Richard Berry, Chris Farrimond and Simon Grunwell gave evidence.

Colleagues, before we see our next panel, may I say that we need to exercise some extraordinary self-discipline with two of these panels? We have three witnesses coming forward on this occasion, before we go back to a single witness. We then have four witnesses for half an hour. Can I ask Front Benchers particularly for discipline and sharpness in questioning, so they are razor sharp?

Thank you, witnesses: do sit down. Because time is pressing, will you tell us briefly, in no more than 10 words, who you are and whom you represent?

Richard Berry : I am Richard Berry, the assistant chief constable from Gloucestershire and the national policing lead for communications data.

Chris Farrimond : I am Chris Farrimond, from the National Crime Agency. I am the deputy director for intelligence collection.

Simon Grunwell: I am Simon Grunwell from Her Majesty’s Revenue and Customs’ fraud investigation service.

We are trying to get to the bottom of what an internet connection record means in the Bill. We have the words on the page in front of us. From a practical point of view, should this Bill become law, what do you think is going to be made available to you when you need to get an internet connection record?

Chris Farrimond : We put law enforcement requirements into the Home Office, which we gave quite some detail around—the who, where, when and how of internet connection—and the internet connection record has been defined as a result of that. We believe that what we will get is down to the domain name, so it will give us, for example, The Guardian newspaper website, the easyJet website, or thetrainline.com. It will not give us beyond that. If we wanted to go beyond that, we would then have to go to that company with the appropriate authorisation in order to obtain any further details. What we need is to get to the front door. That is what we have been asking for.

Can I just make sure I have understood that? For booking a train ticket or something, I can understand that you need to go to the next level if you want to find out the particulars. If it is The Guardian website, what comes up first is a website. You can then click on it if you want to go to national news or international news, and within international news, you could go to Brussels, for example, as many people might have done in the last day or so, so you have gone through a couple of hyperlinks to a different page. Will the fact that you have done that come within what you consider to be an internet connection record? I can see for booking a rail ticket that you would have to go in to get the detail of what ticket, where to and all the rest of it, but when someone clicks through to linked sites on let us say, The Guardian, would you expect that to come within the definition of internet connection record?

Chris Farrimond : Our understanding, and what we have been asking for, is just to get us to the front door—the front door that is marked The Guardian, at which point, if we needed to go to The Guardian newspaper to ask for any further details, we would do that.

On internet connection records, as I have understood it, the purpose of getting the internet connection record in practically all cases is to bridge pretty swiftly into content using other lawful means.

Chris Farrimond : No, I would not agree with that.

What would you use them for?

Richard Berry: From our perspective, the use of the internet connection record would be very similar to that for which we use communications data anyway. That is potentially to identify further lines of inquiry—for example, that communications service that is accessed. It could be for evidence of illegal material, or the use of illicit material, whether that be child abuse imagery or counter-terrorism-related material, but also to provide a seed for further inquiry, such as thetrainline.com for us to establish, for example, where a suspect has travelled to and where they are intending to travel to. It is about an evidential line of inquiry. It could be evidence in itself, but also a seed for further investigation.

But in most cases it would be the seed for further investigation. Would it be rare for it to be an end in itself?

Richard Berry: Indeed, because of its high granularity.

No other country is going down this route to solve the problem of access, which is a growing problem. What are other countries doing if they are not doing internet connection records?

Chris Farrimond: Sorry, I am not convinced that you are correct in that last statement that no other country is going down the same route. I believe Australia has gone down a similar route. Perhaps we need further clarification on that, but my understanding is that Australia has gone down exactly the same route.

Yes, but I think they have backed up a bit. Which other countries, to your knowledge, have a power to access internet connection records in the way proposed in the Bill or a similar way?

Richard Berry: None at this stage. I think there is a common view within the law enforcement community globally that all eyes are very much on the UK to pave the way in this respect. We are aware of the danger of the Danish experience and the difficulty the Danes had with the type of data they collected to achieve the investigative aims, but while the Australians are making steps in that direction, as Chris has highlighted, at this stage it is very much the UK leading the way.

