All 10 contributions to the Telecommunications (Security) Act 2021

Read Bill Ministerial Extracts

Mon 30th Nov 2020
Telecommunications (Security) Bill
Commons Chamber

2nd reading & 2nd reading: House of Commons & Carry-over motion & Carry-over motion: House of Commons & Money resolution & Money resolution: House of Commons & Programme motion & Programme motion: House of Commons & Ways and Means resolution & Ways and Means resolution: House of Commons & 2nd reading & Programme motion & Money resolution & Ways and Means resolution & Carry-over motion
Tue 25th May 2021
Wed 26th May 2021
Tue 29th Jun 2021
Tue 13th Jul 2021
Tue 19th Oct 2021
Tue 26th Oct 2021
Mon 8th Nov 2021
Telecommunications (Security) Bill
Commons Chamber

Consideration of Lords amendments
Mon 15th Nov 2021
Telecommunications (Security) Bill
Lords Chamber

Consideration of Commons amendments
Wed 17th Nov 2021
Royal Assent
Lords Chamber

Royal Assent & Royal Assent

Telecommunications (Security) Bill

2nd reading & 2nd reading: House of Commons & Carry-over motion & Carry-over motion: House of Commons & Money resolution & Money resolution: House of Commons & Programme motion & Programme motion: House of Commons & Ways and Means resolution & Ways and Means resolution: House of Commons
Monday 30th November 2020

(1 year, 7 months ago)

Commons Chamber
Read Full debate Telecommunications (Security) Act 2021 - Government Bill Page Read Hansard Text Read Debate Ministerial Extracts
[Relevant Documents: Oral evidence taken before the Science and Technology Committee on 24 June, 9 and 22 July, 30 September and 28 October 2020, on UK telecommunications infrastructure and the UK’s domestic capability, HC 450; Second Report of the Defence Committee, Session 2019-21, The Security of 5G, HC 201.]
Second Reading.
6.20 pm
Oliver Dowden Portrait The Secretary of State for Digital, Culture, Media and Sport (Oliver Dowden)
- Hansard - - - Excerpts

I beg to move, That the Bill be now read a Second time.

Cutting-edge technology such as 5G and gigabit broadband have the potential to transform our lives and this Government are investing billions of pounds in their roll-out nationwide, but we can only have confidence in that technology if we know it is secure, and this Bill will create one of the toughest telecoms security regimes in the world, one that will protect our networks even as technologies grow and evolve, shielding our critical national infrastructure both now and for the future.

This Bill acts on the recommendations of the United Kingdom telecoms supply chain review, which in turn was informed by the expert technical advice at the National Cyber Security Centre in GCHQ. First, it establishes a tough new security framework for all the UK’s public telecoms providers. This will be overseen by Ofcom and the Government, and they will have a legal duty to design and manage their networks securely. Rigorous new security requirements will be set out in secondary legislation, and codes of practice will set technical guidance on how providers should meet the law, and where providers are found wanting, Ofcom will have the power to impose steep fines. For example, under the current regime fines for failing to protect security are limited to just £2 million or £20,000 per day, while under the new regime they will rise significantly, to up to 10% of turnover or £100,000 per day. Under the current regime Ofcom has limited monitoring and enforcement powers. Under the new regime it will have the power to enter premises of telecoms providers, to interview staff and to require technical systems tests.

If we pass this Bill, few other countries in the world will have a tougher enforcement regime, and the point of this Bill is not just to tackle one high-risk vendor; it raises the security bar across the board and protects us against a whole range of threats. According to the NCSC, the past two years have seen malicious cyber-activity from Russia and China as well as North Korea and Iranian actors. While I know that telecoms providers are working hard to protect our networks against this hostile activity, the Government have lacked the power to ensure they do so. This Bill puts a robust security framework in place, guaranteeing the protection of our networks.

Tobias Ellwood Portrait Mr Tobias Ellwood (Bournemouth East) (Con)
- Hansard - - - Excerpts

It feels like a long time since we had debates about Huawei at, I think, the beginning of the year, which perhaps started this national conversation about our critical national infrastructure. My right hon. Friend speaks about threats: what is the biggest long-term geostrategic threat facing the UK now?

Oliver Dowden Portrait Oliver Dowden
- Hansard - - - Excerpts

The purpose of this Bill is to give us flexibility so that we do not get bound by the particular circumstances of today, and we have designed it to give us that. The four big threats we consistently face in cyber in this country are, as my right hon. Friend knows, in relation to Russia, China, North Korea and Iran, and we are seeing an evolution in some of those threats, particularly in relation to China.

This new security framework is just one half of the Bill; the second half gives the Government unprecedented new national security powers to identify and tackle high-risk vendors. Under the Bill the Government will be able to designate specific vendors that pose risks to our national security and issue directions to telecoms providers to control their use of goods, services or facilities provided by those vendors.

Kevan Jones Portrait Mr Kevan Jones (North Durham) (Lab)
- Hansard - - - Excerpts

In principle, I welcome the Bill. Its focus, however, is on kit, hardware and vendors, and that will go some way towards protecting our telecoms systems, but we are also still facing threats from hacking, so making sure we have basic good cyber-hygiene will be just as important as some of these measures we are discussing today.

Oliver Dowden Portrait Oliver Dowden
- Hansard - - - Excerpts

In short, yes, the right hon. Gentleman is absolutely correct. What this Bill does is bite in three respects. First, it sets out the overarching duties on mobile network operators and other telecoms providers in statute. It then empowers the Government through secondary legislation to provide further requirements on them. On top of that, for the tier 1 providers, which will basically be all the big telecoms providers, it also introduces a code of practice whereby they have to comply with that to ensure that they are secure. Across the board, the Bill tightens the requirements on them.

Bob Stewart Portrait Bob Stewart (Beckenham) (Con)
- Hansard - - - Excerpts

To follow up on the comments of my good friend the right hon. Member for North Durham (Mr Jones), does the Bill also give added protection to private individuals using their mobile phone, to stop them having it tapped by, say, a newspaper reporter?

Oliver Dowden Portrait Oliver Dowden
- Hansard - - - Excerpts

I cannot imagine what my hon. Friend is alluding to. This is aimed at the telecoms providers, but in tightening the security requirements on them, it in turn, of course, tightens the security for individual telecoms users. The Bill makes it a duty for telecoms providers to comply with those directions and introduces robust penalties for those that fail to do so.

The point is that these powers will protect us against both the high-risk vendors of today and the threats of tomorrow. I know that for right hon. and hon. Members there are significant concerns about one high-risk vendor, Huawei. This has rightly attracted the attention and concern of many hon. Members and I want, first, to reassure them that I have heard them, that I am acting and that I am taking a clear-eyed approach to protecting our national security.

In July, I announced that UK telecoms providers should cease to procure any new 5G equipment from Huawei after 31 December 2020 and remove all Huawei equipment from our 5G networks by the end of 2027. This Bill enables us to implement those decisions in law.

Tom Tugendhat Portrait Tom Tugendhat (Tonbridge and Malling) (Con)
- Hansard - - - Excerpts

I welcome both the Secretary of State’s direction and his much earlier than expected announcement of no new installations. Does he agree that this fundamentally changes the incentives on any boardroom for using any kit—in this case, Huawei—that is a risk? The cost is going to be laid with the company—that they will have to remove it anyway—which changes the pricing structure that any other company would have to bid for.

Oliver Dowden Portrait Oliver Dowden
- Hansard - - - Excerpts

My hon. Friend makes a very important point, and I will be coming on to that in a minute. It is actually happening now because telecoms providers and mobile network operators know three things. They have to remove Huawei equipment in respect of 5G by 2027 entirely. They cannot purchase any equipment from the end of this year, and—I will come on to this shortly—we have double locked that, as it were, by having the installation requirement. Mobile network operators are already working on that assumption.

Kevan Jones Portrait Mr Kevan Jones
- Hansard - - - Excerpts

I find that very strange because the Bill is about security. The Secretary of State is now saying that he is introducing proposals which mean that if, for example, Vodafone or any other operator has got some stock in, it cannot put it in from the end of this year. What is the security risk there? The only reason we changed the projections earlier last year—which I supported—was the US sanctions on future kit. There is not a security risk to the kit that is going in now so how can he use this Bill, on security, for doing that? Is this not just a political decision that he is making?

Oliver Dowden Portrait Oliver Dowden
- Hansard - - - Excerpts

To clarify the position for the right hon. Gentleman, mobile network operators cannot purchase from December this year—so they can purchase it now— and the installation limit will then apply from September 2021. The point of these measures is to address the concerns that Members rightly raised that companies could be incentivised to purchase large amounts of stock, stockpile it and then roll it out right the way through to 2027. I told the House in July that I would set us on a clear and unambiguous path to 2027, and these measures do exactly that.

Alun Cairns Portrait Alun Cairns (Vale of Glamorgan) (Con)
- Hansard - - - Excerpts

Does the Secretary of State agree that, associated with the Bill, there needs to be a plan for the greatest diversity in the supply chains? That is the long-term solution, because part of the challenge is that we have ended up focusing on one supplier, Huawei, which has been dominant in this field. What action is he taking in that area?

Oliver Dowden Portrait Oliver Dowden
- Hansard - - - Excerpts

I thank my right hon. Friend for his intervention. The interventions are tempting me to jump around points that I intend to make, but he is right about the importance of diversification. We have published the diversification strategy, which is available for Members to examine, and I will come on to it in a moment.

It is this Bill and this Bill alone that gives Members the assurances they seek for the security of our networks both now and in the future. Further to the point made by my hon. Friend the Member for Tonbridge and Malling (Tom Tugendhat), operators are already taking our approach seriously—they are working now to meet the Government’s requirements. For example, BT has signed a deal with Ericsson for 5G equipment to enable it to phase out Huawei and is already in the process of using Ericsson products to replace Huawei in its core. Where operators can go further and faster without jeopardising the stability of our network, we will of course encourage them to do so, but it would be a big risk to force them to go even further. BT and others have warned that moving faster could put our networks under considerable strain, creating significant risk of blackouts, and it would take longer for 5G to reach the parts of the country where it would make the most difference.

Tobias Ellwood Portrait Mr Ellwood
- Hansard - - - Excerpts

O2, Three and BT had concerns that they would have to cancel their contracts with Huawei but still pay for them, because the equipment was on its way. Could my right hon. Friend clarify what happens to contracts that are in the pipeline, which could see these companies go bust if they have to pay for them?

Oliver Dowden Portrait Oliver Dowden
- Hansard - - - Excerpts

My Department is in close contact with mobile network operators. I do not think that the sort of risk my right hon. Friend describes of companies going bust is remotely the case. Furthermore, we have given clear advance notice of this. For example, we made the first statements in January this year. We updated the guidance in July, and we also consulted extensively with the mobile network operators on the requirements in relation to installation that I am announcing today.

Kevan Jones Portrait Mr Kevan Jones
- Hansard - - - Excerpts

Will the Secretary of State give way?

Oliver Dowden Portrait Oliver Dowden
- Hansard - - - Excerpts

I will make some progress. I may come back to the right hon. Gentleman later, but I have already given way to him twice.

I know that some Members are concerned that we have not named Huawei on the face of the Bill and that our approach could be reversed in years to come. I want to reassure those Members on a number of fronts. We have not chosen to name Huawei for two compelling practical reasons. First, as we discussed, this Bill is designed to tackle not only the Huaweis of today but the Huaweis of tomorrow, wherever they come from. It needs to be flexible enough to cover future threats and not tie our hands by limiting our response to one company and one company alone. Secondly—this is the most crucial point—making reference to any one company would create a hybrid Bill, dramatically slowing the passage of the Bill and therefore our ability to combat all high-risk vendors, including Huawei.

However, as a concrete sign of our commitment to tackling the national security risks posed by Huawei, I can confirm today that we are going further in two significant ways. First—I hope Members will have had a chance to see this—we have published an illustrative designation notice and an illustrative designated vendor direction to demonstrate how the Bill’s powers in relation to a high-risk vendor could be exercised. Given the level of concern in this House and in the other place about Huawei’s role in 5G infrastructure, these illustrative drafts name Huawei explicitly, clarifying our position beyond doubt, and set out a clear pathway to the reduction and removal of its equipment.

Luke Evans Portrait Dr Luke Evans (Bosworth) (Con)
- Hansard - - - Excerpts

Does the Secretary of State believe that taking out companies such as Huawei may damage the economic impact, and what assessment has he made about making sure that we are at the forefront of growing 5G network in the UK?

Oliver Dowden Portrait Oliver Dowden
- Hansard - - - Excerpts

My hon. Friend raises an important point. We are clear-eyed about putting national security first. If national security and economic interests are in conflict with each other, national security comes first. But within the context of that, we have properly weighed up the risks as between different dates. I believe that 2027 strikes the appropriate balance in that it can be delivered with impact, in the way that I described in my statement to the House in July—it will have an impact in terms of cost and roll-out for mobile network operators—but it does not run the risk that we go too far and too fast, whereby we risk some sort of blackout and loss of provision.

In addition to the draft directions, we are going a step further by using the illustrative directions to set out a new hard deadline for the installation of Huawei equipment. That direction makes it clear that all operators must not install Huawei equipment in their networks from the end of September 2021.

That clarification has clear practical implications. It will prevent any operator from stockpiling Huawei kit in the hope that the ban might be reversed. The new installation deadline will create cold hard facts on the ground, effectively turning the plan for Huawei’s removal into an irreversible reality.

The powers in the Bill also allow us to keep an eagle eye on the progress of Huawei’s removal. They enable us to require Ofcom to obtain information from companies to see whether a provider has complied, or is complying, and they allow us to require providers to prepare a plan setting out exactly how they intend to get to zero Huawei by 2027.

Using those powers, we will not just publish an annual report of compliance on the removal of Huawei equipment, but keep a close watch on the future progress of all telecoms companies where Huawei is concerned. Under this rigorous monitoring and reporting system, no provider will be able to drag their feet. They will need to provide proof that they are working to meet the 2027 deadline. But, critically, we can do this only if we secure these important powers—the powers that will enable us to take action in relation to Huawei to protect our networks, but also to take action against any other potential high-risk vendors now and in the future.

Kevan Jones Portrait Mr Kevan Jones
- Hansard - - - Excerpts

The right hon. Gentleman is wrong. This Bill is actually about security. The reason he is going to get the powers is to take out vendors who are a clear high risk. Huawei has been there for a while. The kit that he is talking about banning after 2021—even if it is stockpiled or part of a contract—has not got a security implication at all because it has already gone through our Huawei centre. So I am not sure that he has the powers in the Bill to do that. I am sorry, but if I were a telecoms provider and I had a contract or a stockpile of kit that I could not use, I would be looking at taking legal action against the Government, because he cannot use the Bill if that equipment is not a threat to national security, which it is not.

Oliver Dowden Portrait Oliver Dowden
- Hansard - - - Excerpts

I say to the hon. Gentleman—[Interruption.] I beg his pardon. It is the right hon. Gentleman. I stand corrected. I say to the right hon. Gentleman that, first, this Bill and the measures in it implement what we announced as a Government in January and July, which, in turn, was based on the advice of the National Cyber Security Centre and GCHQ. In relation to whether I, or any Secretary of State, has sufficient powers in the Bill, I refer him to clause 16(2), which inserts new section 105Z8(4)(a) to (l) into the Communications Act 2003, which sets out a very wide range of bases on which I can designate a provider as high risk and take measures, so I am confident that I have those sufficient powers.

We must never find ourselves in this position again. Over the last few decades, countless countries across the world have become over-reliant on too few vendors, thanks to a lack of competition in the global telecoms supply chain. While this is a global problem, today this Government are officially leading the way in solving it. Alongside the Bill, we have published an ambitious diversification strategy—the first such strategy to be published anywhere in the world. It sets out our vision of what an open, competitive, diverse supply market for telecoms will look like, and the measures we will bring forward to develop an innovative and dynamic market.

We want to make progress as quickly as possible, so today I can also confirm that we are committing £250 million to kick-start this work. That includes funding and building a state-of-the-art national telecoms lab, which will bring together suppliers from across the world to test the performance and security of their equipment. We are also running a 5G open radio access network trial with the Japanese supplier NEC in Wales to help the entire UK benefit from this exciting new industry. That, of course, comes on top of NEC establishing a global open RAN centre of excellence in the UK just last month. We also know that Vodafone has recently announced that it intends to deploy open RAN technology across more than 2,600 of its sites—the largest commitment of its kind across any European network.

Tom Tugendhat Portrait Tom Tugendhat
- Hansard - - - Excerpts

The Secretary of State is rightly focusing on open RAN and the opportunity to partner with others in the democratic and law-abiding world. What has he done to reach out to countries such as South Korea, whose Samsung system could provide for the UK, and to encourage Nokia, Ericsson and Fujitsu in Japan?

Oliver Dowden Portrait Oliver Dowden
- Hansard - - - Excerpts

I am pleased to say that the Minister for Digital Infrastructure has met every one of the parties my hon. Friend named; indeed, I have met many of them. Essentially, we are working across three strands. First, we are working with the existing vendors—there were three, now to become two—to secure them and make sure we do not lose a further one. We are also working with new potential incumbents such as NEC and Samsung. In addition, we are working across a range of countries, in particular the D10, to ensure that we work together to improve standards in telecoms.

Iain Duncan Smith Portrait Sir Iain Duncan Smith (Chingford and Woodford Green) (Con)
- Hansard - - - Excerpts

I am grateful to my right hon. Friend, who is being customarily generous in giving way, but can I just make a point to him and hear his answer? This situation has constantly been wrongly described as a market failure. It was not a market failure; the failure was in the reality of one country abusing and breaking World Trade Organisation rules on subsidies. The key problem has been that China has subsidised its providers dramatically, even over 100% on contract, which has killed this market over the last 10 years. Once we release the market by stopping that, the private sector will come back into this industry because competition will be real competition, not broken competition. That is the key point.

Oliver Dowden Portrait Oliver Dowden
- Hansard - - - Excerpts

My right hon. Friend highlights one of a range of different market distortions that have been going on. To a certain extent, there will be some market correction, but the Government also need to intervene, and our diversification strategy addresses that. If we are to get existing vendors who are not currently in the UK market back in, or to create a new open RAN solution, we need to provide financial incentives, and the diversification strategy touches on many of the steps that we propose to take.

We are taking concrete steps towards a solution, but diversification is not just a problem to be solved. It is also an opportunity to be seized. As part of our strategy, we will invest in homegrown solutions that will put us at the forefront of developing 5G technology and all the transformative benefits it brings. The next phase of this work will be taken forward by the Telecoms Diversification Task Force, chaired by Lord Livingston, formerly of BT, and others. I am grateful for the work that he, industry and academic experts have done in developing the strategy and in taking it forward.

The Bill has not been designed around one company, one country or one threat. Its strength is that it creates an enduring, flexible and far-reaching telecoms regime, one that keeps pace with changing technology and changing threats, that supports billions of phone calls, email exchanges and file transfers in this country every day, and that is essential to the UK’s economy and its future prosperity.

I listened carefully to the concerns of Members on both sides of the House in designing the legislation, and I have sought to address those concerns head on in the Bill as it stands before the House. I genuinely hope that the Bill will command cross-party support and that we will be able to work together in the national interest to ensure the security of our telecoms networks. I commend the Bill to the House.

18:45
Jo Stevens Portrait Jo Stevens (Cardiff Central) (Lab)
- Hansard - - - Excerpts

It is a pleasure to speak in this Second Reading debate on the Telecommunications (Security) Bill on behalf of the official Opposition. Labour will always put national security first, so we are pleased to finally see this Bill brought forward by the Government. All sides of the House agree that the first duty of any Government is to protect their citizens, and we have confidence in our national security services, which go to such lengths to keep us all safe.

I say I am pleased to finally see this Bill brought forward because it has been clear for a long time that there were serious questions over whether high-risk vendors, specifically Huawei, should be allowed to control large sections of our country’s telecoms networks. But let us be frank: until this year, the Government had failed to face reality. I agree with the shadow digital Minister, my hon. Friend the Member for Newcastle upon Tyne Central (Chi Onwurah), who said here in July that the Government’s

“approach to our 5G capability, Huawei and our national security has been incomprehensibly negligent.”—[Official Report, 14 July 2020; Vol. 678, c. 1378.]

As long ago as June 2013, the Intelligence and Security Committee report on “Foreign involvement in the Critical National Infrastructure” made it absolutely clear that risks had to be properly identified, assessed and managed, and that processes and procedures had to be put in place to achieve this, and those needed to be completely robust.

I am sure that Conservative Members will be keen to mention that Huawei first entered the UK network in 2006 under a Labour Government, but as is very clear from the ISC report, that decision was one taken by officers, and Ministers were not told about it at the time. In fact, they were not even told that a contract had been signed until a year later, seemingly because those officials felt that to invest in Huawei brought significant trade, financial and diplomatic consequences. Since that decision, much has changed with the situation of the UK’s relationship with China. The Conservative party have had ample time not only to begin that removal process, should it have wished to, but to invest in the diversification that could have meant we had a homegrown alternative ready to use. It is only today, after 10 and a half years in government, that this diversification strategy has finally been published.

We know that the political background to this Bill has much to do with the power of many Conservative Back Benchers—many are here today, and I am looking forward to hearing all the contributions to the debate in due course—but it is as much to do with what had been a desire to satisfy the now outgoing President of the United States as it is with the safety of our critical national infrastructure, and this political soap opera has been an unnecessary distraction.

Tom Tugendhat Portrait Tom Tugendhat
- Hansard - - - Excerpts

The hon. Lady will forgive me for picking just a very small hole in her argument. One of the very few policies on which President-elect Biden and President Trump, and indeed even Speaker Pelosi, do absolutely agree is the challenge of China and digital infrastructure, and particularly Huawei, so I am not entirely sure this can be put down to satisfying the Trump Administration. Indeed, it is something on which we agree with Australia, Japan, South Korea, Germany, the Czech Republic—I can keep going—while France banned it in 2009. This is not just an American issue.

Jo Stevens Portrait Jo Stevens
- Hansard - - - Excerpts

I accept that it is not just an American issue, but it was the right thing for the wrong reasons, essentially. As I say, this political soap opera has been an unnecessary distraction when it comes to the serious matter of extracting high-risk vendors from the network, which has been slow and fragmented.

Mark Pritchard Portrait Mark Pritchard (The Wrekin) (Con)
- Hansard - - - Excerpts

On a point of fact and detail, I recall in 2009 the Chinese Premier being with the then Prime Minister Gordon Brown in Downing Street, welcoming the strategic partnership—with an all-singing, all-dancing party in Downing Street—between Vodafone and Huawei. It is therefore a little party political to suggest that it is only the Conservatives who have perhaps taken their eyes off the ball, something which we are correcting today.

Jo Stevens Portrait Jo Stevens
- Hansard - - - Excerpts

The hon. Gentleman seems to have forgotten about the former Prime Minister David Cameron and the former Chancellor of the Exchequer George Osborne, who also gave such a welcome.

It is worth outlining for the record the meandering journey that we have been on towards the publication of the Bill. The House will recall that in May 2019 the current Secretary of State for Education, the right hon. Member for South Staffordshire (Gavin Williamson) was sacked as Secretary of State for Defence following an inquiry into a leak from a National Security Council meeting at which it was reported that the Government had been advised in May 2019 to remove Huawei from the network. It was not until January this year—eight months later—that the Government decided that Huawei equipment should be excluded from the sensitive core parts of the 5G and gigabit-capable networks and from sensitive and safety-critical locations such as critical national infrastructure, and that its access to the non-sensitive parts of the network described as the “edge” would be capped at 35%.

In May, the United States imposed sanctions on Huawei through changes to their foreign direct product rules that restricted Huawei’s ability to produce important products using US technology or software. The NCSC advised that the UK could no longer be confident that it would be able to guarantee the security of future Huawei 5G equipment affected by the change in those US rules so, as the Secretary of State outlined, the Government changed their position again in July, announcing a ban on the buying of new 5G Huawei equipment after December this year and the removal of all equipment from our 5G networks by the end of 2027.

The UK has been slower to take action than our Five Eyes allies. In August 2018, the Australian Government blacklisted Huawei from the country’s 5G network in response to security advice, and New Zealand took the same decision in that same year. Our Intelligence and Security Committee made it clear 18 months ago that the debate on high-risk vendors had been “unnecessarily protracted” and damaging.

Kevan Jones Portrait Mr Kevan Jones
- Hansard - - - Excerpts

It is worse than that. I know we had the panda-hugging days of Osborne and Cameron, but an ISC report in 2013 raised the issue of critical national infrastructure, with particular reference to Huawei, and nothing was done.

Jo Stevens Portrait Jo Stevens
- Hansard - - - Excerpts

My right hon. Friend is absolutely right. For the benefit of anyone who has not read that report, it is pretty damning. We now find ourselves in a situation in which drastic action is necessary to safeguard national security and our critical national infrastructure, while at the very same time the economic imperative of the roll-out of 5G for the country has never been more urgent—and that has obviously been added to by the impact of the covid pandemic.

It is worth putting on the record that there are reasons other than national security in respect of Huawei that concern many Members from all parties in this House. The telecoms company has provided surveillance technology to the Xinjiang public security bureau, facilitating the construction of the world’s most invasive surveillance state. Last November, an Australian Strategic Policy Institute report detailed how Huawei has developed the Xinjiang public security cloud, which makes possible the total control and repression of Uyghur Muslims. As my hon. Friend the Member for Leeds North West (Alex Sobel) set out in a Westminster Hall debate on 4 March this year, the company has a shameful record on workers’ rights, operating

“a ‘wolf’ work culture of long hours and brutal workplace norms.”—[Official Report, 4 March 2020; Vol. 672, c. 282WH.]

Tobias Ellwood Portrait Mr Ellwood
- Hansard - - - Excerpts

The hon. Lady is setting out a long list of concerns with which many in the House would absolutely agree. Does she agree that for the reasons she is outlining it is perhaps now time for us to review the overseas aid that we give to China?

Jo Stevens Portrait Jo Stevens
- Hansard - - - Excerpts

I do not want to step beyond my brief and interfere in that of my shadow Cabinet colleague, but we certainly should not be doing business with any companies that breach both human rights and workers’ rights. We have international labour standards in place and these are not companies with which to do business.

Turning now to broadband and 5G roll-out, and the delays and the costs layering on top of them, we have already seen delays in the roll-out of second and third generation fixed broadband, and we are now at the bottom of the OECD tables. In fact, only last week the Government sneaked out in the Chancellor’s spending review plans to water down their broadband promises. Instead of keeping to their manifesto promise to roll out gigabit-speed broadband to every home in Britain by 2025, the Chancellor revealed that the Government are now aiming to have a minimum of 85% coverage by that date. The budget for that plan remains the same, but now only £1.2 billion of the £5 billion will be made available up until 2024, so this will impact on the so-called levelling-up agenda.

The Government’s delay in dealing with the issue of high-risk vendors until now has also meant that there will be added delays and costs to the roll-out of 5G. The Secretary of State accepted that in July, when he said that the cumulative delay would be two to three years. However, the Government’s impact assessment for the Bill does not establish the effect of removing Huawei from the core network on the timescale for the 5G roll-out, so has the Secretary of State’s position, set out in July, of a two to three-year delay changed at all, and why does the impact assessment fail to address that issue? Also in July, the Secretary of State predicted that removing Huawei would cost operators up to £2 billion, but that could be a huge underestimate, because BT alone is saying that it will cost it £500 million, and the costs could be far greater, including the knock-on effects in terms of lost revenue and wider economic benefits.

As well as those economic consequences, there is another impact, because the provision of 5G for most of the UK will increase the digital divide without significant measures to tackle it. The three central problems at the heart of this divide are lack of internet connection, lack of technological devices, and lack of the skills to use new technology in a meaningful way. The Government have promised, and so far failed, to solve the lack of connection, which is a particular problem for under-served communities. There is nothing about 5G that will make it a better option for those communities, who are already lacking affordable access to fast internet. In addition, there is the distinct possibility that in order to access mobile 5G internet, users will need newer and more expensive devices built for those increased speeds. The pandemic has highlighted these divides and thrown into stark relief the need for help and support for those whose lack of connection, skills and equipment is a real barrier both in terms of employment and other meaningful connections.

There is one other significant consequence to the Government’s delay, and that is the new 4G-based emergency services network. That is now unlikely to completely take over from the existing platform until 2024-25. This delay is costing taxpayers millions. If the Government are forced to keep airwaves going beyond 2022, every year of delay adds an extra cost of about £550 million. The core of the ESM network does feature Huawei equipment, but EE has said that it is already working to strip this out and hopes to complete that by 2023. However, can the Secretary of State reassure the House that the presence of Huawei kit in the 4G ESM network will not have any impact on its lifespan, financial implications or security status and safety concerns?

I turn now to the removal of high-risk vendors’ equipment from the 5G networks. For the purposes of this debate, it is probably easier to refer to it as the removal of Huawei equipment, because that is where everybody’s current focus is. This must all be removed from networks by 2027. There is the “no new purchasing” rule from the end of this month, and the Secretary of State has announced today that existing stocks cannot be used after September 2021. However, there are questions for the Government around the implementation of this that I hope the Minister will be able to answer.

I have five specific questions. First, given that the Bill is based on a distinction between the core and the edge of the networks, how confident are the Government of the durability of the barrier between the core and the edge? Secondly, what steps are the Government taking to prioritise the removal of any existing Huawei equipment from the more sensitive core part of the network, and how much equipment does Huawei have in it? Thirdly, are the Government proposing to provide help to businesses who have invested in Huawei equipment ahead of this decision, and will there be legal support, as many operators may have to honour contracts that they cannot actually use or possibly afford? Fourthly, what steps will the Government be taking to work with local authorities and others to minimise disruption to businesses and individuals when removing the equipment? Fifthly and finally, what steps are being taken to minimise the costs to business?

I have one other point, from a different policy angle. When Australia banned Huawei from participating in its 5G network in 2018, China imposed retaliatory measures on Australian goods. The Government’s impact assessment does not address the economic consequences of potential retaliatory measures, so can they explain what steps are being taken to plan for that possibility?

Iain Duncan Smith Portrait Sir Iain Duncan Smith
- Hansard - - - Excerpts

The hon. Lady makes reference to what the Chinese Government have been doing with regards to the Australians, which is appalling and breaches WTO rules. In a way, her request for the Government to formulate plans against such a breach is really a request of the WTO to act in this case, as it should have done earlier against China’s abuses and breaking of the WTO rules.

Jo Stevens Portrait Jo Stevens
- Hansard - - - Excerpts

The right hon. Gentleman makes a valid point.

This Bill gives huge powers to the Secretary of State under the auspices of national security, but it does not define what that means. The Secretary of State will be responsible for making national security judgments and decisions in relation to potential high-risk vendors. The impact assessment suggests that he will not do so unilaterally and that he will consult with the NCSC, but it is incumbent on the Government to explain why they consider that the Secretary of State for Digital, Culture, Media and Sport—I mean nothing personal to the right hon. Gentleman in saying this—is the appropriate decision maker on issues of national security. Would it not be better for the Secretary of State to conduct a multi-agency review prior to using these national security powers, as my right hon. Friend the Member for Doncaster North (Edward Miliband) has suggested in relation to the National Security and Investment Bill, which hands similar powers to the Secretary of State for Business, Energy and Industrial Strategy?

The lack of a definition of national security in this Bill raises particular concerns about the significant level of discretion afforded to the Secretary of State, the transparency with which such decisions will be made and the ability of Parliament to scrutinise those decisions. On another issue relating to scrutiny, Parliament is being asked to vote on this primary legislation before significant elements of how it will operate have been published, because secondary legislation will set out specific security requirements that providers must meet and the codes of practice that have been mentioned. Those will only be available after the Bill has received Royal Assent.

We have concerns about the role and the scope of the powers given to Ofcom in this legislation. These are new powers, which are pretty onerous. With Ofcom also expected to be named as the regulator in the promised online harms Bill—when that finally arrives—we are concerned about the resourcing of and the expertise within Ofcom to be able to deliver its statutory duties and responsibilities. We are concerned not so much about the volume of work, but that the administering of this new security regime may require skills that Ofcom, and potentially DCMS, are unlikely currently to possess. The impact assessment with the Bill suggests a combined monitoring cost for DCMS and Ofcom of £7 million to £12 million over a 10-year period. Do the Government really think that this resourcing budget will be sufficient?

Finally, I turn to the issue of diversification of the telecoms sector. In the ’80s and ’90s, as BT was privatised, our telecoms supply chain was allowed to fall mainly into foreign hands, although they were the hands of our allies. Conservative Governments over the last decade squandered the world-leading position that our broadband infrastructure had been left in by the last Labour Government. Successive Conservative Governments have lost, given away or under-invested in our sovereign telecoms capability as that supply chain has become dominated by high-risk vendors. There are of course added benefits to reducing reliance on a small number of global vendors, including increasing competition, driving innovation and improving resilience, but, as BT and others have warned, it will take time to move at scale towards new approaches. Network operators need to be confident in the maturity, performance, integration and security credentials of new vendors and technologies before they are deployed in their main networks. We agree that the Government can and should help to accelerate that progress, because in doing so, there is the potential to create opportunities for the UK to take the lead, as well as to create much-needed jobs. The strategy published today will need significant scrutiny. The £250 million announced in the spending review last week is obviously welcome, but it lacks sufficient detail, and we look forward to hearing more about how it will be spent.

The Secretary of State claims that this Bill will give the UK one of the toughest telecoms security regimes in the world and allow us to take the action necessary to protect our networks, and I hope he is right. We will not oppose the Bill’s Second Reading, but we have many concerns that will need to be considered and addressed in Committee. The Bill that the House eventually passes must take steps to ensure that our telecoms supply chain is resilient in the future, or we will be forced to return here in a short time to deal with the next Huawei.

We must be mindful, as with all legislation, that we seek to anticipate the problems of the future rather than just deal with the issues that we face today. We of course fully support steps to remove high-risk vendors from the network, but they must go hand in hand with credible measures to diversify the supply chain. We are in this situation because there are no viable alternatives to Huawei, homegrown or otherwise, and that is, in part, a result of the chronic under-investment and lack of leadership from the Government on digital infrastructure. We have to ensure that this does not happen again.

19:06
Julian Lewis Portrait Dr Julian Lewis (New Forest East) (Ind)
- Hansard - - - Excerpts

It is an absolute pleasure to follow such sensible speeches from those on both Front Benches. There is a history to today’s legislation which I shall set out and against which my Committee colleagues can develop the Intelligence and Security Committee’s current perspectives. As the hon. Member for Cardiff Central (Jo Stevens) mentioned, it was in June 2013 that the Intelligence and Security Committee, on which I served under Sir Malcolm Rifkind’s chairmanship, published a no-holds-barred report on foreign involvement in the critical national infrastructure. It focused on the casual and cavalier way in which contracts were signed between British Telecom and Huawei prior to any ministerial involvement, and it insisted that:

“The National Security Council should ensure that there are effective procedures and powers in place…when it comes to investment in the CNI.”

We demanded an effective process by which Government are alerted to potential foreign investment in the CNI; an established procedure for assessing the risks; a process for developing a strategy to manage these risks throughout the lifetime of the contract and beyond; clarity as to what powers the Government have or need to have; and clear lines of responsibility and accountability. The Committee was

“shocked that officials chose not to inform, let alone consult, Ministers on such an issue.”

That, we concluded, must never again be allowed to happen.

The Government’s July 2013 response to the report bordered on complacency. They conceded that

“with hindsight, we agree that Ministers should have been informed”

and put their faith in the relatively new National Security Council, in conjunction with “cross industry-government groups”, to provide better protection in future. Replying to our main finding that their

“duty to protect the safety and security of its citizens should not be compromised by fears of financial consequences”,

the Government observed that

“HMG’s approach balances economic prosperity…with national security…Boosting trade and investment is a key part of the Government’s plan for growth and we are working hard to develop our economic relationships with key trading partners, including China.”

As Huawei’s chief executive officer had been given the full red-carpet treatment at 10 Downing Street only the previous September, that response was all too predictable, and thus the courtship continued, despite growing anxiety among our Five Eyes partners, such as Australia and the United States.

There can be no doubt of the sincerity of the technical advice given by our experts at GCHQ and, more recently, in the National Cyber Security Centre, its public-facing arm. They recognise—as does the Bill—that the lack of diverse suppliers is a critical future vulnerability. For telecommunications to be resilient, their networks need more than two providers on which to depend. Otherwise, the collapse of one provider means total reliance on the other. Yet should that really override the danger of ever-closer involvement with a company legally in thrall to potentially hostile Chinese intelligence services?

In a statement in July last year, the ISC acknowledged the National Cyber Security Centre’s paradoxical point that three providers might be safer than two, even when the third comes from an adversarial state. Yet it rightly pointed out that

“the issue cannot be viewed solely through a technical lens—because it is not simply about telecommunications equipment. This is a geostrategic decision, the ramifications of which may be felt for decades to come… It is about perception as much as anything: our Five Eyes partners need to be able to trust the UK and we must not do anything which puts that at risk… And there is the question as to whether other countries might follow the UK’s decision”

when they are not as capable of protecting their networks as we are of protecting our own.

Some say that the Government’s perseverance with Huawei was justified on the basis of the technical advice they were given—right up to the point earlier this year when the United States brought in its fierce further sanctions. Yet the fact that the US would take such a step should have been anticipated. Our belated U-turn in July shows what happens when multifaceted problems are examined in a one-dimensional way.

Seven long years after our Huawei report, the Government have—in the space of a fortnight—introduced two important Bills: this one and the National Security and Investment Bill. Taken together, according to the National Cyber Security Centre, they should help to establish an

“appropriately secure and resilient telecoms infrastructure”

and

“effect the security transformation we”—

the NCSC—

“believe to be necessary”.

We are assured that

“operators adhering in totality to the new security regime will be among the most secure in the world”.

Hopefully, our US partners—currently promoting an international clean network initiative—will agree and Five Eyes harmony on those vital matters can now be reinstated.

