Rt Hon Harriet Harman QC MP
House of Commons
London
SW1A 0AA

10 April 2016

Dear Mrs. Harman,

Further to my letter dated March 8, I would like to express my disappointment at your absence from the second reading of the Investigatory Powers Bill (IPB) on March 15 and, more broadly, at the decision of your party to abstain from the vote. As an ostensibly left-leaning party filling the role of Her Majesty’s Official Opposition, I had hoped for a much more vehement and robust defence of civil liberties than that put forward by Andy Burnham MP and your contemporaries in the Commons on March 15.

As noted in my previous letter, the reach of the IPB is far too broad. In an open letter published in the Guardian on March 14, 200 eminent British lawyers argued that the IPB is not fit for purpose, noting that it:

• “compromises the essence of the fundamental right to privacy and may be illegal”
• “does not mention “reasonable suspicion” – or even suspects – and there is no need to demonstrate criminal involvement or a threat to national security”
• “fails to meet these standards [those found in judgments of the European court of justice and the European court of human rights] – the law is unfit for purpose.”

Since you did not attend the second reading in the Commons, I will furnish you with some key excerpts from the few MPs who participated in side of the debate opposing the passage of the IPB:

[Regarding bulk data collection already conducted extrajudicially by the intelligence agencies]: “It is not good enough to say, “We have not had any major disasters so far.” That is the cowboy builder’s approach to our liberties.”

Anne McLaughlin MP

“As a result of the proposals in the Bill, the UK will be the only country in the world to have a policy of capturing and recording every citizen’s internet use. We will be the envy of states such as North Korea, China and Iran.”

Steve McCabe MP

“What the internet connection records will show is a detailed record of all of the internet connections of every person in the United Kingdom. There would be a 12-month log of websites visited, communication software used, system updates downloaded, desktop widgets, every mobile app used and logs of any other devices connected to the internet. I am advised that that includes baby monitors, games consoles, digital cameras and e-book readers. That is fantastically intrusive. As has been said, many public authorities will have access to these internet connection records, including Her Majesty’s Revenue and Customs, and the Department for Work and Pensions, and it will be access without a warrant. Do we really want to go that far? There is no other “Five Eyes” country that has gone as far.”

Joanna Cherry MP

Based on the issues raised in my own recent correspondence and the serious concerns raised by the myriad eminent legal professionals, world-leading technology firms, and civil liberties groups, I would again point out the grave ramifications of the IPB and assure you that these issues are not simply the views and ramblings of a disgruntled constituent.

In closing, I would like to reiterate my disappointment in your lack of engagement on this issue and would like to know how you were otherwise engaged on March 15 during the second reading of the IPB. I appreciate that you have been busy writing your memoirs, but I would implore you to put the work on your lucrative Allen Lane contract on hiatus and instead engage with the utmost vigour in the debate around the IPB at its third reading as and when the date is announced.

Yours sincerely,

Richard Pollock

Rt Hon Harriet Harman QC MP
House of Commons
London
SW1A 0AA

8 March 2016

Dear Mrs. Harman,

I am writing to express serious concerns with regard to the imminent second reading of the Investigatory Powers Bill 2015-16 in the Commons next Tuesday, 15 March.

Those who closely follow issues relating to civil liberties will be aware of the ongoing high-profile case between the Federal Bureau of Investigation (FBI) and Apple Inc. in the United States. In brief, the FBI have requested that Apple write custom software (i.e. software that does not currently exist) to remove data protections in place on a deceased suspect’s iPhone to assist in data retrieval. The FBI and other US agencies have acknowledged that, once created, requests would be forthcoming to use this software on hundreds of additional devices. Apple has filed a motion to vacate the request, citing serious concerns about civil liberties and the right to privacy.

Support for Apple has been registered by way of amicus briefs from amici curiae including Amazon, Google, Microsoft, Facebook, Twitter and dozens of other technology firms, legal professionals, and civil rights organisations suggesting that those who are well-briefed and informed on the technical, legal and civil implications and corollaries of the FBI request are staunchly of the view that the request oversteps the remit of a government agency and represents a threat to, if not the complete loss of, the right to individual privacy.

