Mark Astley gave evidence.

We are down to one witness. Mr Astley, would you introduce yourself very briefly?

Mark Astley: I am the head of NAFN Data and Intelligence Services.

Fantastic—that is an even shorter introduction than the one I have in front of me that details your distinctions.

From your perspective—the anti-fraud perspective—which of the powers in the Bill are most important to you and why?

Mark Astley : The powers to access communications are very important to our members. Trading standards are our main users. They are not high users but it is important for them to be able to investigate those crimes so they can support their community and the businesses that they are working for and on behalf of.

At the moment, you do not have access to internet connection records.

Mark Astley : Correct.

How does that inhibit you, if at all?

Mark Astley : At present, the impact is uncertain.

The impact of not having it.

Mark Astley : Of not having it—yes. There are areas, as colleagues have previously mentioned where, in the digitisation world that we are moving towards, everything is being conducted over the internet. That is something that may affect and have an impact on investigations for local authorities.

But at the moment you cannot say how not having it affects your ability?

Mark Astley : No.

And what do you think you will get when you get access to internet connection records?

Mark Astley : At the moment, I understand that we are not going to receive that access. Local authorities are not being included in having access to internet connection records.

No, local authorities are not.

Mark Astley : No, but some of the other public bodies may get access to that. That would give them the front door to the internet provider that they have entered.

But your network is not just limited to local authorities.

Mark Astley : Currently it is for communications data, as the legislation stands.

Within your network, what are the other bodies and agencies?

Mark Astley : Can I just elaborate a little bit more about our organisation? We provide a service to assist them in obtaining data and intelligence to assist investigations. However, from a telecommunications perspective, we are only able legally to operate on behalf of other local authorities. We are not able to represent other public agencies such as the Food Standards Agency, although the intention of the Bill is to introduce those collaboration agreements, so we could facilitate that.

I see, so at the moment, your function is limited in this particular field to local authorities.

Mark Astley: Correct.

Your organisation has identified a range of crimes that local authorities use communications data to tackle. Do you think the Bill ought to identify the crimes more precisely to prevent data from being used in relation to, for example, rubbish collection or school places?

Mark Astley : I believe that the process is in place for identifying necessity and proportionality. The three bar process that we currently have in place will deal with that. To actually identify particular legislation could become more constraining and difficult to administer and, as more legislation comes along, more changes may be required to the Bill.

Do you agree that the issues of rubbish collection or potential abuse of school places are not really serious crimes?

Mark Astley: I do, and the fact that communications data is not used for those types of investigations in respect of that should enforce that.

But there is nothing on the face of the Bill to prevent it from being used for that kind of investigation, is there?

Mark Astley: No, but we have the three locks in place. They call it the double lock at present, but what the National Anti-Fraud Network provides is what we call a triple lock. We have the NAFN single points of contact that it has to go through. They are fully accredited and professional, and they are fully trained to ensure that we weed out all those types of inquiries. The next lock is the designated person, and following that you have the judicial approval process, too. There is a triple lock in place to prevent any of that from happening.

But there is nothing on the face of the Bill to prevent the individuals you have mentioned from ultimately reaching the view that it might be necessary or proportionate to access communications data to deal with issues around rubbish collection or school places. It has happened, has it not?

Mark Astley: Not for communications data. The process is in place—the triple lock—from a NAFN perspective. The NAFN SPoCs are totally independent and fully trained. They will ensure that any application is appropriate, necessary, proportionate and lawful for that to process.

You mentioned judicial authorisation. Can you elaborate on what you meant by that?

Mark Astley: Currently, our members have to go to a local magistrate to have any access request approved judicially.

It is possible to bypass the single point of contact in an emergency, is it not?

Mark Astley: No, not for a local authority.

Your organisation told the Joint Committee that five hours of an officer’s time seeking judicial approval is “slow and inefficient” and “a deterrent to councils”. Do you feel that the individual’s right to privacy might justify five hours of an official’s time?

Mark Astley: The issue around resources is more about how we can better deliver the services. The judicial approval process is there, and it is supportive. Looking at the figures for the past two years, 2% of those requests have been rejected by our own SPoCs, 0.3% have been rejected by the designated persons and only 0.2% have been rejected by judicial approval. Our belief is that the processes in place work effectively.

That was not really my question. My question was on whether you agree that the individual’s right to privacy justifies the time that is sometimes taken in inputting for a judicial approval.

Mark Astley: I understand the need for respect for privacy, but the necessity and proportionality aspect of every case will be considered, and if it is appropriate to do so, we would need to intrude on that privacy.

Obviously, your role is an additional safeguard. There are those who think that the Home Secretary and I are preoccupied with safeguards, checks and balances and the defence of privacy, but I think we have probably got this right. Can you tell me of the number—the frequency—of requests that you would consider to be an abuse of power in respect of applications for information? How often do you come across seedy requests that you would consider to be an abuse of the powers?

Mark Astley: In 2% of inquiries in the past two years, we have had applications rejected or cancelled through the input of our accredited SPoCs.

Is that common?

Mark Astley: It is actually going down because of the training and the accreditation that is provided by our staff—the figure has reduced every year—so that people are fully aware, fully trained and fully focused on what is appropriate, what is necessary and what is lawful .

But most requests are reasonable, sensible and measured.

Mark Astley: They are.

Have you finished, Mr Hayes?

I have finished, yes. You asked me to be brief.

Actually, on this occasion I did not ask you to be brief, but thank you for being brief in the spirit that that was offered.