Having waited so long for two such necessary Bills, the ISC must sadly record our concern that, in both cases, their Second Reading debates were held within just four working days of their introduction on First Reading. Normally, adequate notice of about two weeks would enable our hard-working staff to obtain relevant confidential material and advance sight of such legislation to allow proper prior consideration. The tiny window of opportunity afforded by the parliamentary timetabling has prevented this from happening, and our staff had to fall back purely on publicly available sources.

Proposals such as those in this Bill, which the Committee first recommended in 2013, are therefore to be welcomed, but the public rely on the ISC to assure them that we have asked those questions in private that cannot be discussed more openly. As that has not yet happened, our support for the Bill in principle cannot be as unqualified at this stage, as we should like it to be, though I welcome the Minister’s offer to speak to the Committee later this week.

Here are a few of the questions that can be asked on the Floor of the House. First, as the Department for Digital, Culture, Media and Sport has not traditionally specialised in national security, on whom will the Secretary of State rely for advice when deciding whether to issue restrictions against high-risk vendors, or directions to telecoms providers?

Secondly, if the answer is the National Cyber Security Centre and our wider intelligence community, will there be procedures to guarantee that they will be consulted with adequate notice, and who will ensure that their advice is given sufficient weight? Thirdly, in view of the revolving door, via which too many businessmen and ex-civil servants effortlessly glide between their former roles and the Huawei boardroom, what assurance can we have that the Government will be immune from lobbying campaigns by those on the payroll of high-risk vendors?

Finally, I have a question that I was pleased, I think, to hear the Secretary of State answer 15 minutes into his opening speech, but it would be nice to have the Minister reiterate that answer: unlike in 2013, do the Government now fully accept that national security must always be their overriding consideration where critical national infrastructure is concerned?

19:15
Richard Thomson Portrait Richard Thomson (Gordon) (SNP)
- Hansard - - - Excerpts

It is a pleasure to speak in this Second Reading debate and to follow the Chair of the Intelligence and Security Committee, the right hon. Member for New Forest East (Dr Lewis), who has given us some very important historical context to how we have arrived at the point we have arrived at today. He posed some pointed and pertinent questions, which we look forward to seeing addressed as the Bill progresses.

The Bill provides a very much stronger security framework for telecommunications infrastructure and gives the Government the ability to manage the risk posed by high-risk vendors. I speak on behalf of my group when I say that we support it in all that it is trying to achieve. 5G technology offers great opportunities for connectivity and for commerce, through the internet of things, including the greater use of telemedicine, automated threat detection and even autonomous vehicles, but anything that compromises the access to or proper use of telecommunications networks or the security and integrity of the information that flows through them is a cause for concern. Whether in terms of intercepting information, interfering with information or stopping it from being transmitted or received, it represents a commercial and security threat to be very much guarded against.

Clearly, the infrastructure that the suppliers use to provide us with that communications bandwidth is of crucial importance in maintaining the security and integrity of that information. Therefore, it is something of a surprise that the UK Government appear to have come to the realisation only comparatively recently that having too much of the critical national infrastructure in too few hands might be a problem.

The Scottish National party is clear: the UK Government need to learn the lessons of how we have got to where we have got to on security in awarding the 5G contracts and to provide assurances going forward that the replacement strategy will be a safe and secure one. My party very much wishes us to be among the forward-looking nations at the forefront of the 5G age. However, given that these new opportunities carry new risks, security and resilience need to be built into it from the outset. We also wish to be assured that this legislation and the impacts that it may go on to have will not adversely impact network roll-out or consumer costs in the longer term, and we also want to make sure that the opportunities for building our domestic capabilities in manufacturing, in open RAN and in the broader supply chain will be fully seized.

Inevitably, in this debate so far there has been a focus on Huawei and China, and for all that Huawei has previously been regarded as a reliable partner, that focus is entirely understandable. The point needs to be made that Huawei did not suddenly become a potentially high-risk vendor overnight. This has not just crept up on us; it has been allowed to creep up on us. The Chinese Government’s involvement in recent state-sponsored cyber-attacks ought to have been enough to set the alarm bells ringing, if they were not already ringing, and to give proper cause for refection over the possible security concerns in that well before now. It is right that we use this opportunity to pause for reflection on the relationship we have with China.

Clearly, it is important to have a strong relationship, one on which we would seek to exert a positive influence, especially when it comes to human rights. However, international relationships need to be founded on self-respect as well as on mutual respect, and if this Government wish to be able to deal with other Governments on as close to equal or favourable terms as is possible, it is important to ensure that they do not leave us in a position where we are too reliant on any other single state for technology or investment.

Make no mistake: a rapid de-engagement of this kind with Huawei technology is not helpful to maintaining constructive relationships. In our relationship with China, there will now inevitably be a price to pay in terms of loss of influence, as well as an economic price to pay at home if this holds up our roll-out of the technology. To be absolutely clear, we are glad that the decision was taken, but although that U-turn was necessary, there needs to be a clearer commitment to domestic manufacturing than in previous years—decades, even—and better visibility on emerging threats from Governments. This situation was avoidable.

Hybrid threats are growing, as are the capabilities of states and non-state bad actors to enact them, and the UK very much likes to see itself as a country that punches above its weight in the world. In our military and intelligence services, that is almost certainly the case, but I believe there needs to be a realisation and an embracing of the concept of total defence and resilience. At this point in time, our Scandinavian and, particularly, Baltic neighbours seem to have a much better grasp of the significance of that concept than the UK Government do. It is to be very much hoped that with this legislation and recent announcements on defence spending, the UK might now be beginning to come to terms with the many ways in which our economic activities, our public space, and even our political space can be undermined in asymmetric and unconventional ways and finally taking steps to properly address that.

To get into some of the detail of the Bill, the Government have made it clear that vendors who they consider to be high risk should not have access to the core 5G infrastructure. Obviously, we agree, but this needs to be a formal part of any requirements for infrastructure of this kind, and there should be assurances from the Government that any replacement vendors for Huawei or, indeed, others meet the very highest standards that we would expect with that objective in mind.

The Government also need to ensure that there is a proper dialogue with our international allies, to ensure conformity—as far as possible—with high standards of protection. Like many western countries, we are an importer of technology, and as such we need to be seeking unity, as far as possible, in the standards we are willing to allow for this infrastructure that we will ultimately be sharing with our allies and neighbours.

For all that technology is a matter that is reserved to Westminster under the Scotland Act 1998, there are clear implications in how the Bill may operate for devolved nations. We would very much like to see in it a duty on the part of Ministers to consult with devolved nations before taking any ministerial actions under the Bill, as well as a duty on the Minister to consult with devolved nations when it comes to the five-yearly review of the effectiveness of clauses 1 to 13. Given the reserved nature of telecommunications, if there are any additional costs that accrue to businesses or Governments—by businesses, I do not necessarily mean the telecoms companies themselves—the UK Government may be willing to at least contemplate assuming some of the costs that might otherwise fall on tiers of government or the non-telecoms businesses.

I wish to spend some time dwelling on the impact of the roll-out. As a Member of Parliament for rural Scotland, I know that this problem is not unique to rural Scotland—other parts of the UK are affected as well—but there is a recurring theme. From the original Vodafone and Cellnet networks through 3G and to 4G, the coverage maps for mobile phones inevitably roll out in exactly the same way and cover pretty much exactly the same pattern, with the same notspots being missed out.

It is my earnest hope that the same thing does not happen with 5G. It is also important to point out that the roll-out of 4G, and even 3G, across Scotland has not been as complete as we would like, and it would be naive in the extreme to think that 5G roll-out will be any different unless there are some significant changes. It would also be naive not to recognise some of the potential problems that the Bill might present in that light, in terms of the rate of build-out that would otherwise have occurred.

To put the issue into perspective, just 42% of Scotland’s land mass has 4G coverage from all four main UK operators, and 80% from at least one mobile operator. Almost 1 million people living in rural areas currently have no reliable mobile service at that speed of connectivity. That is unacceptable, and has to be an early part of any levelling up agenda.

Owing to the lack of hardware interoperability that the mobile network has been built with, mobile network operators will have to rip out and replace a large amount of high-risk vendor equipment from existing 4G mobile masts before they can even be upgraded to 5G using equipment from an alternative supplier, as well as writing off and replacing that equipment from high-risk vendors already deployed. It is inevitable that the resulting reduced competition will drive prices higher.

From discussions with and briefings from the industry, it is clear to me that while operators can absorb the costs of the decision to remove Huawei equipment, BT estimates that the cost will be as much as half a billion pounds for it alone. It will not be possible to move any faster than the 2027 deadline that the Minister mentioned without creating a significant risk of network blackouts, as well the loss of economic benefits that would otherwise accrue to all parts of the UK. It is a huge challenge for the network operators, and we should not underestimate it. I would like to hear the Minister give a clear assurance that the Government will stick to the 2027 deadline and will not make what is already a difficult job for the mobile network operators even harder.

I would also like the Government to look at ways of trying to counteract the negative effect on the speed of the roll-out. Governments of all political stripes have been rewarded handsomely from selling off electromagnetic spectrum portions for mobile roll-out. Looking again at some of the licence fees might allow some of the telecommunications companies to save that money to invest in new infrastructure from non-high-risk vendors, which would compensate for that level of roll-out and give consumers and business the coverage that we all hope they can get from 5G.

On diversification of the marketplace, we very much welcome the Government’s 5G supply chain diversification strategy, which has been announced alongside the Bill. Reducing the reliance on a comparatively small number of big-player vendors will be hugely important in increasing competition, driving innovation and improving resilience. It will take time to move at scale towards new approaches such as open RAN, and to be successful, network operators need to be confident in the maturity of the performance and the integration and the security credentials of new vendors and technologies before they are deployed on the main networks. The Government can help to accelerate that process and create real opportunities for leadership and job creation with an ambitious commitment to research and development and trials. The funding of £250 million for that activity in the spending review and the Government’s national infrastructure strategy are very much to be welcomed.

This is an important and necessary Bill. It is one that we very much look forward to getting into the detail of and scrutinising further as it makes progress.

19:28
Mark Pritchard Portrait Mark Pritchard (The Wrekin) (Con)
- Hansard - - - Excerpts

I welcome the introduction of the Bill. It is long overdue. Over the past two years, the Government have attributed a range of significant cyber-attacks to Russia, China, North Korea and Iran. Such attacks are unlikely to reduce any time soon, but our legislative and technological resilience can increase in the meantime. The UK needs to be proactive in staying ahead of its adversaries, rather than just reactive. The Bill and the National Security and Investment Bill will help in that regard.

The attacks, often through arm’s length third parties, include dangerous espionage attacks, often on the networks of companies that deliver equipment to telecom providers but whose security is currently inadequate. That can no longer be acceptable, and the Bill will go a long way to making the UK’s networks more secure.

I would like to pay tribute, as has already been done, to my predecessors on the ISC, who, in the Committee’s 2013 report “Foreign involvement in the Critical National Infrastructure”, noted that

“there is no general requirement on companies that own CNI assets to inform or consult Government prior to awarding a contract, whether that be to a UK company or a foreign company. Instead, the Government relies on informal processes or the private company taking the initiative themselves. This is far too haphazard an approach given what is at stake.”

The same Committee also stated:

“Government must have a proper procedure for assessing the risks…and also for developing a strategy for managing those risks. Crucially, this should be an integral part of the process, both before and after contracts are awarded, and not merely an afterthought.”

I hope that the Bill marks a national security turning point, where key infrastructure decisions are based on fact-based risk assessments, not on trust, commercial convenience, political convenience or naivety.

Of course, the Bill is also a recognition—I differ from some colleagues—of market failure. The dominance of major telecoms companies, driving out or buying out the competition, has led to companies such as Huawei positioning themselves as perhaps too big to fail or, in the context of the telecoms market, too big not to buy from, or too big not to supply to. In my view, that is down to political and commercial failure, and I am glad that the Government are putting wrong—putting right that wrong. [Interruption.] I was just making sure that the Minister is on his toes—not literally, but I am glad he is paying attention. I am glad that the Government are putting that right; it is long overdue, as I said.

I hope that the new diversification strategy that has been alluded to today will include enough commercial incentives to attract new vendors and suppliers into the market for the first time, or for existing providers to seek new capital raises in order to maximise new markets, many of them in the public sector—the public sector is a good customer in most cases—and global in nature.

I hope that there might be a new global collaboration in joint development of 6G, 7G and beyond. Five Eyes-based companies might be a good place to start, but trusted EU partners can play a key part too. I think about Airbus and the collaboration on civilian airframes across the world; I think about Typhoon and, prior to that, Tornado—large collaboration, R&D developmental projects that brought together trusted partners around the world to look after our national security, albeit on a different platform and in a different context.

As it stands, as we have already heard, there are only three potential suppliers of mobile access network equipment in the UK: Nokia, Ericsson and Huawei. The lack of diversity across the telecoms supply chain has invariably led—that is why we are here today—to a national dependence on limited suppliers.

Jamie Stone Portrait Jamie Stone (Caithness, Sutherland and Easter Ross) (LD)
- Hansard - - - Excerpts

The point the hon. Member makes about international co-operation is a very good one. In buying into joint efforts with allies, we have a share of the intellectual knowledge. Does he agree that that is something we would not have had with Huawei?

Mark Pritchard Portrait Mark Pritchard
- Hansard - - - Excerpts

The hon. Gentleman is absolutely right, and I am delighted that the Secretary of State has set out that there is going to be a new national telecoms lab. I am not sure whether he has decided on the location, but I commend the telecoms expertise of Shropshire and the west midlands to the Minister.

The Government’s own telecoms supply chain review, published by DCMS in July 2019, found that

“the telecoms market is not working in a way that incentivises good cyber security”—

perhaps another example of British understatement. This Bill will end that, and rightly so.

In its October 2020 report, the Defence Committee, ably led by my right hon. and gallant Friend the Member for Bournemouth East (Mr Ellwood), concluded that the current 5G

“regulatory situation for network security is outdated and unsatisfactory.”

I thank all the members of that Committee for the work that they have done in highlighting that.

I welcome the fact that the Bill will strengthen the security framework for technology used in 5G and full-fibre networks, including electronic equipment and the hardware and software at phone mast sites and telephone exchanges, and that it will give the Government new powers to issue directions to public telecoms providers to manage the risk of perceived high-risk vendors. It is right that the Bill will allow the Government to impose controls on telecom providers’ use of any goods, services or facilities supplied by high-risk vendors.

I very much welcome the Government’s new powers to limit and remove high-risk vendors, such as Huawei, about which we have heard so much already, from the UK telecoms network. I also very much welcome the new and revised timetable that the Government have announced today for doing this. In saying that, I hope that the Government are not being overly ambitious, as we heard from other hon. Members, but it is right to establish the principle today and move more swiftly on this key issue of national security and diversity in the marketplace.

I welcome the Bill incentivising better security by financially penalising providers that operate below minimum security standards, but I hope—the Minister is here—that a carrot-and-stick approach will be the default DCMS and Ofcom approach, rather than just a stick, as it is the private sector’s co-operation that will help us to move forward on this. It is very much key to the market diversification that the Government want and, more widely, to the partnership in cyber-security resilience in both the private and public sectors. We do not want to have enmity with the very people that the Government need to work more closely with in dealing with these issues.

The Bill makes Ofcom responsible for monitoring and enforcing telecoms providers’ compliance with their security duties where providers do not meet their obligations. I gently ask the Government whether they feel that Ofcom has the necessary teeth. Will Ofcom outsource or buy in any additional and required expertise?

The Bill, rightly, does not allow vendors to have access to the UK telecoms network denied, removed or limited for any reasons other than the protection of the UK’s national security, again making sure that we are not putting up new barriers to new entrants to the marketplace. It is also welcome that the Bill does not give the Secretary of State the right to limit or remove vendors to protect or improve the commercial interests of other vendors in the marketplace. I hope that the Minister will elucidate this important point so that there can be, from today, investor, shareholder and commercial safeguards that will allow any of those reading Hansard in the private sector to be reassured.

I would like to ask the Minister some questions. How will the Government ensure that Ofcom has sufficient staff with the necessary skills to undertake this work before it assumes its new responsibilities, which are separate from the point of buying in or outsourcing? Even if someone is buying in or outsourcing, they need to have the skills to know what they are outsourcing to and for, and so it is with buying it in, making sure that they are getting the right people in.

How will the Minister’s Department ensure that Ofcom is provided with the necessary information and relevant data on what is a new area of expertise and work for it, particularly in this detail? I welcome the fact that the Bill requires the Secretary of State to lay before Parliament a copy of all designated vendor directions and designation notices, except where doing so would be contrary to the interests of national security. However, when such information cannot be laid before Parliament, as was alluded to by my right hon. Friend the Member for New Forest East (Dr Lewis), the Chair of the Intelligence and Security Committee, will the Minister undertake to provide that information to the Intelligence and Security Committee so that Parliament and the public know that there is sufficient and adequate oversight?

Finally, as the shadow Secretary of State asked, given the recent experience of the Australian Government, what can the Minister say today on the record to deter any temptation by the Chinese Government to take any similar retaliatory measures against the UK? Does he agree that if they were so tempted—I hope they would not be—perhaps the £20 billion trade surplus for China might focus calmer and more reasonable heads in Beijing today?

Iain Duncan Smith Portrait Sir Iain Duncan Smith
- Hansard - - - Excerpts

I hear my hon. Friend’s point, but does he not agree that one of the greatest bastions against this behaviour by the Chinese Government would be for all members of the free world, particularly the Five Eyes, to come together both to condemn their behaviour and to themselves talk about introducing sanctions against China if it carries on behaving like this?

Mark Pritchard Portrait Mark Pritchard
- Hansard - - - Excerpts

Colleagues will be pleased to hear that I am reaching my concluding comments and I will address that question then. While I have huge respect for my right hon. Friend—he is absolutely right and has been leading the way on this and I pay tribute to him on that—there is a lot we can do with China. In fact, I will put my notes down and jump to my conclusion now.

This is not an anti-China Bill; this is not an anti-Huawei Bill. This is about ensuring the greater resilience of our national security through our telecoms infrastructure. It is not about putting up barriers to entry for existing or new companies coming into the marketplace. I agree that we have to be robust against China when that is right, but we also need to recognise that there is a lot of co-operation and collaboration with China on trade and on climate change, so we agree on many things and we disagree on many things, but I do not think talk of sanctions is necessarily right at this stage.

I support this Bill. It is long overdue; I commend the Government for bringing it forward.

None Portrait Several hon. Members rose—
- Hansard -

Rosie Winterton Portrait Madam Deputy Speaker (Dame Rosie Winterton)
- Hansard - - - Excerpts

Order. There is now less than two hours until the wind-ups are likely to start. By my calculation, that means that if everybody is going to have equal time, contributions ought to take about eight minutes. I do not want to set a time limit, but that is a rough guide for the debate.

19:42
Kevan Jones Portrait Mr Kevan Jones (North Durham) (Lab)
- Hansard - - - Excerpts

I join the right hon. Member for New Forest East (Dr Lewis) in welcoming this Bill in principle but giving it a qualified welcome. It amends the Communications Act 2003, and in terms of technology 2003 is light years away.

When I was at school computers were not as common as today and even having a telephone at home was a rarity, so great changes have taken place in these types of technologies—as I have seen even in my short lifetime—and the pace of change is only going to increase. That is why this Bill is welcome in updating our laws, and it will not be the last Bill we require, because as technology advances, further updating will be needed. However, as the right hon. Gentleman said, the Intelligence and Security Committee warned about all this in 2013. It was the same with the National Security and Investment Bill last week; the warnings have been there. Yes, there has been a change of direction in the Conservative party from panda hugging to panda bashing now as the flavour of the day, but the question of security should always be central to all this.

To be fair to the Government, they have not stood still. We have been ahead of other nations in terms of Huawei and security and having the Huawei cyber security evaluation centre, which has helped us protect our networks. But a balance must be struck between open competition and being able to interact with other nations, and also protecting our security.

I want to touch briefly on the issue of security, as that is what the Bill is about. I think some people are getting carried away in thinking that the Bill will be used in a protectionist way to protect our own suppliers or as a way of cutting off altogether any trade with regimes that we might have huge reservations about, such as China. We are never going to be able to do that. The powers in the Bill are clearly around security, and my only problem is with the definition of the word. I would argue that the way in which the Government approached the matter of the Huawei security centre had security its centre in order to protect our networks. As the Minister knows, I was one of those who agreed with the Government’s decision in July to allow Huawei to have 35% of the market as long as the security was there. The National Cyber Security Centre was clear in its evidence that that could be maintained. It was the American sanctions that changed that.

When a Secretary of State makes his or her decision on whether to take a vendor out, the important thing is that it is made on the ground of security. It is not clear from the Bill how that will be looked at. I would not want to see lobbying for a certain company, for example, or a situation such as we are currently seeing on the Conservative Back Benches where anything with “China” on it has to be resisted. I should point out that many people in the Chamber tonight will have mobile phones in their pockets that contain Chinese components. Even Ericsson and Nokia, which we are going to allow into our system, use components that are made in China. We cannot just close our minds to China altogether, so these decisions must have security at their centre.

Any decisions made by the Secretary of State have to be around security, and I have some concerns about DCMS having control over this. I raised a similar point on the National Security and Investment Bill. I am not sure that the Department has the necessary expertise. Personally, I would sooner see the Secretary of State taking such decisions alongside the National Security Council, or a sub-committee of the NSC, for example, to ensure that security could be at the heart of those decisions. Likewise, I have reservations about Ofcom. As a regulator, it has been around for quite a while now, but I wonder whether it has the expertise to look at the security sector.

A specific practical point about DCMS and Ofcom is that if a decision were taken by the Secretary of State on security grounds, a lot of the relevant information would be highly classified and would not be available to people without the necessary security clearance. I presume that the Secretary of State has the highest security clearance, but I doubt whether anyone in Ofcom would do so. I would like to hear more about how that will work in practice when they are dealing with highly classified information, because the Bill makes it clear that that is the only way in which a vendor can be struck from the marketplace.

Another issue, which has already been raised, is whether Ofcom will have the necessary budget and focus to undertake this work. The right hon. Member for New Forest East made the point about a revolving door, and that is an issue that concerns many people. There is a revolving door between industry, the various regulatory bodies and the Government.

There is also an issue around oversight. I do not see anything in the Bill that will allow parliamentary oversight of these decisions. Clause 17 refers to the Secretary of State being required to lay a copy of their decisions before Parliament, but there is also a get-out clause in that the requirement

“does not apply if the Secretary of State considers that laying a copy of the direction or notice (as the case may be) before Parliament would be contrary to the interests of national security.”

Anyone who has been in the House for any length of time and who has worked in this field will know that that is the usual way for civil servants to get out of any kind of question whatsoever. There is a need for oversight in this regard. I am not trying to make work for the Intelligence and Security Committee, which I am a member of, but it is the only Committee of Parliament that has a high enough security clearance to be able to see the information that will inform these decisions. Without that, there is an issue in the Bill in terms of how Parliament will scrutinise the Secretary of State’s decisions effectively.

Anthony Mangnall Portrait Anthony Mangnall (Totnes) (Con)
- Hansard - - - Excerpts

I am sorry to interrupt the right hon. Gentleman while he is making such good progress. If a decision were not to be laid before Parliament, would he accept the idea of it going before the Intelligence and Security Committee?

Kevan Jones Portrait Mr Jones
- Hansard - - - Excerpts

Yes. If we were able to see it, at least we would be able to get access to the intelligence that informed it. The DCMS has its own Select Committee, but that Committee does not have the clearance, so I would suggest taking the approach the hon. Gentleman describes. There is a way of doing that. Under the Justice and Security Act 2013, the DCMS does not come under the Intelligence and Security Committee’s remit, but we could change the memorandum of understanding to include this issue. I think that is needed, and I said the same thing on the National Security and Investment Bill.

On diversity, we would love to have a large number of vendors, but there is a clear issue we have to recognise. People talk about market failure. There has been a market failure because, in terms of Huawei and the Chinese state, there has been a deliberate decision to buy in to a sector. There has also been a tendency among us all, as consumers of telecoms services, to make sure that the rates go down as low as possible. That has led the prices down, so there is no money in the infrastructure at all, which is why companies have got out of the sector.

There is an area where diversity can come in, and that is open RAN. If the investment goes into that, we could be a world leader, but let us not make the mistakes we have in the past, where we have been a world leader—for example, in fibre technology in the early 1990s—and then gave that lead away.

On the removal of Huawei from the 5G network, the 2027 deadline needs to be maintained. I am sorry, but I think the Secretary of State is wrong in what he is suggesting. If he does what he suggests, that will add further costs and slow our progress. The equipment that is there now has been through the cyber security centre. We are satisfied that there is no security risk from that equipment, so why rip it out before we have to do so? All that that will do is slow our system down and slow the economic advantages that can come from 5G.

We have concentrated a lot in the debate on the hardware. Will the Bill somehow make us completely immune from cyber-attack? No, it will not. The other side to this, which is just as important, is to ensure that we educate companies to ensure that they use their systems safely and that upgrades are done on security networks and other things. That is about the basic education of the people who use a mobile phone or any type of computer network.

With those concerns, I welcome the Bill as a step forward. Let us see it not just as a way for us to somehow solve all our cyber-problems, because we will not. We still have to be vigilant, and we still have to make sure that our security services have the finance, ability and expertise to respond to the enemies who are attacking us.

00:04
Bob Stewart Portrait Bob Stewart (Beckenham) (Con)
- Hansard - - - Excerpts

This Bill makes sense. I agree with the right hon. Member for North Durham (Mr Jones) that it is primarily about security. It is a top priority for us to ensure the security of all telecommunications networks, particularly those that might carry classified information and that is what this Bill is all about. I particularly endorse those clauses in the Bill that give the Government robust powers to manage high-risk vendors based, of course, on National Cyber Security Centre advice. That may well also include direct guidance from other intelligence agencies as well. It is also absolutely right that the Government have placed a ban on purchasing new equipment from high-risk vendors from September 2021 and ordered the removal of high-risk vendor equipment from our networks by 2027, but, as I will go on to say, it will have implications. I wish we could achieve that earlier, but, obviously, industry needs time to manage the transition required.

The NCSC is at the forefront in developing telecommunications security requirements. It has done this in collaboration with industry and these requirements are detailed and effectively designed to establish a layered defence against cyber-attacks and infiltration. Codes of practice will devolve from these requirements and they will form a method of operation as well as being a way of calculating risks for operators Ofcom, DCMS, and NCSC. I endorse the view that these requirements and codes of practice will definitely increase the difficulty, the cost and the risks faced by a hostile player attempting to infiltrate or to compromise a UK telecommunications network, but, as the right hon. Gentleman has said, that does not mean that we are invulnerable—oh, no, it does not. There are still risks.

Next year, I gather that we will need to pass secondary legislation to endorse codes of practice that will, thereafter, be used to instruct operators on how to meet their security obligations. Such codes of practice will be policed by Ofcom—we have talked about that a little. Most certainly, it will require training on how to do this. Here there needs to be a serious interchange with the NCSC where a working relationship between the two bodies is crucial—and at cost. Of course there are penalties for this decision. Not only will this change delay the roll-out of the 5G network, but significant consequent costs will be incurred by industry. I know that industry may need the Government to support it in consequence of this decision. On the other hand, a recent report has also suggested that upgrading the UK’s 5G infrastructure could be worth about £158 billion to the economy over a 10-year period.

We have already mentioned that there are three significant vendors who provide large-scale telecommunications equipment in the UK. These are Ericsson, Nokia and Huawei. With the significant removal of Huawei as a result of this Bill, choice of vendors is of course reduced by a third, which is most certainly not ideal. It would be far better if we had more choice and competition, but we do not—that is the fact of it. However, Ericsson and Nokia are very good, trusted and long-standing companies whose security credentials are tried and trusted. I am very pleased by the idea of the open radio access network—open RAN—being developed. It is crucial to develop the UK as a world leader in 5G. Essentially, open RAN allows interconnectivity between different telecommunications mobile networks, and avoids the necessity of all components coming from just one supplier. For instance, Ericsson equipment can be interfaced with that of Nokia, or perhaps another new supplier—let’s hope so. That aids the drive towards competition andthus has cost benefits.

 

I have been an extremely good boy, Madam Deputy Speaker. I hope I am going to get a thumbs up for finishing in six minutes. I commend this Bill to the House.

Bob Stewart Portrait Bob Stewart
- Hansard - - - Excerpts

I got a thumbs up from Madam Deputy Speaker; I sit down with a big glow on my face.

20:00
Jamie Stone Portrait Jamie Stone (Caithness, Sutherland and Easter Ross) (LD)
- Hansard - - - Excerpts

Follow that if you can.

The hon. Member for Beckenham (Bob Stewart) and the right hon. Member for North Durham (Mr Jones) make the point: it is about security, absolutely. Anyone who thinks that there are not states out there, which have been named here today, that are not about the UK’s good health, is kidding themselves; it is as simple as that. We have come a long way since the Westminster Hall debate earlier this year, if my memory serves me rightly, but I always think that a late convert is the best convert of all, and we are where we are today. My party and I support the Bill at this stage.

It is an incredibly complex situation, which gets more complex almost by the month and the year. Frankly, the whole subject of cyber-security terrifies me. When I first came down here three years ago, a humble—no, I will not say a humble crofter, because that nomenclature belongs to another Member on this side of the House. When I came down here from the highlands, the situation was forcibly brought home to me when I went to Estonia with the Armed Forces Parliamentary Scheme. I was firmly instructed by a Sergeant Major from the 3rd Battalion the Yorkshire Regiment on no account whatever to turn on my mobile, otherwise a state not terribly keen on our good health would simply triangulate in on me, and would probably try to hack in; that brought it home to me in no uncertain terms.

In the short time available—I will try to be as good as the hon. Member for Beckenham—I want to make two points. The first was touched on, correctly, by the shadow Secretary of State: there is, alas, an unsavoury side to the way in which China does some things. We are all aware of the reports coming out of that country of the horrendous abuse of the Uyghur people in Xinjiang province; it is an ugly scene. A recent report suggests that some 82 foreign and Chinese companies benefit from the forced labour programme by the Chinese Government. Of course, the Chinese Government would say, “No, no, no. That’s not right at all. It’s not forced labour; it’s not like that.” They have described it as “detention centres”, “re-education” facilities and—this is quite sinister—“de-extremification” camps. They have contorted their language quite deliberately to cover this stuff up. I make no apologies for saying these things. I had hoped that a state being able to behave in that way had been left behind in 1945 or the end of Stalin’s Russia, but, alas, all is not as it should be.

I welcome this Bill as being a bit like the Government discovering their moral compass. Coming away from Huawei has the benefit that we are helping, in our small way, to bring an end to this sort of behaviour by China. It is only a first step. We are going to have to co-operate with other nations. There is a great benefit to what the right hon. Member for New Forest East (Dr Lewis) said, about an alliance with Five Eyes, but that is for another day. The road ahead is beyond our borders. As a good Liberal Democrat, I would make this point: not only should we co-operate as much as we can with Five Eyes, who are crucial to our security and defence, but we should also try to maintain the best possible relationship with our friends in the European Community.

Let me turn to my second point. The hon. Member for Gordon (Richard Thomson) made an excellent speech, and said that 4G and 3G are, at best, patchy. I am afraid that my constituents might be afforded a hollow laugh if I talk about the roll-out of 5G, because in so many parts of Caithness, Sutherland and Easter Ross, there are not a lot of Gs at all—it is not particularly good.

My appeal to Her Majesty’s Government is that they try to address the inequality of provision as they roll out 5G. It is wrong that people should be disadvantaged simply because of where they live. All United Kingdom citizens have a right to these services, and it is fundamental to the way we think of ourselves as a nation—we believe in fairness and fairness of provision. As we come out of this dreadful pandemic, we will have to punch above our weight economically, and access to 5G means that we can mobilise our bright innovators and entrepreneurs all over the United Kingdom, whether they live in the glens and straths of Sutherland, the central belt of Scotland or down here in England.

I will conclude with two points. First, I agree that the 5G diversification strategy brings great opportunities. There will be a financial injection into the UK economy, which will be incredibly useful. Secondly, the right hon. Member for North Durham (Mr Jones) was spot on: it is not just about the hardware. It is about the software and the clever things we do to safeguard ourselves from cyber-attacks, because as I described with the example of the iPhone in Estonia, there are people and states out there who are not for the good of our health.

20:06
Iain Duncan Smith Portrait Sir Iain Duncan Smith (Chingford and Woodford Green) (Con)
- Hansard - - - Excerpts

I welcome the Government bringing forward this Bill now, and I congratulate them on having listened, which is not always something that Governments can be accused of. The Secretary of State and his Minister, whom I welcome—the Under-Secretary of State for Digital, Culture, Media and Sport, my hon. Friend the Member for Boston and Skegness (Matt Warman) —have listened to many concerns, and measures to address them are now embedded in the Bill.

China recently said that if there was any further interference, it would poke the eyes out of the Five Eyes. This Bill puts the missing fifth eye back into the Five Eyes, because we have been laggard, lazy and late on this, and I think this would probably be the case across the board, so perhaps that is a positive. The right hon. Member for North Durham (Mr Jones) made a very good speech. He was right to say that this is not about China. There are plenty of security risks, as my right hon. Friend the Member for New Forest East (Dr Lewis), the Chair of the Intelligence and Security Committee, said. Russia is a massive security risk to us and has probably carried out more cyber-attacks on us than anybody else. That is debatable, but it has a very big criminal network that attacks us the whole time.

I accept that. However, the difference is that China is now the driving force for our introducing this Bill, because it poses a very different kind of threat. The fact is that China has juxtaposed the ability to dominate in a market sense, which sucks us in—I will come to project kowtow and the mistakes that were made—while at the same time forcing us to often turn a blind eye to some of the work it did, which we do not do with Russia and some of the more immediate threats. It is a peculiar and different challenge, which is now embedded in the Bill.

My right hon. Friend the Member for New Forest East made the important point that the nature of our exposure has been known about for some considerable time, and we should not have ignored it. I thank my colleagues who joined the Huawei interest group early on, in winter last year, and who have campaigned to try to tighten up these security measures. Following that, the Inter-Parliamentary Alliance on China was set up, which is now made up of politicians on the left and right from 38 countries, and they are asking us to tighten up our security co-operation and ensure that we get this right.

This Bill is long overdue, and it is welcome, but I want to highlight three issues in it. First, although it is not in the text of the Bill, the Government have now announced that they accept 2027 as the end point for Huawei as a provider that may be high-risk and that no new Huawei equipment may be installed from September 2021. That is very welcome. In fact, the September 2021 date is better than I would have expected at this point, so I congratulate the Government on being very clear about that. That is a more important date than 2027, in effect, because it opens the market and allows others to recognise now that they have a possibility of re-entering a market that was closed to them by one company in particular—there are other companies in China—that has manipulated the normal rules of market adherence and subsidy. It has been a disaster for us not to recognise that on that basis alone, forgetting the security risks as well.

I am, however, concerned by another point about the process, which leaves the Secretary of State to make these decisions going forward, against criteria that are laid out, and I will come back to that. I think my right hon. Friend the Member for New Forest East said, “Who will be the advisers? Who will advise?” That is absolutely right, and the Secretary of State should listen to the Chair of the Committee on that point. It is important to structure who will advise the Secretary of State and how that will happen. Perhaps the Committee can have a very strong look at that and advise the Government on how to structure that.

There should be a more formal structure embedded in the Bill, otherwise it will be too easy for a Secretary of State, under pressure from the Business Secretary or a Chancellor, such as one we once had, who was very keen on a golden era, to be leant on and told, “Do you really need to go down this road?” That will happen. I sat as a Secretary of State, and I can tell the House that all that stuff happens, and anyone else will say that, too. A more structured approach would not allow the Secretary of State to miss the right people on advice. That will be very important.

The descriptions in the proposed new sections of the Communications Act 2003 under clause 16 of the Bill are important, and I will come back to those, because the list gives the Secretary of State plenty of scope. Tightening up the advice means that that scope will not therefore be wasted.

We are here because of the mistakes of the golden era—the great kowtow, as I would rather call it—where we too often ignored the realities of what was going on in security terms for the sake of this great drive that we would benefit massively from the opening up of trade with China. There was also a mistaken belief: too often, liberal democracies and all of us who believe in freedom of speech and the general freedoms believe, rather arrogantly, that all we have to do is open up markets and everyone else will realise that their system must be wrong and therefore they will change it.

That was the great belief. I was told it endlessly in government, “Don’t worry about this sort of stuff. China will change once they realise exactly how wonderful it is to trade with the west.” Well, they did not. They do not want to change, because they think that their form of government is a better form of government. They will say, “We are opened up to the markets. We are getting the benefits of the marketplace.” China was invited to join the World Trade Organisation back in 2001. There have been real problems since then with market forces, but I want to come back to the security elements.

The worry is that others of the Five Eyes spotted what was going on long before us, and we ignored a lot of the evidence that we should have been tightening up much, much earlier. We should have been concerned. I cannot remember which Member said that security should be the No. 1 consideration, over everything else. We lost that—I hate to say that—and considered it just one of the things we might look at.

Kevan Jones Portrait Mr Kevan Jones
- Hansard - - - Excerpts

I am not one for doing the Government’s job or supporting them, but I do not think we did that actually, in terms of the Huawei cyber-security evaluation centre. We were ahead of other countries that did not do that, including the United States, and let Huawei into their country networks without any checks whatever. But the issue has to be security. I know that the right hon. Gentleman has strong views about China trade, but security has to be at the heart of things, which I think is where we have been up to now.

Iain Duncan Smith Portrait Sir Iain Duncan Smith
- Hansard - - - Excerpts

I have to say that I do not agree with the right hon. Gentleman on this. Although the Huawei cyber-security evaluation centre was installed, when I sat and listened to people from it making a presentation to us earlier in the year, it was almost as though we were watching people who were kind of squeezing their own genuine, real opinion, which would have been coming via GCHQ, about how the real threat was formed. Their arguments did not stand up, even in the face of people who were not every day working on security.

The truth is we need to be careful, and it should have been a tighter position from the word go. The very fact that the Government are bringing this measure forward now suggests that that was not the case. [Interruption.] Listen, I am critical of my own Government. I resigned from the damn thing at one point. I have to say that I therefore do believe it is possible for great Governments, like mine, to get things wrong.

