. I would encourage the Committee to try and seek out how many British communications are collected into this, but there is no way for them to distinguish between them at this point. When there is a foreign-focused power, at least for interception, the reality is that it is a massive amount of British communications. Your communications are not exempt from that and neither are mine, no matter quite what we might try.

I would like to ask Ms Ogilvie a couple of questions if I may, Madam Chairman.

Order. Time is very short now, because we have seven more people waiting to speak.

I will ask one question briefly then. Liberty looked at the investigation by the Intelligence and Security Committee into the brutal murder of Fusilier Lee Rigby in May 2013. Did those inquiries suggest that if the security services had had more resources to cover lower priority level targets, the outcome could or would have been different?

Sara Ogilvie: The Intelligence and Security Committee report found that there were a number of failings that may or may not have led to the murder, but basically, the two suspects had both been known to the security services at various points. It had been decided not to treat them as priorities. When that decision was later changed and a warrant was sought to place one of the individuals under surveillance, delays meant that that warrant was not granted in enough time for that individual to be under surveillance at the appropriate moment. Those are absolutely not the powers in this Bill, or the use of powers in this Bill, that we have any exception with at all. That seems to us to be absolutely the right way to use powers. It was not a lack of information or a lack of target in this case; it was the fact that there was perhaps too much information to be used .

Mr King, I am not a lawyer, so forgive me. Are you a parent?

Eric King: Pardon?

Are you a parent?

Eric King: No.

I am—I have three daughters. I just wonder where the balance is between the sort of purity test, for want of a better phrase, and what law enforcement have told us—that, without ICRs, they would be unable to identify at least 600 child abusers in the UK alone. What weight should we attach to that?

Eric King: The police definitely have capability gaps at the moment, particularly around the resolution of IP addresses. I think that is really what the statement goes to: when they obtain these IP addresses, they are seeking to resolve them. There are lots of different ways you can do that, however, and I am not convinced that  ICRs are the answer to that problem. This was not a proposal by the police for ICRs; it was a Home Office answer to the problem. Last year, we had the Counter-Terrorism and Security Act 2015 that put in place new powers for IP resolution—they have not yet been put into use. My starting point would be that we should use them. They should be deployed. We should see how well they work and from there look at what the other options are. It seems to me that that important issue does need to be addressed and has been addressed, but we have not given it time to see whether or not it works.

You are right that there are a number of clubs in the golf bag of the law enforcement team and the agencies, but given that we live in an incredibly fast-moving, technological world, where international boundaries are not recognised and so on, would you agree that the more facilities that the agencies have available to them, the better—that is, the wider that the net can be cast, the more ne’er-do-wells one is going to identify and hopefully apprehend?

Eric King: Respectfully, as you acknowledge, there are different ways to solve a problem. Casting a very wide net is not always the right thing to do. IP resolution is certainly a very narrow technical issue that you need to resolve. Collecting all sorts of additional information in additional areas would not help resolve that narrow issue. I think you have to look at it on a case-by-case basis.

That is part of the reason why we need to scrutinise properly the operational cases for the variety of these powers, to understand which bits of them they help solve and which bits they do not. Certainly, intrusive powers need to be available to our law enforcement and agencies, but we need to understand which bits work and which bits do not.

This is a question for Sara. In evidence to the Joint Committee, Shami Chakrabarti criticised the Bill on behalf of Liberty, saying that judges would not have the same access to evidence as Ministers in the warrant process. We have just heard evidence from the independent assessor of the terrorism legislation, David Anderson QC, that that is not the case. The Home Secretary has said on the record that that is not the case, and that they would have the same access. Do you withdraw that criticism of the legislation?

Sara Ogilvie: No. This is one of the areas where there has been a lot of discussion and to-ing and fro-ing. If the Home Secretary wishes to satisfy our concerns, those are the kinds of provision that should be dealt with on the face of the legislation. It seems to us that judicial review remains an inherently limited jurisdiction. That is quite a legal term to say that there are only so many things that it can do. We think that a much broader power needs to be granted to the judicial commissioners in order to satisfy public concerns that the powers be used appropriately and to match human rights standards. This is an area on which the Home Secretary has sought to give lots of reassurance, in which case I think it would be best if she put that reassurance in legislation.

Evidence was given to the Joint Committee by Sir Stanley Burnton, the Interception of Communications Commissioner, and Lord Judge, the Chief Surveillance Commissioner. Both said that  the double lock involves an intensive analysis including analyses of necessity and proportionality. It is not simply rubber-stamping. Again, do you maintain your disagreement with those senior judges?

