Law Commission Consultation on Protection of Official Data 2017

Introduction

The Law Commission is an independent body that reviews UK legislation and identifies where reform is needed. In 2015, the Cabinet Office asked the Law Commission to look into the UK’s laws around the disclosure of official data.

For reasons explained fully below, ORG’s view is that the Law Commission consultation paper[1] is shoddy and confused, contradictory, poorly researched, and ill-informed on public interest issues. It follows a review that has markedly failed to conduct full, independent and balanced investigation. The consultation paper appears to be based mainly on opinions and hopes from government and security and intelligence agency representatives. It is generally argumentative rather than evidence-based.

The report contains detailed legal analyses and comparative studies, but in relation to the application of the law, the evidence supporting changes is limited to an asserted need for more up to date language and unsubstantiated concerns that the current framework may not be robust enough to deal with the Internet. However, the report does not explore what specific changes and challenges the Internet and digitisation bring.

The report fails to demonstrate how current secrecy laws have, in practice, worked or failed, or to consider the evidence of important recent espionage or leaking cases and investigations. As drafted, it fails to make the case for the reforms proposed, other than by deploying rhetoric.

Therefore, ORG cannot support the proposed full rewriting of espionage and secrecy legislation until a full and proper analysis is produced. This should contain explanatory evidence of the risks to the state and the public interest posed by new technologies, but also of the possible risks for pervasive surveillance and clamping down on whistleblowers.

Background

On 2 February 2017, the Law Commission (“the commission”) (http://www.lawcom.gov.uk/) published a consultation paper on the “Protection of Official Data”. The Commission are now engaged on a second, limited consultation exercise, which ends on 3 May 2017, after which they propose to publish a report. The Government has made no statement as to whether they would then wish to carry any proposals by the Commission into law.

In July 2015, two years after the publication of revelations from Edward Snowden, the Commission was asked by the Cabinet Office to “examine the law surrounding breaches of protected government data”. The Cabinet Office and the Law Commission then agreed terms of reference, which were published by both parties on 17 December 2015. They were not discussed with any other interested party or organisation.

Both the Commission and the Cabinet Office to the best of oiur knowledge have refused requests by journalists to publish correspondence setting out the detail of the government requests and claims for this project.

According to a “current project status” web publication by the Commission (no longer available online), the Commission agreed in February 2016 to “ research improvements to the civil and criminal sanctions available to the Government for managing instances where individuals do not protect Government information as they should, and make recommendations for improvements in a final report.”

Summary of proposals

The major proposals from the Law Commission are:

A. A new Espionage Act to replace the 1911, 1920 and 1939 Official Secrets Acts.

1. Changing the offence in these Acts from conduct which could assist an “enemy” to conduct which could assist a “foreign power”;

2. Changing the material which could be communicated to cause an offence to “information” [This would not in fact be a change, as the term “information” was included in 1911];

3. Changing the test of mens rea [guilty mind] required for espionage in the Acts, requiring proof that acts were done “for a purpose prejudicial to the safety or interests of the state”, from “state” to the undefined term “national security”;

4. Changing wording describing places which should be “prohibited places”;

5. Making persons who are not British subjects or citizens, and who have never been on British territory, potentially chargeable and subject to extradition for espionage.

B. Repeal of the 1989 Official Secrets Act, replacing it with an as yet untitled new anti-leaking act, which would:

1. Eliminate tests of harm, previously requiring that prosecutors had to prove that alleged disclosures caused actual damage;

2. Prohibit a defence of prior disclosure and publication, unless the information was “lawfully in the public domain”. [In effect re-introducing Section 2 of the 1911 Act, which was repealed in 1989].

3. Adding economic information to the list of punishable disclosures;

4. Prohibiting any form of public interest defence for offences or publications;

5. Increasing maximum jail terms from two years to, in one comparison, 14 years;

6. Making persons who are not British subjects or citizens, and who have never been on British territory, potentially chargeable and subject to extradition for leaking or handling leaked information.

