My Lords, this has been a very useful debate and serves as a good appetite builder for lunch, which I understand we will be able to take shortly.
I am grateful to the Minister for his response and to all noble Lords who have taken part in the debate. As always, the noble Baroness, Lady Kidron, gave us a balanced view of digital rights—the right to privacy and to security—and the fact that we should be trying to advance these two things simultaneously. She was right again to remind us that this is a real problem and there is a lot we can do. I know she has worked on this through things such as metadata—understanding who is communicating with whom—which might strike that nice balance where we are not infringing on people’s privacy too grossly but are still able to identify those who wish harm on our society and in particular on our children.
The noble Baroness, Lady Bennett, was right to pick up this tension between everything, everywhere, all at once and targeted surveillance. Again, that is really interesting to tease out. I am personally quite comfortable with quite intrusive targeted surveillance. I do not know whether noble Lords have been reading the Pegasus spyware stories: I am not comfortable with some Governments placing such spyware on the phones of human rights defenders but I would be much more relaxed about the British authorities placing something similar on the phones of people who are going to plant bombs in Manchester. We need to be really honest about where we are drawing our red lines if we want to go in the direction of targeted surveillance.
The noble Lord, Lord Moylan, was right again to remind us about the importance of private conversations. I cited the example of police officers whose conversations have been exposed. Although it is hard, we should remember that if ordinary citizens want to exchange horrible racist jokes with each other and so on in private groups that is not a matter for the state, but it is when it is somebody in a position of public authority; we have a right to intervene there. Again, we have to remember that as long as it is not illegal people can say horrible things in private, and we should not encourage any situation where we suggest that the state would interfere unless there are legitimate grounds—for example, it is a police officer or somebody is doing something that crosses the line of legality.
The noble Baroness, Lady Fox, reminded us that it is either encrypted or it is not. That is really helpful, as things cannot be half encrypted. If a service provider makes a commitment it is critical that it is truthful. That is what our privacy law tells us. If I say, “This service is encrypted between you and the person you send the message to”, and I know that there is somebody in between who could access it, I am lying. I cannot say it is a private service unless it is truly private. We have to bear that in mind. Historically, people might have been more comfortable with fudging it, but not in 2023, when have this raft of privacy legislation.
The noble Baroness is also right to remind us that privacy can be safety. There is almost nothing more devastating than the leaking of intimate images. When services such as iCloud move to encrypted storage that dramatically reduces the risk that somebody will get access to your intimate images if you store them there, which you are legally entitled to do. Privacy can be a critical part of an individual maintaining their own security and we should not lose that.
The noble Baroness, Lady Stowell, was right again to talk about general monitoring. I am pleased that she found the WhatsApp briefing useful. I was unable to attend but I know from previous contact that there are people doing good work and it is sad that that often does not come out. We end up with this very polarised debate, which my noble friend Lord McNally was right to remind us is unhelpful. The people south of the river are often working very closely in the public interest with people in tech companies. Public rhetoric tends to focus on why more is not being done; there are very few thanks for what is being done. I would like to see the debate move a little more in that direction.
The noble Lord, Lord Knight, opened up a whole new world of pain with VPNs, which I am sure we will come back to. I say simply that if we get the regulatory frameworks right, most people in Britain will continue to use mainstream services as long as they are allowed to be offered. If those services are regulated by the European Union under its Digital Services Act and pertain to the UK and the US in a similar way, they will in effect have global standards, so it will not matter where you VPN from. The scenario the noble Lord painted, which I worry about, is where those mainstream services are not available and we drive people into small, new services that are not regulated by anyone. We would then end up inadvertently driving
people back to the wild west that we complain about, when most of them would prefer to use mainstream services that are properly regulated by Ofcom, the European Commission and the US authorities.
2.30 pm
I shall search out the book written by the noble Lord, Lord Kamall, but he was right to talk about unintended consequences. Critically, we are in a world of known unknowns here: we know that there will be an issue when the technical notices are issued, but we do not have the technical notices, so it is really hard for us to understand how far they will be a problem.
The noble Lord, Lord Stevenson, talked about the human rights aspect. Again, that is critical. How do we know whether the powers are proportionate if we do not know what Ofcom is going to tell companies to do? That is the problem. To his credit, the Minister tried to respond and gave some more clarity. There was some in there—and people out there will pore over this like a sacred text to try to understand what was said—but what I heard was, “If you’re already offering an end-to-end encrypted service, we’re not going to tell you to get rid of it, but if your service isn’t currently end-to-end encrypted, we may”. I heard the words “if you are deliberately blinding yourself to the bad content”. That sounds to me like, “Don’t start encrypting if you’re not already encrypted”. If that is the Government’s intention, it may be reasonable, but we will need to tease it out further. It is quite a big deal. Looking forward, we have to ask whether, if end-to-end encrypted services did not exist today and were coming on to the market, Ofcom would try to use the powers to stop them coming on to the market or whether they would be relaxed. We still have a lot of known unknowns in this space that I am sure we will come back to.
I am conscious of the time. I am sure that there will be people out there who are looking at this debate. I remind them that, at this stage, we never vote on anything. I am sure that we will come back to this issue at later stages, where we may vote on it. I beg leave to withdraw the amendment.