Sara Ogilvie: I respect and agree with the fact that an extent of necessity and proportionality analysis will be done, but there is still very limited capacity for judges and judicial commissioners to undertake this exercise. We have seen, and judicial review case law tells us, what level of scrutiny can be applied to different kinds of decision, and we know that where a decision does not involve a restriction on the physical liberty of an individual, a lesser scale of judicial review scrutiny will be applied.

We also know that where cases involve national security, judges must apply a lesser level of review. Although I recognise that there is a difference of views, I think it needs to be much clearer in the legislation. Judicial review should be avoided as a standard in this circumstance.

I will ask only one question. Mr King, you talked about the astonishing amount and huge volumes of data that are collected. Can you both comment on the statement that the sheer volume of information means that there is less of a threat to personal privacy, simply because individuals’ personal data are almost swamped within the mass of data collected?

Eric King: It is an interesting idea, isn’t it, that the more widespread the intrusion, the less potentially bad it is. That is not a view that I can understand myself, particularly now. Computer analytics of such material is going to increase. It is going to get better and faster. The more data being collected, the more intrusion will be applied year on year as GCHQ engineers find cheaper, better and faster ways to process it. Perhaps five years ago, swamping agencies with material might have resulted in people passing through, but every day, that becomes less likely and less real.

We have seen in the last five years a 7,000% increase inside GCHQ of the analytical capability on material. That means that 7,000% more material is being touched, analysed and scrutinised by those agencies. Perhaps it was an idea that could be comprehended 20 years ago, when it involved physical piles of paper that no one ever looked at, but now it is all being automated, and I am not sure that the notion stands up today.

Sara Ogilvie: I clearly agree with what Eric has said. The only thing I would add is that I ask you to consider the fact that we are not just concerned about the state having this information. All this information that is stored somewhere can be accessed by other individuals for nefarious purposes. We have seen the TalkTalk hacks this year. We have seen the VTech hacks. There are real and legitimate concerns about the way this vast amount of personal information can be used, not just by the state but by other people who really do wish to do us harm.

Can we keep questions and answers as brief as possible to get everybody in, please?

I, too, am not a lawyer but, unlike Mr Hoare, I do not apologise for it. Mr King, it was quite striking when you gave a flavour of the quantity of data that is being harnessed. Do you know whether that has ever led to an unlawful arrest, or a wrongful arrest?

Eric King: No. At the moment we have almost no visibility on how our security and intelligence agencies work on a day-to-day basis with our National Crime Agency. We know that they co-operate very regularly and we know there is a lot of material that is shared around, particularly for organised crime circumstances. I imagine that lots of the relevant material is passed to the NCA and others, and that will lead to arrests and occasionally presumably also unlawful arrests. But no, that is not material that is in the public domain.

Mr King, there was a phrase you used quite a few times during your evidence. That is, “We don’t know.” How long have you worked for the security services?

Eric King: I don’t work for the security services.

What security clearance do you have?

Eric King: None.

How many intercept warrants have you prepared or reviewed?

Eric King: None.

So, it would be fair to say that there is a great deal about the workings of GCHQ and other security services that you simply do not know about.

Eric King: Yes. In my evidence that I wrote to the Joint Committee I set out my frustration at my inability to be able to probe at the heart of the issues on this. We are in a much stronger position now democratically, I believe, with so much more material that is available. That has led to court cases and the Investigatory Powers Tribunal that has found unlawful actions by GCHQ. Without that material being published, we would not have been successful in those cases. I wish there were more but I do not have it all, I am afraid.

I am driven to ask, Mr King, against your evidence that you do not know much about how security services work, how many lives you are willing to sacrifice for your very pure plan of privacy?

Eric King: None. I do not think that any lives should be sacrificed for a pure view of privacy. We need both; we need security and privacy. Both are values that we hold in this society and are values that we should be ensuring that we get right in the Bill. That is why it is so important that we have long scrutiny on this because we should not simply provide an unlimited set of powers to our security and intelligence agencies. They must have some, and they must be formidable powers, but they need to be checked.

They need to be provided for by Parliament. We need to have proper authorisation and oversight for that. That has been my work for the past five years. So, no, while I do not hold a security clearance, it does allow me to come before you and talk about all the things that I do know. Regrettably, if I did hold a security clearance, I would not be able to be in that position.

Building on that, the Joint Committee did ask for an operational case for bulk powers to be published, and that has been seen and assessed by the ISC who do have  the security clearance that you do not have, who do have visibility on all of the things that you are not able to see. The ISC says that they are happy with that operational case. It seems to me that the more people know about this, the more comfortable they are with that operational case. I wonder whether you are questioning their judgment or simply saying that you disagree.

Eric King: No. It is certainly true that the more you see about some aspects of agency practice, you do get more reassured. Certainly, in the process of Investigatory Powers Tribunal cases that have taken place, I was pleased that there were areas that had safeguards when I did not originally think there were.

