I wish to begin by providing some context. The Intelligence and Security Committee’s report in February 2013 referred to the Home Office’s assessment that there was a
“25% shortfall in the communications data that public authorities would wish to access and what they are currently able to access.”
That is, of course, an estimate, as it is not possible to be precise about what is unknowable, but the existence of a shortfall is a legitimate cause for concern. The report goes on to suggest that
“left unchecked, this gap will increase.”
Perhaps the Minister will be able to say whether it has increased and, if so, whether by an appreciable amount. It would be interesting to know that, and I suspect it has increased.
It is worth spending a little more time examining what we know about both the scale and the sources of interceptions that take place. In his annual report for 2013, the interception of communications commissioner, Sir Anthony May, noted that the total number of authorisations for interception of communications data under part 1 of RIPA stood at 514,608, down from 570,135 in 2012. He pointed out that these figures do not represent sole individuals, because
“public authorities often make multiple requests for communications data in the course of a single investigation but also make multiple requests for communications data in relation to the same individual.”
The figures give some indication of the scale of this, rather than the number of individuals who are covered. Under the same process, Sir Anthony notes that 87.7% of authorisations were at the request of the police and law enforcement agencies, 11.5% were from the intelligence agencies, and the rest were from local and other public bodies.
Worldwide, the scale of online communications is daunting. About 3 billion people have access to the internet, and during the time I have been speaking more than 200 million e-mails will have been sent, 2 million Google searches will have been made and there will have been 6 million Facebook views. So why is it considered important that the police, intelligence agencies and other bodies have access to some of the data records of these online communications? Overwhelmingly, internet traffic is benign; it is people using the various platforms for perfectly legitimate and legal purposes. However, a small proportion—I estimate it to be no more than a tiny fraction of 1%—is used for illegal purposes, and my hon. Friend the Member for Kingston upon Hull North (Diana Johnson) referred to some other purposes that are cause for concern.
My hon. Friend’s new clause 2 would, if agreed, require the Home Secretary to review the time taken by communications service providers to disclose information linking an individual to an internet protocol address.
That is important for two reasons. The first is that, as we tragically discovered with Fusilier Lee Rigby’s murder, CSPs will, on occasion, receive information that in some cases could crucially be the catalyst for a warrant to enable greater surveillance measures on an individual to take place. In turn that can, in some cases, prevent a terrorist attack.
IP addresses are the key to unlocking who is contacting whom, and that can be critical. But they are not straightforward. Typically, a communications service provider with, say, 10 million to 15 million customers would have allocated to it 100,000 IP addresses. For the larger commercial bodies or public bodies, a series of static IP addresses will be allocated. But for the vast majority of users, IP addresses are dynamic. In practice, a range of numbers is allocated randomly to customers, which is why the former head of GCHQ used the analogy of finding a needle in a haystack.
Secondly, the range of platforms is constantly changing, with new ones entering the market all the time. A good example of that is WhatsApp, which was recently acquired by Facebook for $22 billion. On 1 April, that platform, which is adaptable and easy to use, handled, over a 24-hour period, 64 billion messages, 20 billion of which were sent and 44 billion of which were received. In such a dynamic sphere of activity, it is vital that procedures are in place and properly monitored to ensure that, when the security and intelligence services need to locate a needle in a haystack, the haystack is still in place, and that is what this section of the Bill seeks to ensure. It means that urgent inquiries of either a historical or planned terrorist or criminal activity can be located.