Thank you.

Joanna Cherry, if I give you six minutes—I gave Keir six minutes—you will know what you are working with.

Thank you, Mr Walker.

Mr Farrimond, are you aware that just last week the Danish Minister of Justice informed the Danish Parliament that plans for a new internet connection record scheme have been shelved in Denmark?

Chris Farrimond: Yes, I am.

Are you aware that the reason given for that was the substantial cost and the economic burden for the Danish telecom industry?

Chris Farrimond: Yes, I am aware of that too.

I want to change tack slightly and ask you about the police online Crimestoppers website. I am sure everyone agrees that it is a useful service.

Chris Farrimond: Yes.

I looked at it again this morning and it says that when you fill in their form and say you want to be anonymous, you are guaranteed anonymity. That is correct, isn’t it?

Chris Farrimond: Yes, it is.

But if we pass this Bill, that assurance will no longer be accurate. Isn’t that right ?

Richard Berry: That is a technical observation, but I think the point is that, in terms of the collection of data and, more importantly, police access to or acquisition of that data, we are looking for stuff that is relevant and useful. So a line of inquiry or a justification for accessing the Crimestoppers website from my perspective could not be justified in terms of the necessity and proportionality tests required for giving that authority.

If we could reel back a little, if this Bill is passed, the purpose of internet connection records, we have been told, is to have a record of every device’s connection to every service. If anyone goes on to the Crimestoppers website and fills out the form, there will be a record of their connection to that service, so it is correct to say that their anonymity is no longer guaranteed. Is that not absolutely right?

Chris Farrimond: Where is that different from Crimestoppers? If someone phones in, they are guaranteed anonymity, but if we wanted to we could easily find out who made that call. We don’t because we guarantee anonymity. If we didn’t, no one would phone the number any more.

I am focusing on internet connection records. There may be other questions about communications data, but I want to clarify, because it may be very important to Members’ consideration of the Bill, that I am correct in saying that, if this Bill is passed as presently drafted, the assurance of anonymity on websites such as Crimestoppers will no longer be accurate because the purpose of internet connection records is to identify that A has used a particular device to connect to the internet service concerned.

Richard Berry: That is no different from the present situation with internet communications data. The fact that there is a freephone call number for Crimestoppers doesn’t mean that in technical terms that communication cannot be traced, but we just don’t do that because we guarantee anonymity. It wouldn’t be necessary and it wouldn’t be proportionate.

But when you use a phone to contact Crimestoppers, there is no tick box saying, “I want to be anonymous”, is there?

Richard Berry: There is an assumption. It is well advertised that Crimestoppers—

There is no tick box on a phone.

Richard Berry: Not that I am aware of. No.

But there is a tick box on the internet site saying, “I wish to remain anonymous.”

Richard Berry: That can remain.

That is there because we have discovered in police and law enforcement services, where I used to work as a Crown prosecutor, that if you guarantee people anonymity, you sometimes get more people to come forward.

Richard Berry: Absolutely.

So it is possible that, if this Bill is passed, we will actually dissuade people from reporting crime because we can no longer guarantee their anonymity.

Chris Farrimond: I am also responsible for covert human intelligence sources for informants. Of course, we know their identity, but we guarantee their anonymity. That is precisely what we do, although their identity is known within the agency. It is difficult to predict exactly how this could possibly impact, but if we are guaranteeing anonymity, that means we will not—

But we are not talking about CHIS; we are talking about ordinary members of the public, the sort of person who watches “Crimewatch UK” when it is on once a month, recognises one of the mug shots and goes on the website but is scared for their own safety and so wishes to remain anonymous. We need to be clear that that anonymity can no longer be guaranteed because all internet connection records will be collected. Is not that right?

Richard Berry: It would be guaranteed by law enforcement, because that is our operational policy. We would not access it. We do not retain the data, and nor could we access it, as a matter of policy.

