I think the Minister was, actually. I think he picked up the tail end of that Bill.
The ISC has looked at this issue in detail. We have taken evidence from the heads of the security services, and we want to be supportive of change, but we also want that important role of scrutiny and ensuring the public are protected from the occasions when things might go wrong. The other thing that struck me today is that, although the Home Secretary can read a good speech, I am not sure he had a great grasp of some of the detail of the Bill. All I ask of the Minister is to please take on board some of the things we are saying, so that we can make progress in Committee. They are not radical things that are going to upturn the Bill; they are things that will improve it. I suspect that in certain parts of the Government there is a hatred of the ISC, and the belief that we have to be resisted at all costs. That will lead to a poorer Bill, because the amendments we will be tabling would actually improve the Bill. Lord West also did a great job in the other place.
I now turn to clause 2 of the Bill, which introduces the bulk personal data regime. There is a worrying gap: oversight of what are deemed low or no privacy datasets added to category authorisations. At the moment, the system does not work, because things like the electoral register have to get special permission. That is silly, frankly, but we need to ensure that these provisions are scrutinised.
New part 7A of the Investigatory Powers Act 2016, introduced by clause 2, provides for a light-touch regime for the retention and examination of bulk personal datasets by the intelligence services where the subject of that data is deemed to have low or no reasonable expectation of privacy. As the hon. Member for Cumbernauld, Kilsyth and Kirkintilloch East (Stuart C. McDonald) said, people are increasingly giving their personal data with little thought to how it is going to be used—not just by the intelligence services, but for commercial purposes. That needs looking at.
Approval of such a dataset will be sought either under a category authorisation, which encompasses a number of individual datasets that have a similar content and may be used for a similar purpose, or by individual authorisation, which covers a single dataset that does not fall neatly into a category authorisation or is subject to a complicating factor. For a category authorisation, a judicial commissioner will approve the overall description of the category authorisation before it can be used. A judicial commissioner will approve renewal of the authorisation after 12 months, and the relevant Secretary of State will receive retrospective annual reports on the use of category and individual authorisations.
However, as the Bill is currently drafted, this oversight is all retrospective. The problem is that what is missing is real-time or even near real-time oversight of changes. Under the present regime, once a category authorisation has been approved, the intelligence services have the ability to add individual datasets to that authorisation through internal processes alone. They examine the dataset without being subject to any political or judicial oversight, and they would be able to use those datasets for potentially a year without anybody being any the wiser.
We do not question why the security services need these powers, but there is potential for mission creep without any oversight of what is being authorised. We are not saying that these powers are not required; they are required. What we are really being asked to do is rely on the good faith of the intelligence services to use the powers in a certain way. I do not think that is strong enough, and no legislation should be solely dependent on good will. We also have to guard against—there are such occasions—situations when mistakes happen or people use powers for purposes that are not in the public interest.
It is important that we fill this 12-month gap, and the ISC thinks that the easiest and simplest way to change this process would be for the Investigatory Powers Commissioner to be notified when an individual bulk personal dataset is added by an agency to an existing authorisation. I understand that Lord Anderson of Ipswich, in his review of 2023, recommended a similar proposal. The argument from the Government—it is similar to what they have used throughout this Bill, as the Committee Chairman has remarked—is that that will be onerous in adding to the work of the intelligence services. Well, it would not, because it would simply mean sending a one-line email to the Investigatory Powers Commissioner containing the name and description of the bulk personal dataset as soon as reasonably practicable.
The decision would be approved internally and then sent to the Investigatory Powers Commissioner, so it is not actually asking for approval. It is just making sure that the Investigatory Powers Commissioner is aware of what is being added, and that the individuals taking such a decision realise that they must inform the Investigatory Powers Commissioner. That would obviously allow the Investigatory Powers Commissioner to look at trends in what is happening. Clearly, after the 12 months, they could look back, but they could also intervene if they thought something was not in touch.
An argument the Government use quite often about this Bill is that it is to have a light-touch approach, and I think this suggestion is for a light-touch approach. I do not know what is onerous about the security services sending an email to the Investigatory Powers Commissioner. I think it would ensure the oversight that is needed. Real-time oversight is what we are suggesting, and I do not think it would add to the administration of the security services, but it would lead to the Investigatory Powers Commissioner at least having some visibility on another layer at which decisions are taken.
The proposal would be a very simple thing to do, and I do not understand why the Government are resisting it. I suggest they are resisting it for the many reasons they have resisted some of the other sensible things we have put forward: just because they want to do that.
I do not know how we go forward with the relationship between this present Government and the ISC. Dragging information out of them screaming and kicking is taking a long time, even though we have a legal duty to get information, and the critical point now is the starvation of resources from the Committee which is creating real problems in the way that it can operate.
I hope that things change and that when we table amendments we will not get the usual response that amendments to this type of legislation should only be done in the Lords. Are we here to cause trouble for the security services? No, we are not; we want to ensure we do our job, which is set out in statute, to supervise the security services and improve the powers, but to ensure that the public have the recognised safeguards we should expect in a democracy such as ours.
8.55 pm