Julian Lewis Portrait Dr Julian Lewis
- Hansard - - - Excerpts

In defence of the Huawei cyber-security evaluation centre, its sixth annual report, from September this year, is absolutely devastating in its criticisms of Huawei’s failures to be secure or to make improvements when insecurities have been highlighted.

Iain Duncan Smith Portrait Sir Iain Duncan Smith
- Hansard - - - Excerpts

I agree completely. The point is that when we were talking about this earlier on, it was clear that that was, underneath it all, the centre’s real opinion, but it was kind of moving and modifying. It was also used in a political way, by the way, which I did not think was right. An opinion is either there or it is not; do not get people in to brief Back Benchers about what they should be thinking. I thought that was wrong.

We are absolutely in the right place at this point and the Bill goes a long way towards achieving that. However, we need to do some other things that could be in the Bill. For example, the Bill is about security but it does say on the front that it goes slightly wider than security: the Under-Secretary of State for Digital, Culture, Media and Sport, my hon. Friend the Member for Boston and Skegness (Matt Warman) signed the bit that says:

“In my view the provisions of the Telecommunications (Security) Bill are compatible with the Convention rights.”

That convention is the European convention on human rights. We need to ask ourselves whether that idea applies to many regimes—not just China—and companies that come from those regimes that may be guilty of human rights abuses.

I asked the Minister previously, in a private context, whether he would consider including in proposed new section 105Z8 of the Communications Act 2003, on designation notices, the inclusion of the ability, where it may arise, to do something in the area of genocide and the involvement of companies in that process. There is very strong evidence in a couple of cases—particularly in the Uyghur case—of the use of slave labour, which should result in those companies being outlawed. The Minister may argue that this Bill might not be the appropriate vehicle for that because it is specifically about security, but every Bill has on its face that we abide by human rights laws. I am not trying to widen the Bill’s scope; I am giving the Minister the opportunity to have that extra element as part of his possible designations. After all, we are dealing with countries and nations that have, particularly in China’s case, torn up much of the book on co-operation and diplomacy.

Let me raise a final point before I conclude. My hon. Friend the Member for The Wrekin (Mark Pritchard) has gone, but he mentioned Australia. One of our Five Eyes partners, Australia, had the temerity to ask for an inquiry into the covid outbreak. Since then, the Chinese have attempted, in essence, massively to beat up Australia in a very undiplomatic and aggressive manner. It started with abuse of the individuals who asked for an inquiry and then went further into abuse of the Government. Subsequently, it has gone on to sanctions: the Chinese has now broken WTO rules, with sanctions of more than 200% on Australian wine.

In the past couple of days, the Chinese have produced what I think is called a meme—which is a mocked-up instrument on the internet—that shows something about an Australian soldier trying to kill a child. This is appalling behaviour and I want my Government, at some point, to be very clear that such behaviour is simply not to be borne. Although we have said that we stand with China, the key thing about this sort of thing and our co-operation with our Five Eyes partners is to do more than stand with China: we should condemn behaviour like that that deliberately targets and demeans a democratic nation that goes by the rule of law and human rights, which is something that China does not do. I do hope that the Minister will pass on to his colleagues that no matter what we do with this Bill, we need to make sure that we stand up with our Five Eyes partners, now that we have the National Security and Investment Bill and are moving in that direction, and never allow any one of them to be isolated and picked off one at a time. I commend the Bill to the House.

Rosie Winterton Portrait Madam Deputy Speaker (Dame Rosie Winterton)
- Hansard - - - Excerpts

The next listed speaker has withdrawn, so we go straight to the Chair of the Defence Committee, Tobias Ellwood.

20:18
Tobias Ellwood Portrait Mr Tobias Ellwood (Bournemouth East) (Con)
- Hansard - - - Excerpts

Thank you, Madam Deputy Speaker—does that mean that I get 16 minutes to speak? That is fantastic. [Interruption.] That is my first intervention, so it is now 17 minutes. It is good to catch your eye in this important debate, Madam Deputy Speaker, and to see present so many colleagues who were there at the start of the journey—I referred to this in the first intervention I made—when we first discussed Huawei in the Chamber.

The Defence Committee looked at this subject because the security of 5G is now critical, given our ever-growing reliance on data movement. To establish a new security framework for the UK telecoms sector and to ensure that telecoms providers operate a secure network and resilient services and manage their supply chains is absolutely fundamental to our new way of life. The completion of 5G over the next decade will be nothing short of revolutionary. Every aspect of our lives as we know them, including how we communicate, socialise, work, travel and manufacture things, will become increasingly dependent on lightning movements of wireless data. The advantages of such scope and scale in our growing online world have very much been appreciated during this pandemic, but, equally, we must recognise how our reliance leaves us very much exposed to those who might choose to cause us harm.

The backdrop of this was of course the lively debate, which I have referred to, over Huawei. Perhaps that was a wake-up call on just how powerful and tech savvy China has become. The Minister and the Secretary of State have made it very clear that this is not just about China—other non-state and state actors are now developing capabilities to interfere with our online world—but I make it very clear indeed that what we are discussing today exposes the wider uncomfortable reality of the gradual geopolitical shift in global power from west to east.

In our lifetimes, China is on course to become more powerful economically, technologically and militarily than the United States of America, and how we handle this so-called Thucydides trap is yet to be reckoned with. This is a usually disruptive transition of influence from one ruling power base to a rising power with eventually more dominance—a transition that history suggests is rarely peaceful. The only example of a peaceful transition is that from the British empire to the American superpower. If we are honest, this Bill is about exactly that. This is the starting point of a bigger conversation about how we manage such a transition. We are placing protections on our country against China, which we privately no longer trust, but I have to say that, publicly, we may be in denial about what we need to discuss.

We should finally come to terms with the fact that China has not matured into the responsible global citizen that, a decade ago, we hoped it would be. Instead, China offers a competing authoritarian ideology, leveraging its colossal economic growth to undercut western competition and ensnare dozens of countries into infrastructure projects and high-tech plans on terms that they can ill afford. Our growing dependence on the online world has created a new virtual theatre of war. The actual character of conflict has been changing in front of us: it is less about terrain, and now more about data. We are becoming increasingly vulnerable, with cyber-attacks, disinformation campaigns, interference in elections, manipulation of social media, data theft, online espionage and sabotage. These are the new battlegrounds that we must prepare for and defend against. Our international rules-based order was crafted in the pre-digital age. A major cyber-attack, for example, could cause more damage than a dirty bomb, but would not technically trip a NATO article 5 response. International law must catch up, and this legislation is a small line of defence in a far wider geopolitical battle that we need to embrace.

Britain is rightly seeking to remain on the cutting edge of this fast-developing digital world, but this can only be achieved with greater protection and, indeed, investment in our critical national infrastructure. Our 5G capability must leave no virtual backdoors left open. Consequently, phasing out high-risk vendors, such as Huawei, from our 5G programme is the right call. However, we have to ask the question: why is it that a decade ago there were 12 vendors that can provide this support, yet today there are only six? There are two in Europe, with Ericsson and Nokia, two in the far east, with NEC and Samsung, and then of course two in China—Huawei and ZTE—and there the question lies. What we need to do about it is to make sure we have that capability to move forward in a secure environment.

We must accept that Huawei has grafted its way into our telecoms network partly because the UK vendor market is not diverse enough. Regaining the secure technological capability on which our new digital world will depend requires more than just legislation to block high-risk vendors from entry; it needs the advancement of our own technological capabilities. Open RAN has been mentioned, but it is still a long way off. OneWeb has been purchased as a possible capability for communications. We have yet to hear what the Government plan to do with that.

Ultimately, we must recognise that Huawei, ZTE and others are so powerful because they are state funded. Perhaps it is time for an Apollo moment: when the United States knew it was losing the space race, a combination of state aid and the commercial sector allowed it not only to catch up with but to overtake the Soviet Union. We need the same penny to drop here and to recognise what China is all about.

It is good to hear growing talk of the D5 trusted alliance of nations. It has been mentioned as an advancement of the Five Eyes community and I very much welcome that. We need to provide an alternative to the cheap solutions that the Chinese are rolling out, which continue to be peddled across the road. They are high-tech versions of the one belt, one road programme. Only with greater western resolve can we design and build the secure foundations for the profound new technological world we are about to experience.

I will underline the elephant in the room: what do we do about China? Unless we in the UK and collectively in the west address China’s conduct, there will be a geopolitical clash. That is inevitable and will slide us towards another cold war.

We should make it clear that the UK has huge respect for the Chinese people. Our histories are intertwined, perhaps more than many of us appreciate. The opium wars, the ceding of Hong Kong, the Boxer rebellion, the century of humiliation—perhaps Britain glosses over many of those historical footnotes, but for those in China, they influence their thinking and their attitude towards the west today.

However, today, the west is recalibrating its view of China. China’s conduct in the pandemic, from its initial efforts to hide the outbreak to rejecting any independent investigation, has exposed a dangerous agenda that we can no longer ignore. During China’s incredible economic ascent, western policy focused on deepening engagement in the hope that China would evolve into a responsible global citizen that embraced hard-fought principles of liberty, democracy and open trade. It is clear that the Chinese Communist party has something very different in mind. As it has increased its economic power, Beijing has deliberately shunned international accountability and rules. It may be gaining superpower status, but it avoids any sense of duty to uphold core values of freedom and the rule of law. Knowing that its conduct repudiates those values, it now pursues a geopolitical authoritarian agenda, as illustrated in the crackdown in Hong Kong, the terrible treatment of the Uyghur minority and its manipulation of the digital world, which mimics its one belt, one road initiative.

With countries becoming locked into long-term commitments with reduced autonomy and little prospect of withdrawal, more and more countries are becoming ensnared in China’s authoritarian sphere of influence. The US now publicly confirms that China is a strategic and geopolitical threat to the west, while here in the UK we have yet to say so, though I am pleased that the Secretary of State pointed out concerns about China.

I hope that the full publication of the Government’s integrated review will confirm that China now is a geopolitical threat. We require a turning point—another Sputnik moment, where we no longer pretend and we do not just legislate on high-risk vendors, but hold the regime behind the state-owned companies to account.

I hope that, with the changing of the guard in Washington, there will be a rejuvenation of the west’s collective resolve about what we stand for, what we believe in and what we are willing to defend. The next decade will be very bumpy indeed. If we are to avoid another cold war, protecting our telecoms infrastructure must be the first step of many.

20:28
Jim Shannon Portrait Jim Shannon (Strangford) (DUP)
- Hansard - - - Excerpts

It is a pleasure to follow the right hon. Member for Bournemouth East (Mr Ellwood), with his vast knowledge, and other right hon. and hon. Members who have spoken. I thank them for their speeches. I am pleased to have the opportunity to speak on this issue. I spoke about it back in March, when I stated my fear of reliance on Huawei.

Let me quote what I said at that time:

“I am only one of 650 Members of this House, and I absolutely believe in the tenets of democracy, but I will not stay silent. I do not believe that what the Government are doing is in the best security interests of this nation, and if steps can be taken to pare it back, those steps must be taken. We have been known as security giants, and I do not like the idea that we are now standing on the shoulders of Chinese giants. We have stood alone, and can do so again, but it is always best that we stand with our allies. The Chinese may hopefully be strong trading partners post Brexit”—

we will wait to see whether or not that will be the case—

“but by no stretch of the imagination can they ever be considered our allies; their human rights abuses cannot be ignored. This issue is concerning, and we must not leave it here.”—[Official Report, 4 March 2020; Vol. 672, c. 288WH.]

The right hon. Member for Chingford and Woodford Green (Sir Iain Duncan Smith) referred to the Uyghur Muslims and the human rights abuses they are going through—the fact that their right to worship has been abused and that they are subjected to violence, both physical and psychological. As others have mentioned, there is also the question as to whether they are involved in some of the slave labour in Huawei and what it does. We have heard and read the stories in the press about Volkswagen, which refused even to acknowledge the fact that perhaps some Uyghur Muslims had been being used as slave labour. I chair the all-party group on international freedom of religion or belief, and I feel strongly about this issue. It is close to my heart, so I wanted to speak out. I know it is not directly what this Bill is about, but we have those concerns on human rights issues for the Uyghur Muslims, the Christians and the Falun Gong. We know all about the issue of the forced organ harnessing that takes place, and all those three religious groups are part of that.

So I am thankful for the steps taken by the Prime Minister. We all knew that when these steps were taken, there would be the detrimental knock-on effect of narrowing the UK telecommunications market and possibly driving up infrastructure costs, but I still believe this to have been the right decision. I am thankful for the steps that the Minister announced today, and for the support there seems to be across this Chamber for them. This is about building supply chain resilience, with support available for supporting incumbent suppliers. The security of this nation is undoubtedly a red-line issue, and we must protect it at all costs. Everyone has said that, and we mean it, and we want to see that being delivered though this Bill.

Clauses 1 to 14 introduce a stronger telecoms security framework. The Bill amends the Communications Act 2003 by placing strengthened telecoms security duties on public telecoms providers. I am thankful that the Bill purports to enable more specific security requirements to be set out in secondary legislation, underpinned by the codes of practice providing guidance on the security measures to be taken to meet those requirements. I am given to understand that the Bill gives the telecoms regulator, Ofcom, powers to monitor and enforce industry compliance with the duties and specific security requirements. placing new obligations on public telecoms providers to share information with Ofcom that is necessary to assess the security of their networks.

The UK is part of the Five Eyes, along with Canada, Australia, New Zealand and the USA. We cannot ignore that influence, and the sanctions that the US imposed on Huawei. The US first placed it on the entity list on 16 May 2019, citing national security concerns. This sanctioned the company’s access to important US technology for design and production use. While acknowledging the potential impacts this might have on the reliability of Huawei’s products, the Government, on advice of the National Cyber Security Centre, determined this to be a manageable risk. The restrictions to network access imposed on high-risk vendors in January 2020, alongside pre-existing oversight measures, were considered sufficient mitigation strategies.

So the USA clearly saw what the problems and risks were, and took a stand early on, and I am pleased that we are now doing the same. Chinese influence, across the whole of the world, always has a condition, as we see in many countries in Africa and further afield where it is trying to increase its influence. It has an insatiable demand for every country’s resources, but along with that come the conditions and the influence they have on digital and cyber-security. I am deeply concerned about that, as are others.

It is my belief that while not perfect, this Bill puts in place an emphasis on our nation’s cyber-security that is essential.

During the lockdown, our increasing reliance on the internet has been made abundantly clear. It is phenomenal that where we have been precluded from meeting to worship, our pastors and praise teams have been able to livestream church services, it has been wonderful to carry out certain MP duties online where applicable, and it has been a life-saver for some businesses to carry on their work at home. This has highlighted the reach of the internet into our lives and the absolutely essential nature of its being secure from cyber warfare and attacks. The Government have said that such an attack is highly likely and would have a high impact. I had a discussion with a gentleman from Northern Ireland who is involved in the Royal Air Force, and he said that the greatest threat that it felt was cyber warfare. This Bill will be a very strong way of addressing that.

We can all sit in this place and say that something needs greater funding. Every aspect of our budget could do with enhanced funding. My grandchildren—indeed, probably my great-grandchildren—will be paying off the coronavirus outgoings their entire lives. We need to take what we have and do the best we can with it. My belief is that on this one, the Government have taken the steps to address my grave security concerns, and while the Bill is not all I would like to see, as others have said, I find myself much more content today than I was in this place in March of this year.

00:05
Alun Cairns Portrait Alun Cairns (Vale of Glamorgan) (Con)
- Hansard - - - Excerpts

It is a privilege to speak in support of this Bill and to have the opportunity to support many of the calls that colleagues have made.

Only just over a week ago, the Minister and I were in Westminster Hall debating an allied subject to this Bill when we discussed the challenges and opportunities that came from excluding Huawei from our 5G network. I do not want to repeat all the points that were made in that debate, but in the short time since then, the Government have taken significant, welcome steps—something the Minister hinted at—in developing policies associated with the Bill. Today’s publication of the 5G supply chain diversification strategy sees a welcome plan that contributes to the solution that Huawei brought about, as does the neutrORAN pilot that was announced earlier today.

As a backdrop, it is worth recalling that it was the lack of diversity in the supply chain of this specialised area of technology that created a tension between the desire to roll out 5G as quickly as possible and the potential exposure of our national security to high-risk vendors. Among a whole range of factors, we were being forced to weigh up, or were tempted by, the economic and social benefits that 5G could bring within a relatively short timescale against the risks of being exposed to largely one company with its umbilical cord attached to one nation and the potential security risks associated with that country—obviously, China.

The Government ultimately, and rightly, decided that the concern for the latter outweighed the former, and this Bill is the result. That is welcome, but simply passing the Bill will not necessarily reduce the risks if we continue to be exposed to a limited number of vendors. That is why the diversification strategy and the neutrORAN pilot are also important. It is worth highlighting that in any vital supply chain, diversity is key, but a few organisations in the commercial world allow supply chains to become too constrained. The commercial risks, let alone the security risks, are far too great.

It is worth recognising that the reach and influence of 5G will be far greater than any previous generation of communications. Its capacity to carry much larger volumes of data at very high speeds well beyond 400 Gbps capacity means that our connected lives will be taken to a whole new level. Some have mentioned the internet of things, connected vehicles, smart cities and even smart energy networks, and many more areas that we have not even thought of will become connected in an ever greater, independent way, highlighting the risks that we could have faced if this Bill had not been brought forward. However, all these innovations lead to an exponential growth in connectivity and pressures on spectrum that has its natural limits, which also need to be overcome. Smart cell technology is likely to be part of the solution, meaning that more apparatus than ever before will need to be adopted, along with a greater dependence on the fibre networks that will take it from the small cells. However, this also highlights the need for quantum encryption—something I will come to later, because it is not included in the strategy plan that the Minister published earlier today.

It is therefore obvious that alternative suppliers need to be developed, not only because of the risks we are considering but because of the unprecedented demand for equipment needed to deliver the connectivity that will be called for. There is significant value in this—in the research and development, in the intellectual property and in the manufacturing opportunities, all of which need to be exploited. A fundamental turning point for me was during the summer, when the Government announced their intention to adopt open standards such as open RAN. This signalled that the Government understand the challenges, and the need to encourage more investment and innovation in this space. This was a hugely welcome step, and will be pivotal to diversification in the marketplace. Furthermore, today’s neutrORAN pilot project shows that the Government are determined to be at the forefront of the technological advances.

I would add that we need to ensure these pilots are particularly open—very open—to UK businesses. In last week’s debate, I went into detail to highlight the many individual companies that show the UK has exceptional expertise in specific areas, such as radio frequency and satellite communications, base station capability, backhaul and cyber-resilience. I went through a whole list of organisations in last week’s Westminster Hall debate; I will not go through them again, but I will just highlight a few.

Many right hon. and hon. Members have referred to cyber risk, but south-east Wales and the western gateway have among the greatest cyber-resilience expertise anywhere, certainly in Europe: Thales, Airbus, and quantum technology at the University of Bristol, along with GCHQ. It also happens to coincide with the disproportionate strength that south-east Wales has in compound semiconductors, which I will come on to in a moment, and the satellite and radio frequency expertise that exists in north-east England, highlighting that this coincides with the levelling-up agenda that the Government also want to pursue. Today’s Bill will lead to new economic opportunities in different parts of the country.

Enabling the technology through all these elements is a great economic opportunity. 5G will only work with the compound semiconductor technology that I mentioned earlier—high-capacity chips that enable more data to be managed effectively. I said last week that if a silicon chip is a country lane, compound semi-conductors are great big highways: that is the volume of data that will be carried by the 5G network. The world’s largest cluster for compound semiconductor technology is in south-east Wales, part of the western gateway economic region. Companies such as IQE, SPTS Technologies, Newport Wafer Fab and others work with the Compound Semiconductor Applications Catapult, as well as universities from Cardiff and Swansea to Cambridge and Bristol.

It is worth noting that the UK has great expertise in silicon chip design, but we do not manufacture such chips any longer. In contrast, we design and fabricate compound semi-conductor chips, so supporting and encouraging further investment in this sector can maintain manufacturing capacity as well. Their energy efficiency is also a key benefit, particularly with technology consuming 2% to 3% of global energy demand.

Finally, I mentioned quantum encryption earlier. So much more use will be made of fibre technology as part of the small cell element of the 5G roll-out. Quantum encryption is vital if we are going to maintain our defences against the cyber threat that so many colleagues have talked about.

It is a privilege to support this Bill. There are so many elements that must coincide and go along with it, and I am glad that the Minister is taking large leaps in the right direction.

20:45
Tom Tugendhat Portrait Tom Tugendhat (Tonbridge and Malling) (Con)
- Hansard - - - Excerpts

This is one of those unusual moments when almost everything I wanted to say has been said, so I will be exceptionally brief.

The Minister has done a very good job in listening. There was a time earlier this year when many of us thought that this could become a very difficult issue for the Government. I have to say that the Minister and his entire Department have done a fantastic job in listening, not just to those of us on the Government side of the House but to those on the Opposition side, and making sure that the points we have raised have been addressed—and, if I may say so after the statement today, much sooner than I think many of us expected.

I would also like to say thank you to the Minister for the effort he has put into reaching out not just to companies around the world—Nokia, Ericsson, Fujitsu, Samsung and a few others—to replace Huawei, but to UK companies to make sure that, at some point, we will be talking not about foreign companies supplying UK markets but about UK companies supplying foreign markets. On that, I will merely say thank you and sit down.

20:46
Chris Loder Portrait Chris Loder (West Dorset) (Con)
- Hansard - - - Excerpts

It is a privilege to follow my hon. Friend the Member for Tonbridge and Malling (Tom Tugendhat). Like him, I will keep my comments short because of the many contributions we have had this evening so far.

I welcome this Bill very much. I truly believe it has security at its heart. Many of us in this Chamber this evening were here debating this matter and related matters, if memory serves me correctly, on 10 March. We had very heated exchanges and very important points were made. It was a great concern of ours that high-risk vendors and others could access our infrastructure systems. I think it is clear—crystal clear, in fact—that the Government have listened to our concerns, both mine and those of many of my hon. Friends and colleagues from across the House.

The critical national infrastructure that we have should be, and I think increasingly is, a national priority, and I believe that this Bill will ensure this. Indeed, the Act that it seeks to amend, the Communications Act 2003, I am sure will do so too. These powers protect us from threats both now and in the future. As hon. Friends have pointed out in this debate, it is clear that the speed of digital infrastructure, digital services and so on is progressing so fast that we need the powers that we are debating this evening to keep up the pace.

I would like particularly to commend my colleagues here this evening—my hon. Friend the Member for Tonbridge and Malling, my right hon. Friend the Member for Bournemouth East (Mr Ellwood) and my hon. Friends the Members for Isle of Wight (Bob Seely) and for Totnes (Anthony Mangnall)—for their very informed and helpful, insightful contributions to this debate. I would like to say an enormous thank you to all of them for what they have contributed in increasing my own understanding of this matter.

We see in many fields, though, that in the future of the market, particularly in this area, it is key that the private sector is involved. We see that where there are foreign powers at play, they can disrupt this market, and we must make sure that that does not continue to happen. The new technology also of course has a vital role to play in dealing with some of the many connectivity issues that we experience here in the UK today. As the Member for West Dorset, I like to speak sometimes for wider Dorset and my neighbouring colleagues who also experience the many difficulties that are associated with lack of connectivity, both in terms of broadband and mobiles. It is not only my mission to make sure that we make that better, but—I believe, after the debate this evening—it is also the mission of this Government to make sure that that is done better and safer, and that the digital security not just of individuals but of the nation and the Government is absolutely at its priority.

Finally, I thank very much the Minister for all the work that he has done, both on this Bill and others. I look forward to working with him still further to make sure we deal with some of those connectivity issues closer to home in West Dorset. I thank him very much indeed.

20:50
Anthony Mangnall Portrait Anthony Mangnall (Totnes) (Con)
- Hansard - - - Excerpts

It is a pleasure to be able to speak in this debate and to follow my hon. Friend the Member for West Dorset (Chris Loder), who was so kind about me it almost makes me think he has set me up for a fall. It is also very good to be able to follow my right hon. Friend the Member for Vale of Glamorgan (Alun Cairns) who we might think, having listened to his speech, has every single high-tech industry in his constituency. If that is the case, I am sure he will be willing to share some of it with the south-west.

My maiden speech was made during consideration of the Telecommunications Infrastructure (Leasehold Property) Bill, and the shadow Minister was good enough to attend. After that, I have taken a keen interest in this topic and the issues of national security that surround it. The Minister has consistently met me, members of the inter-parliamentary alliance on China and those who had concerns about Huawei, and I thank him for doing so. The result that we have got today is a real progression and benefit to our national security network, and also an example of what we can do when the House works together in a consensual way.

We know that the international landscape is now far more varied and dangerous, and that it seeks to exploit domestic networks. A recent example of this was highlighted in a Bloomberg article that cited Nortel, a Canadian company that was so badly hacked—reportedly—by Huawei in 2000 that it led to the collapse of the company over a period of 10 years. Some 5,000 employees were working in my constituency in the early 2000s. That shows that a company supported by the Chinese state can have a dangerous impact on companies around the world, as well as on our own state infrastructure.

The steps in the Bill are very welcome. Not only will they check the dominance of international companies such as Huawei, but they will identify potential future threats. As right hon. and hon. Members have said, this is not an anti-China Bill or an anti-Huawei Bill; it is about national security and identifying future threats that we may face. It is also an opportunity to focus on our domestic market and what we can do to create new businesses and opportunities and use our homegrown talent. As the Secretary of State mentioned, the £250 million national telecommunications lab will be a perfect opportunity to cultivate and innovate new technologies and encourage new people to go into the sector. My hon. Friend the Member for The Wrekin (Mark Pritchard) was kind enough to suggest that it should be based in his constituency, but I might also suggest that it comes down to the south-west and Paignton in my constituency, which has the high-tech EPIC centre focused on photonics. I will put that in there, and I hope to meet the Minister to discuss how we might make that happen.

As we know, how far we can go with this depends on how our willpower is positioned and our determination to cultivate British talent, skills and innovation. The diversification point has been made several times, and much has been said, but we also have to be conscious of the need to create the environment that will see new entrants into the marketplace. Relying on Ericsson and Nokia is all very well, but we can and will be able to develop new companies with our Five Eyes colleagues—the same point was made by the US Secretary of State earlier this year, looking at opportunities to build new companies together. Where diversification is limited, there are correct measures to guide and limit high-risk vendors in our telecommunications network, and those are contained in the Bill, notably in clauses 15 and 23.

I also take the point that the right hon. Member for North Durham (Mr Jones) made about parliamentary oversight. I hope the Chair of the Intelligence and Security Committee, my right hon. Friend the Member for New Forest East (Dr Lewis), will forgive me for suggesting that if the Government are unwilling to bring forward proposals for parliamentary oversight, they could go to that Committee so that it could scrutinise them. I apologise for adding to his workload, and I hope he does not think that that is a poor suggestion.

My right hon. Friend the Member for Chingford and Woodford Green (Sir Iain Duncan Smith) mentioned convention rights, including human rights. One of the biggest grievances many of us have had in terms of Huawei’s role in our telecommunications infrastructure network relates to China’s violations of human rights. The Minister might say that this is not the right time or the right Bill to look at human rights, and if it is not the right Bill, I hope he will say in his closing remarks when the right time to address this point is. I know there are other opportunities, alongside the National Security and Investment Bill, but I would be keen to hear at which point we might address human rights.

Iain Duncan Smith Portrait Sir Iain Duncan Smith
- Hansard - - - Excerpts

I am listening carefully to my hon. Friend’s excellent speech. The Minister will note, as I pointed out to him, that this Bill is signed off on the basis of the application of rights, including human rights. Every Bill has the right to be amended.

Anthony Mangnall Portrait Anthony Mangnall
- Hansard - - - Excerpts

I thank my right hon. Friend for his experience and knowledge in guiding me on that point. Of course, I accept that he is right on that matter. In that case, how might we address the issue I have raised?

We have righted a wrong. We have addressed an issue on which we have been seen as out of kilter with our international allies. Now, we have the opportunity to go further and to pass this fantastic piece of legislation. We can harness the international community and, as with the Augean stables, clear up the mess. We can make sure that, in future, we have a robust and secure telecommunications infrastructure network that is the pride of Britain.

20:56
James Sunderland Portrait James Sunderland (Bracknell) (Con)
- Hansard - - - Excerpts

It is a great pleasure to follow my hon. Friend the Member for Totnes (Anthony Mangnall). I am delighted to speak in the debate, for two key reasons. First, it shows that the Government do listen to Back Benchers. We have provided feedback all the way through this process, and some of us have some background on this topic. I am therefore greatly reassured that the Minister is here and is listening to what we are saying.

I also commend the Bill for what it is. I am very reassured that the conclusions of the telecoms supply chain review in 2019 are being met. As the world recovers and recalibrates after covid, the UK has a great opportunity to take the initiative and to become a world leader on another piece of vital technology, and I will be firmly supporting the Government on the Bill.

As our defence and national security move ever more online, it has never been more important to secure our lines of communication. With £16.5 billion extra in the Ministry of Defence budget alone, it is really important that the defence sector takes advantage of that, not least in the cyber-sphere. We have heard today of the strategic independence imperative, and I firmly welcome that.

The Bill will do three things. It will allow for better security, which is absolutely important. It will placate our allies, notably in the Five Eyes community, and why not Japan as well? There is a neat link there with the NEC trial that is coming up in Wales. It will also open the door for other 5G providers. I therefore support the UK’s diversification strategy.

As we have heard, clauses 1 to 14 introduce a more robust telecoms security framework. The Bill enables more specific security prerequisites to be set out in secondary legislation. It also gives the telecoms operators’ regulator Ofcom more power to monitor and enforce industry compliance. Clauses 15 to 23 give new national security powers for the Government to manage the risks posed by high-risk vendors, and we have heard much about that today. The Bill therefore gives the Government new powers, and rightly so.

On 14 July, the Secretary of State announced that, from the end of this year, telecoms operators must not buy any 5G equipment from Huawei, with a timetable for removing all Huawei equipment from our 5G network by 2027. September 2021 has also been announced as the new cut-off date for new Huawei equipment in the UK.

What about the wider requirements of the Bill? This is really important, so I urge the Minister to take note. Industry must be given sufficient time to comply with telecoms security requirements, and deadlines must be realistic. The Government, as we have heard, have settled on 2027 as the date by which high-risk vendor equipment is to be removed and this timeframe must be left as it is. It reflects the complexity of the task and slippage will not be welcomed.

I also support the Government’s initial commitment to promote diversification and resilience in the supply chain backed by the initial £250 million from the spending review. That is probably just the start and it may need more funding. I welcome, as I mentioned, the forthcoming trial in Wales with NEC and our Japanese friends.

I will mention Vodafone very quickly. Vodafone has called for greater investment in Open RAN and, of course, Vodafone has been a key contributor to Open RAN. This would reduce UK reliance on mobile network vendors and allow the UK to develop domestic vendors at scale and benefit consumers through greater price competition. That is to be welcomed. Again, it is clear that the more 5G providers there are, the better it is for everyone. As we have heard, the most sensitive core parts of our 5G network must be free of Huawei equipment and must remain so.

Lastly, upgrading the UK’s mobile infrastructure to 5G could be worth as much as £158 billion over the next 10 years. It will also keep us safe. Surely this is worth investing in, so the telecoms bill is absolutely a step in the right direction and I support it.

00:06
John Hayes Portrait Sir John Hayes (South Holland and The Deepings) (Con)
- Hansard - - - Excerpts

The Government have acknowledged the need to protect critical communication infrastructure and that is welcome, particularly so as it comes on the heels of the National Security and Investment Bill. Telecoms provision is more important than ever. We have always lived in a data-rich world, but what has changed is how readily we access that data as the way in which we gather, exchange and distribute information has changed. I am left wondering whether T.S. Eliot was not right that wisdom is lost in information. Nevertheless, it is the world in which we live and that world means that the way in which we control or, if necessary, prohibit provision of that data, by which I mean the technology, the networks and those that supply and manage them, is critical to our security. To that end, this Bill is indeed, as the Intelligence and Security Committee was told, an important first step, but only that. We do need to look at other factors, to which I will draw the House’s attention in my brief contribution this evening.

Of course the main purpose of the Bill is to raise telecommunications security standards across the board by means of a new and more rigorous telecoms security framework, but the Bill also gives the Secretary of State particular powers to designate vendors of telecommunications equipment as a risk to national security. All dependence is, by definition, a risk, for dependence creates risk. Over-dependence means unsustainable risks and, in terms of national security and national interest, there are three kinds of risks: monopoly or near-monopoly provision; malevolence; and corporate failure.

Eleanor Laing Portrait Madam Deputy Speaker (Dame Eleanor Laing)
- Hansard - - - Excerpts

Order. I hesitate to interrupt the right hon. Gentleman, and it is for a very unusual reason. I just feel that I ought to point out to the House that, having exhorted the right hon. Member for Vale of Glamorgan (Alun Cairns) to be rather more brief than he was going to be—though I have to say that he took only one minute longer than the eight minutes that Madam Deputy Speaker (Dame Rosie Winterton) had previously asked people to take—I should point out most unusually to the right hon. Gentleman who currently has the Floor that, as four of his colleagues who have immediately preceded him have spoken incredibly —I mean incredibly—briefly, the exhortation to take only eight minutes no longer applies, though I would not recommend taking no more than about 12 minutes.

John Hayes Portrait Sir John Hayes
- Hansard - - - Excerpts

Not only is that typical of your generosity, Madam Deputy Speaker, but for me it is what amounts to nirvana, and for the House, something similar I hope.

All of those aspects of risk are mitigated by market diversification, but as we have heard from many speakers during this debate, this market is anything but diversified. The concentration of provision has exacerbated the very risk that this Bill seeks to deal with. It is vital that, as well as the taskforce, which we have heard the Minister has established, a strategy emerges on exactly how we are going to diversify this market, because competition not only counters dependence, but competitive pressure drives up innovation and quality. The telecoms supply chain review judged that, should the UK become dependent on a single vendor of telecoms equipment—particularly a high-risk vendor—it would pose a range of risks to the security and resilience of UK telecoms networks.

The issue of national dependence goes beyond high-risk vendors, however. The number of suppliers in the UK telecoms market—as we have heard repeatedly, currently Huawei, Ericsson and Nokia—is already critically low. While the security of the network can be improved by removing Huawei equipment, the wider problem of potential dependence will be exacerbated by the power to designate vendors and introduce directions unless there are new entrants to the market. We really need to hear from the Minister either in his wind-up or later, if he does not have time tonight, precisely when the diversification strategy will be brought to the House for consideration and what legislation will be necessary. I understand that a Bill may be forthcoming, following this one, to give life to that strategy.

My right hon. Friend the Member for New Forest East (Dr Lewis) emphasised that diversification is by far the best way to secure UK telecoms. The Government judged in their assessment that there is a global market failure in the telecoms market. While the Government will intervene to take the measures necessary and facilitated by the Bill, unless we grapple with that global failure, we will, I fear, come back to this House time and again and need to do more. As I said when we spoke a week or a two ago about the Bill that I just mentioned, I suspect that security considerations will increasingly feature in Government strategy and policy and that this House will need to debate security issues with much greater regularity than it has historically, given the dynamism that we now face.

I have spoken about market failure and the need for diversification. Let us speak about malevolence, because much has been said, of China in particular, and Russia has been mentioned too. There is no doubt that, as the Government have acknowledged, there are malevolent powers who seek by a variety of means to disrupt the lawful activities of this country and so endanger its citizenry by whatever method they deem most appropriate. We should not be naive about this and, frankly, for too long successive Governments were. This Bill is welcome but again, as my right hon. Friend mentioned, it has been a long time coming, given the warnings that were issued from the ISC and others.

Let me re-emphasise to the Government that we certainly need a diversification strategy urgently. We need the legislation that supports it but there are other matters, too, that I want to conclude with, Madam Deputy Speaker, despite your invitation to speak at appropriate—I will not say “excessive”— length. These questions are critical but not, in my judgment, designed in any way not to recognise the achievement of the Minister and the progress made by the Government.

When will the strategy come forward? I would like to hear about that as soon as possible. Given that the ISC raised this matter 18 months ago, I think we need a firm timeline and an assurance that there will be no more prevarication. My right hon. Friend the Member for New Forest East is right that national security must be an overriding consideration in this field of work. In being deployed, the powers conferred by the Bill must, at heart, always gauge national security as predominant. How will that be determined? Threats are subtle and dynamic, and yet the means and methods by which the Department will both define national security and apply that definition through the provisions of the Bill to differing circumstances have not been made crystal clear. I am mindful that this is a Department for sport and culture without a security role apart from this one— perhaps more skiing than spying, and more existentialism than espionage. What specific processes, structures and procedures will the Department use to access the expertise of the National Cyber Security Centre and the wider intelligence community in designating vendors?

We heard earlier about the expertise, skills and resources of Ofcom, but given that the Bill gives new powers to Ofcom, how will it be held to account? I know that my right hon. Friend the Member for New Forest East would share my view—I have not discussed this with him so I am making that assumption—that Ofcom ought to be scrutinised by the Intelligence and Security Committee, given the particular nature of its new responsibilities: to proactively assess the security practices of larger telecoms providers; to take action where security is, or is at risk of, being compromised; and to make information available to and provide annual security reports to the Government.

Finally, will the Minister say more about related telecommunications challenges such as Russian involvement with undersea cables that carry comms data and the future security and resilience of satellite technology? The covid crisis emphasises the need to build resilience to risk. It can be done by making more of what we consume, and by recognising that in the fragility and imperfectability of our socioeconomic order, the market is no guarantor of wellbeing, so it must be shaped, guided and, where necessary, constrained by people with power for whom communal interest is the defining purpose. Those people with power are the Minister and others who govern and we here in this House who hold them to account.

