David Anderson QC - UK Independent Reviewer of Terrorism Legislation - interview

With access to state secrets but working independently from government, David Anderson scrutinises the UK’s counter-terrorism laws and helps inform the public debate on surveillance and civil liberties. Interviewed for the IBA by the BBC’s Sally Bundock, he unpicks the controversial new Investigatory Powers Act and considers the future of intelligence and data sharing.

Watch filmed interview

Sally Bundock (SB): If we get started with the job itself: it’s a very important role in the United Kingdom, how does it work?

David Anderson (DA): The job has actually existed for about 40 years and was something that Parliament required because, when it was first asked to enact laws about terrorism, it said ‘we’re not security cleared, we can’t really tell how those laws are being operated, so if you want us to keep on passing and renewing these laws, we need someone we trust who can look into how they operate, report to Parliament, and report to the public as well.’

So, a completely independent lawyer is basically taken off the street and cleared right up to the top level. You can read absolutely everything relevant to the job, you can talk to anybody who is concerned with anti-terrorism law, both on the enforcement side and on the other side – for example, terrorist suspects and community groups.

SB: Presumably it was the conflict in Northern Ireland that led to the role being created?

DA: Yes, it was when the Irish bombings came to England in the mid-1970s that it was decided we needed counter-terrorism laws in Great Britain as well as in Northern Ireland. It was at that point that somebody was appointed to look at them.

On his role:

A completely independent lawyer is basically taken off the street and cleared right up to the top level

I was approached in 2010 and took up the role in 2011. I knew nothing about the security world when three men from the Home Office came to my chambers by subterfuge and offered me the job.

It was really appealing because I had previously been a human rights monitor for the Council of Europe, travelling to places like Russia, Ukraine, Georgia, Turkey, monitoring the freedom of the media, talking to a wide range of people, reporting back to the Committee of Ministers. It sounded a bit like that.

SB: You’re due to step down in early 2017. What has changed in terms of terrorism and the law during your term as Independent Reviewer?

DA: The terrorism threat has increased considerably. In 2010–2011, it was beginning to look as though we were over the worst. We’d had big plots in Madrid and London a few years before, but there hadn’t been anything on that scale since 2007. Then, sadly, that went into reverse. We had the rise of ISIS from about 2012, and unprecedented numbers of young people worldwide going out there to fight, and we’re beginning to see what happens when some of those people come back.

But, oddly, the law in the UK has gone in the other direction. The laws that I’m reviewing now are less intrusive than they were six years ago, and I think they’re better attuned to the task in hand. I’d love to take the credit for that, but the real reason is that the coalition government elected in 2010 agreed that the terrorism laws we then had in force were too intrusive, and committed to rolling them back.

So, we’ve seen much lower maximum detention times for terrorist suspects; we’ve seen executive orders being made more difficult to obtain; we’ve seen a no-suspicion stop-and-search power repealed; we’ve seen much better safeguards placed on the powers exercised at ports; and I could go on. There have been a lot of sensible changes which I don’t think have left us any less safe, but which have made the laws more proportionate.

SB: Do you think that, because the law has been less intrusive, we perhaps haven’t had terrible events taking place in the UK? Do the two go together?

DA: I think you can point to cultural factors, but you’ve got to be careful when you do that. In 2012, we were all looking to France, where they hadn’t had an Islamist attack for 16 years. Now, of course, the boot’s on the other foot.

During the time I’ve been Independent Reviewer, the UK has seen only one person killed by Islamist terrorists and we’ve seen two killed by far-right terrorists, most recently the MP Jo Cox who was killed in June 2016. We’ve seen a lot of plots, but they have not come to fruition. One reason for that is we’ve got excellent intelligence. Another reason is we have very good relations between intelligence and police – something most other countries find difficult to emulate.

SB: Both France and Belgium were criticised, after the terrorist attacks they endured this year, about their intelligence systems and services. Was that fair?

DA: I’m sure it was fair, and the United States was criticised in much the same way after 9/11. It may be because the UK had our wake-up call earlier than the French and the Belgians. We had it on 7 July 2005 when 52 people were killed by bombs on public transport in London. That was the signal for an overhaul of the way we do these things, the way we arrange our counter-terrorism policing and intelligence, and indeed the content of our laws.

SB: Social media and the internet is playing a huge role in terrorism today. How important is digital intelligence?

On Snowden:

The disclosures kicked off the debate not just on privacy versus security but more fundamentally

DA: Human intelligence is, in a way, always the best and is still very useful, but inevitably – particularly when you’re looking at a theatre a long way from home and a place that could be dangerous for human agents to penetrate – digital intelligence is hugely important.

I did a report in 2016 on some of the bulk techniques for collecting people’s metadata, and I set out some very concrete ways in which that was useful – for example, for cyber defence, in support of armed forces in warfare, and also for fighting child exploitation, terrorism, and so on.

SB: But where is the law in the debate about people’s privacy and the gathering of information and data? The obvious example is Apple’s battle with the FBI, which wanted details from the San Bernardino terrorists’ phones. Apple said ‘no, we’re not handing it over’.