C. A further “more extensive review” and “law reform project” in respect of 124 other UK protection of official data laws, including:

1. Reviewing offences and defences under Section 55 of the Data Protection Act 1998;

2. Considering new national security disclosure offences

D. The commission did not:

1. Conduct or report any historic review or appraisal of the results of historic cases or investigations, and conclusions drawn;

2. Publish submissions and evidence received from government departments when publishing the consultation paper;

3. Frame the context of the review in the full current context of cyber attacks and remote thefts and copying of officials’ information, which most authorities cite as the greatest threat to UK information security in the 21st Century;

4. Discuss the role and effects of the Internet, or its implications in the flow of data through espionage;

5. Review or mention the Snowden and Wikileaks disclosures, which are the most relevant and important cases involving the loss of British official data;

6. “Consult widely” with NGO and media organisations, despite claims to the contrary.

7. Consider the role of official secrecy and the use of official data in perception management, information management (including “spin”, public relations and even “fake news”) and how misuse of protective classification could be codified.

Problems with the proposals

The tentative proposals introduced by the Law Commission would change the balance between secrecy and transparency without providing clear solutions or addressing the main problem faced by the government: that most UK government official data is currently stolen digitally by actors who may be anywhere on the planet.

• Widening the offences

The introduction of the term foreign power in lieu of the enemy may be more modern and less prone to cause diplomatic offence, but it could dramatically widen the scope of the offence. We are particularly concerned about non-state actors, such as NGOs, being covered, which could possibly lead to the kind of situations seen in countries like Russia.[2] In the context of Brexit this is especially problematic, as civil society groups could be accussed of supporting EU positions or passing on information in negotiations.

We also believe that moving from evidence of actual damage to an awareness or knowledge that the information may be detrimental to national security may reduce the burden on the state but in so doing it opens the way for claims of damage that require no substantiation.

• Increasing sentences

We understand the Commission is not endorsing a particular penalty, but it is the gist of the document that current penalties are too short and that 14 years is a valid option. There is no detailed analysis for how this proportionality could be established.

• Expanded scope to economic information

While economic information relevant to national security is part of the remit of the security and intelligence agencies, it could expand the scope of the legislation towards completely new areas. The potential conflation of the national interest and that of large firms is problematic nowadays in a globalised world, particularly as the ownership of critical assets in the UK is increasingly in foreign hands.

• Extraterritoriality

The proposals to expand the offences to non British nationals acting outside the UK, as long as there is a “sufficient link” are difficult to establish and even harder to enforce. Below we discuss some specific problems with the proposed criteria.

• Prohibited places

Updating the types of prohibited locations to include data centres may again appear to be a needed update, but we think that the very notion of prohibited places needs to be reconsidered in an age when online high resolution digital maps are universally available. In addition, it is unclear whether there are any practical limitations on the locations that can be currently covered under various pieces of legislation.

• Lack of a public interest defence

The arguments presented against a public interest defence in the consultation document appear to show a worrying rejection of the very concept of public interest, not just the problems of implementation. This is a critical point on which the balance between secrecy and transparency hinges.

Need to go back to the drawing board

A second, purportedly final, future report will be of little relevance unless fuller research and a wider investigation is first carried out to provide a better-informed, balanced view.

Below are questions for the Commission and other interested parties that need to be answered to gather evidence that existing laws are in inadequate or sufficient if imperfect. In particular, relevant controversial cases and investigations involving politicians, the responsible press, whistleblowers and free speech over the past 50 years should be at the centre of a proper review, not pushed to one side.

ORG believe that, before preparing any further report, the Law Commission need first to answer important questions about the evidence for why reform is needed; and also to explain why, in 2017, they would recommend it essential (if so) to insert three or more new controversial and complex laws into the busy legislative programme and parliamentary timetable of the next 5–10 years, which is now inevitably dominated by the circumstance of British withdrawal from the European Union.

On the basis of the lack of investigation and research to prepare this report, ORG opposes the current Law Commission proposals as anachronistic and archaic, in that they seek only to buttress government secrecy in response to recent landmark events and reintroduce aspects of laws repealed in 1989. It is unacceptable that this basis for the government-requested review is not mentioned, let alone evaluated.