21:11
David Johnston Portrait David Johnston (Wantage) (Con)
- Hansard - - - Excerpts

It is always a pleasure to follow my right hon. Friend the Member for South Holland and The Deepings (Sir John Hayes). I welcome the Bill and congratulate the Government on it. It is a good Bill, and credit should go to the ministerial team for that. Credit should also go to my Back-Bench colleagues who have made important contributions this year. There are plenty of them, but in particular, my hon. Friend the Member for Tonbridge and Malling (Tom Tugendhat), my right hon. Friend the Member for Chingford and Woodford Green (Sir Iain Duncan Smith) and my hon. Friend the Member for Isle of Wight (Bob Seely) have helped us to get to a better Bill.

This comes a couple of weeks after Second Reading of the National Security and Investment Bill, which I also spoke in support of. As with that Bill, it is right that we devise a new regime for the risks that we think we face at this time, and we should not be too prescriptive. Our focus in 2020 is Huawei, but we have to leave this open to new threats that we might encounter, so I am comfortable with Huawei’s name not being on the face of the Bill.

I support Ofcom being given the powers to ensure that providers adhere to the new security measures that we want them to take. I also support the Government bringing forward the deadline for buying new equipment from Huawei to September 2021 and the removal of all its equipment by 2027. Of course, I would like that date to be earlier, and I maintain that there is a distinction between what the providers want to do and what is genuinely impossible for them to do, but I accept the Government’s judgment. I accept that, like any businesses making an investment decision, providers require certainty. They need to know that that is the year it is happening, and we need to stick to that. I also accept—perhaps the Minister could comment on this—that providers have an understandable concern that the decisions made by local authorities about masts and so on may further delay the roll-out, and perhaps we can support them in those decisions.



As this debate went on in 2020, I found some of the contributions—not necessarily from this House but from outside it—frustrating. One in particular was the suggestion that there are no risk-free vendors. I accept that, but when we are dealing with companies such as Nokia and Ericsson, we know that we are dealing with fundamentally different entities from companies such as Huawei. We are not concerned that Nokia and Ericsson will collaborate with intelligence agencies on spurious national security grounds, and we are not concerned that there might be back-door vulnerabilities in the equipment, as Vodafone found a decade ago; even though it was assured that they had been taken out, that was not the case. It is also fair to say that we are not concerned about malicious cyber-attacks being directed at us from the Governments of Finland and Sweden. I accept that no provider can be without any risk at all, on the basis that I accept that no system is completely foolproof, but we are dealing with very different companies in those respects, compared with those where we have concerns about the world view of the country they are headquartered in.

Yet we need more competition and more diversity of providers. We would need that, by the way, even if there were no security considerations whatsoever, because competition improves quality, choice and price. I therefore very much support the Government’s investment of £250 million. I represent a largely rural constituency, so I entirely understand the importance of connectivity generally, and of 5G for the country as a whole and for my constituency. It has been suggested that it will be worth £170 billion to our GDP in the next decade. I know that the decisions being made through the Bill will delay the roll-out and increase the cost, yet they are entirely the right decisions to take because they are about our national security. In July 2019, the Government’s own supply chain review found that successive policy decisions had meant that, although we might have achieved good commercial outcomes, we had poor cyber-security. It is therefore entirely right that the Government should now reverse that order of priority, even if it is going to cost more and take more time, and I wholly support their aspiration to have one of the toughest security regimes in the world.

21:17
Bob Seely Portrait Bob Seely (Isle of Wight) (Con)
- Hansard - - - Excerpts

It is a pleasure to follow my hon. Friend the Member for Wantage (David Johnston). I noticed that he was speaking without notes, which was very impressive. Sadly, I still rely on mine. I thank the Minister for bringing forward the Bill, and I thank the ministerial team for talking to us and engaging with so many colleagues. It would be great if other Departments could do that. What can I say? Hint, hint!

When the Henry Jackson Society and I produced our “Defending our Data” document back in May 2019, many Members had yet to form an opinion on Huawei. I am therefore grateful to the 60-odd members of the Huawei interest group who took an interest in this subject, and to the 36 people who voted to show their concern to the Government back in early March on the Telecommunications Infrastructure (Leasehold Property) Bill. I am aware that that Bill was not necessarily the right place to express those concerns, but with hindsight I think it sent an important message to the Government from those 36 Members—plus two tellers, of whom I was one. The United States moving its position in subsequent months was also important. I think the change would have happened anyway, regardless of whether there was a Republican or a Democrat Administration. A combination of Back-Bench concern, quite rightly, and the United States’ understanding of the geopolitics being perhaps a little ahead of that of the United Kingdom and on a par with that of Australia helped to shape Ministers’ understanding of the problems.

I am slightly concerned that the situation came to this in the first place, because there were so many warning lights about Huawei’s deepening relationship with BT. My hon. Friend the Member for Totnes (Anthony Mangnall) spoke about Nortel. We must remember that Huawei had a supply contract with Nortel, during which time it hacked its way into Nortel’s systems and stole everything, like a parasite within a body. Nortel was one of the great, spectacular Canadian bankruptcies of the early 21st century. Why? Because it went into partnership with a business that deliberately collapsed it after stealing its IP. If that is not a lesson for us, it is difficult to know what is. Huawei never was and never will be a private firm. It is 99% owned by the Chinese state via trade unions. When I heard Ministers—not this Minister, but others—using the line about Huawei being a private company, I felt that it was a deeply naive thing for the Department to say.

Julian Lewis Portrait Dr Julian Lewis
- Hansard - - - Excerpts

Just for the record, a former Prime Minister said that as well, repeatedly.

Bob Seely Portrait Bob Seely
- Hansard - - - Excerpts

It was very concerning that those who govern us were calling a part and parcel of the Chinese state a private firm, which it clearly was not.

The Government claimed that Huawei could be safely limited to the periphery of the network. That is a dubious argument that is still being debated and is not believed by many experts in many other countries. Were there espionage issues with Huawei? Well, as my hon. Friend the Member for Wantage said, we do not expect a state threat to come from Sweden or Finland. But we do expect a potential threat to come from one-party totalitarian states such as China, Russia, Iran and North Korea. China is clearly one of those. So the Nortel example was a good one.

As we know, China has a dreadful reputation for intellectual property theft and cyber-attacks, so there were many reasons to be deeply concerned about what was happening in our relationship with Huawei. Yet at the same time it became incredibly powerful in this country. Why? Because it had a very aggressive lobbying network. It was throwing money at lobbyists and senior people who used to be at the heart of Government, at very senior levels. This really concerns me about the state of our democracy, and it is one reason that I would like to bring in a foreign lobbying Act. We need to have a much clearer idea of what those companies or oligarchs—those who act on behalf of other people and states—are up to in this country. We did not really know the extent of the Huawei lobbying operation.

John Hayes Portrait Sir John Hayes
- Hansard - - - Excerpts

My hon. Friend is painting a picture of a strategic view of China and other powers that has prevailed under successive Governments. It is born of a kind of determinism: “We can’t stop them, so we’ll have to live with them”. There is a predetermined inevitability about the domination of these states, and that is a misconception that needs to be challenged fundamentally, in the way in which he is doing so tonight.

Bob Seely Portrait Bob Seely
- Hansard - - - Excerpts

I look forward to being as eloquent and well dressed as my right hon. Friend one day. Before I come to the point that he mentioned on the need for a consistent approach and better understanding, let me say one more thing about Huawei.

A few other Members have touched on this matter: China’s human rights issues. The excellent Australian Strategic Policy Institute has presented credible evidence of significant human rights forced labour issues, with people from Xinjiang province being used not only by Huawei, but by other significant Chinese firms, or by firms producing goods for western consumer markets and western branded goods. This point brings us to the National Security and Investment Bill—although I know that we are not talking about that at the moment—and the need for a definition not only of national security, but of national interest as well. Do we really think it is in our national interest for us to be accepting slave labour products in this country, whether through Huawei—allegedly—or other firms, including well-known branded names? That human rights aspect is well worth playing up.

It seems clear that the China that we had all hoped for —indeed, the golden era that we were meant to welcome under David Cameron and George Osborne—is not the China that we are getting. We need to be realistic. When it comes to international relations, in the west we are effectively liberal internationalists. We take a positive view of humanity—maybe a liberal, rather than a conservative one, if one is being philosophical about these things, but a benign view of humanity. That is not necessarily shared by the hard-nosed realism school of thought that we see in Russia and China, which is much more of a zero-sum game: we win, you lose. China plays that more subtly than Russia, but there are enough similarities between the two that it should be of concern to us. We need a clearer understand that some people out there with whom we do business do not necessarily wish us well and do not wish our values well. Finally on that, we are stumbling towards that understanding, but we need a more consistent approach to how we deal with China, along the same lines of how we deal with Russia.  They are not the same—they are very different—but we have been forced to take a more consistent understanding of the Russian threat, and we need to do the same with China.

I congratulate the Minister on his work on the Bill. The “no new install” date is the key now, and that is why everyone is on side with the Bill. We need that September date, because it shuts down any alternatives for Huawei in the short term. We need a consistent approach, whether it is the Huawei Bill or the National Security and Investment Bill, across Government. This is one of the very small number of truly significant policy packages that we will have to get right in this country for the 21st century.

There are two choices for humanity this century. We can go down our route of open, broadly tolerant societies where people control their Governments—that free open model—or there is the closed model of totalitarian or one-party states, which are building up, with Huawei’s help, this Orwellian state, where the state knows what you are thinking before you do. That is not a good avenue for humanity to go down and, without being antagonistic and too hostile to other people, we need to defend our version of the future of humanity with a little more resolve.

21:26
Chi Onwurah Portrait Chi Onwurah (Newcastle upon Tyne Central) (Lab)
- Hansard - - - Excerpts

I start by thanking Members from all parts of the House for a well-informed debate with many impressive contributions. My first job as a hardware engineer was with Nortel, which has been mentioned by a number of Members. Having spent 23 years in the sector before entering the Commons, I am thrilled that the main debating chamber of our parliamentary democracy should spend so many hours dedicated to our telecommunications infrastructure. I regret that Members who wanted to take part in this debate, particularly from the Opposition Benches, and who could have done so remotely, were not able to do so because of an arbitrary decision by the Leader of the House.

However good the debate is, it cannot make up for the wasted decade under this Government. Successive Tory Governments have squandered the world-leading legacy position on broadband infrastructure left by the last Labour Government. Since then, we have seen delays in the roll-out of networks and the development of a dependency on high-risk vendors. The UK’s sovereign telecoms capabilities and our national security have been neglected, resulting in the Huawei debacle and ultimately this Bill.

My hon. Friend the Member for Cardiff Central (Jo Stevens) put it so eloquently: national security is the first duty of any Government, and Labour will always put that first. The point was made strongly by a number of Members, including the right hon. Members for New Forest East (Dr Lewis) and for Chingford and Woodford Green (Sir Iain Duncan Smith).

Given where we are, we support the aims of the Bill. National security should be the priority of any Government, and our telecommunications infrastructure is clearly critical to our defence, our security and our economic prosperity. That point was made by a number of Members, including the hon. Member for The Wrekin (Mark Pritchard).

We must make sure that we do not find ourselves in a similar position again and that our telecoms network and supply chain are resilient and protected in future, even, critically, as the geopolitical environment evolves. Our telecoms infrastructure lacks security and resilience. We have taken no steps to maintain or develop a sovereign communications capability, and the Government’s broadband strategy, if we can call it that, has far more U-turns, dither and delay than meaningful policies. We want to work with the Government to get issues of national security right, but the Bill is far from perfect.

Members have raised many issues, and I will focus on just three: cost, resource and diversification. I have found telecoms operators to be extremely responsive to the need to take action on the issue of, and in the cause of, national security and to replace high-risk vendors, but six months since the decision to strip out Huawei was finally made, we still do not know how the Government plan to achieve this. They seem to have decided that that is for the private sector to sort out.

The impact assessments, of which there are two, admit that the Government cannot figure out what the impact will be. They have chosen not to give operators any legal protection on existing contracts, but have again not quantified that impact. The Government are apparently happy to pass on the costs of their mistakes, indecision and poor planning to the operators, stating that the costs of removing Huawei are

“commercial decisions that are for the mobile operators to make.”

Yet clearly there was a failure Government here, as 5G security was not sufficiently safeguarded, in the ways that the right hon. Member for South Holland and The Deepings (Sir John Hayes) set out so clearly. Will there be a delay in 5G roll-out? Again, we are not clear, and depending on what is factored in, various research projects have found the costs to be anything from £6 billion to £18 billion. If the Government plan to leave this entirely to the mercy of the market, I would say that all the information-gathering skills Ofcom has will not give us an accurate integrated view of progress and effectiveness. There is no mention of working with local authorities to ease this or to make it quicker, cheaper or more effective.

I joined Ofcom in 2004, just a few weeks after it was born, when it was to be a light-touch regulator, small and nimble. Over the years, it has acquired responsibility for critical national infrastructure; the BBC; the Post Office; soon, we understand, the entirety of online harms; and now, it would appear, national security as well. As Members have pointed out, this Bill refers only to the Secretary of State and Ofcom when it comes to making these key decisions. Of the two, I have to say that I would have more confidence in Ofcom, but the Bill says very little about the resources or the skills that will be provided. This is a huge job, an issue that my right hon. Friend the Member for North Durham (Mr Jones) set out so clearly in what was a truly excellent contribution. One still has to ask: is it sufficiently well scoped? It is a huge job, but is it actually scoped? Is it the role of Ofcom to consider the security of our current networks, or should it be forward-looking? Members have set out what kind of a challenge that would be. Members also touched on the importance of human rights with regard to China’s record. How is that to play on national security decisions?

John Hayes Portrait Sir John Hayes
- Hansard - - - Excerpts

The real point about Ofcom is whether it acquires those skills or what the processes will be for it to access them from the intelligence community and the National Cyber Security Centre, which would seem to be a much more straightforward way of quickly tooling up to do the job the hon. Member describes.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the right hon. Member for that intervention, and indeed for his contribution to the debate. I agree with him, although I think that is something we need to work out and probe in Committee, because currently there is no reference to that, or no plan to do that. I think we should certainly be taking into account and using our existing resources, and we all know that these kinds of resources and skills are both expensive and hard to find at the moment. The right hon. Member makes an important point.

On 14 July, the Secretary of State, who is not in his place, said in this House that he had

“set out a clear and ambitious diversification strategy.”—[Official Report, 14 July 2020; Vol. 678, c. 1377.]

I asked him repeatedly over the summer when he would publish this clear strategy that he had already set out. Answer came there none, and I could only conclude that he had misspoken. However, I did think that today we would get that strategy, but unfortunately not. Yes, there is actually a diversification strategy, which has been published, but it is neither clear nor ambitious. It is far more concerned with bringing new vendors into the UK than with developing our sovereign technological capability. Indeed, as it diversifies opportunities for Nokia and Ericsson, we could call it an effective Scandinavian industrial strategy. Apart from a vague commitment to link the scale of home-grown suppliers to the Government’s broader growth and productivity agenda, there is no clear plan—no plan at all—to build UK sovereign capabilities, which the right hon. Members for Vale of Glamorgan (Alun Cairns) and for Bournemouth East (Mr Ellwood) emphasised as being important.

Just today, Mobile UK, the mobile operators industrial body, emphasised that the Bill and the 5G diversification strategy are intrinsically linked but not, it would appear, by the Government. The diversification strategy also does not refer to fibre, although the Bill applies to our fibre networks too and may impact the Government’s constantly shifting roll-out targets.

Network operators need to be confident in the maturity, performance, integration and security credentials of new vendors and technologies before they are deployed in their main networks. We agree with the Secretary of State that the Government can help accelerate that process, and in doing so there is potential to create opportunities for the UK to take the lead, as well as much-needed high-skilled jobs. The hon. Members for Totnes (Anthony Mangnall), for Strangford (Jim Shannon) and for Bracknell (James Sunderland) all agreed about the importance of diversification, but all the diversification strategy says about developing UK technology, jobs and capability is that it will be part of the industrial strategy, which we have yet to see. Clearly, we do not have a diversification strategy.

Kevan Jones Portrait Mr Kevan Jones
- Hansard - - - Excerpts

Does my hon. Friend agree the Bill will have to dovetail closely with the National Security and Investment Bill? If new developments were taken over by foreign entities, that could be a security risk as well. However, as we were told last week, the responsibility for that lies with the Department for Business, Energy and Industrial Strategy, not DCMS.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

My right hon. Friend makes an excellent point. He is absolutely right. The question of how the diversification strategy delivers home-grown capability and protects that as it grows and strengthens has been avoided.

As the shadow Secretary of State said, it is important that everyone can benefit from 5G, both in our technological capability and in using it. There is a digital divide in this country: 11 million adults lack one or more basic digital skills and 10% of households do not have internet access. 5G has the potential to increase digital inclusion, providing greater access to broadband. As the hon. Members for West Dorset (Chris Loder) and for Caithness, Sutherland and Easter Ross (Jamie Stone) highlighted, digital technology can be a great leveller, but we need to ensure that the infrastructure and skills base exist for everyone to take advantage of the opportunities it provides. Digital inclusion requires political will, urgent action and a Government who understand the importance of universal digital suffrage. Government interventions on that have been brief—not quite as brief as the intervention of the hon. Member for Tonbridge and Malling (Tom Tugendhat) in the debate, but far less eloquent.

As a chartered engineer, I want to finish by celebrating the potential of 5G, which can truly transform our businesses, our industries and our daily lives. It will not only vastly improve our connectivity and browsing experience but support new enabling technologies, from the internet of things to artificial intelligence. If the first industrial revolution was powered by engines, the fourth will be powered by data. As hon. Members have observed, 5G is essential for innovations from driverless cars to smart cities, and to addressing the climate emergency through monitoring and improving our energy efficiency. Some estimates predict that 5G could mean productivity savings for the UK of up to £6 billion a year on top of energy and waste reductions that internet of things devices could enable.

We must get this right. As we all agree, our national security is priceless, but until we see a detailed plan, a proper impact assessment and an industrial strategy, the Opposition will remain deeply concerned that the Government are not prepared to make the interventions necessary to ensure that our national security is safeguarded.

21:39
Matt Warman Portrait The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
- Hansard - - - Excerpts

I thank all Members for a well-informed and important debate. We have heard across the House that all Members believe that this Government should be putting national security at the very top of our agenda. That is what we are doing tonight. We are also putting forward a strategy that will allow the UK to derive all the benefits that we possibly can from all the enhanced digital reliance that we have seen across the country over the course of this pandemic and, of course, before it.

We have all heard this evening just how much connectivity matters and just how much our national security matters. We heard upwards of 20 speeches, which clearly demonstrated the critical importance of the security of our telecoms networks, especially as we move into the next phase of digital connectivity. As the Secretary of State has said, this Bill will raise the security bar across the board. It will provide us with the capabilities that we need to protect ourselves from a range of threats, both now and in the future. I am pleased that the Bill has support across the House. It is clear that we are all keen to put the UK’s national security interests first.

I hope that Members are reassured that the Government are taking these issues seriously. A number of Members referred to the Huawei interest group. Much as I have enjoyed being the subject of the Huawei interest group’s interest, I am glad that we have come to a position that has been welcomed across the House. The Government have taken steps today both to lay out our diversification strategy—an important £250 million commitment that is detailed and has real potential to see British companies grow in the way that my right hon. Friend the Member for Vale of Glamorgan (Alun Cairns) identified—and to publish illustrative designations and directions demonstrating the transparency that many Members across the House have asked for. Through that, I think we have demonstrated our commitment to dealing with the risks to our networks and the national security threats that come from high-risk vendors.

I turn to some of the points that have been raised in the course of the debate. The first, which was raised across the House, is the important matter of human rights. We want respect for human rights to be at the centre of all business that takes place in this country. These are vital issues that go much wider than telecoms. A number of Members rightly pointed out that the Telecommunications (Security) Bill will be focused on matters related to telecommunications and security, but of course we have serious concerns about the human rights situation in Xinjiang, including the extrajudicial detention of over 1 million Uyghur Muslims and other minorities in political re-education camps, systematic restrictions on Uyghur culture and the practice of Islam, and extensive invasive surveillance targeting minorities.

Where China is not meeting its obligations under international law, the UK Government will continue to speak out publicly. Indeed, the 30 June formal statement that the UK read out on behalf of 28 countries at the UN Human Rights Council highlighted arbitrary detention, widespread surveillance and restrictions targeting ethnic minorities. The Government published their response to the consultation on transparency in supply chains in September, and we are committed to taking forward an ambitious package of changes to strengthen and future-proof the transparency provisions in the Modern Slavery Act 2015. While, as many have said, issues of human rights are not matters directly for this Bill, they are acutely important, and Britain will continue to take that leading role.

Iain Duncan Smith Portrait Sir Iain Duncan Smith
- Hansard - - - Excerpts

I hear what my hon. Friend says, but surely he would concede that, as this Bill deals specifically with vendors and the vendors are themselves located, originally, in countries that may have been guilty of these abuses of whatever nature, should those companies be found to be using slave labour—such as some that are already referenced in this Bill—that would be a reason not to have them. Would he not think that they were high-risk vendors for the very simple reason that they abused those human rights?

Matt Warman Portrait Matt Warman
- Hansard - - - Excerpts

As I said earlier, we would want to apply those standards not just to telecoms companies but to the garment industry and in a host of other areas where we know that there is the potential for similar abuses. I absolutely hear what my right hon. Friend says, but Britain can do better than focus simply on the relatively narrow aspect of telecoms.

Bob Seely Portrait Bob Seely
- Hansard - - - Excerpts

I hear what the Minister is saying, but I wish to follow up the point made by my right hon. Friend the Member for Chingford and Woodford Green (Sir Iain Duncan Smith). If the debate on this Bill is not the place to discuss human rights, I get that, but we are also told that the debates on the National Security and Investment Bill are not the place to discuss human rights. I may get that as well, but the Government need to say where significant national interest concerns that are outside national security can be addressed. We talk the talk on human rights an awful lot in this country and this Parliament, but we have to put some trousers on that, I think.

Matt Warman Portrait Matt Warman
- Hansard - - - Excerpts

I am not going to engage too heavily with my hon. Friend’s trousers, but I will say to him that, as I said a minute ago, we are committed to taking forward an ambitious package of changes to strengthen and future-proof the Modern Slavery Act 2015, and that is one of several significant avenues that are open to him.

On the important matter of diversification, the telecoms supply chain review asked how we can create sustainable diversity in our telecoms supply chain. That question is addressed by the new diversification strategy that we published today, which is crucial to ensuring that we are never again in a situation in which we are dependent on just a handful of vendors who supply the networks on which so many of us have come to depend. I wish to spend a little time on this issue. The Government have been working at pace to develop the 5G supply chain diversification strategy, which sets out a clear vision for a healthy, competitive and diverse supply market for telecoms and the set of principles that we want operators and suppliers to follow.

The strategy is built around three key strands: first, securing incumbents; secondly, attracting new suppliers; and thirdly, accelerating the development and adoption of open and interoperable technologies across the market. That is why, in the diversification strategy that we published today, we commit to exploring commercial incentives for new market entrants as we level the playing field; to setting out a road map to end the provision of older legacy technologies that create obstacles for new suppliers; and to investing in R&D to grow a vibrant and thriving telecoms ecosystem here in the UK.

I say gently to the hon. Member for Newcastle upon Tyne Central (Chi Onwurah) that we have directly addressed a number of the issues that she raised in Westminster Hall last week. I look forward to engaging with her more on the strategy because it is important that we should work together to try to make sure that we all derive the benefits of a serious £250 million Government commitment that will drive early progress and ensure that our 5G diversification strategy not only bolsters the resilience and security of our digital infrastructure but creates opportunities for competition, innovation and prosperity.

John Hayes Portrait Sir John Hayes
- Hansard - - - Excerpts

It is wonderful that the strategy has emerged, but will my hon. Friend be just as clear about legislative change associated with that strategy? I understand that a further Bill may come forward; given the urgency of this issue and the concentration that his Department is applying to the strategy, when can we expect that legislation?

Matt Warman Portrait Matt Warman
- Hansard - - - Excerpts

We do not anticipate legislation as a direct result of the diversification strategy, but of course there are other important avenues to explore as part of the broader industrial strategy. A lot of what is in the diversification strategy does not need to be delayed by the legislative programme, and I think my right hon. Friend would welcome that.

A number of Members raised the role of Ofcom. Ofcom will monitor, assess and enforce compliance with the new telecoms security framework that will be established by the Bill. It will report on compliance to the Secretary of State alongside publishing the annual reports that he mentioned on the state of the telecoms security sector. I want to be absolutely clear: we have had productive conversations with Ofcom already. Ofcom will continue to have the resources it needs. We appreciate that those needs will be affected by the changes that we are bringing in today, and we will agree their precise nature with Ofcom. We will make sure that Ofcom has all the security clearance that it needs to do the job, and all the resources, external or otherwise, to do the job, because this is an important new power.

Ofcom may also play a role in gathering and providing information relevant to the Secretary of State’s assessment of a provider’s compliance with a designated vendor direction, and it may also be directed to gather further information to comply with the requirements specified in a direction. The Bill already enables Ofcom to require information from providers and, in some circumstances, to carry out inspection of the provider’s premises or to view relevant documents. Ofcom’s annual budget, as I say, will be adjusted to take account of the increased costs it will incur due to its enhanced security role.

Let me turn to a couple of issues raised by the hon. Member for Newcastle upon Tyne Central. We will of course be working with local authorities and with networks to minimise any disruption, but we do not anticipate that the decisions that we have made over the past few months will have a direct impact on existing commercial decisions. As the Secretary of State said, we do not expect the two to three-year delay to be extended by what we have said today, but we will keep in close contact with the networks and continue to make sure that we do everything we can to remove the barriers to the roll-out of the networks as far as we possibly can. I do, however, expect companies to do as much as they can to minimise the effects. These are commercial decisions that have been made by companies over a number of years. We have already seen, as a result of the Government’s approach over the past few months, significant changes to decisions. I welcome the neutrORAN project that my right hon. Friend the Member for Vale of Glamorgan mentioned, as well as a number of others that have been taken by networks that already see important changes to how they procure their networks.

Kevan Jones Portrait Mr Kevan Jones
- Hansard - - - Excerpts

The Minister has introduced the September 2021 date after which no new Huawei or high- risk vendor equipment can go into the networks. What will happen to those companies that perhaps have stock of Huawei equipment or entered into contracts thinking that they could implement them before September 2021 and will now have to be told that they cannot? Would they actually lose a lot of money?

Matt Warman Portrait Matt Warman
- Hansard - - - Excerpts

Those decisions, as I said, were taken in the context of the environment that people were already well aware of, and they are taken at a degree of commercial risk. However, we have worked closely with the networks to ensure that there will be no additional delays as a result of this decision. I think it is the right thing that puts national security at the absolute heart of our programme, but it also does that in the context of not jeopardising the clear economic benefits and the clear practical benefits of improving connectivity across the country that we would all like to see.

On the emergency services network, we anticipate that these announcements concerning Huawei will have a very low impact on the emergency services network. We do not anticipate any impact on the programme schedules. There is some Huawei equipment in the EE part of the emergency services dedicated core network that EE is already working towards removing.

Let me cover one other aspect raised by the Chair of the Intelligence and Security Committee, my right hon. Friend the Member for New Forest East (Dr Lewis). I look forward—maybe that is not quite the right phrase—to appearing before the ISC in the next few days. We will always co-operate with it, and I am very happy to work with it on the best way to balance the obvious requirement between transparency and national security, although we would always seek to be as transparent as we possibly can be within those important bounds.

Julian Lewis Portrait Dr Julian Lewis
- Hansard - - - Excerpts

I did ask a few questions. If the Minister cannot answer them now, by all means he should write to me. However, I am concerned about a situation where, for example, a former leader of the Conservative party and former Prime Minister has a major role in the China belt and road funding operation. How secure will Government be against lobbying of people with that sort of connection and prominence?

Matt Warman Portrait Matt Warman
- Hansard - - - Excerpts

I will simply say that the Government will always put our national security interests first, and of course we are always alive to the commercial interests of the companies that seek to engage with us in this matter or any other. I look forward to further engaging with my right hon. Friend and his Committee.

To conclude, this Bill does not simply produce a framework that will address one particular company or even one particular country. It sets up the futureproof regime that will allow us to deal with the company that we have spoken about so much this evening and also its successors in successor networks. The intention of this legislation is to persist well beyond the current challenges that we face. I am glad that it commands the support we have seen across the House. I am immensely grateful for what has been a genuinely well-informed debate and one that I look forward to carrying on in Committee. The Telecommunications (Security) Bill will create one of the toughest telecoms security regimes in the world. It will enable us to protect our national telecoms infrastructure, and it is also a chance for the UK to become the world leader in the development of new 5G technology that we all know we can be.

Question put and agreed to.

Bill accordingly read a Second time.

Telecommunications (Security) Bill (Programme)

Motion made, and Question put forthwith (Standing Order No. 83A(7)),

That the following provisions shall apply to the Telecommunications (Security) Bill:

Committal

(1) The Bill shall be committed to a Public Bill Committee.

Proceedings in Public Bill Committee

(2) Proceedings in the Public Bill Committee shall (so far as not previously concluded) be brought to a conclusion on Tuesday 19 January 2021.

(3) The Public Bill Committee shall have leave to sit twice on the first day on which it meets.

Proceedings on Consideration and up to and including Third Reading

(4) Proceedings on Consideration and any proceedings in legislative grand committee shall (so far as not previously concluded) be brought to a conclusion one hour before the moment of interruption on the day on which proceedings on Consideration are commenced.

(5) Proceedings on Third Reading shall (so far as not previously concluded) be brought to a conclusion at the moment of interruption on that day.

(6) Standing Order No. 83B (Programming committees) shall not apply to proceedings on Consideration and up to and including Third Reading.

Other proceedings

(7) Any other proceedings on the Bill may be programmed.—(David T. C. Davies.)

Question agreed to.

Telecommunications (Security) Bill (Money)

Queen’s recommendation signified.

Motion made, and Question put forthwith (Standing Order No. 52(1)(a)),

That, for the purposes of any Act resulting from the Telecommunications (Security) Bill, it is expedient to authorise any increase attributable to the Act in the sums payable under any other Act out of money so provided.—(David T. C. Davies.)

Question agreed to.

Telecommunications (Security) Bill (Ways and Means)

Motion made, and Question put forthwith (Standing Order No. 52(1)(a)),

That, for the purposes of any Act resulting from the Telecommunications (Security) Bill, it is expedient to authorise provision requiring public communications providers to pay certain costs incurred by the Office of Communications.—(David T. C. Davies.)

Question agreed to.

Telecommunications (Security) Bill (Carry-over)

Motion made, and Question put forthwith (Standing Order No. 80A(1)(a)),

That if, at the conclusion of this Session of Parliament, proceedings on the Telecommunications (Security) Bill have not been completed, they shall be resumed in the next Session.—(David T. C. Davies.)

Question agreed to.

Consideration of Bill, as amended in the Public Bill Committee
New Clause 1
OFCOM’s Annual Report
(1) The Communications Act 2003 is amended as follows.
(2) After section 105Z29 insert—
“105Z30 OFCOM’s Annual Report
(1) Every report under paragraph 12 of the Schedule to the Office of Communications Act 2002 (OFCOM’s annual report) must include a statement on—
(a) the adequacy of OFCOM’s resourcing in fulfilling its functions under the amendments made to this Act by the Telecommunications (Security) Act 2021;
(b) OFCOM’s determination of the adequacy of measures taken by network providers in the previous 12 months to comply with sections 105A and 105B of the Communications Act 2003 and regulations made thereunder; and
(c) OFCOM’s assessment of emerging or future areas of security risk based on its interrogation of network providers’ asset registries.
(2) The statement required by subsection (1)(a) must include an assessment of—
(a) the adequacy of Ofcom’s budget and funding;
(b) the adequacy of staffing levels in Ofcom;
(c) any skills shortages faced by Ofcom.”—(Chi Onwurah.)
This new clause introduces an obligation on Ofcom to report on the adequacy of their resources and assess the adequacy of the annual measures taken by telecommunications providers to comply with their duty to take necessary security measures. It also requires Ofcom to assess future areas of security risk based on its interrogation of network providers’ asset registries.
Brought up, and read the First time.
14:34
Chi Onwurah Portrait Chi Onwurah (Newcastle upon Tyne Central) (Lab) [V]
- Hansard - - - Excerpts

I beg to move, That the clause be read a Second time.

Rosie Winterton Portrait Madam Deputy Speaker (Dame Rosie Winterton)
- Hansard - - - Excerpts

With this it will be convenient to discuss the following:

New clause 2—Provision of information to the Intelligence and Security Committee—

“The Secretary of State must provide the Intelligence and Security Committee of Parliament as soon as is reasonably practicable with a copy of—

(a) any direction or notice (or part thereof) that is withheld from publication by the Secretary of State in the interests of national security in accordance with section 105Z11(2) or (3) of the Communications Act 2003;

(b) any notification of contravention given by the Secretary of State in accordance with section 105Z18(1) of the Communications Act 2003;

(c) any confirmation decision given by the Secretary of State in accordance with section 105Z20(2)(a) of the Communications Act 2003;

(d) any reasons for making an urgent enforcement direction that are withheld by the Secretary of State in the interests of national security in the accordance with section 105Z22(5) of the Communications Act 2003; and

(e) any reasons for confirming or modifying an urgent enforcement direction that are withheld by the Secretary of State in the interests of national security in accordance with section 105Z23(6) of the Communications Act 2003.”

This new clause would ensure that the Intelligence and Security Committee of Parliament is provided with any information relating to a designated vendor direction, notification of contravention, urgent enforcement action or modifications to an enforcement direction made on grounds of national security.

New clause 3—Network diversification—

“(1) The Secretary of State must publish an annual report on the impact of progress of the diversification of the telecommunications supply chain on the security of public electronic communication networks and services.

(2) The report required by subsection (1) must include an assessment of the effect on the security of those networks and services of—

(a) progress in network diversification set against the most recent telecommunications diversification strategy presented to Parliament by the Secretary of State;

(b) likely changes in ownership or trading position of existing market players;

(c) changes to the diversity of the supply chain for network equipment;

(d) new areas of market consolidation and diversification risk including the cloud computing sector;

(e) progress made in any aspects of the implementation of the diversification strategy not covered by subsection (a);

(f) the public funding which is available for diversification.

(3) The Secretary of State must lay the report before Parliament.

(4) A Minister of the Crown must, not later than two months after the report has been laid before Parliament, make a motion in the House of Commons in relation to the report.”

This new clause requires the Secretary of State to report on the impact of the Government’s diversification strategy on the security of telecommunication networks and services, and allow for a debate in the House of Commons on the report.

Amendment 1, in clause 14, page 21, line 27, at end insert—

“(3) The Secretary of State must, in the process of carrying out reviews and drafting subsequent reports, consult the appropriate ministers from the devolved governments.”

Chi Onwurah Portrait Chi Onwurah
- Parliament Live - Hansard - - - Excerpts

It is a great pleasure to speak in this debate on Report. As I may have mentioned before, I am a chartered electrical engineer; before I entered Parliament, I worked for 20 years helping to build out the networks—fixed wireless and mobile—that became the internet. I am proud of that work and of the immense contribution that the telecommunications sector makes to our society, our economy and our security.

I am very pleased that today we are dedicating parliamentary time to our telecommunications sector. I thank all Members across the House who served on the Bill Committee for our many hours of fruitful debate as we strove to secure improvements to the Bill. I also thank the officials of this House, particularly in the Public Bill Office and the Library, who have provided such excellent support.

I declare an interest: many provisions in the Bill deal with the regulator Ofcom, and my last telecommunications role was with Ofcom. I joined it in 2004 just a few weeks after it was born, when it was to be a light-touch regulator, small and nimble. As a consequence of my time in the sector, I have been calling for greater security, particularly for our mobile networks, since I first entered this place in 2010.

The Labour party and I welcome the intention behind the Bill, but a number of areas in it need to be addressed. We are here today because of the Huawei debacle of the Government’s making. The Government have been forced to require the removal of Huawei, at an estimated cost of £2 billion and a delay of two to three years to our 5G roll-out, after overseeing Huawei’s rapid rise to be the foremost supplier to the telecoms company that carries our country’s name and universal service obligation: British Telecom.

The telecoms supply chain review found that there were no incentives for our mobile network operators to provide secure networks. Moreover, successive Tory Governments have squandered the world-leading position on broadband infrastructure left to them by Labour in 2010, as the United Kingdom has fallen down the league table from 27th to 47th in the world for average internet speeds. This lack of sovereign capability and absence of an effective telecoms strategy has resulted in our dependency on high-risk vendors, which the Bill seeks to address.

I am sure that you will be pleased to know, Madam Deputy Speaker, that I will not repeat the same arguments on Huawei that have dominated the debate over recent years. Given where we are now, we support the aims of the Bill. National security is the first duty of any Government, and Labour will always put national security first. Our telecoms infrastructure is clearly critical to our defence and security, as well as our economic prosperity.

We agree that, as the Bill sets out, the Secretary of State should have powers to designate vendors of concern and require mobile network operators to take appropriate action, and that Ofcom should have the power to monitor and enforce those directions. However, we wish to improve the Bill in three key areas, which our new clauses 1, 2 and 3 seek to address.

The first area is national security. Labour prioritises national security, and the sweeping powers that the Bill gives the Secretary of State must be used in the interests of securing our critical national infrastructure. Removing Huawei does not, in and of itself, make our networks secure now or protect them against future threats; that requires a number of additional measures, some of which are in the Bill and some of which are not. For a start, if our telecoms network is to be secure, there must be expert democratic oversight of the measures that make it secure—yet the Bill makes no provision for Parliament’s experts, the Intelligence and Security Committee, to be informed or consulted. We want to fix that.

Secondly, the security of our network depends on an effective plan to diversify the supply chain. We are very concerned that the Bill does not even mention diversification and thus risks short-changing our national security, our technological sovereignty and our telecoms infrastructure. We want to ensure that progress is made in diversification as a prerequisite for the security of the telecoms network and a UK sovereign capability should be a part of that.

Thirdly, the Bill gives many new responsibilities and powers to Ofcom. That follows a vast expansion of Ofcom’s remit over the past 10 years. We want to make sure that Ofcom is appropriately resourced to carry out its duties and to be forward looking, not simply looking back.

