| Previous Section | Back to Table of Contents | Lords Hansard Home Page |
I absolutely agree and understand how important alignment of returns will be. None of us wants to increase admin and, wherever possible, our requirements will align with those of other government departments. But they are for a wholly different purpose, so we cannot guarantee that. I know that there was a useful meeting with Universities UK on 15 February, and I thank my noble friend Lady Warwick for her work with that group. We will look to have a further meeting in the next couple of weeks to try to agree our requirements and help out in that area.
25 Feb 2008 : Column 509
We understand the concerns about visiting international staff and the requirement for one overarching sponsor. We are working through the policy of who the sponsor will be and we remain very happy to discuss concerns which were highlighted in that question. The Government believe that the fees are an appropriate charge to the users of these services. Rather than relying wholly on the public purse to meet the costs of applications and processes, they should be met partly in this way as well. There is a general agreement that those who benefit most should contribute most to the end-to-end costs of the system. As such, I commend this instrument to the House.
On Question, Motion agreed to.
Immigration, Asylum and Nationality Act 2006 (Duty to Share Information and Disclosure of Information for Security Purposes) Order 2008
7.50 pm
The Parliamentary Under-Secretary of State, Home Office (Lord West of Spithead) rose to move, That the draft order laid before the House on 10 January be approved.
The noble Lord said: My Lords, this order is made under Sections 36(4) and 38(4) of the Immigration, Asylum and Nationality Act 2006. Section 36 of the 2006 Act introduced a requirement for the Secretary of State, in so far as she has functions under the immigration Acts, Her Majesty’s Revenue and Customs and a chief officer of police to share certain passenger, crew, freight, service and other travel-related information where the information is likely to be of use for immigration, police or Revenue and Customs purposes. Section 38 of the 2006 Act introduced a statutory gateway to allow for the disclosure of similar information to the security and intelligence agencies where the information is relevant to their statutory purposes. This order concerns the information that will be shared under these two provisions. For reasons of brevity, I will refer to the border agencies when speaking collectively about the Border and Immigration Agency, UKvisas, the police and Her Majesty’s Revenue and Customs.
As Security Minister, I am responsible for a wide range of measures to improve our security arrangements and this order is a key component in our efforts to enhance the security of this country. The increase in global travel brings great social and economic benefit, but it is also placing increasingly heavy demands on our border controls and border agencies. In order to meet these demands, the Government are putting in place the most comprehensive package of institutional and practical immigration reform ever announced, including the establishment of a UK border agency, a unified border force and the e-borders programme.
Neither e-borders nor other joint working arrangements between the agencies will be able to function effectively without this order, as their success is dependent on an ability to share, routinely and in volume, data relating to people and freight crossing the border. Data sharing in this form is not permitted under current powers,
25 Feb 2008 : Column 510
This order seeks to address these and other obstacles to joint working between the border agencies by placing an obligation on them to share the travel-related information specified in the order to the extent that it is likely to be of use for immigration, Revenue and Customs or police purposes. This travel-related information can essentially be broken down into three clear categories: information about a passenger’s or crew member’s travel documents or journey; information held by the border agencies, which relates to a passenger or crew member, or their journey, or a freight movement; and information about or related to freight.
In practice, data will primarily be shared via the e-borders programme, whereby information will be pooled in an electronic database to which the border agencies, working in an operations centre, will have shared access. This will mean that passenger carriers will have to supply their passenger data to the Government only once, rather than receiving individual requests from the agencies. The pooling of data in this manner will allow us to develop a better awareness of suspect passengers, travel patterns and networks and to pre-screen passengers and identify those who carry a high risk of involvement in illicit activity. In turn, this will enable us to identify and target individuals who present a threat to the UK and to mount an appropriate, co-ordinated and proportionate response. This will also benefit the genuine traveller, as we will have information immediately available that will help us to make more informed decisions about them more quickly.