But the fact is that the connection to a particular service from a particular computer will be recorded as an internet connection record and retained .

Richard Berry: In theory, that could be the case, but it would never be accessed. Lots of internet connection records would potentially be gathered, but we are very much about targeted inquiry, rather than bulk inquiry, so it would never pass the necessity and proportionality test.

That is an internal guarantee that you are giving us. There is nothing in the Bill to say that it would not be accessed, is there?

Richard Berry: Not that I have seen, no.

I will be mercifully brief. Given your very wide case experience, and the fact that an overwhelming number of serious crimes are now connected with both the technology and methods of modern media, can you envisage circumstances in which loss of life or severe injury might be prevented through equipment interference?

Chris Farrimond: Absolutely, yes.

That is something the Joint Committee recommended and now forms part of the Bill. On internet connection records, can you give us a flavour, also from your case experience, of the kinds of crimes and circumstances in which they might be vital to an investigation and, ultimately, to catching and convicting people involved in serious crime?

Chris Farrimond: Let us just start with the fact that internet connection records are the new comms data; they are the modern equivalent of comms data, the normal itemised billing that we have had for years and years. Criminals are using internet communications even if they do not necessarily realise it—when they send an iMessage, for instance, in an internet communication, rather than a text message. That is happening the whole time, and it is happening right across the population, whether people are law-abiding or criminal, so internet connection records now feature in every type of criminality. They are featuring more in those types of crime where the internet plays a larger part—fraud, for instance. I can talk about child sexual exploitation, where the internet makes it so much easier to share images, so internet connection records would be extremely useful for us in those circumstances.

Simon Grunwell: HMRC’s business model going forward is to put more and more services online to enable taxpayers to do more themselves, a bit like an online bank account. We already have online frauds. We are quite attractive for fraudsters, in the sense that we collect £500 billion a year and we pay out £40 billion in benefits and credits. Comms data helps us directly prevent the loss of £2 billion in revenue. On the ICR point, in particular, we have already had online attacks against us. In one case alone we were able to prevent the loss of £100 million. ICRs can only help us in that regard.

Richard Berry: From a local policing point of view, it is not just about serious crime; it is also about—if I can use this phrase—policing the digital high street. So ICRs could be just as relevant for cases such as domestic abuse, stalking and harassment, to prove a particular case, or to help us deal with what might seem, in isolation, to be a minor issue, but can often be on a path of escalation to homicide or very serious assault.

You were just asked about anonymity and the perceived danger to anonymity—for example, in the Crimestoppers scenario—but that would apply if I telephoned Crimestoppers now, wouldn’t it?

Chris Farrimond: It would.

Theoretically, you would be able to get access to the phone number that I have used and work out who that number was linked to and, presumably, link that to me now.

Chris Farrimond: Yes.

As I understand it, these internet connection records will be held by CSPs—communications service providers—not by the authorities.

Chris Farrimond: Correct.

In order to access those records, you have to apply to a SPOC, or via that procedure, and then a filtering process will apply.

Chris Farrimond: Yes, it does.

So the scenario of the authorities holding this information and being able, at a whim, to breach anonymity is nonsense, isn’t it?

Richard Berry: We certainly very much follow the procedure of looking at each application and testing it for its necessity against its purpose, the proportionality, the levels of collateral intrusion and things like the timescales involved. If you look at the annual reports of the Interception of Communications Commissioner’s Office in 2015, you will see that they even go to the extent—I think it was done on about 100,000 applications— of looking at the amount of time a decision maker, a designated person or, under the new legislation, a designated senior officer, actually takes to consider all the tests that are required to ensure that the parameters are tight and that justification is in place.

In my experience, the UK is regarded as a world leader in intelligence-led law enforcement and I am sure that you agree that the Bill will enhance your capability. Can you tell me how important to your work it is that this legislation applies extraterritorially?