One of the great failings of the Bill is that the Government are so fixated on fighting the last battle—the Huawei battle—they are not looking to the future. That is, in part, because various Government Back-Bench Members have very real concerns about the rise of China and its influence on our infrastructure. But these concerns, however well justified, seem to be blinding the Government to threats that are not Chinese in origin. We want to fix that. We want Ofcom to have the resources and the will to monitor the evolution of our telecoms networks, so that future threats, wherever they come from, can be identified and we do not find ourselves forced, as we are now, to make a huge change to our networks, at a huge cost to our economy.

I turn to new clause 1. As I said in my opening remarks, I joined Ofcom in 2004 when it was in its infancy as a slimline regulator. I kept a copy of the Communications Act 2003 on my desk. Since then, that Act has already doubled in size as Ofcom has acquired responsibility for critical national infrastructure: the BBC; the Post Office; online harms—that Bill is coming down the road; and, in this Bill, parts of national security as well. This latest expansion of Ofcom duties will necessarily add a strain not only to its budget, but to its resources. In January, in response to my written question, the Government stated that Ofcom would have the resources that it needs to do the job, in which case the Minister should be keen to support new clause 1, which requires Ofcom to report on the adequacy of its resources in fulfilling its functions under the amendments made in the Bill.

Ofcom lacks experience in national security measures—this was discussed during the evidence stage—and the expansion of duties will require the recruitment of people with the required level of security clearance and experience. That is not going to be easy, as we heard during the evidence sessions. Emily Taylor of Oxford Information Labs said that Ofcom

“will have to acquire a very specific set of skills and capabilities and that will require substantial investment and learning as an organisation”.––[Official Report, Telecommunications (Security) Public Bill Committee, 19 January 2021; c. 72, Q84.]

These skills are rare. The memo from the Minister, for which I am grateful, sets out how Ofcom and the National Cyber Security Centre will work. While it is welcome that they will work together, it did not provide the reassurance that we need. Indeed, it suggests that Ofcom will be entirely dependent on the NCSC for cyber skills and therefore, presumably, unable to understand the advice that it receives from the organisation.

New clause 1 requires Ofcom to report annually on the adequacy of measures taken by network providers to comply with changes introduced in the Bill, empowering the Government to track the effectiveness of the legislation. However, new clause 1 does more than that. It ensures that Ofcom has the human and informational resources to be forward looking. As I said, we are concerned that the Bill is backward looking and does not look to future threats. New clause 1 requires Ofcom to provide an assessment of emerging or future security risks based on its interrogation of network providers’ asset registers.

I am pleased that the Government are taking steps—as I understand it from the Minister—to formalise existing best practice in the telecoms sector and ensure that national providers maintain asset registers. I can tell Members that that has not always been the case. As the Minister said during the Committee stage, asset registers are an

“important part of the existing landscape”––[Official Report, Telecommunications (Security) Public Bill Committee, 21 January 2021; c. 162.]

But I ask him: why does he not take this further? We need to ensure that we have a good understanding of our national assets and so can assess emerging threats. Doing so would have made Huawei’s dominance visible earlier and it would now enable warning signs of future concerns—and there are future concerns. Again, Emily Taylor said:

“I feel a little like we have been fetishising 5G and a single company for the last two years, perhaps at the expense of a more holistic awareness of systemic cyber-security risks… Healthcare systems probably would not have been top of the list two years ago, but now they are. The SolarWinds attack shows that the identity of the vendor is not always the key risk point. SolarWinds is a very trusted vendor from a like-minded, close ally country, and yet it turns out to be a critical single point of failure across key, very sensitive Government Departments, both in the US and the UK.––[Official Report, Telecommunications (Security) Public Bill Committee, 19 January 2021; c. 74, Q88.]

So I want the Minister to consider that in his response on this proposal.

14:45
I also ask the Minister to consider another very real possibility. As our networks evolve, key functionality moves from chips into software that will be running in the cloud. Our cloud infrastructure is dominated by one vendor, Amazon Web Services, whose cloud services cross-subsidise the retail services we are more familiar with and with which so many of our high street names are unable to compete. So in the near future it might be that although we think we have three, or four, or five separate mobile 5G networks, they would all, in effect, be running over one vendor, AWS. That would be a single point of failure were AWS to be bought by a hostile country or, as in the case of SolarWinds, even were it just to be hacked by a hostile operator, yet without this new clause I fail to see how the Bill would ensure we had warning of that. There is no requirement on Ofcom to assess how each network provider, and their supply chains, is evolving in its network architectures and the threat to our network security that follows. As is becoming a recurring theme with this Government’s approach to telecoms security and elsewhere, including to online harms, they appear capable of recognising a threat once it is here but incapable of putting in place the infrastructure to anticipate threats and protect our citizens accordingly. New clause 1 is designed to address that.
New clause 2 is designed to improve the Bill by ensuring greater scrutiny, focus and transparency, and addressing the deepening hole in accountability presented by the Government. As I have said, Labour have consistently supported the need for this Bill. Our approach has been to push for the change necessary to address security threats and, specifically, to allow the broad powers of intervention that this Bill gives the Secretary of State, while ensuring that those powers are overseen by Parliament.
This Bill provides substantial powers on national security to the Department for Digital, Culture, Media and Sport, a Department that lacks expertise, experience and understanding in matters of national security. New clause 2 would ensure that the Intelligence and Security Committee was provided with information relating to a designated vendor direction, notification of contravention, urgent enforcement action or modifications to an existing enforcement direction made on grounds of national security by the Secretary of State as soon as is reasonably possible. During proceedings in this House and in the other place on the Bill that became the National Security and Investment Act 2021, we tried time and again to ensure ISC oversight of national security issues, with support from across the House and in the other place. The Government seem to have a blind spot here, and I hope the Minister will not put ideology before national security today.
In Committee, on 26 January, the Minister said that the ISC is the appropriate place to discuss matters of national security and talked about the unique role it plays in assessing security implications, so I hope he is not going to pretend that the occasional letter from himself to the ISC will provide the appropriate level of debate. The Under-Secretary of State for Business, Energy and Industrial Strategy did try that during the National Security and Investment Bill debate, but the Chair of the ISC, the right hon. Member for New Forest East (Dr Lewis), who I note is down to speak in this debate as well, made short work of him. and I hope the telecommunications Minister will not follow in his footsteps.
Most of the testimonies during the passage of both the National Security and Investment Act and this Bill have emphasised how national security threats are evolving, how the bad guys do not stand still, and how technology is becoming more and more important in every sphere of activity. Yet instead of responding, the Government stick to the same old ways. I urge the Minister to accept new clause 2.
On our new clause 3, on diversification, we believe that it is right to remove high-risk vendors from the UK’s networks and enable Government to designate vendors and require telecoms operators to comply with security requirements. However, our networks will not be secure if the supply chain is not diversified, as dependency is simply shifted to another point of failure. New clause 3 would require that network diversification be reported on annually. The Government claimed to recognise this point, and indeed set up the telecoms diversification taskforce over nine months ago. I have voiced concerns that this taskforce does not represent our whole country, or even the telecoms sector, but I welcome the report it published in April that identified the lack of joined-up thinking across Government as a potential barrier to diversification, with 20 different initiatives across different Departments that could contribute to diversifying the sector but had no effective overall responsibility or accountability. I hope the Minister will address that in his comments.
But the taskforce has yet to actually do anything, fund anything or get anything going. Nine months may not be long in ministerial terms, although not all Ministers last that long, but it is an age in technological terms. If the taskforce is going to move at this glacial speed, then we will have a single supplier telecoms supply chain embedded in our telecoms infrastructure within the next five years. Answers to parliamentary questions I have submitted show that none of the £250 million allocated to the taskforce has been spent, or earmarked, but we know there are small start-up suppliers in this sphere desperate for funding. We have innovative small businesses crying out for investment in Wales and the north-east, to name just two centres of excellence, so where is the investment to secure the future of these small businesses? Without it, the Government will not be able to achieve a diverse and resilient network.
That is why, as new clause 3 sets out, we need a reporting mechanism on network diversification, which is not mentioned in the Bill at all. Government inaction is putting our national security at risk. As I said, the 2019 telecoms supply chain review stated that there is
“a lack of incentives to manage security risks to an appropriate level”.
The Bill does not address that fully. During the evidence sessions, Emily Taylor stated that the Bill was very much
“at the stick end rather than the carrot end”. ––[Official Report, Telecommunications (Security) Public Bill Committee, 19 January 2021; c. 76, Q91.]
Dr David Cleevely was clear that
“you need both carrot and stick on things like this.”––[Official Report, Telecommunications (Security) Public Bill Committee, 19 January 2021; c. 118, Q156.]
Yet so far we have seen no investment to support a diversified supply chain. The Opposition have argued throughout the Bill’s passage that the sweeping powers that it affords to the Secretary of State and Ofcom must be put under proportionate scrutiny. In addition to the scrutiny of the ISC, the new clause would enable that, because it would bring about a debate in the House updating it on the progress to and barriers faced in network diversification. The new clause would therefore provide accountability for the diversification strategy’s progress and lead to real action, not just talk.
We cannot have a secure network with only two service providers, and the removal of Huawei leaves the UK with, effectively, only two service providers. Reliance on two providers creates “an intolerable resilience risk”. Those are not my words but the words of the Secretary of State. The chief technology officer of BT Group, the director of emerging technology at Ofcom and the former head of cyber-security at GCHQ all think that reliance on only two providers presents a risk, yet the lack of a link between the diversification strategy implementation and the security of our telecoms networks is an ongoing cause for concern. Now we have the opportunity to put that right. We need a diversified supply chain, and that means diversity of supply at a different point in the supply chain and that different networks will not all share the same vulnerabilities of a particular supplier. That is incredibly important for network resilience.
The new clause provides a reporting requirement that is simply not there in the Bill, although the entire success of the Bill depends on diversification. I hope that the Minister will take this opportunity to correct that.
Finally, I want to say a few words about the Scottish National party’s amendment 1. It requires the Secretary of State to consult leaders of the devolved nations when carrying out reviews or drafting reports required in the Bill. Given that telecoms is not a devolved issue, I would hope that consultation with the relevant Ministers of the devolved nations was a regular occurrence. Following the success of the Welsh Labour Government’s superfast Cymru project and the above-average level of fibre connections to Welsh homes, I hope that the Government would listen closely to any advice offered them on telecoms roll-out.
The Labour party recognises that our telecoms networks will never be safe and secure unless every region and nation of the United Kingdom has a say in how we build out our networks. Under this Government, nine of the 10 worst connected constituencies in the United Kingdom are all in Scotland; if the Government ever wish to reach their broadband and 4G rural broadband connectivity targets, they must address connectivity blackspots in every nation.
A fundamental characteristic of being part of our United Kingdom is that there is a pooling and sharing of resource. Therefore, roll-out targets in the UK must apply to the whole of the UK—not just new Conservative constituencies or those that have the Minister’s WhatsApp details. The devolved nations should be consulted when key infrastructural decisions are being made, so Labour is pleased to support the amendment.
I will finish now by celebrating the potential of the UK telecoms sector and the benefits that digital innovation and effective government can provide to all our lives. If the first industrial revolution was powered by engines, the fourth is driven digitally. The Bill is an opportunity to set in motion a bright future for British telecoms, creating an environment in which telecoms providers, including a sovereign UK capability, with the right subsequent Government support, can grow and thrive.
Unlocking the potential of 5G will not only vastly improve our connectivity and web experience but support new enabling technologies—from the internet of things to artificial intelligence. But that will not happen by accident; it requires political will. We must get this right, and without oversight, diversification and an appropriately resourced regulator we cannot get it right.
As we all agree, our national security is priceless, but until we see a detailed plan, a proper impact assessment and an industrial strategy, we in the Labour party will remain deeply concerned that the Government are not prepared to make the interventions necessary to ensure that our national security is safeguarded. I encourage everyone to support our new clause and take the necessary steps towards unlocking the UK’s digital potential.
Julian Lewis Portrait Dr Julian Lewis (New Forest East) (Con)
- Parliament Live - Hansard - - - Excerpts

The shadow Minister is a considerable specialist in this field; I particularly endorse what she says about the importance of a non-partisan approach to national security in this and other legislation. As noted on Second Reading, the Intelligence and Security Committee of Parliament has long been concerned about the security of the UK’s telecommunications networks. Our 2013 report “Foreign Involvement in the Critical National Infrastructure” identified serious failings in the way that successive Governments had managed the entry of foreign telecommunications companies into the UK market—Huawei especially—and we urged the Government not to sacrifice security in the pursuit of investment when it came to our critical national infrastructure.

15:00
The Committee therefore welcomes this Bill, and the additional safeguards it provides. In presenting it on Second Reading, the Secretary of State assured the House:
“We are clear-eyed about putting national security first. If national security and economic interests are in conflict with each other, national security comes first.”—[Official Report, 30 November 2020; Vol. 685, c. 74.]
That was a considerable advance on the coalition’s complacent response to our CNI report, which committed the then Government to do no more than “balance” economic prosperity with national security considerations. This change of approach and the Bill itself are thoroughly good news from the perspective of the ISC. Both the Secretary of State and the Minister, my hon. Friend the Member for Boston and Skegness (Matt Warman), have been exemplary in reaching out to the ISC, and what I am about to say in no way reflects on them.
The problem with this legislation lies not in what has been included in the Bill, but in what has been left out of it in terms of scrutiny. The Bill grants significant new powers to the Secretary of State to designate certain vendors as high risk, and to direct telecoms providers to abide by certain requirements about the use of equipment from such designated vendors. When the Secretary of State issues, varies or revokes a designation notice or a designated vendor direction, he will lay it before Parliament, except when this would be contrary to national security. That is entirely reasonable. None of us would want the Government to publish information that would damage national security; that would not be in the national interest. However, as in the case of the recent National Security and Investment Act 2021, it does mean that there is a significant gap in Parliament’s oversight of these new powers. That should concern Members on both sides of the House.
The logical solution would be for any designation notices or designated vendor directions that cannot be laid before Parliament for security reasons to be provided to the ISC, the body that was expressly created by Parliament to scrutinise national security issues that cannot be laid before Parliament. As Members will know, the ISC is the only Committee of Parliament that has regular access to protectively marked information that is highly classified for national security reasons. Amendments to provide for such scrutiny were tabled in Committee, but sadly, the Government did not support the principle behind them for reasons that are—I am sorry to say—entirely unpersuasive.
It is both puzzling and exasperating that the Government are yet again refusing to use the Intelligence and Security Committee for the purpose for which it was created. As I reminded the House on 26 April during consideration of Lords amendments to the National Security and Investment Bill, paragraph 8 of the memorandum of understanding between the Government and the ISC categorically asserts:
“The ISC is the only committee of Parliament that has regular access to protectively marked information that is sensitive for national security reasons: this means that only the ISC is in a position to scrutinise effectively the work of the Agencies and of those parts of Departments”,
such as the Department for Digital, Culture, Media and Sport,
“whose work is directly concerned with intelligence and security matters.”
New clause 2, tabled by the Opposition, would fix the problem in this instance, but there is no sign of the Government’s being willing to accept it. I regret that: we should not be knowingly passing legislation that has holes in it. The Government should not be creating new powers, or new units within Departments—as in the case of the National Security and Investment Act—without providing for effective parliamentary oversight of them. As previously explained in considerable detail on 26 April, it is a physical impossibility for departmental Select Committees to fulfil that role, lacking as they do STRAP-indoctrinated and cleared staff and secure facilities, even if individual members may—very occasionally—be shown something classified.
Neither do assurances by the Government that the ISC is welcome to ask for information related to its remit from non-traditional national security Departments, such as BEIS, or in this case DCMS, offer any comfort. During the passage of the National Security and Investment Bill, Ministers repeatedly emphasised that
“there are no restrictions on the ISC requesting further information from the unit",
in that case the BEIS investment and security unit,
“or the Secretary of State where it falls under the remit of that Committee.”––[Official Report, National Security and Investment Public Bill Committee, 26 April 2021; c. 166.]
However, when we recently did precisely that and asked BEIS for information related directly to our remit, we received a response that was so dismissive as to border on the contemptuous.
The ISC was created by Parliament to oversee national security matters on its behalf. It should not be for the Government to deny Parliament’s intent. Paragraph 8 of our memorandum of understanding with the Prime Minister explicitly confirmed that that oversight extends to
“those parts of Departments whose work is directly concerned with intelligence and security matters.”
If information relating to the use of the powers in the Bill cannot be laid before Parliament for reasons of national security, that information must surely be given to the ISC to scrutinise. Nevertheless, because the Bill is good legislation for which we have consistently called, the Committee will certainly not seek to impede its progress.
The National Security and Investment Act would have been lost entirely at the end of the last Session if the upper House had insisted once again on our amendments providing for proper ISC scrutiny. We were not then, and we are not now, in the business of seeking to scupper legislation that helps to safeguard our national security, but that does not mean that this serious scrutiny gap can be left unresolved. In our forthcoming annual report, we shall therefore ask the Prime Minister to agree an update to the ISC’s memorandum of understanding, in order for it explicitly to include oversight of these matters. I trust that by the time we lay our report before the House, we shall finally be able to announce a positive outcome.
Stephen Flynn Portrait Stephen Flynn (Aberdeen South) (SNP)
- Parliament Live - Hansard - - - Excerpts

It is a pleasure, once again, to follow the Chair of the ISC, the right hon. Member for New Forest East (Dr Lewis), as I did during the passage of the National Security and Investment Bill. He speaks with great wisdom and experience on these matters, and the Minister would do well to heed such advice from his Back Benches. It is also a pleasure to follow the shadow Minister, the hon. Member for Newcastle upon Tyne Central (Chi Onwurah), who also speaks with great experience in this field. I have been fortunate enough to sit on a number of Bill Committees with her, and it is clear that telecommunications is very much her forte.

Let us consider the Bill in a wider context, before I drill down on the new clauses. We are essentially looking at foreign investment in our critical, national infrastructure. In real terms this is not a new thing. We are all aware, I hope, of the ISC report from 2013 on that very matter, and Huawei, and its role within our infrastructure, did not necessarily come as a surprise to anyone. I read the Bill’s Second Reading with much interest. The Labour party was trying extremely hard to absolve itself of any blame in that regard, which made for light entertainment over the past evenings. Of course, the Government are just as complicit in that regard, and complicit with a small c, because they were not necessarily looking at things with the view that they have now.

From my experience in this House, the Government have not covered themselves in glory when it comes to this topic. When I came into this place in 2019, one of the first key issues that was talked about—aside from Brexit, of course—was Huawei’s role within the UK, and we have seen the Government flip-flop from one view to another. It is testament to the hard work of many Government Members that they got the Government to realise just how serious this topic is and, indeed, was in years gone by.

Although there are concerns, the only thing that has really changed in the many years since 2013 is the seriousness with which the Government are treating this matter, and that seriousness extends to my colleagues and me. As my hon. Friend the Member for Gordon (Richard Thomson) made clear on Second Reading and in Committee, we are supportive of the Government’s efforts in this regard, as we were with the National Security and Investment Bill, but there are a couple of areas where the Government still need to provide a level of assurance. Notwithstanding the remarks that have rightly been made in relation to scrutiny by the ISC, importantly we need to be clear that the Government are going to pick up the tab in Scotland for all the equipment that will now be made surplus to requirements. We cannot have a situation where that is not the case, because it is their actions that have led to the situation we are in. We also need to ensure that the replacement strategy is both safe and secure, so that we do not find ourselves in a situation such as this ever again.

Notwithstanding the justified security concerns that we all have, perhaps the key thing lies in and around the issue of telecommunications. As was referenced by the shadow Minister, although not in the same detail, there are around 1 million people in rural Scotland who do not even have access to 4G. Of course, telecommunications is reserved to the UK Government—it is the responsibility of the Under-Secretary of State for Digital, Culture, Media and Sport, the hon. Member for Boston and Skegness (Matt Warman), and he will be cognisant of the fact that the 4G roll-out has not been as good as it should be. We all want to see the 5G roll-out, to ensure that we are in as advanced a position as possible, but we must ensure that the same mistakes are not repeated. I would certainly welcome assurances from the Minister in that regard.

That leads me to the SNP’s amendment 1, which seeks to ensure that the Government consult in full with the Governments in Scotland, Wales and Northern Ireland. It is vital that we have that link and that, while we remain a part of the United Kingdom, the UK Government work in partnership with the Scottish Government on such serious matters.

It will come as no surprise to the Minister that we are supportive of the new clauses tabled by Labour on ensuring that there is diversification, that there is parliamentary oversight and scrutiny, and that the ISC plays a key role. I would like to hear from its Members that they are equally supportive of the view that the devolved Administrations should play a key role in telecommunications.

Iain Duncan Smith Portrait Sir Iain Duncan Smith (Chingford and Woodford Green) (Con)
- Hansard - - - Excerpts

It is always a pleasure to return to old arguments and ensure that they are still live, and I intend to do just that. From the beginning, I have supported the process and initiative taken by the Government; it was not without struggles early on. I do not intend to go into the details, but I will refer to them. Back in 2019 and early 2020, it became quite a battle over whose advice was better. It seemed to me at the time—and, in a way, I do not blame the Government for this—that the National Cyber Security Centre gave the Government poor advice about the security risk, which was tempered by the Government’s need to go ahead and get 5G moving.

That is always the problem that we face. If organisations are to give Government advice on security risks, it must be completely separated on the basis that that is their advice; they must not temper it to suit the Government. We have seen that happen all the way through—it is not just this particular Government. They have made the right decision, and I will come back to that, but if we go back, this has happened also with Labour Governments and Conservative Governments of the past. Successive Governments have underestimated the growing risk that is coming particularly from China, but also from other countries. They were already aware of the risk from Russia.

15:15
I agree with the reference that my right hon. Friend the Member for New Forest East (Dr Lewis)—it is always a pleasure to be in the same debate as him—made to the ISC’s ability to scrutinise. I have a huge amount of time for him, as he knows, and we have debated some of this ad nauseam, but I do say to him that I think the Government will have to come back to this process. There is no question but that the parliamentary scrutiny process through his Committee—the ISC—will add value and strengthen Government legislation going forward. Even if the Government do not want to accept new clause 2, I hope they will come back to this issue in principle and use the Committee. That can only strengthen the provisions and counterbalance pressures that may exist from companies outside.
I agree that the Bill requires our support. Its main aims include strengthening the security and resilience of the UK’s telecommunications infrastructure—that goes without saying, and all these struggles over Huawei were just part of that process; giving stronger powers to the Secretary of State and Ofcom to enforce the new duties on telecoms providers to increase the security and resilience of their networks, which is also critical; and giving new national security powers to the Secretary of State to impose restrictions on telecoms providers, which I want to come back to. Those restrictions relate to the equipment from high-risk vendors.
I and some of my right hon. and hon. Friends tabled amendment 3, which I had hoped to be coming here to debate, but clearly it was not selected. However, I will speak to the principles of that particular amendment, if you do not mind, Madam Deputy Speaker—even though it was not selected, it is here in spirit. Amendment 3 would essentially have required the Secretary of State to make a designated vendor direction for any firm that was required to hand over its data to the Government or intelligence services of a foreign country. I wanted to be specific about that—using what was already in the Bill to force the Government to go a little bit further—because I think it is necessary.
That specificity is necessary because right now we are facing a number of particular threats. There are a lot of hidden threats behind the idea that companies, particularly from China, are independent of their Government. That is simply not the case. I cannot think of a single company registered in China—not Hong Kong, but China—that is not somehow linked directly to, or indirectly to but none the less under the control of, the Chinese Government.
It is worth repeating article 14 of China’s 2017 national intelligence law, which obliges all firms to give the Government assistance in areas of intelligence and national security if requested. This quote is a translation, so it may be slightly modified, but it may be useful. Article 14 states:
“state intelligence work organs, when legally carrying forth intelligence work, may demand that concerned organs, organisations, or citizens provide needed support, assistance, and cooperation.”
That is critical, because it requires those organisations to do whatever is required of them with regards to data transfer. It is peculiar in a way, and it would be peculiar even if it was dealing with Russia, but the fact is that it relates to China, which has a very much larger commercial base in all of these areas.
It is interesting to look back. Had other Governments, going back, further recognised the nature of what was going on, they would have seen that there is a strategic plan from the Chinese Communist party to dominate key commercial areas. For example, they own 85% of rare earth materials. Rare earth materials, as was said the other day, are the oil of the 21st century, without which we simply will not be able to operate. However, China does not stop there; it also owns the lion’s share of the world’s processing capability.
China strategically looks ahead. In telecommunications, we had 10 to 15 companies globally engaged in this area about 12 years ago, one of which was Marconi here in the UK. Today there are only three non-Chinese companies in existence that can build a 5G system. Not one of them, by the way, is in the United States; that tells us exactly how that market has been infiltrated and destroyed. People talked about market failure when we discussed the Huawei Bill. It was not market failure; it was the fact that a Government, with their institutions, had set out strategically to destroy a market and dominate it. That was one of the excuses used by my Government—that is, that we had no other option and had to go for what was there in the marketplace. Well, that has now changed, and I am pleased about that.
The amendment was necessary because, lying behind all this, is the real key, which is that these companies are not free and do not protect data in the way in which we would expect. Huawei is not alone, by the way. It is just one company, but there are lots of others—for example, ByteDance, which owns TikTok. I really question the degree to which that company owns that data now and is able to use it, and that is data on many people, particularly of our younger generation.
The requirements of the national intelligence law apply not just to Huawei and company, because those companies dominate the process that they are engaged in through dominating the data and through their use of that data, which is critical. I am pleased that, through this Bill, the Government are now demonstrating that they have absolutely got the point. I give credit to my hon. Friend the Minister, who has been honest and straight from the beginning of this process about his recognition of this particular problem.
Although that it now the case, we are but stepping tentatively in the direction of understanding these issues. I think the Trade Minister in the other place said that this Government were still determined to pursue deeper bilateral trade with China, while sanctions against many of our parliamentarians—myself included, but there are others here now—are in place. We kind of put that to one side and think that we can go ahead with trying to make these deeper relations with China, notwithstanding the fact that we also recognise that it is a remarkable threat. I simply do not understand how we square those two things and get on with it. [Interruption.] Does my hon. Friend the Member for Wealden (Ms Ghani) wish to intervene?
Nusrat Ghani Portrait Ms Nusrat Ghani (Wealden) (Con)
- Parliament Live - Hansard - - - Excerpts

No, but I will never waste an opportunity, as it is obviously a joy to intervene on my right hon. Friend, who was asking how much deeper our relationship can go with a country that has sanctioned parliamentarians in this House for basically raising human rights abuses and security concerns.

Iain Duncan Smith Portrait Sir Iain Duncan Smith
- Hansard - - - Excerpts

I am getting so used to just doing what I am told by my hon. Friend when it is necessary that she only has to look in this direction and I give way to her—my apologies.

What I was really trying to get to the bottom of is that I do not think that this is feasible any longer. The Bill illustrates the dichotomy that lies at the heart of the Government’s position. We are trying constantly to talk about these trade relationships, but at the same time we recognise that the country that we are discussing them with is a totalitarian state that is guilty of what many, including myself, believe is a genocide of a whole ethnic group—more than one ethnic group. It is a state that is intolerant, that is suppressing democracy and free speech in Hong Kong, that is threatening Taiwan and India, and that has said that it is in possession of the South China sea. I could go on with that list. We can recognise the compilation of all those things and that there is a security risk, and yet at the same time in the other place we are told, “Don’t worry. We are still trying to do trade deals.”

It is quite interesting that we have reopened an economic and financial dialogue under a JETCO—a joint economic and trade committee—which was originally paused because of the imposition of the national security law in Hong Kong. The discussions have now restarted, although we did not hear much fanfare. We sort of discovered that they had restarted, but there was no announcement from the Dispatch Box that we were restarting them. There are no dates involved, but the discussions are restarting, despite the sanctions against individuals and so on, and despite our sanctions against Chinese officials—although I still wish that we could do more.

I note also that the European Union was heading in the same direction with its agreement, only now, because of the sanctions on its MEPs and so on, it has decided that it is not going to do that. I simply raise the question: if we think that this country and this Government —the Chinese Communist party, the Government of China—are such a potential threat, should we really be trying to reopen those doors, despite the sanctions that we have in place, the sanctions that they have put in place, and the very clear threat that they now pose to our security?

I simply say to my hon. Friend the Minister that I was going to move my amendment, which would have said that the Government should immediately declare many of these companies high-risk vendors by the very nature of the security law that exists in China. However, I would also say, in support of what has been said already, that the Government need to use the internal possibilities in our Parliament. We have a Committee that is cleared to the highest level of security in these areas, and it is important that we use that Committee. If the Government get private advice from the Committee about what it thinks is going wrong with their position, I think that will benefit and improve them.

I therefore ask my hon. Friend to take my amendment into consideration and to answer that point, to think seriously about how we can strengthen the Bill further and, if he can, to make the reservations of this place felt to his colleagues in Government. We are deeply concerned about trying to ride two bicycles at the same time: recognising a deep and growing threat to democracy not just here but around the world from the Chinese Communist party, while trying to beg China to do trade deals with us, notwithstanding the fact that it behaves so badly.

Jamie Stone Portrait Jamie Stone (Caithness, Sutherland and Easter Ross) (LD) [V]
- Parliament Live - Hansard - - - Excerpts

It is a pleasure to join you, Madam Deputy Speaker, from the far north of Scotland. Before I make two points that will be familiar to the House, may I compliment the right hon. Member for Chingford and Woodford Green (Sir Iain Duncan Smith) on a most interesting speech? I afford myself a wry smile; we are where we are today, which is rather different from where we were when I attended the Westminster Hall debate in which he made the same point. I think that he would be allowed some quiet satisfaction at having changed the Government’s course as significantly as he has, because—I shall return to this point—this is about the defence of the realm.

Let me make a second initial remark, with reference to the hon. Member for Aberdeen South (Stephen Flynn). As a former Member of a place based in Holyrood, in Edinburgh, I wholeheartedly support the notion of working with the devolved Administrations. It makes absolute sense. If we believe in the security of the realm, we all have to work together for the better good.

As I have said already, my two points will be familiar to the House. The first is that, having done the armed forces scheme, I know it is very useful in bringing elected Members face to face with the realities of the defence of this country. For me, it was something of a wake-up call. There is no doubt, as the right hon. Member for Chingford and Woodford Green said, that there are nations out there—Russia, China, North Korea and others—that do not concern themselves with the good health of the United Kingdom. We have only to look at the hijacking of the Ryanair airliner in recent days, or indeed the crime that was committed in Salisbury, to see that the actions of states can be very bad indeed for us as a country, so in some ways this whole debate is a bit of a wake-up call. We have to ask ourselves where we stand in the world, what we can do and whether we are going to stand up for what we believe is right.

The Bill has the support of my party, in that it helps to protect the vital interests of the United Kingdom and the people who live in and love our country, as we all do. The key point emerging from that is that, as others have said, there will have to be an element of co-operation with other countries that share our ideals and interests. We think of the Five Eyes countries, of our European friends and of other countries all over the globe—perhaps India, perhaps South Korea, perhaps Japan—that we could work with more closely to further the best interests of us all.

My second point—yes, I am going to talk about this yet again, so perhaps I should offer an apology to the Chamber—is on something that the hon. Member for Aberdeen South referred to: we talk about 5G in the UK, but there are parts of Scotland that do not have 4G. As the shadow Minister, the hon. Member for Newcastle upon Tyne Central (Chi Onwurah), said, there are bits of Scotland where connectivity is very poor indeed. In the past, I have made the perhaps not very clever joke that in parts of my constituency, we might even be better off with two tin cans and a length of string, so there is a lot of work to be done, to say the least.

15:30
Perhaps I can make the point this way: as we come out of covid—thank God that is where we are going—we will see a tourism boost in the United Kingdom, but if the tourism providers in my constituency and remote parts of Scotland are to compete on a level playing field, surely they have to have the connectivity that is enjoyed by other businesses in other parts of the United Kingdom. That is one argument. Secondly, and sadly, there will be another pandemic one day. One of the means by which we can beat off the pandemic is by being very clever indeed, and when it comes to the provision of NHS services and so on, connectivity has a part to play in that as well in my constituency. I will rest my case there, but I believe that whatever the United Kingdom Government can do to work with the devolved Government in Scotland to get proper connectivity in my constituency and other parts—we have very few Gs at all in some parts—and to get up to 5G would be so welcome and so important to my constituents.
I will end with a point that the shadow Minister made. I very much agree with the notion that Ofcom will face considerable strain. This is about confronting the known hostile nations, but this is a changing world—it is changing ever more rapidly—and new threats and new challenges will emerge. Ofcom will have to be very nimble on its feet to deal with that, and that will require the necessary resources, so we look forward to seeing what the Government’s reply will be on that front. Essentially, this debate has been an example of Parliament changing the mind of a Government. The point that has been made about the Intelligence and Security Committee is absolutely correct. Parliament does have a role to play and I very much hope that the right hon. Member for New Forest East (Dr Lewis) and his Committee will have a role to play in future.
Nusrat Ghani Portrait Ms Nusrat Ghani (Wealden) (Con)
- Hansard - - - Excerpts

It is an honour to contribute to this measured debate, Madam Deputy Speaker. I am fearful of lowering the tone, but I have been speaking to the Minister—I congratulate him on the amount of communication he has had with us Back Benchers about our concerns—and when I was thinking about how best I could sum up our dialogue, I recalled that Ronald Reagan once said:

“The…most terrifying words in the English language are: I’m from the Government, and I’m here to help.”

I think that, for a Minister, the most terrifying words are: “I’m a Back Bencher and I really am just here to help”. So without our removing the momentum, we really are here to help.

First, I need to put on record my thanks to my right hon. Friend the Member for Chingford and Woodford Green (Sir Iain Duncan Smith) for tabling the amendment, which, unfortunately, was not selected today. I also put on record my support for what my right hon. Friend the Member for New Forest East (Dr Lewis) has proposed, with the support and expertise that he can bring to the debate and legislation, and I hope that the Minister can reflect on both those opportunities down the line. There is much to welcome in the Bill, but I fear that technology can sometimes move faster than we can legislate in this country. I want to touch on two issues: one is national security and the other is resilience and diversifying our supply chain.

I will start by being very helpful as a Back Bencher. I know that the Minister may have cast his eyes on a report that I recently produced for NATO. I sit on the Science and Technology Committee and I was tasked to put together a report on science and technology threats, looking particularly at east Asia. In the report, there is a puff box that he may want to reflect on; it talks about South Korea and the amount of work that it has done in innovating and developing new technology so that it is truly resilient in its national 5G infrastructure. I believe that 85 cities will have coverage by the end of 2021, and they are not reliant on any external Government to provide them with that service, so I urge him to go away and look at what South Korea is doing and possibly see how we can become more resilient in this country.

I want to raise the subject of resilience and security because I sit on the Business, Energy and Industrial Strategy Committee and we have been undertaking a report on links back to Xinjiang. However, companies also gave evidence to us that should cause some concern for the Minister, and with regard to this piece of legislation. This is basically about companies headquartered in China that have access to data we are using or manipulating, and to algorithms we are creating here in the UK.

In particular, I want to reflect on the evidence given to the Select Committee from TikTok. We invited TikTok to come in and give evidence about its algorithms and whether it is distorting them to stop information about Xinjiang and Uyghur being out on the platform. Unfortunately, the more we dug into TikTok, the more complex and concerning it got for us.

TikTok is a media company and a platform. Most kids will have access to it, and most people here may have access to it as well. However, it has a very complex ownership structure, which is why it is important that it is reflected somewhere in the Telecommunications (Security) Bill. It is important because TikTok is a subsidiary of a global parent company, ByteDance Ltd, which is incorporated in the Cayman Islands, but there is a China-based subsidiary of the same global parent company called ByteDance (HK) Ltd.

The reason why this should be of some concern is that when we took evidence from TikTok UK’s branch, we were told that ByteDance could in no way have access to UK data and that the two things were completely separate. However, the problem is that we can legislate in this country for what we want to do to keep our country and our people’s data safe, but when a company we are working with has headquarters in China, it has to abide by completely separate sets of rules and regulations, so we end up in a two-tier system.

Let me just reflect on what a company such as ByteDance has to adhere to. I am talking about China’s National Intelligence Law 2017. My right hon. Friend the Member for Chingford and Woodford Green spoke about article 9, and I want to reflect on article 7. It states, and this has been translated into English so it may not be perfect:

“Any organization or citizen shall, in accordance with the law”—

the Chinese National Intelligence Law 2017—

“support, provide assistance and cooperate in national intelligence work, and guard the secrecy of any national intelligence work they are aware of.”

Fundamentally, companies have to hand over data when they are asked, but when they are asked by another Government—say, our Government—they have to deny that they are doing it. I am concerned about how robust our legislation is today or how robust our legislation will be going forward if companies are abiding by separate sets of intelligence laws based in China.

On a similar theme, let us take a closer look at Hikvision in particular. There was a very good recent report by Reuters, which basically states that half of London councils are using Hikvision, even though Hikvision is banned in the United States. Last week, Italian media reported that Hikvision equipment in the country was “communicating with servers” in China despite being on a supposedly closed network. I am not quite sure what “communicating with servers” means, but for me alarm bells are ringing.

The points I want to land with the Minister are: how robust is the legislation we have in place for today, let alone tomorrow, and how can we ensure that the processes to legislate in this country keep pace with the threats we are facing? I suppose the fundamental point is that China has its own National Intelligence Law, which completely contradicts what we are trying to do here in the UK. Does the Minister have any thoughts about how we can ensure that our security is not undermined by China’s National Intelligence Law? What guarantees can the Government give to constantly look at, review and update this, and also to hold to account the companies we may be anxious about?

We seem to be setting up a two-tier system: one for us in the west with the countries we work with, and a completely separate system for China and the companies it wishes to work with. I fear that, unless we put down a marker, we are going to lose out to a country such as China, and I hope that the Minister can comment on that when he comes to the Dispatch Box at the end of the debate.

Jim Shannon Portrait Jim Shannon (Strangford) (DUP)
- Parliament Live - Hansard - - - Excerpts

It is a pleasure to speak in this debate and to follow all the right hon. and hon. Members who have made contributions.