On the threat:

The terrorism threat has increased but the laws are now less intrusive and better attuned to the task

DA: This is where the debate has been in the last two or three years following Edward Snowden’s disclosures. That really kicked off the debate not just on privacy versus security but more fundamentally than that. Are we, the people, able to see and know the nature of the powers that are liable to be used against us?

What we’ve seen in the UK, partly as a consequence of a report I was asked to write for the Prime Minister, is the new Investigatory Powers Act [which received royal assent in November 2016]. The Act discloses for the first time the sort of powers that police and intelligence agencies have actually been using for years. It safeguards them much better and also introduces a new, controversial power to require, for example, broadband providers to keep a log of everybody’s internet activity for up to a year. It’s a new power which is greeted with incredulity in North America and which noone in Europe has tried before except in Denmark, where they don’t do it anymore.

Now, nothing that is said or bought on the internet is logged, nor are the pages people are on, but it involves looking at all the websites people have been on and storing that for 12 months, so that if there’s a serious crime – and it has to be a serious crime being investigated – then authorisations can be sought by the police to access that information.

David Anderson

The police argue that this is simply updating the retention of telephone logs, which has been part of the landscape for a long time. They say, because people nowadays don’t just speak on the phone but also communicate by internet services, we need to update those powers as well.

Opponents of the power, however, say ‘we do a lot more on the internet than we ever used to do on the phone, and this is simply too intrusive and shouldn’t be tolerated’. Parliament weighed it all up, and decided to go with it.

SB: Does the Act address the issue of virtual private networks (VPNs)?

DA: Anyone who knows anything about this subject appreciates that you can get round some of these measures by various techniques, and a very simple one is VPNs. A sophisticated criminal or organisation is liable to do that. But most criminals are not perfect criminals, and a lot of people do leave traces. They don’t remember to use a VPN every time.

SB: What are the views of broadband and other digital services providers, in terms of their exposure and their responsibility as far as the new law is concerned?

DA: They were concerned about who was going to pay for all this – to which the answer is the taxpayer – but they were also concerned about privacy. They saw a lot of the fallout of Snowden, when it was suggested that they had been collaborating, particularly with the US government, on things that their customers didn’t know about. That made them very keen to ensure that in any new regime there were proper safeguards for people’s privacy. Of all the people I spoke to, apart from the human rights groups, it was the service providers who took the strongest views in relation to privacy.

SB: It could be a legal minefield for companies, especially for small and medium-sized businesses, who don’t necessarily have the legal teams to wade through it all.

DA: Yes, and I spoke to some very small internet start-ups, particularly in the US, and there are some who really don’t understand why it should be their duty to cooperate with law enforcement. An interesting contrast is when you look at the banks, which are also very jealous guardians of their customers’ privacy, and absolutely rightly. But if law enforcement comes to a bank and says, ‘we really need to know what was going through this account because we think there was trafficking going on or terrorism being funded,’ the banks will comply without hesitation. The same is not true of all the communications service providers.

SB: Moving on to another huge issue: Brexit. What will it will mean from the point of view of terrorism, working with Europe, and also the European Court of Human Rights?

DA: It won’t strictly affect the European Court of Human Rights because that’s not an organ of the European Union, and there’s a separate question of whether the UK stays part of it: at the moment, the understanding is that it will.

On the Investigatory Powers Act:

Opponents said the new power shouldn’t be tolerated. Parliament weighed it all up and decided to go with it

As far as the EU is concerned, it’s really been getting its act together on terrorism. After 9/11, the European Arrest Warrant was introduced. After the attacks in Madrid in 2004 and London a year later, we got rules requiring certain basic telecoms data to be retained for the purposes of investigation. And most recently, after the Paris attacks in November 2015, we got a very useful power on passenger name records, allowing you to see who is on an incoming flight, how they bought their ticket, who they’re travelling with, how much luggage they’ve got, which helps you decide who you might want to stop and question at the port.

Those are all good things, and they’ve been hard-won over the years. The UK has been the country pushing hardest for them, and a lot of our partners are a bit mystified that we want at this stage to be pulling out.

I think what pretty much everyone in the UK agrees with – whatever they think about Europe in general – is that these are valuable arrangements, and that we should try and stay part of them as closely as we can in the future, in the way that some other non-EU member states are associate members, for example, of Europol. That or something better than that is what we’ll be aiming for in the negotiations.

SB: So, in terms of intelligence gathering, data sharing across Europe should probably continue?

DA: Yes. At the highest level, the GCHQ, MI6-type intelligence, that is generally shared on a bilateral basis with trusted partners, and that’s not going to change. But very useful police intelligence – knowing, for example, exactly which European jihadis are on their way to Syria or on their way back, irrespective of which country they come from – that does depend on European mechanisms. It’s in everyone’s interest that those should remain and continue to be developed.

SB: Going back to the Investigatory Powers Act, why don’t you think politicians share the concerns of privacy campaigners and internet service providers in the tech industry about the Act?