ORG’s view is that a modern law dealing with the managing of official information could be of benefit, provided that was a genuinely holistic law that took full account of 20th century legal developments including rights to information under data protection and freedom of information laws, whistleblower protection statutes (including protection from ubiquitous surveillance) and embraced the constitutional need for organs of state not to be arbiters in their own cause.

Issues of concern

ORG’s key points of concern with the consultation include:

NO CONSIDERATION OF ACTUAL CASES

The report proposes the passage of a new Espionage Act (as well as two other possible new Acts of Parliament), but provides no evidence that any recent case of actual espionage (as the term is understood by the British public) brought under Section 1 of the Official Secrets Act has faced difficulties. The Case tables provided list many of the recent prosecutions or potential prosecutions brought under the Official Secrets Acts. Most of them have not been considered nor reported by the Commission.

The Review includes no consideration of important past cases, nor of the impact of the Acts on the press, including notably:

• The Jonathan Aitken and Sunday Telegraph case of 1971, leading to the Franks Report of 1972,

• The ABC (Aubrey, Berry Campbell) case of 1978, which triggered the eventual repeal of Section 2 of the Official Secrets Act 1911 and its replacement in 1989;

• The trial of civil servant Clive Ponting in 1985;

• The Spycatcher Affair of 1988;

• The Keogh and O’Connor case of 2007 (concerning leaked minute of discussion on bombing of Al Jazeera).

The central thrust of the report is a tautologous assertion that because provisions in the Official Secrets Act 1911–1939 are “archaic and in need of reform”, reform is needed.

Throughout the report, the main – and only substantial objection to the current Official Secrets Acts’ ability to protect official data – is stated repeatedly, including by means of publicity and ancillary material. The objection is that the Acts are allegedly “archaic”, “anachronistic” and “outdated” and were conceived in “antiquity”. These rhetorical terms are used 14 times. This is seriously misleading, and helps evade discussion of the law in practice.

The Commission initially advertised its remit as including civil sanctions for failing to protect official data. Although further claiming that the Review was “holistic”, the Commission then consider only criminal sanctions against unauthorised disclosures, and focus instead on making defences more difficult and penalties more severe. Despite claiming that the review would “consider the relationship between the criminal law and any civil remedies” (1.6 (3) (c), the Review does not consider civil remedies at all. The claim to have provided a “holistic” approach does not bear scrutiny in a report full of holes in evidence, research, and argument.

SNOWDEN AND WIKILEAKS

We believe that the concealed purpose in requesting the Law Commission report, and the obvious driver for the government’s request in 2015 has been the publication on the Internet and in the press of large compendia of leaked documents, including by the Wikileaks website and the documents provided by Edward Snowden. Astonishingly, the circumstances and implications of the Edward Snowden revelations and how they were handled by the government and Cabinet Office on one hand, and by the Guardian and other media on the other, are nowhere mentioned. Snowden’s name is never cited in the consultation paper nor any other related document, although it was mentioned in every press or legal report of the consultation paper. The Snowden affair is the obvious and also understandable trigger for government concerns.

An honest and thorough public debate on state secrecy and espionage cannot take place as long as the government and bodies such as the Law Commission conceal intentions and motivations. This would have been true at any time, but particularly when transparency is a value supported by almost every democratic government in the world. This includes the UK, which is a leading member of the Open Government Partnership.

In any view, the Snowden case raised obvious and essential current issues of policy and law (and competencies) which the Law Commission omit. Important omitted issues include:

The government threat of civil proceedings (injunctions) against the Guardian newspaper to prevent publication of selected parts of certain classified GCHQ documents during 2013. The threat was not proceeded with;

The simultaneous government threat of criminal proceedings against the Guardian’s editor and staff under the Official Secrets Act 1989, Section 5 for failure to return documents after being given an “official direction”. In consequence, the Guardian was compelled to carry out, initially in secret, the destruction of computers and hard drives from which stories had been reported. The enforced destruction of the material was pointless on every view, as the government was aware and had been informed in advance that multiple additional copies of identical material was held by other journalists and media organisations, in the United States and elsewhere:

The general difficulty faced by British governments [not only in the Guardian-Snowden reporting] in responding to the possible future publication of sensitive official information on the Internet, in circumstances where communication and publication does not take place in or from the United Kingdom.