First, new clause 1 is designed to ensure that there is an obligation on Ofcom, in legislation, to report on the adequacy of its resources and assess the adequacy of the measures taken annually by telecommunications providers to comply with their duty to take the necessary security measures. The hon. Member for Wealden (Ms Ghani) referred to security, and I will speak briefly about that shortly. It also requires Ofcom to assess future areas of security risk based on its interrogation of network providers’ asset registries. That does seem to me to be standard, but it is essential that there is regulation and control of these providers, on which so many of us—indeed, probably all of us—rely so heavily. The Minister may well believe that this obligation is already included in the Government’s Bill, and if that is the case, perhaps he will confirm that that is the position. If that is the case, I am sure that that will highlighted subsequently.

I have seen, during the privatisation of water services and other public bodies, that private companies have little desire to provide any more information than is legally required. They just give us the basics of what they want us to know. I believe that there is an obligation for Ofcom to actively regulate, and to do this we must provide adequate funding. To make this happen, is it a funding issue or can we legislate to ensure that they tell us all we need to know? I will consider the words of the Minister on this imperative regulatory function.

I want to echo the concerns of the hon. Member for Wealden, who comprehensively addressed the issues that concern us all. She referred to companies that have their headquarters in China and how that impacts on us here in the United Kingdom. Our duty in this House is to our citizens: to the citizens of Strangford, to the citizens of Wealden and to everyone across the whole of the United Kingdom of Great Britain and Northern Ireland, and we probably all seek assurances on these matters. Again I look to the Minister to do that in his summing up.

New clause 2 relates to the provision of information to the Intelligence and Security Committee. Does the Minister agree that it is imperative that the appropriate Committees have the right information on security matters? I am a firm believer in the need for information share. It has always been my policy to ensure that those around me in my political life, my social life and my personal life are aware of all the issues that concern them. It is also important that MPs have all the information on board. I am also a firm believer in the chain of command. This may well be due to years of part-time service in uniform; I spent 14 years as a part-time soldier. It is really important that the chain of command is in place. However, there are also times when it is in the interests of the nation that not all is revealed, and there will be a reason for some things being classified as top level only. I understand that; I often ask the police about things that have happened back home, and I say, “Don’t tell me anything I don’t need to know, but if you can tell me, and I can tell others, let me know that.”

Our job as parliamentarians is to scrutinise the Government, to hold Ministers to account and to strive for the good of the nation, and I ask the Minister to clarify why the Government do not feel that new clause 2 is necessary. Does he, for instance, believe that this is already accounted for? If it is, perhaps he could tell us the position on that. I would like to understand the rationale behind withholding information from a regulated Committee and what constitutes high-level information that should be withheld. Again I look to the Minister, as I often do in debates in this House, for a response to satisfy me that new clause 2 is not needed.

My final point relates to amendment 1 to clause 14, which proposes:

“The Secretary of State must, in the process of carrying out reviews and drafting subsequent reports, consult the appropriate ministers from the devolved governments.”

As a Member of Parliament, I have always wished to know what the devolved Administrations are doing. In my case, that relates to the Northern Ireland Assembly. When I saw the amendments and new clauses, I assumed that this provision would have been included as a matter of course. Surely it is a matter of the greatest importance—especially in Northern Ireland, which is fast becoming the capital of Europe’s cyber- security—that the devolved Administrations, and in this case the Northern Ireland Assembly, should have a full understanding of any emerging cases. I say with great respect to everyone else in this Chamber that the cyber sector in Northern Ireland is leaps and bounds ahead of other parts of the United Kingdom. Maybe only the south-east of England can match our level of advancement. We have incredible skills and staff available in Northern Ireland, and the cyber-security sector has grown greatly. So can the Minister reference the mechanism by which this information share can take place without any amendment? Can the Minister confirm that the Northern Ireland Assembly will have a key role to play in this, and tell us how that will work within the legislation before us today?

John Hayes Portrait Sir John Hayes (South Holland and The Deepings) (Con)
- Parliament Live - Hansard - - - Excerpts

Chillingly, the head of military intelligence recently concluded that the difference between being at war and being at peace is becoming increasingly blurred. In short, Britain is under perpetual attack.

15:45
Every day, every week, there are attempts to break or breach the information and communications systems on which so much depends. The fragility of the modern world, as the resilience provided by the eclecticism of local and national means of gathering, storing and exchanging information has been eroded by global interdependence and, in particular, by technological interoperability, has left us more vulnerable to attack from hostile state actors or, indeed, other groups—serious and organised criminals. So, the need for safeguards that guarantee our security could not be more pressing or clear.
In that spirit and to that end, this legislation is very welcome. The Bill strengthens the security framework used for 5G and full-fibre networks. It will protect the UK from hostile state cyber-activity and other activity of that kind, and we need protection, because we know from the evidence that attacks from Russia, China, North Korea and Iran have been recorded in recent times. The Bill will also provide new national security powers to issue directions to telecoms providers to manage the risks of high-risk vendors. Incidentally, that extends beyond the existing restrictions—which in essence relate to the most significant parts of systems and the most sensitive areas—to all goods, services and facilities.
Just as there should no longer be any doubt about the damage done by lazy liberal assumptions about globalisation, there must be no complacency about the virtues of the suppliers of telecoms, hardware, software and services, or those who manage them. That they can themselves provide a threat to the way we communicate, to our infrastructure and to all that we now do in our country is without doubt. Indeed, I would go so far as to say that the unaccountable power of corporate monopolies is one of the most sinister features of the way we now live. That is not just my view; it is the view of the chief of MI5, who recently said that Facebook had given terrorists a “free pass” by allowing stronger encryption on its network. Mr McCallum said that social media giants’ plan to install end-to-end encryption would block hundreds of counter-terrorism investigations by the security service. He said:
“If you have end-to-end default encryption with absolutely no means of unwrapping that encryption, you are in effect giving those rare people—terrorists or people who are organising child sexual abuse online…a free pass where they know that nobody can see into what they are doing in those private living rooms.”
The effects of what Facebook are doing—I suspect they will do still more of it—will inhibit the powers of those that we mission to keep us safe. It is as simple as that, so let us have no naivety or complacency about what those organisations are about or their willingness to act responsibly. Neil Basu, the National Police Chiefs’ Council lead on counter-terrorism, echoed those sentiments. He said that if Facebook pressed ahead with its plans, it would “put privacy before security”. While Mr Basu might be confused about the institutionalised racism of the Metropolitan police, he is not confused about this—he is absolutely right.
The reality of hostile state cyber-activity is beyond doubt. For example, in 2018, the Chinese APT10 group attack on global networks, also known as Cloud Hopper, targeted a range of companies, including in the aerospace, defence, telecommunications, professional services and utilities sectors and many others. It was one of the most significant and widespread cyber-intrusions against the UK and allies uncovered to date, targeting trade secrets and economies around the whole world. I could cite many similar examples, but I think the case has already been made by other contributors to the debate, particularly my right hon. Friend the Member for Chingford and Woodford Green (Sir Iain Duncan Smith).
The pressing need for the Government, as well as ensuring that safeguards are in place, is—as their own supply chain review acknowledges—to diversify the suppliers in the market. The Government have concluded that the only way to address the risk is to introduce national security powers to allow them to
“intervene to set the conditions necessary, including by imposing limits and controls on the use of high risk vendors, so that operators can manage the risk.”
It is also important to acknowledge that without an effective diversification strategy in place, we will not have a secure network. As the ISC highlighted in July 2019, the diversification strategy is therefore the most critical action to ensure our security now and for the future. The issue of national dependence goes beyond high-risk vendors. I hope that when the Minister winds up he will say more about diversification, because our most pressing requirement is not to allow ourselves to become dependent on single vendors; the case has already been made about the existing vulnerability that Britain endures in that regard.
John Hayes Portrait Sir John Hayes
- Parliament Live - Hansard - - - Excerpts

I give way to the Chairman of the ISC.

Julian Lewis Portrait Dr Lewis
- Hansard - - - Excerpts

In support of what my right hon. Friend says, he will recall that one of the main reasons why the Government felt it so difficult to rid themselves of Huawei was that there would then be only two remaining possible suppliers, and if one of them got into difficulty, we would have total dependence on a single supplier. If we do not diversify, it really has knock-on effects: we sometimes have to improperly consider using suppliers that are really a risk to our security.

John Hayes Portrait Sir John Hayes
- Hansard - - - Excerpts

As my right hon. Friend knows, it is not only the Committee on which he and I serve that has highlighted that point; other Committees of this House have, too, and the Government themselves have acknowledged it. We really need to look at how, having accepted the thrust of his argument, the Government intend to respond. What is the action plan? I know that the Minister will have much to say about this, but my right hon. Friend is absolutely right.

This is part of a wider problem of the concentration of power in the hands of what I described earlier as a handful of unaccountable corporate monopolies. There is a curious assumption that somehow those organisations will be intrinsically virtuous, but that is simply not the case. Commercial organisations are just that: they are interested in commerce. They are not there to do what Governments and this Parliament exist for, which is protecting the interests of the whole of the people.

Bob Stewart Portrait Bob Stewart (Beckenham) (Con)
- Parliament Live - Hansard - - - Excerpts

One thing that worries me a little is that Huawei is Chinese-owned. Nokia and Ericsson are not, but they get a lot of their kit from China, so they are not pure either. That is a worry for diversification.

John Hayes Portrait Sir John Hayes
- Hansard - - - Excerpts

It is. I referred a moment or two ago to the provisions of the Bill that extend existing powers to take account of supply chains, so the point is acknowledged in the legislation. It brings me neatly—it was not scripted, I hasten to add—to the next part of my speech, because in that process much powerful regulation is put into the hands of Ofcom. I have questions about that for the Minister as this is not territory that traditionally Ofcom has navigated. It will require a step change in Ofcom’s capability and approach to manage the additional responsibilities.

Ofcom was previously responsible solely for assuring the resilience of networks. No list of mandatory standards has previously existed and historically Ofcom produced guidance that merely directed communication service providers towards the main source of advice and best practice. The responsibilities to ensure that providers comply with the new security duties will, as I said, require a step change in what Ofcom does, given that it will now have the authority to practically assess the security practices of large telecom providers, take action where security is at risk of being compromised, and make information available to the Government and provide annual security reports to Ministers.

That brings me to the issue of scrutiny, which has been addressed with by various contributors to the debate so far. Given Ofcom’s new powers, the means by which it can be held to account becomes salient. Of course, Ofcom is accountable to Ministers, but we need Ministers to be accountable, in an effective way, to this House. There is a long debate to be had about the role of various Select Committees in that regard, and it is a debate to which I have contributed previously and the Chairman of the ISC, my right hon. Friend the Member for New Forest East (Dr Lewis), has already spoken eloquently. I simply say to the Minister that there needs to be a well-established and rigorous process by which the new powers can be assessed and checked not only by Ministers of the Crown but by those to whom Ministers of the Crown are accountable. Confusing accountability and scrutiny risks weakening both by obscuring the first and diluting the second.

I know, Mr Deputy Speaker, that you would not want me to conclude any speech without some literary reference. C. S. Lewis said: “Experience: that most brutal of teachers. But you learn, my God do you learn.” The experience that I have had over 25 years in the House—of being a shadow Minister trying to hold Ministers to account, a Minister being held to account and now a Back Bencher trying hold both to account—is that unless the process is right, scrutiny simply will not be effective.

I have talked about vulnerability and the recognition of the need for greater regulation. By the way, if anything, the Bill does too little. It is a good Bill and it does a great deal that I welcome, but over time we probably need to go further. I have previously drawn the House’s attention to the history of legislation affecting security here: it has typically been periodic with few big Bills having been brought to the House that became Acts concerning matters of security. But I repeat what I have said before: I suspect that over the coming years we will have more and more legislation to ensure that our country remains secure, given the dynamism and character of the threats we now face.

I end simply with this. The Bill is good work, but it is—if I might put it as generously as I possibly can to the Minister—work in progress, and I hope that during that progress we see further attention given to the issues of both diversity in the marketplace and scrutiny by this House. A fundamental requirement of Government is to protect our infrastructure and economy and, by doing so, protect our people, for in doing that we protect all our futures.

Bob Stewart Portrait Bob Stewart
- Hansard - - - Excerpts

It is a real pleasure to follow some of the speeches we have heard, particularly those from the Chairman of the ISC, my right hon. Friend the Member for New Forest East (Dr Lewis), and from my right hon. Friend the Member for Chingford and Woodford Green (Sir Iain Duncan Smith).

I rise to support the Government, but I do so with some reservations, which largely reflect concerns that I still have as a member of the Intelligence and Security Committee. I am concerned about oversight and the scrutiny of decisions made by the Department for Digital, Culture, Media and Sport that will have an impact on national security. The issue is growing as commercial companies get more and more involved in such matters. The Government’s current view is that DCMS, Ofcom and the Digital, Culture, Media and Sport Committee could probably watch over these matters. Yes, they probably can, but I am not so sure.

16:00
The Bill says that when a Secretary of State issues, varies or revokes a designation notice or a designator vendor direction, he or she will lay that before Parliament—good, so far—except in cases when that would be
“contrary to the interests of national security”
or when there were details prejudicial to commercial interests. Those might be excluded from documents laid before Parliament. What? That could mean that we parliamentarians had no oversight whatever of such activities. Are we really going to be debarred from such knowledge?
I wish now to highlight a few of the problems that I foresee—not just because I am a member of the ISC but because I have handled highly classified information in the past. As we have heard, the Committee of Parliament that has regular access to top secret—and above—information is the Intelligence and Security Committee. Its members are subject to section 1(1)(b) of the Official Secrets Act 1989. Have I got that right?
John Hayes Portrait Sir John Hayes
- Hansard - - - Excerpts

indicated assent.

Bob Stewart Portrait Bob Stewart
- Hansard - - - Excerpts

Good. When my right hon. Friends the Members for South Holland and The Deepings (Sir John Hayes) and for Chingford and Woodford Green start talking, I know I am in trouble.

So we on the ISC are subject to section 1(1)(b) of the Official Secrets Act 1989, and, whatever side of the House we sit on, we have all been appointed to the Committee by the Prime Minister with that in mind. However, not every Member of Parliament or Clerk has signed the Official Secrets Act—some have, but many have not. Obviously, I am not being personal about colleagues because a lot of them can keep secrets far better than I can: as my wife says, I have a big mouth. Okay—but I do keep secrets of the state, Minister.

ISC Clerks have something called developed vetting security clearances, but not all DCMS Committee Clerks would. Developed vetting security clearances require the individual concerned to undergo a lengthy and somewhat intrusive investigation—some of the questions are appalling. Assuming that DCMS Clerks were to have such developed credentials and were able to handle top secret material in hard copy, such as documents that need to be secured in security-accredited lockable cabinets within a security- accredited office, anything with a top secret grading on it or an IT system with such grading would need to be accredited and checked out very carefully.

May I also raise the matter of meetings where top secret material is discussed? I may be wrong, but I do not think there is such a meeting room in the Palace or in Norman Shaw—[Interruption.] Sorry, I meant Portcullis House—I have only been here 11 years. A room with clearance would be required even for us to be able to look these documents, store them or discuss them. I do not think it is a secret that the ISC cannot meet here—we have to meet somewhere else. We go to a place that is accredited and checked, where documents can be stored and to which our Clerks have ready and easy access. All discussions concerning such a level of security take place in that room. We are not allowed to write something down and walk it out—everything has to be left there, unless it is specifically on a certain kind of paper and we are informed of that very strictly.

The product of ISC investigations can be laid before Parliament only after a redaction process with the intelligence agencies and confirmation from the Prime Minister that nothing in them might breach national security, so I think it would be rather difficult for the DCMS, Ofcom or the Digital, Culture, Media and Sport Committee to be able to oversee top secret material produced by the Department and still obey national security rules. In short, we parliamentarians might not have oversight of some key decisions made by Ofcom and DCMS. That can work—I have no doubt the Minister will say that—but we could be blindsided. The Government think otherwise at this stage, and I am prepared to accept that promise, but this might quickly run into difficulties when classified material has to be examined by people from Parliament who are specially selected to do it.

In summary, I repeat that I will be supporting the Minister—of course I will, as I am loyal, just like a dog—but it does not stop me raising a flag of concern. There will always be problems around these matters. I hope that that will not be the case but I would not be surprised if, as my right hon. Friend the Member for South Holland and The Deepings has said, we are only at the start of a process and we have to revisit this shortly.

Finally, may I apologise, Mr Deputy Speaker, as I do not feel great and I am a bit dizzy, so my voice is not the usual? I am going to sit down now.

Nigel Evans Portrait Mr Deputy Speaker (Mr Nigel Evans)
- Hansard - - - Excerpts

We heard you loud and clear, Colonel Bob.

James Sunderland Portrait James Sunderland (Bracknell) (Con)
- Hansard - - - Excerpts

It is a great pleasure to follow my eminent right hon. Friend the Member for Beckenham (Bob Stewart)—if only I were as good.

As the final Back-Bench speaker this afternoon, it is incumbent on me to be supportive of the Government, which of course I am, and this excellent Bill. We are where we are today for two reasons. First, it shows that the Government do listen to Back Benchers. Secondly, the Bill is a pretty good bit of work and it ticks the box, as indeed it should. As defence and national security become ever more virtual and online, it has never been more important to secure our lines of communication, both domestically and internationally, with our allies. I urge all Members to consider the notion of strategic independence, which we have spoken a lot about during the covid crisis. As we go forward, it is really important that we aspire to be able to operate autonomously as a global nation alongside our allies.

I believe that the Bill is important for three reasons. First, it will allow for better security both domestically and internationally. It kicks out the high-risk vendors from our network—what’s not to like? Secondly, it placates our allies. New Zealand, Australia, the USA, Canada and others were quite noisy when Huawei was originally admitted to our network, so let us hope that this will placate them, cement that relationship and, perhaps in time, even enable us to admit Japan and other close allies. Thirdly, it opens the door for other 5G providers to come in, which is a good thing, and I support the UK’s diversification strategy.

Having sat on the Committee for this excellent Bill, it is a pleasure to see it back here on Report. The Bill takes forward the Government’s commitment to the UK telecoms supply chain review, introduces a new security framework, amends the Communications Act 2003, introduces new security duties, brings new powers to the Secretary of State and strengthens Ofcom’s regulatory powers, allowing it to enforce the new framework. That is all very positive. It also introduces new national security powers for the Government to impose, monitor and enforce controls. Again, that is a positive step.

I am pretty happy with the Bill as it stands, but in the interests of objectivity, I will talk to a number of the new clauses and amendments. On new clause 1, the Government are aware that the Bill gives Ofcom significant new responsibilities, and it will need to increase its resources and skills to meet those new demands. Ofcom’s budget is approved by its independent board, and the Minister has today confirmed that the budget limit set by the Government will be adjusted to allow Ofcom to carry out new functions effectively. Ofcom is already engaged in this space—we are already proactively looking over the horizon and scanning for future threats—so I am happy that the Government have got this about right.

New clause 2 would ensure that the Intelligence and Security Committee of Parliament is provided with information relating to a designated vendor direction. I am sympathetic to this, but the Government know what they are doing. As the Minister said, the ISC’s primary focus is to oversee the work of the security and intelligence agencies. Its remit is clearly defined in the Justice and Security Act 2013, so the Bill is not the appropriate place to achieve an overall enhanced role for the ISC.

Julian Lewis Portrait Dr Julian Lewis
- Hansard - - - Excerpts

I am sorry to have to reiterate this point. There are other ways in which our concerns could be addressed, such as by adjusting our memorandum of understanding, rather than putting it on the face of the Bill, so I am with my hon. Friend as far as that is concerned. However, it is very clearly within our remit to oversee not only the agencies but those parts of other Departments where highly classified information is concerned. That is just a matter of fact—it is in the agreement between us and the Prime Minister.

James Sunderland Portrait James Sunderland
- Hansard - - - Excerpts

I empathise with my right hon. Friend’s view, and I agree that he has a point. My position is the same as the Government’s: I do not think that this Bill is necessarily the vehicle through which we should look at the future of how the ISC operates. I am a keen follower of the ISC and its output. Its work is eminent, and my right hon. Friend’s point is well made.

John Hayes Portrait Sir John Hayes
- Hansard - - - Excerpts

Let me cement that point but also perhaps offer an olive branch to the Minister, if I might be so bold. If the Minister, when he sums up, were to make a firm and binding commitment that he, for example, and others will appear before the ISC at our request to be scrutinised on these and other matters, that might go some way—not the whole way, but some way—to assuaging doubts and fears.

James Sunderland Portrait James Sunderland
- Hansard - - - Excerpts

I thank my right hon. Friend for his intervention. Again, I empathise with the point. I will happily leave it to the Minister to make his view known in his summing-up later.

16:15
New clause 3 requires the Secretary of State to report on the impact of the Government’s diversification strategy on the security telecommunications network and services, which of course they will do, so I agree that the Government do not need to be dragged back to the Dispatch Box on this. Again, I am with the Government on new clause 3. I can see the merits of amendment 1 on consulting with the devolved nations, which, of course, again, the Government will do. National security, as we know, is a reserved matter under the devolution settlements in force, so, again, I am happy that the Government have got this right.
On amendments 2 and 3, the Government have every intention of seeking the advice of the UK security and intelligence services, in particular the National Cyber Security Centre, so again, while the amendments have merit, I am completely with the Government on this.
In conclusion, my sense is that the new clauses and amendments that we have discussed today do have merit, and I note that the Minister has noted them. Again, we discussed these issues at length in Committee. It is a good Bill and I will be voting it through this evening.
Nigel Evans Portrait Mr Deputy Speaker (Mr Nigel Evans)
- Hansard - - - Excerpts

Before I call the Minister, may I say that I am anticipating three Divisions, on new clauses 1, 2 and 3? If there is to be an additional vote, I would like to be informed so that I can call it, but I understand that there are going to be only three Divisions.

Matt Warman Portrait The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
- Parliament Live - Hansard - - - Excerpts

I thank all those Members who have contributed to the debate today. It is an important debate because digital connectivity is an integral part of all our lives. For countless people across the country, having fast and reliable broadband and a good mobile connection is vital to our way of life, but for us to truly reap the benefits of the gigabit-capable broadband and 5G, we need to have confidence that they are secure and that means securing the networks on which they are built, the supply chains on which they depend, and the equipment and services that support them. The Bill demonstrates clearly the Government’s commitment to ensuring the security and resilience of our telecoms networks.

Let me turn to the new clauses and amendments. I shall start by addressing new clause 1. As the UK’s communications regulator, Ofcom already plays an important role in ensuring the ongoing security and resilience of our networks by enforcing the current security duties under the Communications Act. This Bill will build on that experience, giving Ofcom new responsibilities and a range of new powers. What the new clause would do is require it to publish an additional statement as part of its annual report. Happily, I can reassure hon. Members that the Bill already has various reporting mechanisms included within it. Under the new and snappily named section 105Z, Ofcom will need to regularly report to the Secretary of State. Subsection (4)(a) makes it clear that that report must include information on the providers’ compliance with the duties imposed on them by the Bill.

Ofcom will also need to report on telecoms security in its annual infrastructure report, and clause 11 specifies that this should include information on the extent to which providers are complying with their security duties under new sections 105A to 105D. The Secretary of State will also need to regularly report to Parliament on the effectiveness and impact of the new telecoms security framework.

On the final point in the new clause of the hon. Member for Newcastle upon Tyne Central (Chi Onwurah) about publishing information on emerging and future security risks, that is not of itself necessarily the most productive way of handling security risks, but the principle that she is trying to get to is very much part of what the Government are seeking to do and, of course, it would be part of what we intend to make sure that we talk about as much as we can within the bounds of national security.

I turn specifically to budget and resources. The hon. Member has set out her concerns about Ofcom’s access to resources and capabilities. It is an issue that my right hon. Friend the Member for South Holland and The Deepings (Sir John Hayes) also touched on. I can tell the House today that Ofcom’s security budget for this financial year has been increased by £4.6 million on top of its current security budget. This funding will allow Ofcom to more than double its headcount of people working on telecoms security, ensuring that it has the necessary capability and capacity to deliver its new responsibilities under the Bill. The hon. Member for Newcastle upon Tyne Central is aware that I have written to the Intelligence and Security Committee about that security resourcing. It was at a level that I cannot go into on the Floor of this House, but I hope that provides the kind of reassurance that she seeks.

Specifically on the future risks that I alluded to a moment ago, we have ensured that the Bill is looking to the future. For example, clause 12(3)(b) amends Ofcom’s information-gathering powers under section 135 of the Communications Act to ensure that it can request information from providers concerning future developments in their networks that could have an impact on security and, when reporting on security, Ofcom must include any information that assists the Secretary of State in the formulation of security policy, allowing him or her to make an informed decision about what should be published as well in due course.

New clause 2 has been the subject of the majority of this debate, and rightly so. One of the phrases used about the ISC was that it adds value; this Government do not dispute for a second that it adds huge value, and I welcome the tone with which the Chairman of the ISC, my right hon. Friend the Member for New Forest East (Dr Lewis), has approached this. I appeared before the ISC with some trepidation, as is probably appropriate for all Government Ministers, but it was a hugely productive part of this process and something that I am more than happy to do again. I do not think that my right hon. Friend necessarily thinks that piecemeal changes to the ISC’s role are the way to pursue what he seeks, but the annual report that he has mentioned will certainly be looked at closely by the Government.

Julian Lewis Portrait Dr Julian Lewis
- Hansard - - - Excerpts

I am very happy to agree with what the Minister has just said. It would not be necessary to keep trying to put these provisions on the face of each individual Bill every time a new unit is set up in a different Department, or a new duty laid on a different Department, if it could be agreed with the Government that the memorandum of understanding would be adjusted as it is meant to be adjusted when these changes occur. However, sadly, no Front Bencher has yet been able to give us an assurance that that is going to happen, and I know that the Minister will not be able to do so, either.

Matt Warman Portrait Matt Warman
- Parliament Live - Hansard - - - Excerpts

As I say, I am sure that my right hon. Friend will make that point in the annual report, and the Government will look closely at it. However, Members can take some comfort from the fact that much of the advice in relation to the more sensitive technical and national security matters within the scope of this Bill will be provided by the National Cyber Security Centre, and its activities already fall within the scope of the ISC, as my right hon. Friend knows. However, I welcome his approach to this, and I hope that his mechanism, rather than that of new clause 2, will be the one he will support today.

I turn to the last of the new clauses tabled by Opposition Members. New clause 3 aims to include the diversification strategy in the scope of the Bill. Diversification is crucial to the future of our UK networks, which is why the Government set out their plans to diversify those networks in the 5G diversification strategy in November 2020. That strategy includes steps to invest in research and development, to remove technical and commercial barriers to entry for new suppliers, and to increase our influence in standard- setting bodies—all issues that my right hon. Friend the Member for South Holland and The Deepings and others on the ISC are keenly aware of the importance of.

We are pursuing a huge range of different mechanisms to enable diversification, because the Government are fully committed to ensuring that their strategy comes to fruition. However, the diversification strategy moves the whole market forward by broadening the supplier base in many ways that are beyond the security measures that are the purview of this Bill, including increased innovation and competition and the overall growth of the telecoms supply mechanisms.

To give the House an idea of some of the non-legislative measures that we are already pursuing, they include the investment in R&D development facilities such as the National Telecoms Lab and the SONIC—SmartRAN Open Network Interoperability Centre—lab that is jointly at work with Ofcom. We are also working to remove barriers to entry for vendors such as by co-ordinating the sunsetting of legacy network technologies, working internationally to co-ordinate diversification objectives, and exploring the use of commercial incentives to address the cost of incorporating new suppliers into a network.

Jim Shannon Portrait Jim Shannon
- Hansard - - - Excerpts

I asked a question to do with the Northern Ireland Assembly and how cyber-security in Northern Ireland will be protected. Can we have an assurance on the Floor of the House today and through Hansard that that will happen?

Matt Warman Portrait Matt Warman
- Hansard - - - Excerpts

I will come on to the devolved aspects in amendment 1 in a moment, but it is of course vital that we continue the collaborative relationship with the Northern Ireland Executive and with the Welsh and the Scottish Governments as well.

The Bill places security requirements on individual operators. They are hugely important, but they are not diversification requirements on the Government’s national scale. Defining diversification in legislation would be limiting in a hugely rapidly evolving market. I know that the hon. Member for Newcastle upon Tyne Central understands the need for agility, and putting what she proposes into legislation would run counter to that ambition.

On the devolved Administrations, amendment 1 would require the Secretary of State to consult Ministers from the devolved Governments when reviewing the impact and effectiveness of clauses 1 to 13. As the hon. Member for Aberdeen South (Stephen Flynn) noted, telecoms is a reserved matter under each of the devolution settlements. I say that, however, in the full knowledge that a constructive and close working relationship with each of the devolved Governments is hugely important, be it in Project Gigabit, in the shared rural network, or indeed in matters such as this. I look forward to that collaboration continuing; it will drive forward our connectivity.

I turn briefly to the amendments that were not selected. My right hon. Friend the Member for Chingford and Woodford Green (Sir Iain Duncan Smith) has spoken passionately about these matters, both privately and publicly. I do not want to go into a huge amount of detail on amendments that were not selected, but I simply say that the actions the Government are taking in the Bill speak powerfully for themselves.

On the specific matter of issuing designation notices to vendors headquartered in other countries, it is important to consider not just whether the kinds of laws that my right hon. Friend mentions exist, but how the Government in question intend to use them. A friendly democracy may, as indeed many do, have laws that would enable it to yield information and data from companies headquartered within their territory. The conduct of such a Government, and our relationship with them, may reassure us that they would not use those powers to do harm to the UK, but there are other cases where Governments that have these laws have acted contrary to the national interest of the UK in the past. As we set out in the illustrative notice for Huawei, there is a law in China that enables the Chinese Government to collect information from companies headquartered within its territory. As the Foreign Secretary has stated, we know that the Chinese state has in the past used its power to undertake malicious cyber-activity. The designation notice that I mentioned demonstrates how the Government could take those sorts of laws into account when exercising the powers that are already in the Bill.

I thank my hon. Friend the Member for Wealden (Ms Ghani) for her work on the NATO Science and Technology Organisation. We very much welcome her preliminary draft report. I would like to express the Government’s commitment to deepening our co-operation with partner nations such as Japan and the Republic of Korea.

I thank all hon. Members on the Government Benches, and indeed on the Opposition Benches, for their constructive engagement throughout this debate. This is an important Bill that enjoys strong cross-party support, in the main. The sooner we can pass it, the sooner we can set about the crucial work of ensuring that our public telecoms networks are secure and resilient. I commend the Bill to the House.

16:30
Chi Onwurah Portrait Chi Onwurah [V]
- Parliament Live - Hansard - - - Excerpts

This has been a very well-informed debate. I am sorry if my own digital connectivity did not enable my contribution to be heard as perfectly as it should have been, but I hope we have corrected that.

There were many excellent contributions from both sides of the House. It is important to note that the House is in quite rare agreement on a number of questions regarding the Bill, particularly on the importance of national security. The representatives of each of the parties in the debate—the hon. Members for Aberdeen South (Stephen Flynn), for Caithness, Sutherland and Easter Ross (Jamie Stone) and for Strangford (Jim Shannon), and the Minister himself—shared support for the primacy of national security and recognition of the importance of our telecoms networks in our national security, and I was pleased to listen to their contributions. I thank the Minister for his response and for the tone in which the debate has been conducted.

However, I will say briefly, with regard to new clause 1, which seeks to ensure that Ofcom has the skills and expertise needed to undertake its new duties in the midst of all the other responsibilities that Parliament is asking, as well as reviewing future provision and threats to the network, that the Minister’s comments on the increase in the cap on Ofcom’s budget did not begin to address our concerns. We have, effectively, a snapshot of the financial resourcing available now. The new clause seeks to ensure that we have an understanding of the resourcing as it continues—as threats evolve in the future—and particularly that we are able to look forward to new and evolving threats on the basis of a thorough understanding of the assets in each network operator’s network.

Indeed, the right hon. Member for South Holland and The Deepings (Sir John Hayes) emphasised the step change in the requirements of Ofcom that the Bill represents. The Minister implied that Ofcom would be able to do everything requested in the new clause when it comes to looking at asset registers, for example. I simply do not understand his reluctance to put that in the Bill, given the important role that Ofcom is to play in our telecoms security. I am afraid that I do not feel that he answered my points on new clause 1.

On new clause 2, members of the Intelligence and Security Committee—its Chair, the right hon. Member for New Forest East (Dr Lewis); the right hon. Member for Beckenham (Bob Stewart); and the right hon. Member for South Holland and The Deepings—eloquently articulated many of the arguments for why the ISC needs to be part of the scrutiny of this Bill. Indeed, the right hon. Member for Beckenham was particularly detailed in his description of the very room requirements for assessing national security issues. Having worked at Ofcom, I know its rooms very well, and I do not think that they meet the requirements that he set out.

It is worth noting that the ISC was one of the first parliamentary organisations to raise issues around Huawei, back in 2013. It seems very wrong that it should be excluded from involvement in scrutinising how the Bill is implemented, given that it is the only parliamentary grouping with the appropriate security clearance. Although I appreciate the Minister’s constructive tone, I do not think that he answered the questions raised or sufficiently justified the Government’s aversion to ensuring a process for ISC scrutiny, so I will press new clause 2 to a vote.

Finally, the most complex of our new clauses is new clause 3, which would ensure that the diversification of our telecoms networks was achieved as a prerequisite for their security. We heard from the right hon. Member for Chingford and Woodford Green (Sir Iain Duncan Smith) about how telecoms markets have been constructed to enable the consolidation and monopoly power of particular players, and particularly Huawei. Unfortunately, he did not go on to say how in the Bill the Government would deliver on a UK sovereign capability, but he was absolutely right about how the market has effectively failed.

The hon. Member for Wealden (Ms Ghani) used her experience on NATO’s science and technology committee and on this Parliament’s Business, Energy and Industrial Strategy Committee to encourage the Minister to truly examine our network resilience. New clause 3 is designed to ensure the ongoing ability to examine network diversification and resilience.

We heard from the right hon. Member for South Holland and The Deepings about the impact of the unaccountable power of monopolies. Again, since the Bill does not mention a diversification plan or diversification strategy, we cannot see that it will do anything to address that issue. The hon. Member for Bracknell (James Sunderland) said that the Bill supports network diversification. I know that that is the intention, but without our new clause I cannot see how it will actually achieve it.

The Minister reiterated the diversification plans, which are not a plan—as I set out, they have no detail and no action. As for his attempt to explain why the Government have omitted from the Bill any reference to diversification, I have to say that I found it entirely incomprehensible. It was as if referring in the Bill to diversification would limit the meaning of diversification; if that were the case, we would be unable to refer in any Bill to many of its intentions or outcomes.

I remain convinced, and there is agreement on all sides of the House, that we need to ensure that diversification of our telecoms supply chain goes hand in hand with ripping out Huawei and reducing our dependence on the two remaining providers. It is very important that we take this opportunity to change the Bill so that the diversification of our telecoms networks is an integral part of Ofcom’s reporting on the progression of those networks, so I will also press new clause 3 to a vote.

Nigel Evans Portrait Mr Deputy Speaker (Mr Nigel Evans)
- Hansard - - - Excerpts

As I announced earlier, there will be three Divisions. As usual—if anything is usual these days—the first will take eight minutes and each subsequent Division will take five.

Question put, That the clause be read a Second time.

16:38

Division 12

Ayes: 263


Labour: 196
Scottish National Party: 45
Liberal Democrat: 11
Independent: 4
Plaid Cymru: 3
Social Democratic & Labour Party: 2
Alba Party: 2
Alliance: 1
Green Party: 1

Noes: 365


Conservative: 357
Democratic Unionist Party: 8

The list of Members currently certified as eligible for a proxy vote, and of the Members nominated as their proxy, is published at the end of today’s debates.
New Clause 2
Provision of information to the Intelligence and Security Committee
“The Secretary of State must provide the Intelligence and Security Committee of Parliament as soon as is reasonably practicable with a copy of—
(a) any direction or notice (or part thereof) that is withheld from publication by the Secretary of State in the interests of national security in accordance with section 105Z11(2) or (3) of the Communications Act 2003;
(b) any notification of contravention given by the Secretary of State in accordance with section 105Z18(1) of the Communications Act 2003;
(c) any confirmation decision given by the Secretary of State in accordance with section 105Z20(2)(a) of the Communications Act 2003;
(d) any reasons for making an urgent enforcement direction that are withheld by the Secretary of State in the interests of national security in the accordance with section 105Z22(5) of the Communications Act 2003; and
(e) any reasons for confirming or modifying an urgent enforcement direction that are withheld by the Secretary of State in the interests of national security in accordance with section 105Z23(6) of the Communications Act 2003.”—(Chi Onwurah.)
This new clause would ensure that the Intelligence and Security Committee of Parliament is provided with any information relating to a designated vendor direction, notification of contravention, urgent enforcement action or modifications to an enforcement direction made on grounds of national security.
Brought up, and read the First time.
Question put, That the clause be read a Second time.
16:49

Division 13

Ayes: 263


Labour: 196
Scottish National Party: 45
Liberal Democrat: 11
Independent: 4
Plaid Cymru: 3
Social Democratic & Labour Party: 2
Alba Party: 2
Alliance: 1
Green Party: 1

Noes: 363


Conservative: 355
Democratic Unionist Party: 8

The list of Members currently certified as eligible for a proxy vote, and of the Members nominated as their proxy, is published at the end of today’s debates.
New Clause 3
Network diversification
‘(1) The Secretary of State must publish an annual report on the impact of progress of the diversification of the telecommunications supply chain on the security of public electronic communication networks and services.
(2) The report required by subsection (1) must include an assessment of the effect on the security of those networks and services of—
(a) progress in network diversification set against the most recent telecommunications diversification strategy presented to Parliament by the Secretary of State;
(b) likely changes in ownership or trading position of existing market players;
(c) changes to the diversity of the supply chain for network equipment;
(d) new areas of market consolidation and diversification risk including the cloud computing sector;
(e) progress made in any aspects of the implementation of the diversification strategy not covered by subsection (a);
(f) the public funding which is available for diversification.
(3) The Secretary of State must lay the report before Parliament.
(4) A Minister of the Crown must, not later than two months after the report has been laid before Parliament, make a motion in the House of Commons in relation to the report.”—(Chi Onwurah.)
This new clause requires the Secretary of State to report on the impact of the Government’s diversification strategy on the security of telecommunication networks and services, and allow for a debate in the House of Commons on the report.
Brought up, and read the First time.
Question put, That the clause be read a Second time.
16:56

Division 14

Ayes: 271


Labour: 196
Scottish National Party: 45
Liberal Democrat: 11
Democratic Unionist Party: 8
Independent: 4
Plaid Cymru: 3
Social Democratic & Labour Party: 2
Alba Party: 2
Alliance: 1
Green Party: 1

Noes: 357


Conservative: 356

The list of Members currently certified as eligible for a proxy vote, and of the Members nominated as their proxy, is published at the end of today’s debates.
Third Reading
17:03
Matt Warman Portrait Matt Warman
- Hansard - - - Excerpts

I beg to move, That the Bill be now read the Third time.

