Telecommunications (Security) Bill Debate
Full Debate: Read Full DebateBaroness Barran
Main Page: Baroness Barran (Conservative - Life peer)Department Debates - View all Baroness Barran's debates with the Department for Digital, Culture, Media & Sport
(3 years, 4 months ago)
Lords ChamberThat the Bill be now read a second time.
Relevant documents: 5th Report from the Constitution Committee and 4th Report from the Delegated Powers Committee
My Lords, this past year has put into sharp focus the importance of digital connectivity, which has been vital in keeping both people and industries going in these challenging times. In the other place, my right honourable friend the Secretary of State spoke about the potential for 5G and gigabit broadband to transform our lives. The Government are investing billions of pounds into these cutting-edge technologies. However, we can be confident in the technology only if we know that it is secure.
That is why we have introduced the Telecommunications (Security) Bill. The Bill will create one of the toughest telecoms security regimes in the world. It will protect our telecoms networks even as technologies grow and evolve, shielding our critical national infrastructure both now and for the future. I will briefly outline the context for the Bill and why it is necessary, before turning to the intent of its clauses and delegated powers.
The security and resilience of 5G and full-fibre networks is not just in the national security interests of the UK. It is also crucial to the UK’s economic interests and future prosperity. The House will recall that this Government published the UK Telecoms Supply Chain Review Report in July 2019. It found that telecoms providers lack incentives to apply security best practices and recommended a new framework for the UK’s public telecoms providers that will respond to new and emerging threats to the security of our networks. The review also recommended new national security powers for the Government to control the presence of high-risk vendors in UK networks. The Bill is our response to those recommendations.
I will now outline the intent of the Bill’s clauses, which can be broadly separated into two groups. Clauses 1 to 14 introduce a stronger telecoms security framework, placing new security duties on public telecoms providers. Clauses 15 to 23 introduce new national security powers to address the risks posed by high-risk vendors.
I turn first to Clauses 1 to 14. The Bill amends the Communications Act to create a tough new telecoms security framework, which consists of three layers. First, the Bill places strengthened overarching telecoms security duties on public telecoms providers in primary legislation. Secondly, specific security requirements will be set out in secondary legislation. Thirdly, guidance on the detailed technical measures that providers could take to comply with their legal obligations will be set out in a code of practice. The new legal duties in the Bill and the measures in the secondary legislation will apply to public telecoms providers operating within the UK.
To illustrate the specific measures that providers may be expected to adopt, we published an illustrative first draft of the security framework regulations on GOV.UK in January. We have been, and continue to be, in close contact with industry following the publication of the draft regulations. Comments received as part of this engagement are being considered in the drafting of the final version. We will launch a public consultation on the draft code of practice once the Bill achieves Royal Assent. This will ensure that views from all impacted groups are heard ahead of the new framework coming into force.
The Bill provides Ofcom with a new general duty to seek to ensure that telecoms providers comply with their new security duties and builds on Ofcom’s existing security duties. Ofcom will have new powers to assess providers’ compliance. In cases of non-compliance, Ofcom will be able to issue a notification of contravention and, ultimately, financial penalties of up to 10% of turnover. Recognising that Ofcom will have expanded duties, DCMS is working with it to ensure that it has the necessary capability and capacity to deliver those vital functions. We have already increased Ofcom’s security budget for this financial year by £4.6 million to reflect its enhanced security role, in addition to its existing funding. Ofcom will also continue to work closely with the National Cyber Security Centre in the delivery of its security functions. The two organisations have published a statement, available on Ofcom’s website, which sets out how they plan to work together.
Clauses 15 to 23 introduce new national security powers to manage the risks posed by high-risk vendors in our telecoms networks. The Bill includes new powers for the Secretary of State to designate specific vendors in the interests of national security and issue directions to public communications providers. Those directions will place controls on a provider’s use of goods, services and facilities supplied by a designated vendor. Once a designated vendor direction is issued, the Secretary of State can direct Ofcom to collect information from providers and report back so that the Secretary of State can determine whether a provider is complying with a direction. Government amendments were passed in Committee in the other place to bring the powers in Clauses 15 to 23 into force immediately upon Royal Assent.
The Government have announced that UK telecoms providers should cease to install Huawei equipment in 5G networks after September 2021 and remove all Huawei 5G equipment by the end of 2027. We published an illustrative direction and designation notice in November 2020 to demonstrate how the powers in the Bill could be used in relation to Huawei in line with these announcements. Once the Bill receives Royal Assent, any proposed designated vendor directions and notices will be subject to the relevant consultation requirements set out in the Bill.