Notably, the identical issue which arose before the Internet began in the “Spycatcher” affair of 1988, when former Security Service (MI5) officer Peter Wright published a memoir in Australia and then the United States. The government initially responded by civil injunctions, which amounted to mere information management, as they were unable to restrain overseas publications. The Commission does not mention the Spycatcher affair, although it was an important event leading to the 1989 reform of the Official Secrets Acts.

DIGITAL DOCUMENTS

A further example of badly informed rhetoric making a misleading case for reform is the Commission’s suggestion that “some might question whether the term “official document” would encompass information stored digitally. There is a need to adopt language that will ensure the offences are future proofed against developing technology and techniques in espionage.” [Paragraph 2.104]

This is a mischievous distraction. It is has been established practice in both civil and criminal courts for decades that reference to “documents” also includes references to electronic documents. [3]The same is true of criminal practice and statutes, such as the Fraud Act 2006, referred to in the report. [Paragraph 2.167]

FLAWED CONSULTATION PROCESS

Consultation during preparation of the report on the protection of official data was one sided, and superficial so far as non government and media organisations were concerned. The vast majority of media and NGO “stakeholders” of this type were not consulted at all, and still have not been approached proactively.

Claims that the Review was “independent” or robust are undermined by evidence that while many government officials and lawyers were consulted, no serious attempt was made to involve media organisations or NGOs. The report lists 21 government departments and police, intelligence and security agencies that were consulted, alongside 18 judges, lawyers and others. It names three NGOs, including ORG, which in fact were not consulted (as opposed to briefed), although approaches were made.

The commission claimed to have “consulted widely with … the media and human rights organisations”. This was a mis-statement. The Commission subsequently confirmed that this part of their consultation was restricted to a single short meeting in April 2016, at which a Commission lawyer explained their proposals. Media and other organisations concerned were promised follow-up information and further consultation, but this was abandoned because the review ”became a larger piece of work than we anticipated”.[4]

The Law Commission’s initial and supportive publicity for the report was managed as a public relations exercise and placed exclusively in one newspaper, the Daily Telegraph, in return for the newspaper agreeing to print an editorial opinion written by Law Commissioner David Ormerod[5] No press releases or consultation letters were circulated. Consultation documents were placed only on the Commission’s website and were not distributed.

The first wave of press reports in the Daily Telegraph included grandiose but unsupported rhetorical claims by the Commission to have conducted the “first overhaul of the Official Secrets Act in 100 years” and to have offered a “once in a century” opportunity to “meet 21st century challenges” with “future proofed” laws.[6]

One week later, the Telegraph, in common with other major newspapers including the Guardian[7] and Daily Mail[8], published major articles strenuously opposing the review. The Daily Telegraph reversed its previous opinion, describing the Commission’s proposals instead as “ outrageous, nothing less than a threat to Britain’s free press and thus its democracy”⁹ and stating that, “the Law Commission and the ministers it answers to must ensure that responsible British journalists are not subjected to any new official secrecy law. The free press must remain free.”[9][10]

The Prime Minister’s office was also then reported to have repudiated the report and the Law Commission’s work, according to the Guardian[11].^.^A “No 10 source” was reported as saying:

“This is a consultation by an independent body instigated by a previous prime minister … It will never be our policy to restrict the freedom of investigative journalism or public service whistleblowing.”

The scale of criticism expressed by widely different political voices, and also reportedly put on behalf of the Prime Minister, emphasises the need for a root and branch review of whether new and harsher secrecy laws are required.

The Commission failed to consult or consider Scotland and Northern Ireland in their Review process, and still have not done so. The Commission’s remit is limited to England and Wales. Criminal Law is not a fully devolved power. All current Official Secrets Acts apply also in Scotland and Northern Ireland. Changes would affect the devolved administrations.