I thank right hon. and hon. Members for their contributions today, and I also thank the excellent team of Clerks of the House, those at the Department for Digital, Culture, Media and Sport, and all those involved in the preparation of the Bill. In particular, I thank those who work at our agencies to support so much of what goes into our national security: they are the best among us, and all of us in the House are grateful for their service.

The first priority of this Government is to keep people safe and this Bill is just one step in achieving that objective. It is a precise and technical Bill but an important one none the less. While we might have disagreed on some of the details, it is encouraging that there is such broad consensus across this place and I hope that that spirit of co-operation continues when the other place considers the Bill.

The Bill will ensure the security and resilience of the UK’s telecoms networks for years to come. Bringing it into force on Royal Assent cannot come soon enough. It will create one of the toughest regimes for telecoms security in the world. It will protect our networks and shield our critical national infrastructure both now and in the future, as technologies grow and evolve. With this Bill, we are delivering on our commitments in the 2019 telecoms supply chain review, which were informed by the advice from the world-leading NCSC and GCHQ. Today, we have taken an important step towards putting those commitments on a statutory footing and taking action to protect and secure our important networks.

I hope that, in my response to the amendments and new clauses, I provided reassurance on the role of Ofcom, the importance of diversification and the other matters raised. I welcome the constructive challenge of Members on those points, and I hope I have reassured them that we are pushing in the same direction. I thank all Members for their contributions. I commend the Bill to the House and look forward to it passing through the other place.

17:06
Chi Onwurah Portrait Chi Onwurah [V]
- Hansard - - - Excerpts

I thank the Minister for his statement and echo his remarks in thanking all the Clerks and officials of the House and the Department who worked on the Bill, as well as our security services for the protection they provide day and night and for the input of the NCSC and GCHQ to the Bill.

I want to make it clear that the Labour party supports the Bill as a necessary step in protecting our telecoms national security. It is important that we legislate to ensure that Government have the power to act when faced with circumstances such as those presented by Huawei or, even better, to prevent dependency on high-risk vendors from arising in the first place. We will therefore not oppose the Bill on Third Reading. We recognise that national security is the first duty of every Government, and we support the measures to promote national security in the Bill.

At every stage of the Bill’s passage, we have seen an engaged and informed level of debate. As a chartered telecoms engineer, I particularly welcome the time that the House is spending on considering our telecoms infrastructure, even in these circumstances, which are to be regretted: we should not have got here. Parts of our debate have resembled a wake for the telecoms sector we could have had with a UK sovereign capability. The telecoms sector should have been subject to a more active, proactive interest for years now—or, shall I say, 10 years? We have lacked a telecoms industrial strategy and that, together with a focus on foreign investment over national security, is why we are here. Successive Conservative Governments have allowed the telecoms sector in the UK to be dominated by a high-risk vendor. Competition on price rather than security has become the rule for the telecoms operators. The market failed, but Ministers did not notice; they thought that security could be left to the market.

This is at a time when digital has become part of every part of our lives. We now spend a quarter of our waking hours on the internet. The UK telecoms industry contributes £32 billion to the economy and directly provides nearly a quarter of a million jobs. It has an impact on all our lives. As we are experiencing during the pandemic, it is an enabler of almost everything we do, and in the future—by which I mean in the next few years—it will bring about even more significant changes to how we live, work and engage with one another.

From driverless cars to advanced manufacturing, digital connectivity is essential. Indeed, we can argue that the pandemic has given us a taste of the future and moved the future closer. It has shown us how important good, fast, stable connectivity is, with millions still depending on it to work from home and stay in contact with friends and family. The pandemic has encouraged—indeed, required—a mass migration online, with businesses that were not digital-ready suddenly forced to operate online. It is salutary to recall that before covid there was a question of whether broadband was a vital utility. That was a matter of debate; it was debated as part of the Telecommunications Infrastructure (Leasehold Property) Act 2021. The pandemic has since proved beyond doubt that telecoms is an essential utility, but, although our telecoms infrastructure has held up during the pandemic—I congratulate telecoms operators on that—it could have been so much better. Many in rural areas or unable to afford decent broadband will not thank me for praising our telecoms networks.

When Labour left office, we had world-leading infrastructure. That is no longer the case. We are now 47th in the world for broadband speeds. I say that to emphasise the significance of the upheaval that the sector is facing after the Government’s decision to strip Huawei out of the network, at a cost of £2 billion and two to three years delay to 5G roll-out. It is a decision that we supported and continue to support, but we cannot let solving one problem give rise to numerous more. Unfortunately, the holes that remain in this Bill will do just that. Let me emphasise how important this Bill is in ensuring that we get regulation and investment right for a sector that contributes so much to our economy, as well as to our work and social lives.

We must make sure that we do not find ourselves in a similar position again, and that our telecoms network and supply chains are resilient and protected in future—even, critically, as the geopolitical environment evolves. Our telecoms infrastructure lacks security and resilience. The Government have taken no steps to maintain or develop a sovereign telecommunications capability, and their broadband strategy—if we can call it that—has far more U-turns, dither and delay than meaningful policies.

The Bill is passing to the other place with significant failings. The first is national security. Labour prioritises national security. The Secretary of State and the Minister both agreed during the proceedings that the Bill needed to include sweeping powers to address matters of national security, so we remain concerned that the Committee that provides parliamentary oversight on matters of national security is being excluded from oversight of the measures in the Bill.

Secondly, the security of our networks depends on an effective plan to diversify the supply chain. As our amendments have fallen, the Bill still does not even mention supply chain diversification or the diversification taskforce, even though we all agree that we cannot have a robust and secure network with only two service providers, which is the number that we will have left once Huawei is removed from our networks.

I am going to say this once more for the Minister: we need a diversified supply chain and that means a diversity of suppliers at different points of the supply chain. Britain has great start-ups that are just desperate to help address this issue. Where is the support for them? The future of telecoms networks is moving away from closed, proprietary boxes to open interfaces and innovation in the cloud. That provides a real opportunity for some of our innovative companies, but the Government have still not laid out how this is to be realised, as their own diversification taskforce report recently made clear. Is the UK going to benefit from the costly debacle of ripping out Huawei—an integrated supplier? Right now, the only beneficiaries would appear to be Ericsson, Nokia and lawyers. We put the Government on notice that we will be holding them to account on that.

Thirdly, the Bill gives sweeping new powers and responsibilities to Ofcom. This follows a vast and continuing expansion of Ofcom’s remit. Ofcom lacks experience in national security, and changes to its duties will require the recruitment of people with the required level of security clearance and experience. The Minister and the Government have sought to evade scrutiny on that. We will seek to hold them to account. As part of that, we are very concerned that the Bill in its current form is not forward thinking enough. It lacks the processes to provide the foresight needed to ensure that we are not in this same position again. Where is the horizon-scanning function to identify emerging threats and potential weaknesses in UK telecoms providers’ asset registers? If our networks became dependent on one cloud service provider, such as Amazon Web Services, how would we know?

To conclude, we support the Bill as a necessary measure to protect our telecoms national security interests, but we are concerned that the Government have allowed ideology to undermine effectiveness when it comes to this Bill, and we will continue to seek to improve it.

00:02
Bob Stewart Portrait Bob Stewart
- Hansard - - - Excerpts

I agree with the hon. Member for Newcastle upon Tyne Central (Chi Onwurah): this is a Bill to try to block hostile states and organisations from breaching our national security, and its intentions are absolutely on target, and all of us agree with them.

I do not believe that we will not have to revisit parts of the Bill to ensure that in the end Parliament is sovereign over information. For instance, it does not seem right that Ministers and Ministries keep the information to themselves and it is not passed on, albeit in redacted form or through the ISC.

We have to get oversight right, so in the end we may have to revisit the legislation in the next few months and years as a result of the experience we have. I hope not—I hope the Minister is right that we will be able to have oversight without having to revisit the legislation, but I suspect we might not. There it is—I promised to be short, and I will sit down now.

00:02
Stephen Flynn Portrait Stephen Flynn
- Hansard - - - Excerpts

I am a strong believer that brevity is a great charm of eloquence, so that is a statement that would be well taken on board by the shadow Minister in future. I was hoping for a power cut in Newcastle—I am being kind.

First, I place on record my thanks to my hon. Friend the Member for Gordon (Richard Thomson) for his partaking in the debate on Second Reading. He did us a great service in that regard. I also thank Josh Simmonds-Upton in our research team, who put a great deal of effort into the Bill.

This is a Bill that we will support. We will give it close scrutiny moving forward, and I hope that the Government will work on good terms with the Scottish Government moving forward in this regard.

Question put and agreed to.

Bill accordingly read the Third time and passed.

Nigel Evans Portrait Mr Deputy Speaker (Mr Nigel Evans)
- Hansard - - - Excerpts

I am going to suggest that as we go through the next motions, the Serjeant at Arms sanitises just the Government Dispatch Box in order for us to save a little time.

First Reading
A Bill to make provision about the security of public electronic communications networks and public electronic communications services.
The Bill was brought from the Commons, read a first time and ordered to be printed.
Second Reading
14:17
Moved by
Baroness Barran Portrait Baroness Barran
- Hansard - - - Excerpts

That the Bill be now read a second time.

Relevant documents: 5th Report from the Constitution Committee and 4th Report from the Delegated Powers Committee

Baroness Barran Portrait The Parliamentary Under-Secretary of State, Department for Digital, Culture, Media and Sport (Baroness Barran) (Con)
- Hansard - - - Excerpts

My Lords, this past year has put into sharp focus the importance of digital connectivity, which has been vital in keeping both people and industries going in these challenging times. In the other place, my right honourable friend the Secretary of State spoke about the potential for 5G and gigabit broadband to transform our lives. The Government are investing billions of pounds into these cutting-edge technologies. However, we can be confident in the technology only if we know that it is secure.

That is why we have introduced the Telecommunications (Security) Bill. The Bill will create one of the toughest telecoms security regimes in the world. It will protect our telecoms networks even as technologies grow and evolve, shielding our critical national infrastructure both now and for the future. I will briefly outline the context for the Bill and why it is necessary, before turning to the intent of its clauses and delegated powers.

The security and resilience of 5G and full-fibre networks is not just in the national security interests of the UK. It is also crucial to the UK’s economic interests and future prosperity. The House will recall that this Government published the UK Telecoms Supply Chain Review Report in July 2019. It found that telecoms providers lack incentives to apply security best practices and recommended a new framework for the UK’s public telecoms providers that will respond to new and emerging threats to the security of our networks. The review also recommended new national security powers for the Government to control the presence of high-risk vendors in UK networks. The Bill is our response to those recommendations.

I will now outline the intent of the Bill’s clauses, which can be broadly separated into two groups. Clauses 1 to 14 introduce a stronger telecoms security framework, placing new security duties on public telecoms providers. Clauses 15 to 23 introduce new national security powers to address the risks posed by high-risk vendors.

I turn first to Clauses 1 to 14. The Bill amends the Communications Act to create a tough new telecoms security framework, which consists of three layers. First, the Bill places strengthened overarching telecoms security duties on public telecoms providers in primary legislation. Secondly, specific security requirements will be set out in secondary legislation. Thirdly, guidance on the detailed technical measures that providers could take to comply with their legal obligations will be set out in a code of practice. The new legal duties in the Bill and the measures in the secondary legislation will apply to public telecoms providers operating within the UK.

To illustrate the specific measures that providers may be expected to adopt, we published an illustrative first draft of the security framework regulations on GOV.UK in January. We have been, and continue to be, in close contact with industry following the publication of the draft regulations. Comments received as part of this engagement are being considered in the drafting of the final version. We will launch a public consultation on the draft code of practice once the Bill achieves Royal Assent. This will ensure that views from all impacted groups are heard ahead of the new framework coming into force.

The Bill provides Ofcom with a new general duty to seek to ensure that telecoms providers comply with their new security duties and builds on Ofcom’s existing security duties. Ofcom will have new powers to assess providers’ compliance. In cases of non-compliance, Ofcom will be able to issue a notification of contravention and, ultimately, financial penalties of up to 10% of turnover. Recognising that Ofcom will have expanded duties, DCMS is working with it to ensure that it has the necessary capability and capacity to deliver those vital functions. We have already increased Ofcom’s security budget for this financial year by £4.6 million to reflect its enhanced security role, in addition to its existing funding. Ofcom will also continue to work closely with the National Cyber Security Centre in the delivery of its security functions. The two organisations have published a statement, available on Ofcom’s website, which sets out how they plan to work together.

Clauses 15 to 23 introduce new national security powers to manage the risks posed by high-risk vendors in our telecoms networks. The Bill includes new powers for the Secretary of State to designate specific vendors in the interests of national security and issue directions to public communications providers. Those directions will place controls on a provider’s use of goods, services and facilities supplied by a designated vendor. Once a designated vendor direction is issued, the Secretary of State can direct Ofcom to collect information from providers and report back so that the Secretary of State can determine whether a provider is complying with a direction. Government amendments were passed in Committee in the other place to bring the powers in Clauses 15 to 23 into force immediately upon Royal Assent.

The Government have announced that UK telecoms providers should cease to install Huawei equipment in 5G networks after September 2021 and remove all Huawei 5G equipment by the end of 2027. We published an illustrative direction and designation notice in November 2020 to demonstrate how the powers in the Bill could be used in relation to Huawei in line with these announcements. Once the Bill receives Royal Assent, any proposed designated vendor directions and notices will be subject to the relevant consultation requirements set out in the Bill.

I will now turn to the delegated powers in the Bill. It contains nine delegated legislative powers to make secondary legislation and two administrative powers. Six of the delegated legislative powers are to amend the maximum penalties specified in the Bill. These are Henry VIII powers and are subject to the draft affirmative resolution procedure. A further two are powers to create regulations setting out specific measures to be taken to comply with the new security duties and are subject to the negative resolution procedure. Finally, one power is to make regulations commencing certain provisions in the Bill and is not subject to any procedure. The two administrative powers are the power to issue codes of practice and the power to give designated vendor directions to providers.

Our approach to the delegated legislative powers is in keeping with precedent. The powers to amend maximum penalties in the Bill are consistent with those in the Communications Act 2003. I appreciate the need for Parliament to have the right mechanisms to scrutinise the powers that we are taking in the Bill. I am confident that the approach we have taken finds the appropriate balance. As the House would expect, we have submitted the delegated powers memorandum to the Delegated Powers and Regulatory Reform Committee. I thank it very much for its prompt report on the memorandum, which I read with interest. The Government will consider the committee’s recommendation concerning the power to issue codes of practice about security measures and aim to respond to the report fully in due course.

To conclude, the Bill has not been designed around one company, one country or one threat. Its strength is that it will create an enduring and effective telecoms security regime that will be flexible enough to keep pace with changing technology and changing threats. I hope that noble Lords on all sides of the House will welcome it. I beg to move.

14:28
Lord West of Spithead Portrait Lord West of Spithead (Lab)
- Hansard - - - Excerpts

My Lords, those of you who participated in this House’s consideration of the National Security and Investment Act may, I am afraid, detect a few similarities in the nature of my contributions to this legislation. That is an unfortunate consequence of the Government’s failure to listen to the strength of feeling in the House on the subject of oversight during those debates.

Like that Act of Parliament, the Bill seeks to address concerns first raised by the Intelligence and Security Committee some seven years ago in its report, Foreign involvement in the Critical National Infrastructure, namely that there were serious failings in the way in which successive Governments managed the entry of foreign telecommunications companies into the UK market. Clearly, the Government have been listening to what the ISC, with its unparalleled access to highly classified material, has been able to discover on behalf of Parliament, leading to both pieces of legislation.

The ISC therefore welcomes this Bill. We strongly support the principle behind it and the new safeguards it introduces. However, as with the National Security and Investment Act, we are concerned that the Bill does not provide for sufficient parliamentary oversight of these important new powers. As noble Lords are aware, the Bill provides significant powers for the Secretary of State to designate certain vendors as high-risk and to direct telecommunications providers to abide by certain requirements about the use of equipment from designated vendors. When the Secretary of State issues, varies or revokes a designation notice or a designated vendor direction, he will lay it before Parliament, except when this is contrary to national security.

This is a perfectly reasonable provision. I, for one, would not wish the Government to publish information that would damage national security. However, as things stand, this results in a significant gap in Parliament’s ability to scrutinise the Government’s decision-making and use of these powers. I am sure noble Lords agree that this is not what Parliament expects.

There is a simple and elegant solution to this problem: any designation notices or designated vendor directions that cannot be laid before Parliament for reasons of national security should be provided instead to the ISC for scrutiny. Parliament established the ISC for this purpose. Indeed, it is the only committee of Parliament that has regular access to the most sensitive protectively marked information. ISC colleagues have made these points repeatedly in the other place but they, again, have fallen on deaf ears. The Government’s resistance to this idea, coming so swiftly after their resistance on the NSI Act, gives the unfortunate impression that they are seeking to avoid scrutiny—an impression I am sure Ministers will wish to correct.

The Government have been clear that they do not think the ISC’s scrutiny role should be included in the Bill. This is regrettable. We should not knowingly be passing legislation that has holes in it. However, once again, there is a ready solution to that problem. As noble Lords are aware, the Justice and Security Act 2013 requires the ISC’s specific remit to be set out in a memorandum of understanding between the committee and Prime Minister. The Government told Parliament that the MoU would provide the ISC with oversight of substantially all the Government’s intelligence and security activities. However, with the passage of the NSI Act and now this Bill, the MoU is self-evidently out of date. It is a very simple matter to update it to provide the ISC with oversight of these powers in the specific and limited way I described a few moments ago.

The committee has formally raised this issue with the Government and asked them to take forward updating the MoU to ensure that it meets the commitments the Government made to Parliament during the passage of the Justice and Security Act. For that reason alone, I do not intend to table an amendment that would put the ISC’s essential oversight role on these powers in the Bill. However, the Government should be in no doubt that they must address this issue; the current situation is not tenable. If the Government do not wish to amend the Bill to fill this oversight gap, they must give a commitment to update the ISC’s memorandum of understanding and provide the oversight that Parliament requires in that way.

A large body of opinion from all corners of the House feels strongly about this and, should another Peer table an amendment on it, I would support it. The Minister will recall the strength of feeling in the House when the Government failed to provide for ISC oversight of the powers introduced by the National Security and Investment Act. I urge the Government to work constructively with the ISC on this issue.

14:33
Lord Fox Portrait Lord Fox (LD)
- Hansard - - - Excerpts

My Lords, I thank the Minister for her very clear exposition of the purposes and modus operandi of this Bill. It is a great pleasure to follow the noble Lord, Lord West—Admiral West—and I look forward to working with the noble Baroness, Lady Merron, who is on the Front Bench.

During late summer last year, we debated the Telecommunications Infrastructure (Leasehold Property) Act, when this security Bill was held out as a carrot, largely to try to curtail discussions of a Chinese nature. It did not work, of course, and we had those discussions, but here we are at last with this Bill. As we have heard, it provides the Government with considerable new national security powers to issue directions to privately-held public telecommunications providers, primarily with the aim of managing issues arising from high-risk vendors. As such, the Minister will acquire wide and sweeping powers.

The Bill also gives Ofcom wide duties and legal powers to monitor and assess the security of telecoms providers. For teeth, as we have heard from the Minister, companies that continue to use high-risk vendors could or will face very heavy fines. Perhaps the Bill’s headline outcome is the new controls on the use of Huawei 5G equipment, including a ban on the purchase of new Huawei equipment from the end of 2021 and a commitment to remove all Huawei equipment from 5G networks by 2027.

How will these Benches respond? First, I am happy to confirm that Liberal Democrats are strongly in favour of having secure telecommunications networks. I am sure the Minister is relieved to hear that. Secondly, Liberal Democrats want to see Huawei technology removed as quickly and expediently as possible. However, I note, as the Minister hinted at but did not detail, that the issue is with more than one supplier and more than one country. I add that the issue of the treatment of Muslim Uighurs does not stop with this Bill. The genocide going on there creates much wider implications for our relationship with China than the issue of which technology makes our phones work. These implications are very important, but I understand that they are beyond the scope of this Bill.

Thirdly, Liberal Democrats strongly believe that the Government must now invest in developing telecommunications technology in the UK. We want to see an increase in the diversity of the UK’s telecoms supply chain. We also believe that a strong relationship with the European Union and the intelligence alliance Five Eyes will help us to ensure that security risks are dealt with quickly. Finally, Lib Dems want to see stronger protections for the privacy of people in the UK.

What we will be testing in Committee is threefold. First, does the Bill effectively shut out the technology it is meant to shut out? The trick to making communications secure will be the nuts and bolts of the Bill. Secondly, do the Minister and Ofcom have the right powers, and the necessary checks and balances, to make this Bill work? Thirdly, when it comes to supply chain diversification, can we actually shut out Huawei et al and have an effective communications network?

One at a time, first let us look at the prime intent of the Bill: to keep our networks secure. On the face of it, this is another skeleton Bill. With the presentation of a few statutory instruments here and there, the Government should theoretically be able to react swiftly, but are the Minister and Ofcom placed to pre-empt issues, rather than react to them? There is a technical difficulty here: in 5G particularly, the distinction between the core and edge of networks is blurred. With technology moving faster than government can, that distinction is almost meaningless and the threats will change from week to week. So can the Minister explain how Ofcom can ever successfully be ahead of the game and not chasing issues?

As we know, plans for removing Huawei have been announced, but this does not stop with Huawei. For example, legislation in the US is considerably broader. It identifies specific companies, including Huawei, but also ZTE Corporation, Hytera Communications Corporation Limited, Hangzhou Hikvision Digital Technology Co. Limited and Dahua Technology Co. Limited. Also, US legislation covers telecommunications and video surveillance and services. Given the news this weekend, the Minister might like to review where we source CCTV cameras from in this country—I note that that was discussed in a previous debate. Can the Minister assure your Lordships’ House that this legislation will cover the full range of security threats that we need to cover or will we see another Bill to broaden it yet further into surveillance and surveillance services?

Turning to the powers granted by this Bill, it gives wide-ranging powers to the Secretary of State and next to no oversight to Parliament. Included are sweeping powers to address matters of national security and it is not clear, although the Minister has hinted, how Ofcom will really interact with the intelligence community. Furthermore, as we have heard from the noble Lord, Lord West, the committee, which has express oversight of national security, has been excluded from scrutinising how this legislation will operate. I support the words of the noble Lord, Lord West. In addition, there is no dedicated role for judicial or technical oversight. This is very different from the Investigatory Powers Act 2016, in which such provision exists. I expect my noble friend Lord Clement-Jones to comment more on this issue.

The Bill also gives sweeping powers to Ofcom. We heard from the Minister how Ofcom will be co-operating with the intelligence services, but this creates a conflict of culture within Ofcom and will inevitably lead to more opaque operations which will, in turn, create issues elsewhere. I am still not clear how that interface will work. It will be useful to investigate that in Committee.

Finally, I turn to supply chain diversity. The Minister in the Commons said:

“We must never find ourselves in this position again. Over the last few decades, countless countries across the world have become over-reliant on too few vendors”—[Official Report, Commons, 30/11/20; col. 75.]


Fine words, I am sure, but they come from a Government whose Chancellor and Secretary of State for BEIS have cancelled the industrial strategy and disbanded the Industrial Strategy Council. Undaunted, alongside the Bill the DCMS has published a diversification strategy. I suggest that Oliver Dowden, who adorns that document, is rowing somewhat in the opposite direction from the Chancellor of the Exchequer. Assuming that this strategy makes some headway against a running tide within government, it has three legs: “supporting incumbent suppliers”, “attracting new suppliers” and accelerating “open-interface solutions”.

I will take those legs one at a time, beginning with “supporting incumbent suppliers”. I am bemused by the term “incumbent”. I think it means domestic suppliers, because Huawei is an incumbent supplier and we have heard that it will not be getting support. Assuming domestic suppliers is what is meant—there are world trade rules that make it difficult to preferably treat domestic suppliers, but assuming these can be surmounted —can the Minister give us the current estimate of how many incumbent domestic suppliers are in our network and what percentage, in terms of value, they represent?

To fill that gap, we are going to need pretty rapid innovation. Innovation is not easy and the speedy innovation we have just seen with the Covid vaccine, for example, was helped by two important conditions: first, a very strong existing R&D base in this country and secondly, a guaranteed private sector market for the vaccine. I do not think these conditions exist for telecoms technology. So, what is Her Majesty’s Government’s assessment of telecoms research and development in the UK? How will the private networks be encouraged to guarantee a market for any UK-based and UK-developed products that emerge?

The second strategic leg is “attracting new suppliers”. I suspect this is going to be an easier job than building an industry from scratch in this country. Will the Minister confirm how the vetting process will work? I assume this will be in the code of conduct. Will the networks have to be externally cleared? Will they be subsequently audited, and how deep does approval go? Does every component of every sub-assembly need to go through a process, and how will this all unfold in building the networks? It begins to sound quite cumbersome if there is going to be a nuts and bolts check of the technology.

The third leg is accelerating “open-interface solutions”. The Government are moving ahead at speed with open-access radio networks and open RAN piloting, and should be congratulated. If it goes to plan, when will we start to see this becoming significant? How will the Government get the existing vendors to increase the scope of their interoperability? What, in a sense, is in it for them?

We overwhelmingly support the objectives of this Bill. There are serious issues, particularly in the absence of detail and scrutiny. The regulations remain a mystery until they are published, and the process is potentially pretty bureaucratic. I think the Government have recognised that there are issues, which probably reflects why there are four days in Committee ahead of us. We may need all four of those days.

14:45
Lord Stirrup Portrait Lord Stirrup (CB)
- Hansard - - - Excerpts

My Lords, I welcome this Bill. It is not only necessary, it is also overdue, but it is just one step on a path along which we have much further to go. By itself the Bill will have only a limited impact. If we are to realise its benefits, we need to think about the wider questions it leaves unanswered. Addressing these questions is crucial to our future safety and prosperity.

Throughout history, technological advances have brought with them exciting new opportunities, but they have also introduced serious vulnerabilities. Meanwhile, as our society has grown more complex, interconnected and interdependent, so its ability to weather shocks has grown more fragile—to the point now that serious technological disruptions could have catastrophic consequences. This should not be taken as an argument against embracing technology and the benefits it confers. It should, though, make us think very seriously about the new vulnerabilities we create and how we might mitigate the associated risks.

The Bill goes some way towards meeting that responsibility, but it does not provide the whole answer. As the title of the Bill tells us, the issue we confront is one of security, but we have to ask ourselves what exactly we mean by that term. In my view, we do not mean invulnerability. We should certainly seek to defend critical areas such as our telecommunications from attack, but a defender always has certain disadvantages. The choice of when, where and how to attack lies with the assailant and the defender is, at least at first, on the back foot. This problem is particularly acute when the space or activities to be defended are widely spread, as with our telecommunications network. We cannot therefore assume that an attack will fail, no matter how well we prepare. Quite the opposite: we have to assume at least a degree of success. So, the security of our national telecommunications infrastructure becomes a question less of how to prevent attacks entirely and more of how well we can absorb and recover from them.

In its first report of May last year, the National Infrastructure Commission acknowledged as much and recommended an architecture which can “anticipate” challenges, “resist, absorb” and “recover” from attacks and adapt accordingly. It calls on the Government to set “resilience standards”, appoint regulators to “oversee regular stress testing” and require that:

“Infrastructure operators produce long term resilience strategies”.


Can the Minister tell the House what progress has been made in implementing these recommendations?

All of this seems to throw up two different categories of question: what policies and actions would best protect our infrastructure from attack and achieve the necessary resilience, and how do we provide appropriately rapid assessments and directions to counter the effects of such attacks?

On the first point, at which this Bill is aimed, the Huawei experience would seem to suggest restricting the provision of parts of our infrastructure to trusted suppliers and operators, but who are they and how are they to be engaged? They cannot be drawn solely from the ranks of “British” companies—whatever that means in today’s globalised business environment—since we do not have the mass, the spread or the technologies within our economy to meet all our own needs. It is certainly possible to identify less risky 5G suppliers than Huawei, but not ones that are risk free.

Even where we do have a national capability to provide and operate parts of our infrastructure, problems remain. Are the Government to identify such national champions in selected areas of business? This may be necessary in some very restricted areas, but such dirigisme has a poor track record in the UK for two principal reasons. First, the Government are not very good at identifying winners. Secondly, in order to remain in business, such champions need a regular drumbeat of UK orders, which, in turn, stifles competition and efficiency. There are many salutary examples of this in the history of defence procurement.

A more productive approach might be to decrease reliance on one or even a few suppliers and thus build a degree of redundancy into the most critical parts of our infrastructure. This would not be the cheapest solution, at least in the short term, but the level of insurance that it provides might be well worth paying for. The Government need to develop an approach that balances cost, risks and resilience—that constantly monitors and rebalances this equation in the context of our complex and dynamic world.

This requirement, alongside the observation that some of our judgments will inevitably prove to be wrong, and in the expectation that some attacks will succeed, at least in part, brings me to my final point. Things move quickly in the world of technology, and they will move even faster during a determined attack on our telecommunications infrastructure. If we are to respond successfully, if we are to absorb the first blow, recover from it and reshape ourselves for the future, we will need two things: agility and adaptability. Agility in this sense is our ability to respond quickly to those things we did not or could not foresee—to change our systems, plans and, indeed, our thinking on the fly to check and outmanoeuvre our opponents. Our resilience and ability to recover will depend on this. Adaptability, by contrast, is about our ability to change our longer-term posture in the light of emerging threats and opportunities and to learn from both failure and success. Agility keeps us in the fight and helps us master immediate challenges. Adaptability maintains our readiness in a changing world.

Provision of these crucial attributes cannot be left to the individual service providers, but neither can they be delivered by the Government or by a regulatory body such as Ofcom. Those organisations can and should formulate policies, allocate resources and check compliance, but we also need a much more flexible arrangement to provide effective command and control of both our detailed preparations for, and our response to, attacks. Perhaps there is a role here for an expanded National Cyber Security Centre. So, while I welcome and support this necessary Bill, I urge the Government to view it as just one stage of a much longer journey. It is a good plan, but like all plans it will not survive first contact with the enemy. If we are safely to reap the benefits of new technologies, we need ways not just of regulating them but of dealing swiftly and competently with the dangers presented by their malign exploitation. This Bill goes only so far; we need to go much further.

14:53
Baroness Morgan of Cotes Portrait Baroness Morgan of Cotes (Con)
- Hansard - - - Excerpts

My Lords, it is a pleasure to speak in this debate. In the time available, I want to welcome the Bill, which, as we have already heard, delivers on promised made by the Government and Ministers in 2019 and 2020: that a comprehensive telecoms security framework would be put in place. As my noble friend the Minister said, this is a comprehensive security framework that will provide an opportunity to look beyond just one company or one country of concern. As we have heard from previous speakers, over the years there will of course be more threats and more areas and companies of concern that will arise.

I agree with the noble and gallant Lord, Lord Stirrup, that of course this is a first step. As we know, with security threats and with emerging technology, over the years a more comprehensive response will be needed, but I think the Government are to be congratulated that the midst of the disruption over the last 15 months, this telecoms security framework Bill has been brought forward as was promised. The other side to this, as we have already heard, is noble Lords’ desire to hear about the pace and rollout of the diversification strategy. My noble friend the Minister will, I hope, be taking this from the House and be able to address it in her comments.

As noble Lords will be aware, the use of 5G technologies, the importance of 5G to the delivery of the internet of things, the use of artificial intelligence and other technologies, are only going to grow. Just this morning, I was part of this House’s Covid-19 Committee listening to evidence about the increase, as we have seen, of course, of people working from home over the last year, running their businesses from home and, as some of us have seen more closely than others, home schooling—which we all hope there will be no need for again in future. Without secure, reliable and resilient broadband internet and 5G connectivity, we will put ourselves at a disadvantage as a country.

The need for that resilience—as well as having secure networks—means that if we are asking companies to take out the technology from a particular other supplier, or to not use technology from particular countries in future, for extremely understandable, wise and prescient security reasons, we will need to make sure that we build up a secure, long-lasting and sustainable supply chain strategy in this country. This may not relate only to domestic companies; we have allies around the world and will want to be able to work with other companies and countries around the world to make sure we have that diversity of the supply chain. The lack of diversity has been referred to as a market failure, and I think that was correct. The Government have now very much got on top of this and got ahead of this. I hope the Minister will, as the Bill goes through this House—I will have great pleasure in supporting it as it does—and in future, be able to keep the House updated about the delivery of that diversification of the supply chain, as was announced by my right honourable friend the Secretary of State in November last year. I wish the Bill every success as it proceeds.

14:56
Lord Maxton Portrait Lord Maxton (Lab)
- Hansard - - - Excerpts

My Lords, I hope to be very brief. We ought to remember three things. First, our lives are very short—although I am 85—in comparison with the 300 years of the Industrial Revolution. Secondly, that is 0.1% of Homo sapiens’ existence on this world. Thirdly, the world is much older still. Is the Minister assured that the development of innovation that is part and parcel of what we want to see over the next few years is going to continue, or is this going to be a block on the continuation of that?

More importantly, much of what Ofcom deals with is international, not national. Therefore, it is going to be much more difficult to respond to an entitlement of that nature internationally than nationally. It is easy to deal with four or five companies that deal with telecommunications within this country, but it is not so easy to deal with them internationally, particularly with Facebook and Twitter and all the other things that go with that. I have no idea where they come from. Does anybody know where they come from? Netflix is a massive organisation, now producing more than the BBC, but where does it come from? Where exactly is it, in terms of telecommunications generally? Amazon Prime—again, where does it come from? I pay my bill to Amazon Prime regularly, but where on earth do I pay it to? Where does it go?

I suggest three things: first, that we deal with the international issue; secondly, that we deal with the issue that I raised to start with; and thirdly—more importantly—that we ask whether our democratic system keeping up with the improvements in science and technology that are happening around the world at present. Yes, in 1820, two-thirds of people in Britain lived below the level of absolute poverty. Now, the United Nations is talking about abolishing that term because that level no longer exists. Poverty exists, of course, but absolute poverty does not exist. On vaccines, even in the present crisis, the number of people who are vaccinated now is higher than in the past. The number of people who can read and write is also higher. So, why are we not tackling the problem of changing our constitution to ensure that we keep up with the scientific and technological improvements happening around the world?

15:01
Lord Young of Cookham Portrait Lord Young of Cookham (Con)
- Hansard - - - Excerpts

My Lords, I am grateful to the Minister for her clear and convincing explanation of the need for this Bill, which I support. I have a possible interest as a beneficiary of the British Telecom pension scheme but, as it was a nationalised industry when I worked for it and our main preoccupation was the introduction of subscriber trunk dialling in the 1960s, I fear that much of my knowledge of the technical side of the telecommunications industry is 60 years out of date.

I mention in passing the report by the Delegated Powers and Regulatory Reform Committee, which says, on the power in Clause 3, that the committee is unconvinced by the department’s case and recommends a negative procedure for the code of practice. That seems to me to be a concession that the Government could consider. I noticed with approval the Minister’s conciliatory response when she spoke about the committee’s report.

There are three issues I want to raise briefly. The first concerns whether the Secretary of State’s directions and designations under the Bill are justiciable and whether issues of national security could end up being decided not by Ministers but by the courts. For example, could a potential supplier, such as Huawei, assert that there was no risk to national security in any ministerial designation, that decisions were being taken to protect domestic suppliers and that no reasonable Secretary of State could have reached such a conclusion and seek an injunction? In which case, despite the passage of the Bill, we would find that there was extensive and time-consuming litigation, during which time investment in telecoms infrastructure would be frozen and potential security issues would be ventilated in the courts. Can my noble friend say that every precaution has been taken to avoid such a scenario?

Related to this is whether the Secretary of State has to give reasons for his decisions. We are told in the Explanatory Notes:

“Designations and directions may only be made in the interests of national security.”


Paragraph 35 then sets out the factors that the Secretary of State will take into account, which presumably could give ammunition to a potential litigant. Subsection (5) of new Section 105Z1 of the Communications Act 2003 inserted by Clause 15 says:

“A designated vendor direction must specify … the reasons for the direction”.


However, the next subsection says that “specifying reasons” need not be given if it

“would be contrary to the interests of national security”,

while, in new subsection (2)(1) we are told that a direction can be given only

“in the interests of national security”.

So, we seem to be going round in circles. I wonder whether my noble friend can shed some light on this paradox.

My second question relates to responsibility for telecommunications security within the Government. The Explanatory Notes tell us:

“The security of telecoms infrastructure needs to be considered within an international context”


and we read how cyberwarfare is going to displace conventional warfare. The powers given to the Government in the Bill to protect the integrity of our communications network rest with DCMS but, at the moment, the Secretary of State is not on the National Security Council, which to me seems a surprising omission. The National Cyber Security Centre, whose work is central to the operation of the Bill, is part of GCHQ, which reports to the Foreign Secretary. The Cyber and Government Security Directorate sits within the Cabinet Office, leading on the co-ordination and delivery of the classified national security risk assessment, which assesses the most significant risks to the UK. When I answered Questions for the Cabinet Office in Your Lordships’ House, I had to answer Questions about Huawei—or, if I did not answer them, I at least replied to them. Finally, a significant proportion of telecommunications research is led and funded by the Department for Business, Energy and Industrial Strategy and its external bodies, such as UK Research and Innovation and Innovate UK, report to BEIS. Can my noble friend explain, perhaps in a letter, the inner wiring of responsibility for dealing with cyberwarfare between the FCDO, the Cabinet Office, the MoD, BEIS and DCMS?