I will now turn to the delegated powers in the Bill. It contains nine delegated legislative powers to make secondary legislation and two administrative powers. Six of the delegated legislative powers are to amend the maximum penalties specified in the Bill. These are Henry VIII powers and are subject to the draft affirmative resolution procedure. A further two are powers to create regulations setting out specific measures to be taken to comply with the new security duties and are subject to the negative resolution procedure. Finally, one power is to make regulations commencing certain provisions in the Bill and is not subject to any procedure. The two administrative powers are the power to issue codes of practice and the power to give designated vendor directions to providers.
Our approach to the delegated legislative powers is in keeping with precedent. The powers to amend maximum penalties in the Bill are consistent with those in the Communications Act 2003. I appreciate the need for Parliament to have the right mechanisms to scrutinise the powers that we are taking in the Bill. I am confident that the approach we have taken finds the appropriate balance. As the House would expect, we have submitted the delegated powers memorandum to the Delegated Powers and Regulatory Reform Committee. I thank it very much for its prompt report on the memorandum, which I read with interest. The Government will consider the committee’s recommendation concerning the power to issue codes of practice about security measures and aim to respond to the report fully in due course.
To conclude, the Bill has not been designed around one company, one country or one threat. Its strength is that it will create an enduring and effective telecoms security regime that will be flexible enough to keep pace with changing technology and changing threats. I hope that noble Lords on all sides of the House will welcome it. I beg to move.
My Lords, I thank all noble Lords who contributed to this rich debate for their contributions, for the warm welcome they offered the Bill, and for the way in which, in very different ways, they highlighted the importance of the issues which the Bill seeks to address.
Today’s debate has been wide-ranging. We have debated the principles and the practice of the Bill and we have touched on a number of issues that are beyond its scope. I shall start my closing remarks by focusing on those matters that speak directly to the Bill, as well as those that are closely adjacent to it, such as diversification, before moving on, if, as I hope, time permits, to other matters raised in the debate. Some of the issues raised sit beyond my department’s remit, but I will do my best to respond to them and will write to all noble Lords on any matters that time does not permit me to address today. I stress that I and my officials are very open to continuing these discussions in more detail ahead of Committee.
As my right honourable friend the Secretary of State said at Second Reading in the other place, the Bill raises the security bar across the board and protects us against a whole range of threats. Although there may be disagreement on some points in the Bill, I welcome the fact that it clearly has strong support in this House and, as we saw, the other place. We are all committed to putting the UK’s national security interests first.
Before I go into the detail of the Bill, the noble Baroness, Lady Merron, rightly asked how it fits with wider regulation of critical national infrastructure. This is indeed one of a number of measures that the Government are taking to protect the security and integrity of that infrastructure. So, while this Bill focuses on telecoms security, there is already a range of regulations governing the security of other critical sectors, each tailored to different risks. The Bill will complement those pre-existing regulations by ensuring the security and resilience of the public telecoms networks on which our critical sectors rely.
The recently enacted National Security and Investment Act, to which the noble Baroness referred, empowers the Government to scrutinise, impose conditions on or, as a last resort, block foreign investment wherever there is an unacceptable risk to Britain’s national security. Rather than addressing investment, the Bill would enable the Government to protect our networks from risks posed by vendors who supply, provide or make available goods, services or facilities to public telecommunications providers. Once it is passed, the Bill will work alongside the National Security and Investment Act to protect our networks from threats, both now and in the future. My noble friend Lord Young of Cookham also asked how different government departments were co-ordinating their policy responses in this area. I will take up his kind invitation to write to him, and will of course copy other noble Lords into my response.
A number of your Lordships, including the noble Lord, Lord Clement-Jones, my noble friends Lord Vaizey and Lady Stroud, the noble Lord, Lord Alton, and the noble Baroness, Lady Merron, all asked how we were managing the risk posed by Huawei in the interim, ahead of the Bill becoming law. The Government have always considered Huawei to pose a relatively high risk to the UK’s telecom networks compared with other vendors. There has been a risk mitigation strategy in place since Huawei first began to supply equipment to the UK’s public telecoms providers.
