I hope noble Lords will understand if I carry on and then come back to the question, as I think that I may be able to answer it. However, it is a very good question and an important intervention.
The IP address will not always tell us who is operating the device, because the addresses are changed and shared when mobile phones move to connect between different masts, or laptops or tablets come online in the home, used by individuals across various networks. However, the IP address helps us significantly to narrow down the field: it is just one aspect of the information that we need. The communication service providers who issue the IP addresses to identify computers and mobile phones currently do not log which device is used at each address and when. This means that law enforcement agencies cannot work out who is using an IP address at a particular time. This impedes the investigations.
This legislation will amend the Data Retention and Investigatory Powers Act, which this House considered last summer, to enable Government to require that communication service providers, under a data retention notice, retain that data that can be used to link a specific device or individual to an IP address. We are not talking about requiring every single internet start-up to do so. The Government’s approach has always been proportionate and risk based, but without these data it is far harder, if not impossible, to attribute a particular action on the internet to an individual person.
These data will be available only to those public bodies that are entitled to them for lawful purposes where, on a case-by-case basis, this is necessary and proportionate. The value of these data can be clarified in this example: if a server hosting child sexual abuse images were to be seized, IP resolution would allow the police to trace the individuals who accessed the images where the server holds a log of the IP addresses and of the times that they were used.
This legislation asks for only a small addition to the automated systems that already run our nation’s communications infrastructure. The recording of which person uses which address and when is generated in the normal course of operation, and is thus not overly burdensome for these companies. This Bill will require CSPs, subject to reasonable notice, to retain vital data
that can help dramatically in our country’s ongoing battle to bring criminals to justice, protect the most vulnerable and keep the United Kingdom safe.
Part 3 of this Bill is not politically controversial. As my noble friend the Minister has already mentioned, the Joint Committee on the Draft Communications Data Bill looked at this issue specifically and concluded that it did not think that IP address resolution raises any particular privacy concerns. These provisions will be limited. They will not enable the retention of weblogs, which, as some noble Lords have said today, become a list of the websites that you visit, for instance. Instead, they will help the appropriate agencies identify which device is the particular network identifier.
IP resolution will help us locate terrorists and criminals, but it is important to understand that it will not help us in every situation. The obligation to store the data in the UK is limited, but the technical action of resolving it must not be so. For instance, IP address resolution applies only to data generated or processed within the UK and not overseas, so it is thus further limited in scope and potential to combat what has become a global challenge. Furthermore, the rise in anonymous and encrypted internet traffic, the use of proxies and the sharing of one public IP address across hundreds if not thousands of devices make it ever harder to locate a specific device on the internet in the UK and abroad. Resolving IP addresses is an important first step, but it is only one part of a much larger problem that continues to morph and requires constant scrutiny, re-evaluation and response. We must remain diligent to stay ahead.
How do we address the wider problem and keep on top of the fast-moving threats that we face online? I believe that a new mode of collaboration between government and industry is needed to ensure a safe, creative and resilient internet from which we can learn, earn our livelihoods and keep in touch with our loved ones. We have done a lot of work in this Government to improve co-operation with internet and communications companies on the removal of terrorist and extremist content from their platforms, and to prohibit their use by those who will do so to distribute propaganda and radicalise our citizens. In its recent report on the brutal murder of Fusilier Lee Rigby, the Intelligence and Security Committee concluded that these companies must do more to fulfil their social responsibilities and help combat the serious threat that we face from terrorism. We must work with these companies to find better ways to alert government to the terrorist and illegal activities that threaten our livelihood.
Part 3 of this Bill is a significant step and one that we must all support, but it alone is not enough. There is no silver bullet. In specific terms, there remains a pressing need to update legislation to ensure that data for new types of internet communications on the ever evolving platforms and products are available in the future, just as data for telephony have been in the past. The Joint Committee on the Draft Communications Data Bill accepted this requirement, subject to the appropriate safeguards. David Anderson QC, the Independent Reviewer of Terrorism Legislation, is conducting a statutory review of these issues at present.
My right honourable friend the Prime Minister has been clear that we will need to return to this matter in the next Parliament. In fact, in light of recent events we must urgently do so. As a matter of general principle, this Bill is an important occasion on which to acknowledge and reflect on the importance of continued co-operation between government and the technology industry to assure the safety of our nation.
8.15 pm