Instead of now conducting an open, independent second stage consultation, as claimed Law Commission staff have attempted to limit responses to little more than an opinion poll on pre-determined findings on contentious questions. Consultees are invited to “agree” with 28 wide-ranging “Provisional Conclusions” [Chapter 8]. This conduct exacerbates the effect of the inadequacy of the first stage consultation.

Like every other law, the Official Secrets Acts have been and are interpreted by the Courts, subject to higher Courts, to deal with changing circumstances. One example of this is the case of Chandler, cited in the report. [Paragraph 2.24] The Acts have also been supplemented as needed by new law, as described below.

PROHIBITED PLACES

The report has ignored how Courts and Parliament have dealt with technical and other developments, even if protected items such as official “seals” are no longer in use. For example, the designation of military and other sites under the Official Secrets Act 1911 as prohibited places which are protected against taking “photographs or sketches” (and other acts) is now absurd in an era of ubiquitously available and frequently revised high resolution satellite photography. Such imagery is now not only available to all potential military adversaries of the United Kingdom but is also available without restriction to the general public, and regrettably but inevitably therefore also to those individuals or groups who may intend harm, such as terrorist organisations. It follows that the designation of “prohibited places” could without risk be retired and repealed.

In part because of these issues, section 3 of the Official Secrets Act 1911 (covering prohibited places”) has been superseded by more focussed (but also potentially wider) offences, and in particular by sections 57 and 58 of the Terrorism Act 2000, as amended.[12] These criminalise possession or gathering of any type of information (including official information), without restriction, if it is done for a terrorist purpose.

Writing in the Daily Telegraph, Law Commissioner Ormerod complained inaccurately that “offences in the 1911 Act are focussed narrowly on protecting specific locations, but are mainly related to sites of munitions of war. But what about an embassy abroad? Or a data centre? The legislation needs to protect against modern threats”. The consultation overview[13] extends this argument, stating that “In the modern world, the sites that need protection may include very different placessuch as data centres which may store vast quantities of information. We suggest the introduction of a new statutory mechanism by which sites can be designated as protected by the law if it is in the interests of national security to do so. ”

Better research would have revealed to the Commission that data centres are specifically already effectively defended by being designated as “protected places” under the Serious Organised Crime and Police Act 2005.[14]

For example, orders made under SOCPA have provided protection for more than ten years for GCHQ’s computer data centre at Harp Hill, Cheltenham, as well as all intelligence agency headquarters and other bases, nuclear power stations, many military bases, and even royal residences.” Neither nuclear power nor the modern intelligence agencies existed in 1911, but “modern threats” are in fact covered by existing, modern law.

After failing to determine that modern legislation covers such potential uncertainties in the Official Secrets Acts, the Commission report produces **contradictory recommendations. **

The report’s finding concerning “prohibited places” is that any redrafted offence ought to have the following features:

• Like the overwhelming majority of criminal offences, there should continue to be no restriction on who can commit the offence;

• The offence should be capable of being committed by someone who not only communicates information, but also by someone who obtains or gathers it. It should also continue to apply to those who approach, inspect, pass over or enter any prohibited place within the meaning of the Act.

• The offence should use the generic term “information” instead of the more specific terms currently relied upon in the Act [2.123- Provisional Recommendation 2].

Forty paragraphs later, the report says “We consider that a modified version of the approach taken in the Serious Organised Crime and Police Act 2005 is a suitable alternative to the current regime. The Secretary of State would be able to designate a site as a “protected site” if it were in the interests of national security to do so. Do consultees agree?”[2.163]

The suggestion in Provisional Recommendation 2 (above) that a new espionage offence should be created to use the generic term “information” instead of more specific terms currently relied upon in the Act appears to be an elementary error. The 1911 Official Secrets Acts does use the generic term “information” [Report, page 293.] Section 1 (1) (c) and Section 1 (2) of the 1911 Act each refer to any “document or information” as an element of espionage offences. The Commission’s argument is unnecessary.

DEFINITION OF “NATIONAL SECURITY”

While proposing that the language of the Acts be amended to use the term “national security”, the Commission offers no definition. Rather than discuss this important issue, the consultation papers waves aside objections to passing a new law based on a different, wide-reaching and equally vague replacement. In doing so, they have adopted the most extreme of government arguments.