The Government have announced extensive advice to manage the security risk posed by Huawei, based on the analysis of our world-leading experts at the National Cyber Security Centre. The Secretary of State has announced advice that providers should remove all Huawei equipment from 5G networks by the end of 2027 and, in order to clearly set out the pathway to zero, he also announced advice that providers should stop procuring new 5G equipment from Huawei after 31 December 2020 and stop installing Huawei equipment in 5G networks after September 2021. Together, all this advice will protect our networks from the risks posed by Huawei. Once passed, and subject to the relevant consultation requirements, the Bill will enable the Government to give legal effect to all this advice.
My noble friend Lady Stroud asked about other high-risk vendors. The Bill responds to the threats and risks that we outlined in the telecoms supply chain review. It gives us the ability to manage any high-risk vendor, both now and in future. We have named Huawei and ZTE as high-risk vendors, but we will continue to keep the presence of high-risk vendors under review.
A number of your Lordships, including the noble Baroness, Lady Merron, my noble friends Lord Vaizey and Lord Young of Cookham, and the noble Lord, Lord Fox, talked about the role, resources and capacity of Ofcom. We are confident that Ofcom will have the capability and resources to undertake its expanded role, although we recognise the competitive market for recruitment in this area. As I mentioned in my opening remarks, the Bill places a new, general duty on Ofcom to ensure that providers comply with their new security duties. We are working closely with Ofcom to ensure that it has the required resources to meet its new responsibilities, and we will keep that under review.
I shall now cover the issues relating to scrutiny in the Bill. The first of these relates to the Secretary of State’s ability to issue designation notices and designated vendor directions. This issue was discussed at length in the other place throughout the passage of the Bill, and more recently was referred to by the Constitution Committee, and I will address the remarks of both that committee and the Intelligence and Security Committee.
The noble Lord, Lord Clement-Jones, raised the recommendation from the Constitution Committee to increase oversight of the Bill’s powers by making them fall within the remit of the Investigatory Powers Commissioner. I can reassure noble Lords that the Secretary of State will use the power to issue designation notices and designated vendor directions only when it is necessary to do so in the interests of national security and where the requirements to be imposed are proportionate. The Bill already contains effective mechanisms for oversight of the Secretary of State’s use of the powers to give a designated vendor direction or designation notice.
The Bill requires the Secretary of State to lay copies of designation notices and designated vendor directions before Parliament. This will provide Parliament with the opportunity to scrutinise the use of these powers. On very rare occasions, the Secretary of State may choose not to lay a designation notice or direction before Parliament, because to do so would be contrary to the interests of national security. Where this is the case, the DCMS Select Committee will be able to view such directions and notices.
The Investigatory Powers Commissioner has responsibility for reviewing the use by public authorities, such as intelligence agencies, police and local authorities, of the powers in the Investigatory Powers Act. However, the Investigatory Powers Act regime is not directly comparable with the new powers and framework set out by the Bill. Oversight of the Investigatory Powers Act regime by the Investigatory Powers Commissioner is considered appropriate because of the potential intrusion into the private lives of individuals as a result of the use of covert powers. The national security powers in this Bill are very different from those in the Investigatory Powers Act: they are focused on protecting public telecoms networks and services from the threats posed by high-risk vendors.
The noble Lord, Lord West, the noble Baronesses, Lady Merron and Lady Northover, the noble Earl, Lord Erroll, and others raised the issue of scrutiny by the Intelligence and Security Committee. I pay tribute to the noble Lord, Lord West, and all other members of the Intelligence and Security Committee for the important work they do. We recognise the importance of effective scrutiny of the use of the Bill’s powers, and I am happy to correct the impression that the noble Lord, Lord West, suggested—that the Government want to avoid scrutiny in the Bill. That is why, as I said, the Bill requires the Secretary of State to lay copies of designation notices and designated vendor directions before Parliament, unless doing so would be contrary to the interests of national security. I referred to circumstances where this might be possible in my remarks on the advice of the Constitution Committee.
As noble Lords are aware, the activities of DCMS are not within the remit of the Intelligence and Security Committee. That committee’s remit extends to the intelligence agencies and other government activities related to intelligence or security matters, as set out in its memorandum of understanding. But the advice of the intelligence agencies will not be the only factor that the Secretary of State will take into account when deciding what is proportionate to include in a designated vendor direction. As well as the advice of the National Cyber Security Centre, the Secretary of State will consider, among others, the economic impact, cost to industry and impact on connectivity of the requirements in any designated vendor direction.