Chris Farrimond: It is rare for serious crime to be investigated and to have no international aspect to it at all. Certainly in the case of the National Crime Agency, almost every single case that we investigate has got an international aspect to it, but I suspect that that is the same for both my colleagues as well. That means that communications data will almost certainly be held in a third country at some point, because we have been communicating with people in other countries. The extraterritoriality will at least give us the ability to ask for those data. I do not doubt that there will be some complications when it gets compared with the host nation legislation along the way, but, nevertheless, at the moment we have a very lengthy process to get material back from other countries, so if this can help in any way, shape or form in speeding that up, that will be a good thing.

Richard Berry: It certainly is a strategic priority for law-enforcement policing to look at how we can ensure, as Chris said, this fragmentation of data across server farms, in clouds and across several countries is increasingly a challenge for us, so any legislation that can help with that process will be particularly useful.

The other point that I would make, building on what you said in your introduction, is also quoted by the commissioner in the 2015 report. Communications service providers, certainly in the US, very much favour the British SPOC system, because there is a dedicated, rigorous system, whereas they could perhaps be approached individually by—I think, to quote them—one of “10,000 FBI agents”, all adopting a slightly different process. So we have got the right systems in place; I think it is really the relationships and the access that is critically important.

Simon Grunwell: I will just add that the internet obviously provides mobility and anonymity. We could have an attack from anywhere in the world, online, so we need to keep pace effectively with digital changes. Sometimes the only clue that we have as to who is criminally attacking us is a digital one. The ability to go extraterritorial to pursue that one clue could be vital.

In the Government’s response to the pre-legislative scrutiny, they refer to a sample of 6,025 referrals to the Child Exploitation and Online Protection Centre—CEOP—with which, I imagine,  Mr Farrimond, you are very familiar. It says that of those more than 6,000 referrals, 862 could not be progressed and would require the ICR provisions in the Bill to have any prospect of being progressed. In other words, for at least 862 paedophiles out of that sample, you can go no further because you do not have the tools. Does that accord with your day-to-day working knowledge of this field?

Chris Farrimond: Yes, we get around 1,500 referrals per month, some 14% of which we cannot resolve. We cannot take them any further. Whether it is that number of paedophiles, or whether it is a smaller number who are sharing the same images, we cannot be sure, but the bottom line—the important thing—is that we cannot protect the child because we cannot resolve the data.

Focusing on the point you have just made about protecting the child, a witness this morning referred to the collection of nude images and the security services apparently running facial recognition techniques on those images. Are such methods used to try to identify child victims so that law enforcement can find them?

Chris Farrimond: Yes, of course.

Finally, on the extraterritoriality point, Europol is the EU’s information and intelligence-sharing agency in The Hague. What sort of data do law enforcement across Europe share, through Europol, to try to tackle serious organised crime and for counter-terrorism?

Chris Farrimond: Quite a lot, actually. We feed into the Europol databases. We also, in fairness, have bilateral relationships, particularly when it comes to specific investigations, but for criminal data on themes, trends and so on, we will feed it into Europol to see if there are any cross-matches with any other country experiencing the same criminality.

So in those two areas—counter-terrorism and serious organised crime—this legislation could help not just our country, but our neighbours overseas as well.

Richard Berry: Yes, absolutely. From experience, I was involved in running a national operation on human trafficking, and we basically created a dataset from a significant amount of intelligence gained during that national operation over six months. It went straight into the analytical work files within Europol and we were able to map organised criminality right the way back to mainland China in some cases. The added value point, which is what you are making, very much comes from that sharing.

Simon Grunwell: Can I just add to that? A significant thread for us is organised tobacco smuggling, which is international by default. So it can only help .

Just a follow-up to a question asked in the last panel about ICRs as they relate to mobile devices and third-party apps. You brought up easyJet earlier, and I have got an easyJet app on my phone. As far as I am aware, it creates a lot of ICRs as defined in the Bill. There is no way to differentiate between an ICR that is created manually or automatically by a third-party app. How would that limit the operational effectiveness of ICRs for you?