Just so there is no mystery—people might ask themselves, “Crikey! What on earth do local authorities need these powers for?”—what sort of offences do local authorities investigate and prosecute?

Mark Astley: Local authorities have been provided with a wide remit in legislation to assist them in investigating a wide range of high crimes and serious crimes, which can range from rogue traders to dangerous goods and fake alcohol and tobacco.

In some cases, fake alcohol can be fatal.

Mark Astley: It can be fatal, yes. There was a recent case of children’s clothing that was not fire retardant. It is important for those officers to react quickly to prevent any loss of life or serious danger to life.

They also prosecute housing benefit fraud, don’t they?

Mark Astley: Not any more.

Do they still prosecute landlord offences?

Mark Astley: Yes. Tenancy fraud offences as well. There is also internal fraud. There was one specific case where people were setting up rent accounts and filtering thousands of pounds from within the organisation.

But, just as importantly, and probably more importantly, they can also safeguard the lives of people who are renting properties from landlords who, for example, are not keeping up to date with their gas certificates.

Mark Astley: That is correct.

Just to be clear, under this Bill local authorities will not be entitled to internet connection records.

Mark Astley: That is correct.

I do not know whether you have already done this, but could you briefly help us with the process that exists at the moment? What will happen after the Bill in terms of your organisation getting this information?

Mark Astley: In how we deal with an inquiry?

Yes.

Mark Astley: Inquiries come through to our organisation electronically from an applicant, and our SPoC will work with the applicant to get the application either up to standard or cancelled because it is not appropriate. Once it is up to the required standard, the application is passed over to the designated person, who will then look to authorise it for proportionality. Once that has gone through, our systems provide a court pack, which is delivered to each individual applicant, and they then have to arrange for a court attendance to get judicial approval.

Differently, in Scotland they also have a legal representative process, except they have a fourth lock in place in that their legal representatives get involved and then go on to the sheriffs for judicial approval. It is then returned to us. Once we have that approval, we then obtain the information accordingly.

Of course, the Bill also introduces the further safeguard of the criminal offence of making an unauthorised disclosure. In other words, there is also safety from the perspective of the telecommunications organisation, BT or whoever it is, knowing that if they do not make sure that you have complied with all of your duties, they themselves may be criminally responsible for giving you any information that they should not be giving you.

Mark Astley: Yes, and I think there is an intention to make the SPoC—the single point of contact—responsible for any recklessness or wilfulness in that misuse. That is another safeguard in place to ensure that there is no abuse or misuse of telecommunications data.

With the permission of the Committee, I might suspend the sitting for 10 minutes at 10 minutes to 4 to allow people to have a quick break, because this is quite a long sitting. Is that with the permission of the Committee? Brilliant.

I have two questions. Mr Astley, there are two opposing schools of thought relating to this Bill. There are those of us who recognise the need to update the legislation as it is to provide protection for children against sexual abuse and to provide protection against terrorism, terrorist atrocities and terrorist threats, and at the far end of the scale are those who believe that there is an absolute right to privacy and that no price is worth paying to imperil that privacy.

The job of Parliament is to find the correct balance on the scale between those two extremes. I do not think it would be too difficult to find justification, for example, for the protection of children against sexual abuse or for the defence of the realm against foreign threats and foreign terrorists. Justify to the Committee, if you will, the use of some of these powers, limited though they are in the Bill, for offences at the lower end of the scale.

Mark Astley: From a local authority perspective, they are a small user of telecommunications data. It has never been abused or misused from a local authority perspective, but they investigate some quite serious crimes. We had a particular case of advance-fee fraud, which was worth £7.5 million.

If you look at the majority of the applications that local authorities make, an extremely high percentage in the last two years—96%—was purely for subscriber data, or what is currently known as “c data”. That is the basic information about the subscriber to a telecommunication service and sometimes that is the key information that investigators need. An example would be someone who is trafficking illegal tobacco and the shopkeepers they are speaking with only have a telephone number for the delivery person. Therefore, in order for people to investigate successfully, which they have the powers to do—provided by Parliament—it is important that they have that access.

Let me ask you then, finally, why in that case, if a crime is sufficiently serious, can the involvement of the police not take over the requirements for access to electronic communications  data, as opposed to, for example, your members?

Mark Astley: Yes. As I have previously mentioned, our members are very highly trained; they are commensurate in some respects to what the police investigate. But they deal with their local community on a more local basis and they have the powers and expert knowledge, in particular about rogue traders, about illicit tobacco and about counterfeit items. They have that experience.

You could still handle those investigations and deal with them, but when it was apparent that they are of a sufficiently serious nature you can involve the police, who are then able to make the applications on your behalf, so you would not need access under the terms of the Bill.

Mark Astley: It is a valid point, but I believe that the powers are there for the trading standards, who do a really good job, and they have done an excellent job so far in dealing with high-level crime.

In the last year for which records are available, which I think is 2015, about half a million applications for access to comms data were made. About 0.4% of those were local authority applications.

Mark Astley: That is correct.

So we are talking about several thousand out of about half a million. Is that right?

Mark Astley: Well, if you look at the last two years alone, we are talking 3,300.

You were asked questions about the replication of the existing regime relating in England and Wales to magistrate authorisation, in Scotland to sheriff authorisation, and in Northern Ireland to district judge or magistrates court authorisation, for applications for access to comms data by local authorities. Those provisions are replicated in the Bill, are they not? I think it is in clause 66. But they are in the primary legislation.

Mark Astley: They are.

Colleagues, I think we could do with a 12-minute break, because people have to get coffees and check with their offices.

Sitting suspended.