It is with this background in mind that I would like to express my sincere concerns about the Investigatory Powers Bill (IPB) 2015–16, which I fear will take the UK down a much more sinister path than could be conceived in the US if the Apple motion is unsuccessful. On reading of the IPB as introduced on 1 March, the Bill appears to contain draconian provisions more befitting of a totalitarian regime than a democratic state; it is with deep regret and little hyperbole that I observe that Orwell may have brought a case for plagiarism against the Secretary of State for the draft of the present Bill.

The core IPB issues of Internet Connection Records, bulk data collection and bulk hacking have already been expressed very eloquently and succinctly by the Open Rights Group and the Intelligence and Security Committee and I will express only absolute agreement with their concerns here and refer you to their submission and report published in response to the draft Bill released for pre-legislative scrutiny.

Here, I would specifically like to draw your attention to sections 215–220 (“Additional powers”, Part 9 Chapter 1) and 223 (“Telecommunications definitions”, Part 9, Chapter 2) of the Bill as introduced. As with the Data Retention and Investigatory Powers (DRIP) Act 2014 (which has since been ruled unlawful by the High Court after its needlessly expedited passage to Royal Assent in July 2014), Section 223 of the IPB loosens the definition of a telecommunications service to encompass:

“any service that consists in the provision of access to, and of facilities for making use of, any telecommunication system (whether or not one provided by the person providing the service)”

Where a “telecommunication system” is in turn defined so broadly as to include any:

system […] that exists (whether wholly or partly in the United Kingdom or elsewhere) for the purpose of facilitating the transmission of communications by any means involving the use of electrical or electromagnetic energy

In practice, this is so staggeringly broad that operators of these “systems” include not only telecommunications providers in the traditional sense, but also providers of any service that allows “communications” (encompassing speech, music, sounds, visual images or data of any description) to be transmitted electronically. This thereby includes all “traditional” online applications such as operators of blogs, email services, private messaging platforms, online fora, and social media. But the much greater concern, as noted by the parliamentary Science and Technology Committee, is the inclusion of manufacturers of e.g. connected children’s toys, smart devices and an abundance of other connected services and devices. Notably, the definition extends far beyond existing relevant EU Telecommunications Law.

With the much broader definition in place, the more concerning aspects of the IPB are outlined in Sections 216-218, under which the Secretary of State may serve “national security notices” (Section 216) or “technical capability notices” (Section 217), both of which would impose legal obligations on telecommunication system operators to remove electronic protections (i.e. encryption) with no provision for judicial review of the notices. Indeed, Section 218(8) notes that the recipient of either type of notice “must not disclose the existence or contents of the notice to any other person without the permission of the Secretary of State”. Failure to comply with the notices will result in the operator facing civil proceedings for a court injunction. The only recourse once a notice is served is therefore for the affected “provider” to appeal the decision with the Secretary of State, at which point the only required action is a review by the Secretary of State-appointed Technical Advisory Board, which has no legal remit and whose decision is not binding.

The implications of the Bill are chilling. In brief, the Secretary of State would have the power to serve a notice on any “telecommunications operator” (with its remarkably broad definition) that a) requires the “operator” to take means to compromise existing security measures b) must not be publicly disclosed c) cannot be subject to judicial review and d) is punishable by civil proceedings if not obeyed. This far-reaching Bill is therefore invasive and oppressive and represents a significant threat to civil liberties in the United Kingdom.

I would therefore like you to represent my concerns to the Commons in the strongest possible terms and oppose the passage of the IPB in its current form, noting at the very least that:

• The IPB is far too broad in its definition of telecommunication systems and operators.
• National security and technical capability notices should be open to judicial review.
• The bulk data collection and Internet Connection Record proposals open the door to mass state surveillance and are in violation of Article 8 of the European Convention on Human Rights.

Nothing less than our right to privacy is at stake.

Yours sincerely,

Richard Pollock