I have also been fantastically disappointed in other areas, where I thought there should have been very obvious safeguards, such as areas of legal professional privilege that were found wanting and unlawful by the IPT. I am afraid I have become a terrible judge on which bits I think the agencies have got right and which bits they have got wrong. I seem to be very poorly predicting it. On the operational case, I think the issue here is that we need a whole range of experts outside the ISC to be looking at this. I am not sure that it is the perfectly placed organisation or body to be looking at this. It has known about these powers and approved of them right the way through. I think that at this time, now that they are being put before Parliament plainly for the very first time, we should be looking to do what they have done in the US, which is to have an independent scrutiny of many of those cases, so that you can test them.

It is not enough simply to provide a list of cases where this worked. They need to be really looked at, because, as we found in the US, some powers that many thought would work, like the bulk acquisition of communications data, turned out not to be terribly effective. The 64 cases that the agencies in the US put forward, to say that these were powers that were needed, turned out to be false. Only one was of relevance, and it was not a terrorism case. So it is vitally important that we scrutinise them and have the time to do so.

I would like to pick up on something that you said in your evidence was about internet connection records. I would just like to ask you first of all, do you respect the work of David Anderson?

Sara Ogilvie: Absolutely.

Have you had the opportunity to read his report?

Sara Ogilvie: I have.

Are you familiar with paragraph 7.51 where he talks about Operation Notarise?

Sara Ogilvie: You will have to tell me what it says.

Are you familiar with Operation Notarise?

Sara Ogilvie: I am not sure that—

In that operation 600 suspected paedophiles were arrested, and 92% of the communications data requested proved helpful in tracking down suspects. That what he says in the report. Do you accept therefore that he has found evidence that the ICRs are helpful?

Sara Ogilvie: Those were not evidence for ICRs, as far as I am aware. I think that is to do with different communications data.

I am just reading from the report, and that is what it says. It gives the figure of 92% of communications data and says the questions provided were helpful.

Sara Ogilvie: Communications data are quite different from internet connection records. A significant amount of the powers that we have in the current Bill are ones that are replicating powers in RIPA, and I think the comms data ones you talk about are those. Internet connection records are actually something quite new, and something that David Anderson—

Do you accept that, if some communications data in an old form of technology is helpful, then in a modern form of technology exactly the same powers will also be useful?

Sara Ogilvie: I agree that there are powers that are absolutely necessary and helpful. I do not think that there is a direct comparator between old and new powers in this case. I completely agree that the security services and law enforcement need targeted powers to gather communications data, so maybe they can use those to target particular websites where we know that paedophile information is provided. They can be used to target suspected criminals. That is all completely adequate use of powers; but what we have is this broad power in the Bill that targets absolutely everyone and is not focused on those individuals, and that is what I have the problem with .

Mr King, you have mentioned a couple of times now, in the first part of your evidence, you talked about formidable intrusive powers. You quite agree that the agencies should have these powers. So in view of what has happened recently in Paris and in Brussels, I am really somewhat confused as to what you are trying to tell us in your evidence as to what the agencies should have. Do you know? Are you clear in your own mind what these powers should be?

Eric King: Yes. The Bill’s structure—some of the core powers there—you do not disagree with. The question is often about the scale of the powers—how they are used and the safeguards that are put in place around them. To my mind, the mass collection of material in a generalised form for analysis is not a proportionate activity, and I think this is something that particularly the European Court are confirming. I heard David Anderson say that there was a split view on that. It will be important to hear the judgments later this year, but they have to have very strong powers; but it is how they are used, and the scale of them, and the targets of them, which are so vital to get right. I am afraid that for me this is the bit in the Bill that is not in the right place at the moment, I suppose.

But criminals and terrorists would not regard it in that respect.

Eric King: They would not—

They would not see it the way you see it, obviously.

Eric King: I do not know what criminals and terrorists would think about this Bill.

If there are no further questions for Members, I thank the witnesses for their evidence, and we will move on to the next panel.

On a point of order, Ms Dorries. In any forum that I have appeared in where the witness is being asked a question about a document, particularly a lengthy document, it is customary to afford them the courtesy of having a copy of the document in front of them. Might I suggest that if we are going to ask further witnesses about documents, we afford them that dignity?

Further to that point of order, Ms Dorries. To put the contra view to that expressed by the hon. and learned Lady, should not the Committee expect witnesses who are giving evidence to be properly briefed and to have in front of them documents on which they are likely to be cross-examined?

I shall answer the substantive point of order. The information that the witnesses bring with them is their responsibility. It is not the normal procedure for them to have documentation in front of them or for the panel to know what information they have with them. As we decided at the start, they can always follow up in writing if they feel they did not have the right information.

I am very grateful to you, Ms Dorries, for clarifying that questions and answers can be followed up in writing.