Our e-borders pilot, Project Semaphore, has demonstrated that this model works. The data collected by and shared between the agencies have led to more than 20,000 alerts being issued. There have been more than 1,600 arrests for crimes, including murder, rape and assault, and the offloading of passengers who would not qualify for entry to the United Kingdom, as well as to the seizure of many false documents, tobacco and drugs. Semaphore has also made a real contribution to the fight against terrorism. We are at the forefront of new passenger analysis systems and techniques, but we are not alone. Such systems are also in use in the USA, Australia and some EU countries and will rapidly become the norm in the developed world.
It is clearly important to ensure that data are shared safely and securely. We must also ensure that we act proportionately. I am convinced that these fundamental principles of data protection have been and will continue to be met. First, I can assure your
25 Feb 2008 : Column 511
Secondly, stringent safeguards will be in place to protect an individual’s data. In country,information shared between the border agencies will be controlled, monitored and audited through a combination of technical safeguards and operational procedures. Staff will be given access only to information necessary for their role and may be subject to a range of sanctions in the event of misuse of data. Data transmitted to border agency staff overseas—for example, UKvisas—will be transmitted only by secure means across government networks and to government buildings.
Thirdly, we will also ensure, as far as possible, that the data being shared are accurate. Data received from the travel industry will be monitored by e-borders, and existing information, such as visa information, will be used to confirm the accuracy of data received. Where appropriate, corrections will be made within e-borders, with feedback provided to carriers where issues of data quality arise.
Finally, a code of practice, currently before Parliament, will regulate the sharing of the information specified in this order and lays down stringent data protection and data retention guidelines that the border agencies must adhere to. This code has been developed in close co-operation with the Information Commissioner’s Office. Both the code of practice and the test to be applied in respect of data sharing under these arrangements will be kept under review, to ensure that we maintain the right balance between border security and data protection issues. Indeed, the border agencies have committed to reviewing the safeguards and data requirements in the code six months after its provisions commence, with the involvement of the Information Commissioner.
The order forms part of an important package of secondary legislation, comprising orders on both data acquisition and data sharing that will underpin the UK e-borders programme, more effective joint working arrangements between the border agencies and, in future, the UK border agency. It is clear that this package of legislation is essential to the effective management and security of our borders and to ensuring the safety and security of the public. I commend the order to the House and I beg to move.
Moved, That the draft order laid before the House on 10 January be approved. 7thReport from the Joint Committee on Statutory Instruments.—(Lord West of Spithead.)
25 Feb 2008 : Column 512
8 pm
Baroness Hanham: My Lords, this order, along with the others in the package, will have a wide-ranging effect on the control of our borders and on the freedom of individuals within our country to come and go without questions being asked. The orders themselves raise a number of questions and I hope that the Minister will forgive me if I go through them now.
The Explanatory Memorandum refers to the transfer of “bulk information”. Can the Minister explain what that means in this regard? In view of the amount of information likely to be gathered from passenger lists, other passenger information and travel documents, is it the Government’s intention that it will be possible to transfer it between agencies in total? Could a whole passenger list or even umpteen passenger lists be transferred from one agency to another? Will such a transfer require a request to be made from one or other of the agencies and, if so, what requirement under these circumstances will there be in respect of the protection of those data? What did the Minister mean when he said that all agencies would have shared access to the information? I suspect that ultimately this is all going to take place within e-borders, but will there be a common IT system to which the agencies outlined in the order will automatically have access so that information transfers between them? I would be grateful for a little more explanation on that point.
The Government’s IT systems and the transfer of data have taken a bad beating over the past few months. What further assurances can the Minister give that e-borders will be secure in this respect? Will the method of transfer be one that does not put individual travellers at risk of having their details lost in the post? Does the secure government network to which the Minister referred exclude any possibility of physical transfer by disk, for example, rather than a network transfer, so that there are clearly closed and secure methods of transferring the data?