The ISC does not have a remit to consider non-security issues, such as the economic and connectivity implications of the requirements in designated vendor directions, but the DCMS Select Committee can consider those wider impacts. That is why, despite my noble friend Lord Balfe’s caution in this regard, we believe the DCMS Select Committee is the correct and appropriate body to see copies of designation notices and designated vendor directions that are not laid before Parliament.
My noble friend Lord Young of Cookham asked whether a designation notice or designated vendor direction is justiciable. Designated vendor directions and designation notices are subject to ordinary judicial review principles. However, the Secretary of State will issue designation notices and designated vendor directions only where they are necessary in the interests of national security and where the requirements in the direction are proportionate. As I mentioned, there are exceptions, which we expect to be rare, where it could be harmful to national security to lay a direction before Parliament, for example where doing so would expose particular security vulnerabilities.
The noble Lord, Lord Clement-Jones, asked about the delegated powers in the Bill and the recommendations of the Delegated Powers and Regulatory Reform Committee, as did my noble friend Lord Young of Cookham. The committee has made one recommendation relating to the power to issue codes of practice about security measures. I am sure that the House will appreciate that we need some time to consider the recommendation. We will respond once we have done that.
A number of noble Lords, including the noble Earl, Lord Erroll, the noble Lord, Lord Fox, and my noble friends Lady Morgan and Lord Vaizey, raised issues about the Government’s work on diversification. Although this is not a matter that the Bill speaks to directly, as your Lordships pointed out, I am delighted to address it. The Government recognise the importance of a diverse supply chain for creating a resilient national telecoms network, which is why we published the 5G diversification strategy alongside this Bill. That takes forward the Government’s commitment in the telecoms supply chain review to respond to the lack of diversity in the supply chain. We are leading the way in solving this through our ambitious diversification strategy.
The diversification task force, led by my noble friend Lord Livingston of Parkhead, has now concluded its initial work. Its findings and recommendations were published on 20 April. As my noble friend Lord Young pointed out, they raise the opportunity for our businesses in this area to win new markets through the creation of shared standards. The Government will respond to the task force’s findings and set out our next steps in this ambitious programme this summer. My noble friend Lord Holmes asked for an update on our UK telecoms lab. We will be able to say more on that later this year, but we plan to respond to all of the priorities raised in the very helpful report from the diversification task force.
The noble Lord, Lord Fox, asked for a definition of “incumbent suppliers”. The diversification strategy defines them as those present in the network that are not high-risk vendors, which therefore would include non-UK businesses such as Nokia and Ericsson.
The noble Baroness, Lady Northover, and the noble Lord, Lord Clement-Jones, asked about our engagement with business. We continue to engage regularly and closely with public telecom providers, including the largest companies, such as BT, and the trade bodies representing small businesses. Their feedback has been invaluable in our policy development. We will consult with them further on the draft code of practice after Royal Assent to ensure that all those affected can make their voices heard.
The noble Lord, Lord Maxton, asked about our international engagement. We have engaged with partner countries throughout the drafting of this Bill and will continue to do so once it has passed. As he rightly pointed out, our networks face similar challenges to those of networks in other countries. It therefore makes absolute sense to find international solutions to them.
The noble Lord, Lord Vaux of Harrowden, obviously has a similar social life to mine. I definitely get more fraudulent calls than I do any other type of communication. As I wrote to him, this Bill is not intended to address the extremely important issues that he raised. The Government are exploring a range of different measures aimed at tackling criminal abuse of the telecommunications network, including fraud. This work is led by the Home Office. I am happy to meet with him to discuss it further if that is helpful or co-ordinates him being in touch with the right colleagues at the Home Office.
Turning to the issues of human rights, the noble Lord, Lord Alton, asked about the compliance of the ministerial statement on the face of the Bill with the Human Rights Act. As printed, I made a statement under Section 19 of that Act that:
“In my view the provisions of the Telecommunications (Security) Bill are compatible with the Convention rights”
as defined by Section 1 of the Act. I stand by my statement. I do not think there are any provisions in this Bill that are incompatible with the convention rights. The statement is about the content of the Bill. The noble Lord has implied that actions of another country might bring the Bill’s compatibility into question, but I think that is a misunderstanding of the purpose of the statement.