DA: Well, it had the most careful scrutiny that anyone in Parliament can remember any act receiving, certainly for the last 20 or 30 years. There is some truth in that a lot of MPs don’t have much technical knowledge and don’t really understand the full ramifications of this, but nonetheless [the scrutiny of the Act] included reports by seven Parliamentary Committees, including written and oral evidence – a lot of which came from tech companies, privacy groups, and so on. So, I think one has to accept there has been a democratic process.

SB: Does the Act introduce any new offences to punish those who misuse surveillance powers?

DA: Yes, it does tighten up that position. One thing we already do very well in the UK is review the way surveillance powers were used after the event. We have senior former judges with teams of technical inspectors who go into the systems, analyse what happened, and bring errors to public attention. Under the new Act, the penalties have been toughened.

The other thing we now have is a much stronger warranting regime. So, in advance, no warrant now is going to enter into force without the approval of a judge, which is something that’s been done for a while in the US, Canada and some European countries.

On Brexit:

A lot of our European intelligence partners are a bit mystified that we want at this stage to be pulling out

SB: Do you think people really understand how intrusive the Act is, and do they mind?

DA: Most people in the UK have a degree of trust in our intelligence agencies. There is no question of the whole population being under surveillance, but certainly there are algorithms looking for patterns in our communications, trying to work out where the cyber-threat is coming from, where there might be a cell of terrorists in some sort of closed network.

Most people are prepared to accept that’s a good thing. They don’t see it as a huge intrusion into their privacy. I think people understand that if you have strong surveillance, not only do you stand a better chance of keeping safe, but you may also be able to avoid some of the other intrusive measures that are an alternative. After the terrible attacks in France, for example, the state of emergency introduced there has resulted in warrantless searches, curfew, house arrest.

SB: We all assume the intelligence agencies want more powers than they are given by the law.

DA: One has to keep a very careful eye on them, and there may well be people within them who are hungry for more, but in my experience they are acutely conscious, not least on costs grounds. If you get a new power that isn’t actually that useful, you’ve wasted a lot of time building the hardware, writing the software, training people to use it. If, at the end of the day, it’s not going to pay dividends, you’ve wasted budget that you might more usefully spend somewhere else. So, I think that acts as an inhibiting factor, in addition to Parliament and people like me keeping a close eye on them.

SB: What difficulties or benefits do you predict with a Trump Presidency in the US, and how will that impact UK-EU counterterrorism efforts?

DA: Despite the good cooperation we have with EU partners, undoubtedly the strongest and most important intelligence-sharing relationship in the world is the ‘Five Eyes’ relationship between the US, the UK, Australia, New Zealand and Canada, and I’m sure that will continue to be the case. But where the sharing of data is concerned, or indeed any other kind of intelligence cooperation where the US is concerned, it’s going to be very important for our new, massively strengthened regulator to keep an eye on what assurances are being given by our partners, and whether those assurances are being given effect. There’s nobody who is going to be keener on this being done properly than our intelligence agencies.

If there is to be any question of torture being reintroduced or practiced, for example by the CIA, then the British government has to be extremely careful in terms of how it allows its data and the product of that data to be used.

You have to bear down hard on the relatively few people who really mean us harm, and that means strong intelligence and strong laws, strongly enforced, but you have to do it in a way that does not alienate the many millions of completely law-abiding members of the communities from which the terrorists seek their support, whether that’s Muslims or whether it’s Republican sympathisers in Northern Ireland.

SB: How can intelligence agencies worldwide be more transparent to boost public confidence in what they’re doing?

DA: I never understood how important transparency was until I went through the process that became the Investigatory Powers Act. The government says it’s a world-leading act – not everyone would agree with that – but it is world-leading in terms of transparency. For example, it divulges exactly the powers that the UK intelligence agencies use to do their own hacking of people’s mobile phones, their computer terminals, routers, and so on.

On strong laws:

You have to bear down hard on the relatively few people who really mean us harm

As soon as you’re transparent about it, the nature of the debate changes. People are now arguing in a much more productive way. Where’s the operational case for this one? Don’t we need more safeguards on that one? In a democracy, that’s where the argument really needs to be.

You’re never going to make everyone trust what intelligence agencies do, but you need them to command the trust of the population as a whole, and the best way to do that is having a regulator which is not only assiduous in what it does but is also visible, reports to Parliament, and accounts for itself to the public. That is vital.

SB: Finally, what’s your view on the UK’s proposed Counter-Extremism Bill?

DA: I’ve described this Bill as the most worrying document I have read in my six years in the job. If it were to be introduced in Parliament and go through, it would basically entitle the executive – possibly with the help of the civil courts – to take out orders on people because of extremist activity which need not be violent. It could simply be expressing sympathy for a viewpoint that did not accord with British values, or with diversity or tolerance. I think it’s unworkable and would be extremely damaging to the police who were asked to enforce it.

When you get into the law and the realm of coercive powers, we as lawyers all know they are blunt instruments, and it’s very difficult to do it with a concept as nebulous and as undefinable as extremism.