At present, Operation Semaphore covers less than 12 per cent of all routes into and out of the United Kingdom. The calculated number of passenger movements annually is 250 million. Can the Minister tell us for how long it is intended that the information garnered will be kept on the system and, indeed, whether it can all be held on one system? A brief consideration would suggest that, at a minimum of five years of holding the information, over 1 billion loggings will take place—my maths is not very good, so there may even be another zero to add to that figure. At the current rate of some 16,500 alerts mentioned in the Explanatory Memorandum—although the Minister mentioned the figure of 20,000—in 30 million movements, there will be a vast amount of data that is of no interest whatsoever to any agency. How and when will all that data be pruned so that the names of people who have no reason to be on anyone’s database are taken off? Will there be a maximum amount of time that data on persons who excite no interest in any of the agencies can be held?
Will the Minister tell us what sharing of the information gathered will be available to other countries? Would
25 Feb 2008 : Column 513
It is a sad fact that experience of terrorism, illegal immigration and crime, including the importation of drugs and the trafficking of women and children, seems to lead us to the inevitable situation where practically everything will be known somewhere about every person in this country. That may be an inevitability, but it is up to Parliament to ensure that this results only in the protection of our citizens and not harassment. The proof of that in terms of this order will be known only when and if the system breaks down, so it behoves the Government to ensure that, unlike some recent experiences, this does not happen with e-borders. Can the Minister confirm that e-borders is a stand-alone system and that it does not and cannot link up with any other IT system holding information on individuals in this country?
Lord Avebury: My Lords, I am grateful to the Minister for his explanation of the order. We have had the benefit in this case of reading what was said last week in the Delegated Legislation Committee, much of which was repeated in the noble Lord’s introductory statement. For example, Project Semaphore, which is the pilot on the sharing of passenger name records and freight records, has already contributed to the arrest of 1,600 people for serious crimes such as offloading passengers not qualified for entry to the UK, to the seizure of false documents and to contraband tobacco and drugs, as well as helping to combat terrorism. These are all objectives that I am sure all noble Lords will share.
The Minister told the committee in another place that the PNRs for an estimated 355 million passenger movements will be handled by 2015. I do not share entirely the concern of the noble Baroness, Lady Hanham, about the volume of data, considering that IT systems are continually able to share more and more information. I carry around two gigabytes in my pocket, and some USB dongles now on the market at very low cost carry four times that amount. It is not difficult to imagine that the IT system will be capable of dealing with the volume of information required.
I understand that the information will be shared initially by the three agencies involved in the new combined UK border agency—the BIA itself, HMRC and UKvisas—but there are also proposals under consideration for sharing the data with equivalent agencies in other EU countries. Presumably the Minister will correct me if I am wrong, but I assume that that will require a further order; it would not be allowed by this particular instrument.
As the noble Baroness, Lady Hanham, said, the order also provides for the transfer of data in bulk to the security and intelligence agencies. We, too, would
25 Feb 2008 : Column 514
I gather from the reply given by the Minister to the Delegated Legislation Committee that for the time being fellow European Union member states will be able to consult the database only on a need-to-know basis. What is the statutory authority for that process and what criteria would need to be satisfied in order to trigger a successful request from another EU member state?
Are the PNR data to be recorded and exchanged under this order in the same way as the PNR data that we are now providing under the interim EU-US agreement of 2006, or will provide under the further agreement that was under negotiation when your Lordships’ European Union Committee reported on the matter last June, and will they be held in a common database? Surely it would be absurd to collect PNR data for the purpose of transfer to the United States and our own internal purposes in a different format.
There is a description of the information in paragraphs 7.4 and 7.5 of the Explanatory Memorandum. It consists of information about the passenger’s travel document details, held in the machine-readable section of the passport, and information normally collected for the commercial purposes of the carrier, such as the name, address and telephone number of the passenger, as well as information about the ticket itself. If the carriers are already collecting and storing this information, what are the additional costs of £242 million that they are expected to incur over the 10 years from 2007 to 2017? The Explanatory Memorandum refers in paragraph 7.13 to capital expenditure by “most carriers”, but surely, if my assumptions are right, this cost will fall entirely on carriers that do not fly to the US and therefore have had no need until now for computer systems that will store the data that are mentioned.