Chris Farrimond: To go back to my previous answer on this point, from your mobile record—the ICR from that—we would require your provider, Vodafone or whoever, to help us to understand which flight provider you were using. If they came back to us and said, “One of the domain names is easyJet”, we would say, “Thank you very much.” That is what we would expect from Vodafone. We would then go to easyJet and say—with the right authority signed off, obviously, and with the proportionality, necessity and everything that goes with that—“Can you tell us about his travel plans?” They would, hopefully, be able to do precisely that with the data that they hold on their flight details. But as for the actual app, all that we would look for from your provider would be to tell us that you have been making use of easyJet, and that would give us the next point in our investigation.

I might not have used easyJet for several months, but the app still connects my phone to easyJet’s service provider. Likewise, I have a British Airways app. None of that limits any effectiveness for you?

Chris Farrimond: What I would expect to get is something showing you connected to easyJet for two minutes rather than for a nanosecond, or for an upgrade coming through. If we saw two minutes, we would say, “He did something with easyJet at that point.”

Richard Berry : Things like the tracking cookies you have on normal websites are not relevant information for our purposes. To offer a point of reassurance, we have a decade of experience of looking at what relevant data should be retained. ICRs are no different to that principle. Prior to any retention notice being served on a particular provider, law enforcement, the Home Office and the provider will be looking at the operational benefit, the cost and the technical feasibility of what data they hold and what data we would use. It almost takes each provider on a case-by-case basis to ensure we are gathering only relevant information. We could see those feeds back—the little connections you are talking about—being ruled out of the data we need to retain.

May I go back to the definition of internet connection record? To take it in stages, you are obviously concerned about your ability to deal with serious crime and the visibility of what you can do; I completely understand that. You make an ask of the Home Office, which as you said, is basically, “Who? When? Where? How?” That is where you think you need to go next, to maintain the ability you have now, because of the different ways people are communicating.

From that, you said, “Well, therefore The Guardian is enough for us, not that someone went to a page on Libya or clicked on something about Libya bombings, because that is not within our ask.” My difficulty is not to challenge why you want that, what you use it for or its utility. I just cannot see how the definition in the Bill is limited to your ask; in other words, it appears to go as far as you want to go.

Tell me if this is an unfair question, because it is about the words on the page, but which bit of the definition you understand to be the word or words that limit it to what you say you are asking for, rather than letting it go any further? At the moment, I cannot see  that bit of the jigsaw. In other words, which is the trigger word in the definition of internet connection record that says The Guardian website but not “within The Guardian, the words ‘Libya’ or ‘bomb’” or whatever it may be that means we cannot go beyond what you have asked for?

Chris Farrimond : It is a bit difficult for us, because as law enforcement officials, we have no hand in writing the Bill.

Fair point.

Chris Farrimond : We simply have presented our case to the Home Office, and in quite some detail we have explained what we think we need to be able to protect the public. I am afraid I cannot speak to the actual words on the page.

Can I follow that question with this last one? If the definition were to be reworded in a way that reflected what you had asked for but made absolutely clear that it did not go beyond that, would that not trouble you at all? In other words, if there were a word, a phrase, a group of words or a definition that made it clear in technical, legal terms that we are talking about The Guardian but not certain clicks within The Guardian website.

Chris Farrimond: As long as it meets the requirement we have put forward, absolutely.

Joanna Cherry, you have five seconds, and anyone who wants to answer has 10 seconds.

I will try. Unilateral assertions of extraterritoriality will not help us much, will they? What we need is bilateral or multinational agreements with other countries, such as we have through Europol.

Chris Farrimond: I would say that they will help, in that they demonstrate what the UK would like to achieve. We have really good partnership relationships with a number of countries around the world. If it so happens that they are looking at a similar sort of provision in their legislation, we could quite easily find common ground. It may be that that is not possible and we need greater detail, but there is no harm at all in saying, “Look, this is what we’re asking for. It’s quite reasonable, isn’t it? These are our checks and balances around it.” That is the start point, as far as I can see, for further negotiation.

Thank you. Well done colleagues—you were razor-like in your questioning.