I appreciate the comments of my hon. Friend. As a member of the Intelligence and Security Committee, he will recognise the challenges. He is right to underline the significance and to reiterate what I said on Second Reading—that security and liberty should be mutually reinforcing. His point about it not being a zero sum game is well made.
The hon. Member for Kingston upon Hull North (Diana Johnson) who speaks for the Opposition identified a list of 10 points, and I will do my best to respond to some of them. The hon. Member for Hayes and Harlington (John McDonnell) underlined the role of sensitive categories of person and additional safeguards that may be provided in respect of them when we consider communications data and the ability of the police to request such data. As my right hon. Friend the Member for Berwick-upon-Tweed (Sir Alan Beith) pointed out, we are looking at metadata—who said what to whom, when and where—rather than the content.
It is clear from the contributions that we have heard that gaps in communications data capability have a serious impact on the ability of law enforcement and intelligence agencies to carry out their functions—the point that was made clearly by the right hon. Member for Knowsley (Mr Howarth) and the shadow Minister. One such gap is internet protocol address resolution. The Data Retention and Investigatory Powers Act 2014 maintained our lawful data retention regime. It did not create any additional powers, nor did it address any of the gaps in capability. To respond to the point made by the hon. Lady, we remain confident about the manner in which it did that in seeking to address the points raised by the European Court of Justice.
Clause 17 amends that Act—DRIPA—to ensure that communications service providers can be required to retain the data necessary to link the unique attributes of an internet connection to the person or device using it at any given time. Every internet user is assigned an IP address to ensure that communications service providers know which data should go to which customer and route it accordingly. Addresses are sometimes assigned
to a specific device, such as a broadband router located in a home or within the work environment, but they are usually shared between multiple users— hundreds or even thousands—and allocated automatically by the provider’s systems. Many providers currently have no business reason for keeping a log of who has used each address. It is therefore not always possible for law enforcement agencies accessing the data to identify who was using an IP address at any specific point in time.
The provision would ensure that these data are available to law enforcement. It would improve the ability of the police and other agencies to identify terror suspects who may be communicating with each other via the internet and plotting attacks. It would also help to identify and prosecute paedophiles, organised criminals, cyber bullies and computer hackers, and to protect vulnerable people. For example, it could be used to identify a child who has threatened over social media to commit suicide. The IP address has direct relevance to all these issues and it is evidence that can be brought before the court. In the context of the previous debate, it is often instrumental in bringing prosecutions. Communications data are used in about 95% of all serious crime prosecutions, so they have a direct utility.