The Minister also told the Delegated Legislation Committee in the Commons that the estimated cost of the programme to the Government was £1.224 billion over the same 10 years. That struck me as being a surprisingly precise figure, unless it depends on contracts with the e-borders suppliers that have far stronger penalty clauses than is usual in these matters. How far have we progressed towards establishing the e-borders operations centre and developing the computer systems that will be needed to receive, process and store the data that are transmitted to it by the carriers? Maybe the experience with Project Semaphore allows us to have greater confidence in predicting the costs, but could the Minister say who the suppliers are so that we can look at their previous records of delivering systems on time and to budget, which, as the noble Baroness, Lady Hanham, said, is not always the case with public sector IT systems? The Minister told the committee in another place that the estimated average cost per passenger movement was 14p. I assume that this includes the cost of the stringent safeguards that are imposed by the code of practice that is to be issued under Section 37 of the 2006 Act.
25 Feb 2008 : Column 515
There is no doubt about the need for the collection and sharing of information about passengers and goods entering and leaving the UK for security purposes. As with any very large IT system, however, there is a small risk of erroneous data being recorded and I share the anxiety of the noble Baroness, Lady Hanham, about whether the code of practice to which the Minister referred will deal adequately with the mechanisms available to persons who claim that wrong data have been recorded against them. Will it allow them not only the means of having access under freedom of information to the information that is recorded but good opportunities for making corrections?
Lord West of Spithead: My Lords, I thank noble Lords for their contributions to the debate and for the good points they raised. On the use of bulk information and what is presently known as the JBOC—when e-borders comes into operation it will become the EBOC, the information centre—data are fed into what is effectively a sealed area, where it is recorded, held, sorted out and analysed. This is done by operators who will have gone through specific security training because, as has been said already, there has not been a good track record, not only in government but in private companies as well, of looking after data and making sure they are correctly protected. These operators have to undertake and pass a training course before they are even allowed to operate and use the machines. The procedure has been tightened-up well and will ensure that that is done properly. The bulk information is analysed within the JBOC—in future the EBOC—and when one finds data that are of interest to an agency in one of the other areas, that information is passed and that agency deals with that information about that specific subject.
I was asked whether discs would be flying around. There is a facility to produce a disc although some of the machines are disabled so that they cannot produce discs because it is so easy to put data on them and remove them. If discs are going to be used, there is a mechanism in place to ensure that these are looked after, logged properly and are only transferred by hand. That is how that will be dealt with within the structure.
Beyond the JBOC or EBOC, it will deal with specific data about someone of interest to that agency, which they will be able to pass to each other. For instance, if it goes to BIA, BIA will be able to talk to HMRC about that specific person. But the bulk data that has been fed in will not be flashing around to different people.
On the issue of Project Semaphore and how long data will be held, at the moment the information is held for about five years, although some police forces hold it for six and HMRC has said that some data may have to be held for longer for various customs and excise reasons.
The order does not cover sharing information with other countries although it is open to us to enter into agreements to share data with states. Clearly when we do that we will have to make certain that all the data protection guarantees and so on are in place, using the commissioner and other methods to achieve that.
25 Feb 2008 : Column 516
The question of costs was touched on by the noble Baroness and the noble Lord, Lord Avebury. The costs for industry are variable. At the bottom end they are down at 0.04p and at the top end they are £6.31. When we worked it out, the average cost was 14p, as has been mentioned. It is up to the carrier to decide how to meet these costs but we feel that for that amount of money it is incumbent on an organisation to help in what this achieves for the security of the nation. As has already been said, it is amazing what has been achieved with Project Semaphore; the benefits from that have been quite huge.
| Next Section | Back to Table of Contents | Lords Hansard Home Page |