My Lords, I am speaking to Amendments 92, 102 and 103 in my name. These amendments address aspects of two extremely strong powers granted to Ministers by the Bill which are tucked away at the back in Clauses 225 and 226. As we have heard, they are about national security notices and technical capability notices. Although they are not listed as powers under the Bill, they are, in fact, very strong, broad powers.
The national security notices permit, with some caveats, the Secretary of State to instruct the telecommunications operator to do whatever she considers necessary in the interests of national security. Technical capability notices enable, with some caveats, the Secretary of State to instruct an operator to develop or maintain a capability to assist the authorities. Both types of notice must be kept secret by the recipient, if the Secretary of State so wishes. In a recent amendment, the Government added the need for a judicial commissioner to approve both types of notice. This is a welcome step forward, as is the forthcoming repeal of Section 94 of the Telecommunications Act 1984, which has been used in the past to create new powers.
These three amendments address one particular capability specified in Clause 226(5)(c)—the removal of electronic protection. All the experts who gave evidence to the Joint Committee, and with whom I have discussed this matter since, agree that the phrase “removal of electronic protection” must include decryption of encrypted information and/or weakening of encryption in some way. They are deeply alarmed about it.
Encryption is a vital feature of all the financial, commercial and personal activity on the internet. The Government have confirmed on several occasions, including in answer to Questions in this House, that any weakening of our back-door access to encryption would threaten the entire operation of large parts of the digital economy. Once the integrity of cryptosecurity has been compromised for one set of users—in this
case the Government—that weakness is available for everyone, including hackers, criminals, terrorists and hostile Governments, to exploit. Furthermore, as my noble friend Lord Paddick has said, UK plc has many successful businesses operating in the field of encryption products. They are very concerned that their clients will shun their products if they suspect that the Government have secretly weakened the security that these products offer. Unless this risk is eliminated from the Bill, they may have to take their companies abroad to avoid their products being tainted by the perceived risk of government damage to the security integrity of their products.
At the end of Second Reading in this House, the Minister, the noble and learned Lord, Lord Keen, stated:
“The provisions of the Bill do not weaken encryption or threaten it. We do not seek what have sometimes been erroneously termed “back doors” into encrypted material. I would seek to dispel any such suggestion”.—[Official Report, 27/6/16; col. 1461.]
These amendments simply seek to give force to that clear assurance by deleting the reference to “removal of electronic protection” and explicitly prohibiting the use of national security notices and technical capability notices for the purpose of “removal of electronic protection”. I commend them to the Committee.