My last point concerns the ambition to create one of the toughest security regimes in the world and set up the UK as a global leader in the telecoms supply chain, a point made by my noble friend Lady Morgan of Cotes. I very much welcome this. Other countries in the free world face the same challenges as the UK in protecting the integrity of their national networks and others are reducing their dependence on Huawei. So, there is a real opportunity here to win new markets, create fresh investment and employment in the UK on the back of this Bill and build back better. To what extent is the UK liaising with other countries to ensure that the standards—the codes of practice mentioned in the Bill—are recognised by other countries, so that the new supply chains that we plan to create in the UK enable us to penetrate new markets? Can my noble friend amplify what she told us in her letter of 2 June about the steps we are taking to set up the UK as a global leader in this field? What progress has been made in attracting new suppliers to the UK market? What is the follow-up to the telecoms diversification task force under my noble friend Lord Livingston? It reported in April with a wide range of recommendations: the co-ordination of government activity, a targeted international engagement strategy, joint working on standards and buy-in by other countries.

I conclude by quoting from that report—-:

“It is therefore essential that the UK coordinates its efforts with like-minded nations and focuses investment in areas that can succeed on an international, not national scale. … If the Government is to move the dial towards the UK’s long-term vision for the market, it will require buy-in and support from a critical mass of nations.”


I have not seen a government response to those thoughtful and wide-ranging recommendations. Perhaps, again in a letter, my noble friend could set out how we plan to build on the recommendations in that report.

With these comments, I wish my noble friend well as she pilots this Bill on to the statute book.

15:08
Lord Clement-Jones Portrait Lord Clement-Jones (LD) [V]
- Hansard - - - Excerpts

My Lords, I thank the Minister for her very fair introduction to the Bill. As a former member of Huawei’s international advisory board, I am somewhat conflicted in a discussion about the principles of the Bill, especially following the various twists and turns in government policy. I very much support the 5G supply chain diversification strategy, but the questions raised by my noble friend Lord Fox and the noble Lord, Lord Young, need to be answered. How it is progressing and where any financial support is going need to be the subjects of regular report by government, given that in the short term we are faced by a stark dual-supplier market.

As my noble friend Lord Fox has indicated, however, I want to focus on, and confine myself to, a debate about the wide-ranging new powers in the Bill for the Secretary of State and Ofcom and the lack of adequate checks and balances, especially in terms of oversight, whether parliamentary, judicial or, indeed, technical, which permeates the Bill. If there are going to be these extensive new powers, we need to make sure that they are exercised properly and with due process and consultation.

The Delegated Powers Committee report referred to by the noble Lord, Lord Young, is just the tip of the iceberg. It draws the attention of the House to the proposed new Section 105E of the Communications Act 2003, which gives the Secretary of State power to issue, revise or withdraw codes of practice about security measures that should be taken by providers in the performance of their duties to prevent security compromises. There is a duty to consult with Ofcom and providers but no oversight or approval role for Parliament.

I am glad to say that the committee, in the light of the importance of the code in assessing compliance and in enforcement by Ofcom, was unconvinced by the department’s claim that this was too detailed and technical, and “not legislative”. As the committee says,

“The Bill provides for codes of practice to play a significant role–both in relation to the exercise of OFCOM’s regulatory functions and in legal proceedings - in supplementing the important duties to take security measures that the Bill imposes on providers.”


It concludes:

“In our view, it is unacceptable for codes of practice that will have the significant statutory effects provided for in this Bill to be subject to no Parliamentary scrutiny procedure.”


I differ from the committee simply in that, in my view, the procedure to be adopted must, at minimum, be the affirmative procedure. As Comms Council UK has pointed out, Section 105E is not the only proposed new section which gives the Secretary of State extensive powers; there are others. Proposed new Section 105Z1, for example, gives power for the Secretary of State to outlaw the use of individual vendors, where there is potentially no parliamentary oversight, if the Secretary of State considers it would be contrary to national security—as has been referred to by other noble Lords. Surely that is exactly where oversight by the Intelligence and Security Committee, as the noble Lord, Lord West, has so cogently said, or by the Investigatory Powers Commissioner, as the Constitution Committee has suggested, would be not only appropriate but essential. The whole area of enforcement of compliance and, under proposed new Section 105Z27, as regards power to require information and the requirement not to disclose, needs similar oversight.

Nor is there any dedicated role for judicial oversight. Unlike similar legislation, such as that under Part 8 of the Investigatory Powers Act 2016, there are no provisions for judicial oversight of the Secretary of State’s powers. This is compounded by the fact that, under Clause 13, in any appeal to the Competition Appeal Tribunal, the tribunal cannot take account of the merits of a case against the Secretary of State, the rationale for which, as the Constitution Committee says,

“is unclear and is not justified in the Explanatory Notes.”

Can the Minister make a better fist of the explanation today?

With regard to Ofcom’s new powers to ensure compliance with security duties, as set out in the proposed new Section 105M, how will these relate to Ofcom’s existing powers under Sections 3 and 6 of the Communications Act 2003? Will this duty and the new powers Ofcom is being given still be subject to good regulatory practice so that, for example, it still must have regard to the principles of transparency, accountability, proportionality and consistency, and not impose unnecessary burdens? How will this fit in with the statement to be made by Ofcom under proposed new Section 105Y? What assurance can the Minister give? Will we see a draft during the passage of the Bill?

Similar considerations apply to the new Ofcom powers to assess compliance under Clause 6 and in regard to inspection notices under Clause 19. As the council has also pointed out, there are no clear mechanisms for technical feedback or expertise to be fed in. It observes that many of the technical requirements that will be placed on its members are not in the text of the Bill but in accompanying documents which are either yet to be published or are receiving very little scrutiny.

Already it is clear that, in the draft Electronic Communications (Security Measures) Regulations, which are to be made by virtue of the proposed new Sections 105B and 105D, giving the Secretary of State power to make regulations to require telecoms companies to take “specified security measures” and “in response to security compromises”, there are real issues with regard to provisions about patches and supply chains and definitions regarding audit and monitoring of foreign network operations centres, and it is not clear that expert technical industry comments are being taken on board. What further consultations are planned? Is this not exactly where a technical advisory board and/or panel, as under the 2016 Act, is needed? Will they even be subject to the affirmative procedure in Parliament?

This lack of clarity and transparency is causing a great deal of uncertainty within the industry. Measures are being proposed that are either technically unworkable or potentially damaging to the strength and health of the UK telecoms industry. Particular concerns arise for providers whose networks are not based purely in the UK and who do not have the relationships with the department, Ofcom and the NCSC that domestic providers may have if there is no structured consultation, oversight and update process when codes are being drawn up. BT itself says:

“we believe greater clarity is needed on OFCOM’s planned approach, with safeguards introduced in the Bill to ensure operator burdens are proportionate.”

It also makes the point that the flexibility in the Bill should not be used to bring forward any deadlines for removal of equipment. What assurance can the Minister give on this?

As well as concerns about the new powers, there is also concern reflected by the Constitution Committee about the width of crucial definitions such as “security compromise” and “connected security compromise” contained in the Bill, and the consequences that flow, particularly as regards planned outages and the need to make a clear distinction between reporting on security compromises and on resilience.

I think that I have gone into enough detail at this Second Reading to amply demonstrate that we have quite an amendment job ahead of us in Committee and on Report.

15:17
Lord Alton of Liverpool Portrait Lord Alton of Liverpool (CB)
- Hansard - - - Excerpts

My Lords, I thank the noble Baroness, Lady Barran, for making time to see me and the noble Lord, Lord Forsyth, last week. The noble Lord is chairing his Select Committee this afternoon but intends to speak at later stages. By way of follow-up, the Minister will have seen the letter to her from the right honourable Sir Iain Duncan Smith MP, sent yesterday. Like them, I want to speak about human rights, which was referred to by the noble Lord, Lord Fox, and the strengthening of national resilience and diversification, referred to by the noble Baroness, Lady Morgan of Cotes.

On its front cover, the Bill begins with a declaration from the Minister referencing the Human Rights Act 1998 and stating that the Bill is compatible with the European Convention on Human Rights. The European Convention for the Protection of Human Rights and Fundamental Freedoms—to give it its full title—was originally proposed by Winston Churchill and drafted mainly by British lawyers, and it is based on the Universal Declaration of Human Rights. Among other things, the convention insists on the right to life, freedom from torture, freedom from slavery, the right to liberty, the right to a fair trial, the right to respect for family and private life, freedom of thought, conscience and religion, freedom of expression, freedom of assembly, the right to marry and start a family, the right to participate in free elections, and the abolition of the death penalty. In considering a Bill which has been framed to explicitly rule out, in 5G provision, the future involvement of a company with close links to the Chinese Communist Party but which enables other links with other companies, it needs to be restated that every single one of these articles are broken each and every day by the Chinese Communist Party, and that they affect citizens outside its territory as well.

Although the Government may say that the ECHR is not the instrument with which to test their commitment to human rights, the compatibility statement should be read in line with other international law obligations, not least the prohibition on violating peremptory norms of international law, genocide, crimes against humanity, slavery and torture. The UK is, of course, a signatory to the 1948 Convention on the Prevention and Punishment of the Crime of Genocide and is bound by its own law on modern slavery. All provisions of customary international law and conventional law are binding on the UK Government, so we need to know what due diligence has been undertaken when considering their duty to prohibit and prevent genocide, along with the commissioning of other grave crimes.

The inadequacy of the compatibility statements led to an amendment to create a human rights threshold being tabled to the Telecommunications Infrastructure Bill. Later, in the Trade Bill, the House voted overwhelmingly for the all-party genocide amendment. Perhaps the Minister can say what has happened to the promised committee to examine genocide determination. In this context, the Joint Committee on Human Rights should re-examine the purpose of those declarations.

One year ago, the Minister pointed me to Section 54 of the Modern Slavery Act, and she will recall promises to examine supply chain transparency and export controls. As I was assured:

“The Home Office keeps compliance under active review.”


Supply-chain transparency has been referred to in our debate by the noble Lord, Lord Young of Cookham, and the noble Baroness, Lady Morgan of Cotes. In the absence of any progress on that promise to tackle the issue of supply-chain transparency, on 15 June I presented a Private Member’s Bill in your Lordships’ House to amend the Modern Slavery Act. To honour the Government’s undertaking, perhaps the Minister will consider adopting that Bill and providing it with parliamentary time.

Although this legislation is not specifically about China or Huawei, those were the country and company that have featured heavily in our debates. I welcome the explicit references to Huawei in the illustrative draft designation notices and designated-vendor direction to which the noble Baroness, Lady Barran, referred in her introductory remarks.

The situation in Xinjiang has not improved. The Government continue to say there are

“systematic human rights violations in Xinjiang, including credible and growing reports of forced labour”,

and the Foreign Secretary says this is “on an industrial scale.”

In 2019 and 2020, I specifically asked about Huawei’s compliance with the Modern Slavery Act and drew attention to China’s national intelligence law requiring Chinese organisations such as Huawei to support, assist and co-operate with state intelligence work. I also asked about reports that UK investors hold shares totalling £800 million in companies that supply CCTV and facial-recognition technology used to track Uighur Muslims in Xinjiang. The Government admitted that they were aware of those reports but complacently said they had

“not undertaken analysis of British investor shareholdings in Chinese surveillance companies.”

Meanwhile, however, Foreign Office Ministers were telling me the department had

“serious concerns about the human rights situation in Xinjiang, including extensive and invasive surveillance targeting Uyghurs and other ethnic minorities. An extensive body of open source evidence suggests such surveillance, including the use of facial recognition technology, plays a central role in the restrictive measures imposed in the region.”

The House should recall that the House of Commons Foreign Affairs Select Committee wrote to the Foreign Secretary, Dominic Raab, urging him to

“cease consideration of Huawei as a contractor or partner for the UK’s 5G infrastructure until investigations have been conducted into Huawei’s work in Xinjiang and its relationship to the mass persecution”.

Has that investigation taken place, and what were the conclusions?

Professor Adrian Zenz, a German scholar who recently gave evidence to the independent Uyghur Tribunal, says:

“Huawei is directly implicated in Beijing police state and related human rights violations in Xinjiang … it has lied to the public about this … In 2014, Huawei received an award from Xinjiang’s Ministry of Public Security for its role in establishing citywide surveillance systems.”


Professor Zenz says that Xinjiang represents

“the largest detention of an ethno-religious minority since World War II.”

The Australian Strategic Policy Institute meticulously details the global expansion of 23 key Chinese technology companies. One of its researchers, Vicky Xu, says the idea that Huawei is not working directly with the local governments in Xinjiang is “just straight-up nonsense”.

Since the Second Reading of this Bill in the Commons last November, there have been a number of developments that make it even more important to address the implications of being joined at the hip with any company operating under the auspices of the CCP. How do we justify deepening trade relations, as the noble Lord, Lord Grimstone, has told us he is seeking to do, with a country found by the House of Commons, in a vote on 22 April, to be complicit in events in Xinjiang where a genocide is under way? That was a vote in the House of Commons. It is not just my view or that of a group of human rights advocates; it is a view reached by the Commons. What action have we taken following that vote?

Last month, following that vote, Amnesty International issued a devastating report detailing arbitrary detention, forced indoctrination, torture, mass surveillance and crimes against humanity while the Daily Telegraph recently carried major first-hand reports from Xinjiang, including the destruction of 16,000 mosques. Harrowing evidence has been given to the independent Uyghur Tribunal, chaired by Sir Geoffrey Nice QC, some of whose sessions I was able to attend with the noble Baroness, Lady Kennedy of The Shaws, and whose brave witnesses and their families are now experiencing threats and intimidation.

If we add to the charge sheet reports of forced organ harvesting and the destruction of the rule of law, free speech and democracy in Hong Kong, along with the outrageous incarceration of legislators, lawyers, journalists, and campaigners, it is obvious that as well as security questions the House should give close attention to the human rights dimensions of this Bill. Although Huawei equipment in respect of 5G must be removed by 2027, and since the beginning of the year there have been prohibitions on purchasing any Huawei equipment, I hope we will probe how the installation prohibition will work from September and whether companies have been purchasing stockpiles with the intention of installing such equipment until 2027. How will the Government monitor this? Will some parts of the network—the most sensitive parts—be prioritised?

Earlier this month the Sunday Telegraph revealed that UK local authorities will review contracts for CCTV equipment from Hikvision, a Chinese tech firm that makes cameras used to monitor Uighur Muslims in China’s detention camps. The company is blacklisted in the United States but not here. This weekend the Washington Post reported on how Hikvision had recruited former legislators to extend its power and influence despite President Biden banning Americans from investing in the company, citing its links to the Chinese military. The UK is not immune to the influence of organisations such as The 48 Group Club, with a network of links to former and current politicians—including one who now publicly urges us to tone down our criticism of the treatment of Uighurs.

Beyond such influence, the role of hidden cameras was dramatically illustrated last week, as others have said, from the office of the former Secretary of State for Health. Yesterday the Lord Speaker wrote to us all saying that there are several hundred CCTV cameras in Parliament. I hope that in Committee we will consider the implications for civil liberties of placing such power in the hands of companies that install or own these cameras.

We should also consider the implications for security of giving such power to a regime intent on the overthrow of parliamentary democracy and which makes no secret of its goal of global hegemony. The hidden hands on the levers of power was a theme explored by the admirable Dr Julian Lewis MP, chair of the Intelligence and Security Committee, at Second Reading in the Commons. He asked

“in view of the revolving door, via which too many businessmen and ex-civil servants effortlessly glide between their former roles and the Huawei boardroom, what assurance can we have that the Government will be immune from lobbying campaigns by those on the payroll of high-risk vendors?”—[Official Report, Commons, 30/11/20; col. 84.]

That question was not answered in the Commons, and I would like to hear the Minister’s opinion on it. I have another question that I shall ask her directly: why have not we, like the United States, banned Hikvision? The company has been accused of helping to build the CCP’s surveillance state and profiting from human rights abuses. Does the Minister agree with that description or not? What will the Bill do to take back control of CCTV equipment in our high streets, public buildings and even government offices?

I shall speak briefly about the implications of this Bill for diversification and national resilience. During the Commons stages, Oliver Dowden, the Secretary of State, said the Bill recognises that there are real threats to the UK’s security and interests, a point that my noble and gallant friend Lord Stirrup explored in his excellent speech. I welcome what Oliver Dowden and my noble and gallant friend have said about security and diversification. In addition to the diversification of telecoms to companies such as Ericsson and Samsung, is that not a principle that should be applied across government?

I will give two brief examples. In May, I asked how many Covid lateral flow tests we had bought from China. The answer was a staggering 1 billion—not 1 million but 1 billion. The Government declined to say how much they had cost taxpayers or to reveal the names of the companies involved, saying “It’s commercially sensitive”. I tabled a further Question asking why we could not be told how much 1 billion lateral flow tests had cost us and which companies had carried out that trade. Are we seriously saying that we could not have used taxpayers’ money to make those tests in the UK and to give British workers jobs doing it?

My second example raises equally troubling issues. I was recently contacted by a librarian in Wigan, a lady of 34 years’ standing, who has been suspended after using social media to criticise her council’s decision to award redevelopment contracts to Chinese companies. She was fearful that they might have links to Xinjiang.

The Communities Secretary, Robert Jenrick, should require all local authorities to provide details of such deals, and demand to see whether subsidised lowest bids for council developments have undercut unsubsidised UK companies, just as has happened in the telecommunications sector.

The persistent breaking of WTO rules on subsidies and competitions has enabled CCP dominance in telecoms, and now it is happening in other sectors as well. The Minister should tell us when we are going to raise this at the WTO and across Whitehall. Does he personally believe that it is ever licit or right to deepen trade with a country credibly accused of the crime-above-all-crimes: genocide. Diversification, national resilience and the upholding of our values, especially on fundamental human rights, are all reflected in the way we trade. Genocide is a line we should never cross. I support the Second Reading of this Bill today. I hope to return to these and other issues when we get to Committee and later stages.

15:32
Baroness Stroud Portrait Baroness Stroud (Con)
- Hansard - - - Excerpts

My Lords, it is a privilege to speak after my noble friend Lord Alton, following his extraordinary commitment to the Uighur community and to issues of human rights. I too will speak in support of this hugely important and timely Bill.

The UK stands at a reset moment in an increasingly changing world. We have delivered on Brexit, confronted a global pandemic and have an ambitious levelling-up agenda. It is in this context that we are looking now to empower those who have been left behind, revolutionise our critical information infrastructure with the rollout of 5G and see us become a more prosperous and innovative nation. Yet, as we get ready to build back better, it is also time for a rethink of our geopolitical, strategic and technological approaches to make a more honest assessment of the world we find ourselves in, ensuring that we harness the opportunity to become stronger, safer and more prosperous than before.

I support this Bill, as it is the first of many steps that will be needed in adapting to our changing geopolitical landscape. The provisions in the Bill are necessary, as we need to act quickly to ensure our security apparatus is configured for today’s challenges. According to MI5, the UK has at least 20 foreign intelligence services actively operating against the UK’s interests. The Government’s own telecoms supply chain review, published by DCMS in 2019, found that the telecoms market was not working in a way that incentivised good cybersecurity. In its October 2020 report, the Defence Committee concluded that the current 5G regulatory situation for network security was “outdated and unsatisfactory”.

We have a world-class security and intelligence community but, as we enter this new era, we must accept that enabling it to adapt to emerging threats will be the defining feature of its success. This Bill needs to mark a national security turning point, where key infrastructure decisions are based on fact-based risk assessments, and not on commercial or political convenience.

This Bill also recognises the threat posed by high-risk vendors such as Huawei. We have known that Huawei is a security risk since 2013. A report from the Intelligence and Security Committee concluded back then that Huawei posed a risk to national security and that private providers were responsible for ensuring the security of the UK telecoms network.

According to Ofcom, Huawei accounted for about 44% of the equipment to provide superfast full-fibre connections directly to homes, offices and other buildings in the UK. Although it is not in the text of the Bill, the Government have now accepted, as we have already heard, that 2027 needs to be the end point for Huawei as a provider. This is an important moment in taking back our information technology sovereignty.

The reason behind this is clear. We have entered into a new era of geopolitics, with the battle for control of information technology at the forefront. The recent integrated review acknowledged that China’s growing international stature was by far the most significant geopolitical factor in the world today, with major implications for British values and interests and for the structure and shape of the international order. It recognised China as the biggest state-based threat to the UK’s economic security. Yet that same review remains ambivalent as to the action we should take. We need to rethink our relationship with China into a more robust foreign policy strategy that prioritises both our security and our sovereignty.

While I support this Bill, there is more that needs to be done. There needs to be a more formal structure embedded in the Bill with regard to the powers given to Ofcom and the Secretary of State, as other noble Lords have said. Could the Minister outline what powers the Government intend that Ofcom and the Secretary of State should have, and how they will work with the ISC and the security sector to ensure accountability and to ensure national security is not compromised through lobbying?

Even beyond the Bill, we also need to invest in diversifying competition. As part of this Government’s ambitious levelling-up agenda, they have promised the nationwide rollout of 5G across Britain. But we have become hamstrung by our dependence on Huawei for this critical infrastructure. It did not need to be this way. This situation has been constantly described as a “market failure”, but it was not really a market failure. The failure was in the reality of one country breaking WTO rules on subsidies. The key problem has been that China has subsidised its providers dramatically, destroying the market over the past 10 years.

The diversification of our telecoms network, working in close partnership with our Five Eyes allies, needs to be a priority for this Government and an integral part of Ofcom’s reporting. When we genuinely open up the market to competitors, we create the environment for the innovation and dynamism that will be required as we move into the next quarter of the 21st century.

Huawei, however, needs to be stripped out quicker. While it is encouraging to see that the Government have set the 2027 target as the date by which Huawei should no longer be a provider, we cannot afford to wait until 2027 to remove Huawei from our existing networks. The process of removing Huawei’s influence from the UK is an extensive task, but an absolutely necessary one.

The Government should take the opportunity to consider other high-risk vendors such as TikTok and other companies operating here. This problem goes beyond Huawei. We face the existential question of how we coexist in a world with a technological superpower that does not share the same values of privacy of personal information, freedom of speech and democracy.

Chinese national intelligence laws dictate that private companies must share their data, when asked, with the CCP. The White House has sanctioned 11 Chinese companies, including suppliers to Apple, Google, HP and Microsoft. The list features companies that work with major fashion brands, along with technology giants such as Amazon, according to a report by the Australian Strategic Policy Institute. I would like to ask the Minister what assessment the Government have made of other high-risk vendors that could compromise UK citizens’ safety and security due to reporting requirements that exist in China.

Although this Bill encompasses all security threats and high-risk vendors, it is impossible not to address the need for a reshaping of our relationship with China. That country has overtaken Germany to become the UK’s biggest single import market for the first time since records began. The worth of goods imported from China rose 66% from the start of 2018 to £16.9 billion in the first quarter of this year. As we witness events in Hong Kong, which absolutely break my heart, because I used to live there, and we learn more about the ongoing genocide against the Uighur people, observe the breaking of WTO protocols in ongoing trade wars with our closest allies and uncover espionage across our universities, tech and innovation sectors, it is perplexing to me that we continue to sit on the fence.

The much-vaunted belt and road initiative has united authoritarian leaders across Eurasia in providing a forum to plan strategically, without being held back by discussions of human rights, freedom of speech or rule of law. It is in that policy programme that China’s tech giants, such as Huawei, export their communications infrastructure. I would encourage us to take the lead in the build back better world initiative, as discussed in the G7, to create stronger diplomatic alliances across Africa and the developing world but also to facilitate a viable alternative to the belt and road initiative, which threatens our geopolitical and economic security. The UK also needs to strengthen its ties with its Five Eyes allies and south Asian neighbours in the region such as Japan, India and South Korea, as well as approaching this issue with our European friends.

Safety and security is the first building block for the prosperity of a nation. Without secure defence measures at the heart of our critical infrastructure and online, our country runs the risk of opening itself up to foreign intelligence working against our nation’s interests. This Bill is an important step to creating that foundation, and I encourage the Government to use its passage to ensure that the foundation is as strong as possible.

15:42
Lord Vaux of Harrowden Portrait Lord Vaux of Harrowden (CB)
- Hansard - - - Excerpts

My Lords, it is a pleasure to follow the noble Baroness, Lady Stroud. I find myself in agreement with everything that she said.

Anything that improves the security of our tele- communications systems must be welcome, so I support this Bill, but I think it misses a golden opportunity. Telecommunications security covers a wide range of risks: from the resilience of the system to risks such as weather or power outages, through resilience to malicious attacks from hostile states or criminals, to the misuse of systems to access, alter or destroy data. From a consumer point of view, all those are really important, but the one security risk that impacts on people’s daily lives the most is the misuse of telecommunications networks and services by criminals and, apparently, by certain states, to facilitate fraud.

I explained during Second Reading of the Online Safety Bill that fraud is so widespread because it is easy, and it is easy because there is no incentive for a whole range of service providers to take the necessary steps to stop it. Those service providers include the search engines and social media companies, web-hosting companies, banks and more, but the list also includes telecommunications companies, which in effect facilitate fraud through three key weaknesses.

First, the most serious weakness is when a criminal is able to convince the service provider to transfer someone’s phone number so that they can control it. This is known as sim-swap fraud, which gives the criminal complete access to the victim’s emails, bank accounts, one-time passwords, contacts and so on. Indeed, with the ever-growing list of things that we can access and control from our phones, it could also give access to our front-door locks, our burglar alarms, our cars, which can now be unlocked and started by phone, and more. In fact, imagine the possibilities for criminals once we have genuinely self-driving cars all connected by 5G.

The second security weakness that telecommunications companies are allowing is the falsifying of caller IDs, when a criminal is able to appear to be calling or texting from a legitimate number, such as a bank or HMRC. As a result, the victim, believing the call to be genuine, is persuaded to provide bank details or transfer money.

The third security issue is allowing criminals to send out bulk malicious texts and calls using the networks, often in conjunction with false caller IDs. We are all bombarded with these all the time. I received one that I had not heard before just this morning; apparently, my national insurance number is being used for criminal purposes, and I must call the number or I shall have my assets seized and be arrested—so there we go. The calls can lead to fraud being perpetrated, and texts can include links that result in malware being loaded on to the victim’s phone, which allows access to emails and bank accounts. As well as fraud, they cause very real anxiety, yet we seem to have to accept them as an irritant of modern life. I probably receive more fraud calls than genuine ones, which might be a reflection on my social life. I have not been able to find any reliable statistics, but it seems that at least a material proportion of all calls and texts made over the networks are fraudulent.

This Bill seems to be a perfect opportunity to try to make life harder for the criminals who are exploiting mobile phone networks and services to perpetrate fraud. The best way in which to do this is to provide a real incentive for the telecommunications providers to prevent it; they should be liable for the penalties—although I hesitate to use that word, given what is happening in an hour or so—and for the losses incurred as a result of allowing the service to be misused, unless they have taken reasonable action to prevent it. At the moment, it is arguably in the telecommunications companies’ interests to allow the activities to continue, as they are being paid by the criminals for all the calls and texts.

Reading the Bill, I find myself unsure as to whether it covers these types of risks or not. I understand from a letter that I received from the Minister earlier today that it is not intended to, although I think that it could with not much change. Her letter, for which I am grateful, only refers to the issue of fraudulent calls and texts; it does not cover the other risks that I have mentioned. Clause 1 introduces a duty on communications networks and service providers to take measures to identify and reduce the risks of security compromises occurring. It then goes on to define what a security compromise is, with a pretty wide range of definitions. Among them, new subsection (2)(f) refers to

“anything that occurs in connection with the network or service and causes any data stored by electronic means to be … lost … unintentionally altered; or … altered otherwise than by or with the permission of the person holding the data”.

As far as I can see, nothing in the Bill limits security compromise to those that come from hostile states, and that is a good thing, since security compromise could well come from criminals. The risks that I have described do occur in connection with the network or the service, and they may cause electronically stored data to be lost or altered. So on my first reading, it appears that the risks that I have described may be covered or could easily be covered in the Bill if a suitable code of practice was issued.

In passing, on that subject, I share the concerns raised by the Delegated Powers and Regulatory Reform Committee that the codes of practice will not be subject to meaningful parliamentary scrutiny.

If the security risks that I have described are not intended to be covered by the Bill, we are missing a golden opportunity to make it harder for criminals to use our communications networks and services to perpetrate fraud on consumers. The Government are planning to produce a fraud action plan, but not until after the spending review. In the meantime, people will continue to lose their money, with all the mental and personal impacts that brings. It may not currently be intended to do this, but this Bill with very little change could be used to cut off one of the major facilitators of fraud with very little delay. Would the Minister be willing to consider how the Bill could be amended to meet that goal, and would she be willing to meet to discuss what actions we can take to safeguard users of the services from criminal misuse of telecommunications networks or services?

15:48
Lord Vaizey of Didcot Portrait Lord Vaizey of Didcot (Con) [V]
- Hansard - - - Excerpts

My Lords, I am grateful to have the opportunity to take part in this important debate. This Bill is, broadly speaking, uncontroversial. No one would seek to oppose legislation that makes our telecommunications networks in the UK more secure. Certainly, if one looks at the debates in the other place, amendments were very few and far between, and they were tweaking amendments rather than fundamental.

It is a great pleasure to follow the noble Lord, Lord Vaux, and I have a great deal of sympathy with what he said about combating online scams; whether the Bill can be used as a method to test the Government’s resolve in combating this issue remains to be seen. I certainly recall when I was the telecoms Minister working closely with Ofcom and the Information Commissioner’s Office to try to combat nuisance calls. There are a variety of factors in play in trying to combat this kind of plague. One is the willingness of the regulators to roll up their sleeves and get their hands dirty in carrying out prosecutions, and another is certainly technology solutions, which can and should be encouraged by all the operators.

The third—the noble Lord referred to the Government’s review of action on fraud—is a much wider landscape approach from the Government on how to combat this. For example—and this is no criticism of the police—it seems to me that we still have a Victorian police structure in the 21st century. We should be thinking about leaning in and recruiting cyber specialists far more effectively to work in the police force to combat these kinds of crimes, not simply bringing people to justice but combating this kind of work on the network.

I will begin with one of the elements that lies behind this Bill: the concern over Huawei and its presence in our telecoms network. Many noble Lords have set out strong views on Huawei and the Chinese industry in general during this debate. I was particularly struck by the excellent speech of my noble friend Lady Stroud. When I was a Minister, I worked closely with Huawei, in the sense that we had in place a protocol with the security services to check the kind of equipment Huawei was installing in the networks. It was a transparent process; nobody was pretending that Huawei was not involved in selling equipment to our telecoms providers, nor that it was not being installed in the UK telecoms networks. That equipment was reviewed in a very transparent way and Huawei was forced to put in place a UK board made up of UK citizens to supervise its work.

While I wholly condemn Chinese behaviour as far as the Uighurs and Hong Kong are concerned, one should be cautious in assuming that every piece of Chinese commercial activity is somehow linked to espionage. I certainly do not think that, when one of my children uses TikTok, they are somehow being caught by the Chinese state. There is some irony that we often debate these issues while looking at our iPhones, which of course are manufactured in China, or perhaps using a Dell laptop supplied by the Parliamentary Estate, which has been made in China as well. One must be open-eyed and transparent about this, but not assume that everything coming from China will undermine our national security. Nevertheless, I wholly agree with my noble friend that one of the problems with Huawei was that it was effectively an unfair competition. Our markets are much more open to foreign investment than the Chinese market, and Huawei was certainly heavily subsidised by the Chinese state, so a pushback in that sense is very welcome.

The key to this Bill is ensuring that we have secure telecoms infrastructure, and I echo the remarks of noble Lords about the general resilience of our infra- structure. It is not only state actors who can provide malign effects on it; we have only to look at the recent SolarWinds attack on a critical piece of US infrastructure to see how easy it is for criminal groups, sometimes tacitly supported by the states in which they reside, to attack our networks. To make those as robust and secure as possible must be an absolute priority for the Government as we move more and more into the digital age.

It is quite right that this Bill comes forward to put security duties on our telecoms companies for the first time. I note that the detail of those security duties will be contained in regulations and hope that the Minister will bring us up to date on how those regulations are progressing. I also note that Ofcom will take a key role in overseeing how those duties are fulfilled, working closely with the National Cyber Security Centre. I am delighted to see that Ofcom’s budget has been increased to take account of those new duties.

Given the recent political furore over Ofcom, this is a useful reminder that it is not a political regulator; it is a boring but essential regulator that carries out vital work to keep our network secure and our communication markets competitive. I hope the Government take that point on board and give Ofcom as much freedom as possible to carry on doing the excellent work it has done for some 20 years. Ofcom is working more and more with other regulators such as the Information Commissioner’s Office and the Competition and Markets Authority. This is partly out of necessity, because to hire the talent that these regulators need, they will sometimes now have to hire employees who work across all three regulators. It is an illustration of how regulation is becoming more and more intertwined.

With that in mind, I hope that the Minister will bring us up to date on how Ofcom is working with other regulators to keep all our essential infrastructure secure—and with regulators across the world, because this affects us all, particularly western democracies. I also hope the important work carried out by the noble Lord, Lord Livingston, on supply chain diversification will be leaned into. I particularly support his call for government-sponsored research into how open RAN networks can play a vital role.

Finally, can the Minister bring us up to date on how well new vendors are doing in coming into the market? With Huawei effectively expelled from our market over the next five years, I hope we will see many more European vendors able to take up the slack and provide the equipment that our infrastructure providers need.

15:56
Earl of Erroll Portrait The Earl of Erroll (CB)
- Hansard - - - Excerpts

My Lords, this Bill is generally welcomed and very well intentioned, but it really lacks any effective parliamentary or judicial oversight, as has been quite forcefully pointed out. I agree with everything the noble Lord, Lord West, said on this issue. We should use the ISC for this. As regards the excuse that designating a vendor or something might leak too early, it will leak anyway—something as big as that will be all over the place in five minutes.

This is not without cost and pain, and we are already seeing it. The Government have already revised their target for rolling out full fibre from 100% coverage to only 85% by 2025. The disruption caused by a rule to, say, extract Huawei or anything from the network has far-reaching consequences. After all, way back at the end of the 1990s, I think, we gave the contract for redoing the BT 21st Century Network to Huawei and not Marconi. We bankrupted a British company and gave it to China. That decision was taken a long time ago, so it is embedded in all our ordinary telecoms at the moment—not 5G, but the ordinary stuff that our telecoms are running over. We must be careful about this revising down of our targets, because it will affect our global competitiveness. We must be careful not to cut off our nose to spite our face. It is very easy to take a high moral stand, but at the end of the day we also have to survive on the global stage.

What this Bill does may be very effective for blocking foreign access, in trying to ring-fence the UK, but we could also create a single point of failure if we are not careful. There are not many suppliers of equipment of the type that will run the backbone of the internet. We are basically talking about Cisco and Huawei; Samsung also has a whole load of stuff out there; there are a whole lot of others—such as Nokia, Juniper and Hewlett Packard Enterprise—but nothing is quite as big as Cisco and Huawei. One of our problems is knowing whether Cisco is okay; some of its components, such as motherboards and other things, are manufactured in China. With the global supply chain, it is not as simple as it seems.

The second thing that worries me is this assumption that, just because we do not have Chinese equipment in the UK network, we are safe. First, China is not necessarily the only one interested in what we get up to; when you get into trade wars, many people who may appear to be our allies are maybe not on our side entirely when we are negotiating international contracts, so we should be careful of that. The other thing is that, if we create a monolith with one supplier—it does not matter who it does not include—it is vulnerable. The way the internet works at the moment is that, if you have multiple suppliers sitting in Britain, it does not matter whether they are hostile or not. Routing over the internet is inherently vulnerable because of the way it is constructed. However, it splits your message up into lots of packets that go over different routes. If they are going through lots of different people’s equipment, it is impossible for any of them to get the whole message; if it is all with one supplier, there might be technical ways they could do it. Funnily enough, one of the better security solutions is to mix them all together and keep it that way.

Next, there is a lot about trying to have the right rules and regulations and all that, but ensuring best practice cannot guarantee network security. Our current communications network has grown like Topsy; it is a mixture and mishmash of digital infrastructures all sitting on top of a whole lot of analogue stuff. It is very complex, with lots of ill-defined interfaces sitting in there. If you are going to start ripping some of it out and say that we have to do it by a deadline, you need to know what is there before you do it. This means we will have to maintain very accurate and secure databases—otherwise that is a vulnerability—probably down to component level, but certainly batch level, of what is in there, so that if you suddenly discover a vulnerability somewhere, you can get the other stuff out as well. We must do this categorisation of our assets in the network. That in itself is a security risk because it is very interesting to a foreign supplier, so that part of it is very difficult.

As for Ofcom—I am interested in this—we need some further clarity on how it will interpret the legislation, impose penalties and all the bits and pieces like that. The manner in which it develops its role as regulator will be vital for it to be a success, and how it decides what the significant risks are will be very important. On my noble friend Lord Vaux’s point, I have been told by someone that Ofcom’s reach could be extended because the legislation is very generally written to cover services—for instance, they were talking about banking fraud—and public electronic systems. In fact, it could drag in non-telcos, because they are services. It is not just about the hardware and equipment behind it, though it all started off with Huawei. There is a lack of clarity.

Someone had a very good idea, which has been adopted for some fintech stuff, that we could maybe have sandpits, where new entrants to the market could develop new stuff—new equipment, et cetera—and try out their ideas in a realistic environment to make sure that they are okay and will work before they put them into the network, if it is a secure network. I think that is a very good idea. Another very good idea put to me is that we should have the assistance of an independent commissioner and a technical panel overseen by Parliament and the judiciary. It is needed here. This model is used by the ICO and would probably be very helpful, so I would like it considered.

16:02