This argument in support of the government position and without assessment is supported by reference to a partial and overstated nterpretation of a single ECHR case, Kennedy v United Kingdom, (26839/05). In this 2010 judgment, the Court found against Kennedy on the basis that “the condition of foreseeability” when national security was used as a circumstance permitting interception “does not require States to set out exhaustively by name the specific offences which may give rise to interception. (§159)”.

The Court also took into consideration that although “the term “national security” is not defined in RIPA … it has been clarified by the Interception of Communications Commissioner appointed under RIPA’s predecessor (the Interception of Communications Act 1985) who, in his 1986 report, stated that he had adopted the following definition:

“[activities] which threaten the safety or well-being of the State, and which are intended to undermine or overthrow Parliamentary democracy by political, industrial or violent means.”

By omitting these qualifications and passages, the Commission appears to have taken a partisan view in determining the argument as to whether “national security” should be defined closed, and not a matter for consultation. A fair reference to this judgment would have included the part of the judgment which explained that a very senior UK judicial official (the Interception of Communications Commissioner) had found it both possible and advisable to adopt a definition.

TECHNOLOGICAL CHANGE

The Commission failed to research, investigate or report on the effect of “technological change”, despite this being a term of reference. Objective (3) (d) of the Commission’s agreed terms of reference was to “study the effect of technological change on the way in which data is stored, shared and understood, and determine whether the current law needs to be reformed properly to account for these changes.” [Paragraph 1.6 (3) (d)]

Despite this claim, the Review mentions the Internet only once, but only in relation to personal and not official information (Paragraph 4.73).

Law Commissioner David Ormerod wrote in the Daily Telegraph (cited above) that “online communications and storage means the volume of information and associated risk is of a very different scale.” But the sole reference to technological change in the report is the first sentence in the report:

“Technological advances have increased the ability of government to deal with large amounts of information, which has had a significant impact upon the relationship between citizens and government”. [Chapter 1, 1.1]

The Review does not mention the web or social media (through which much information is leaked), nor does it consider cyberattack or other remote forms of computer espionage. Most commentators and reports, including from the Government’s own Cyber Security centre, opened in February 2017[15], believe that the cyber attacks conducted electronically and from a distance are the current most serious, and grave threat. The report includes no consideration of the need for cyber security, security training, or personnel vetting being critical to protecting official data.

EXTRATERRITORIALITY

The Commission provides no explanation as to how a controversial proposed new extra-territorial espionage law could be effective, if at all The Commission’s proposed new Espionage Act would expand “the territorial ambit of [espionage] offences… so that the offences can be committed irrespective of whether the individual who is engaging in the prohibited conduct is a British Officer or subject, so long as there is a “sufficient link” with the United Kingdom.” [Provisional Conclusion 7, Paragraph 2.175].

There is then no definition of the meaning of “sufficient link” to the UK. This would be the critical element of any such new law. The report points towards the 2015 updates of the Computer Misuse Act for similarities, but these are unclear.

The Commission also fail to consider how such a law could be made effective and enforceable in overseas jurisdictions, or what human rights or local legal considerations would have to be engaged, or how.

The situation in 2013 of British government impotence to prevent US-based and other overseas journalists repeatedly publishing leaked classified information from Edward Snowden was of evident immense concern to the Government, irrespective of the view taken of Snowden’s conduct and revelations. Most commentators would expect that, in the light of the provisions of the First Amendment to the United States Constitution, neither the British nor any other foreign government could expect to have their laws enforced contrary to the Constitution. Instead of addressing this understandable and difficult consideration head on, the Commission has sought instead to propose new and extended ways of criminalising reporting. This appears to be a fatal flaw in the report, in that it avoids considering the most likely future threat of concern.

A full, unbiased future review could and should consider key issues such as whether any British law could, in reality, allow the government to arrest, try and seek to punish any future foreign whistleblower or foreign journalist who published officially secret information about British government conduct or misconduct.

For these reasons, ORG believes that the Law Commission has failed in its assigned role of evaluating what would be required of a 21st century official information law, in a society that has evolved and progressed from imperial times.

Second stage consultation

The focus of the Commission’s actions in the consultation period up to 3 May 21017 has been to attempt to focus responses onto predetermined issues, and also to solicit respondents and organisations to accept 28 predetermined views, about which they are asked “Do consultees agree?”

ORG’s view is that the Commission should provide fuller and better particulars of their arguments, proposals and the evidence they have reviewed so as to assist in responding.

Questions for the Law Commission:

On 6 April 2017, ORG asked the Commission to respond to the questions set out below. The Commission have not responded or acknowledged at the time of preparing this report.

1. Which specific cases and/or investigations since 1911 do the Law Commission believe show that the use of the term “enemy” and/or the phrase “purpose prejudicial to the safety or interests of the state” in Section 1 of the Official Secrets Act 1911 has or may have inhibited the ability to prosecute those who commit espionage?

2. To the knowledge of the Law Commission, has a British court ever rejected a prosecution in which a non-state (terrorist) organisation was argued to be an enemy? If so, in which cases?

3. Why does the Law Commission consultation paper omit any reference to the Edward Snowden revelations of 2013, and to the proposed or possible use in that case of civil or criminal law sanctions against British or overseas media organisations? Was the Commission asked or advised to exclude the Snowden case from its considerations?

4. In proposing a new extra-territorial offence of espionage committed abroad by persons who are neither British subjects nor citizens, does the Commission have a definition of the meaning of the proposed legal test of “sufficient link” [to the UK] [Paragraph 2.175]? The report points towards the 2015 updates of the Computer Misuse Act for similarities, but these are unclear.

5. When recommending new “language that will ensure the offences are future proofed” as opposed to existing “archaic” terms, the Commission propose that a recommended new espionage offence use the “generic term” “information” [Provisional Recommendation 2].

Section 1 (1) (c) and Section 1 (2) of the 1911 Act each refer to “any … information” as an element of espionage offences. If the Commission’s view is that this point is therefore not otiose, why has a change which is not in fact a change put forward as a reason for new legislation now being required?

6. In relation to the proposed extended “territorial ambit” of the proposed new espionage offence:

a. Did the Commission consult any other state, or international organisation about these proposals? If so why were their views not reported?

b. Did the Commission conduct any research into the possible future use of extradition powers or treaties to bring foreign persons residing abroad, including journalists, to trial in the United Kingdom for the proposed espionage offences? If not, how does the Commission recommend that the proposed new offences be made enforceable internationally?

c. Did the Commission make any approach to foreign governments (in particular the United States) so as to ascertain from these government if they would agree to their citizens being extradited to the UK for trial?

7. Why did you, when writing for the Daily Telegraph, and the Law Commission (in the Protection of Official Data Overview document) imply that modern “data centres” were currently unprotected because they did not “store munitions of war” or similar? Were you and the Commission aware that data centres are included in statutory lists of prohibited places, and also in “protected site” orders made under the Serious Organised Crime and Police Act 2005.

[For example GCHQ’s data centre at Harp Hill, Cheltenham, designated by Home Office Circular 018/2007:

https://www.gov.uk/government/publications/trespass-on-protected-sites-sections–128–131-of-the-serious-organised-crime-and-police-act–2005]

8. Why does the consultation paper never mention the Internet in relation to official information? The word only appears once in the consultation, in relation to the loss of computer disks with personal information by HMRC, a data protection matter.

9. Is the Law Commission aware from its research for the consultation of any case in any jurisdiction in which an internal commissioner review mechanism of the type proposed in the consultation paper has been shown to be effective in redressing misconduct, crime, corruption, or other misconduct by a government or government organisation? If so, please provide a list.

10. What evidence led you to your published view that the year 2017 affords a “once in a century opportunity” to reform British secrecy laws? Given that four Official Secrets Acts were passed, and five reviews conducted between 1911 and 2000, on what specific basis or bases do you and/or the Commission claim that no other review will be needed for 80 years, were your proposals now to be adopted as law?