Many of your Lordships rightly raised issues of human rights in China, including the noble Baronesses, Lady Northover and Lady Merron, the noble Lord, Lord Fox, and my noble friends Lady Stroud and Lord Balfe. I start by paying tribute to the noble Lord, Lord Alton, for his ongoing commitment to standing up for human rights around the world, including in Xinjiang. The Government stand in complete solidarity with him and the eight others who were sanctioned by China. This House has debated these issues at length and rightly so, as they are important. The Government share the noble Lord’s serious concern about the human rights situation in Xinjiang. Indeed, he recently secured a Question for Short Debate on this topic, to which my noble friend the Minister of State for South Asia and the Commonwealth responded.
It is because this issue is so important that we have, as a Government, taken a wide range of actions this year and I cannot accept his suggestion of complacency on the part of the Government. The UK Government have led international efforts to hold China to account for its human rights violations in Xinjiang. We led the first two statements on Xinjiang at the UN and have utilised our diplomatic network to raise the issue up the international agenda. Most recently, on 22 June, the UK joined 43 other countries at the UN Human Rights Council to condemn China’s human rights violations in Xinjiang and Tibet, as well as the deterioration of fundamental freedoms in Hong Kong referred to by the noble Baroness, Lady Bennett, and others. On 13 June, the G7 leaders’ communiqué called on China to
“respect human rights and fundamental freedoms, especially in relation to Xinjiang”.
Noble Lords will be aware that in January the Foreign Secretary announced a package of measures to help ensure UK businesses and the public sector are not complicit in human rights violations or abuses in Xinjiang. Those measures include robust and detailed new guidance to businesses, a review of export controls as they apply to China, a commitment to introduce financial penalties under the Modern Slavery Act and increasing support for UK government bodies to exclude suppliers complicit in violations.
I know the noble Lord is particularly interested in hearing more about the review of export controls. He will be aware that export controls are already applied to a range of goods which may be used for internal repression or to breach human rights, as set out in the Export Control Act 2002 and accompanying secondary legislation. The review announced by the Foreign Secretary in January will ensure that we have captured the full range of goods as applicable to the current situation in Xinjiang and will determine which additional specific products will in future be subject to export controls. The Government will report back to Parliament on the outcome of the review in due course.
I also note the Private Member’s Bill introduced by the noble Lord, Lord Alton, regarding the duty on businesses to produce modern slavery statements. The Government have already committed to strengthening Section 54 of the Modern Slavery Act 2015 and I know that the noble Lord engages regularly with the Home Office on this matter. I can reassure all your Lordships that tackling modern slavery continues to be a priority for this Government. This is why the Government announced a review of our modern slavery strategy earlier this year.
A new strategy will cover our cross-government response, including how business and government can effect change through their supply chains. In September 2020, the Government committed to take forward an ambitious package of measures to strengthen the Act. As I have mentioned, this was followed in January 2021 by a commitment to introduce financial penalties for organisations that fail to meet their statutory obligations to publish modern slavery statements under the Act. Legislation to take these reforms forward will be introduced when parliamentary time allows.
The amendment tabled and adopted during the passage of the Trade Act further highlights that the Government take these issues seriously. The amendment ensures that a debate and vote in Parliament can happen in response to credible reports, expressed by a responsible Committee, about genocide in a country with which we are proposing a new free trade agreement. I can now confirm that the Foreign Affairs Select Committee in the other place has agreed to be charged with this role, subject to agreement by the House. Discussions are still ongoing in the other place and will begin in this House when there is a willing Committee.
This Bill, however, is focused on the security of the UK public telecoms network and services. It is not the right legislative vehicle to address concerns about human rights and modern slavery. Clause 16 makes it clear that designation notices can be issued to vendors only where the Secretary of State considers that it is necessary to do so in the interests of national security. The Government consider that the Secretary of State should be required to assess national security as strictly about the security of our nations.
I apologise to noble Lords: I know that I have overrun but it was a rich debate. I hope noble Lords will accept that it was worth addressing some of the important points raised. I look forward very much to working with your Lordships across the House to pass this important legislation. As I have said, the Bill will create one of the toughest regimes for telecoms security in the world. It will enable us to protect our critical national infrastructure and shield our networks for years to come. The noble and gallant Lord, Lord Stirrup, gave the Government a helpful and powerful challenge: to be forward-looking as we think through this legislation; to recognise the need for a balance between cost, resilience and risk; and to adopt an approach that combines agility and adaptability. Again, I invite noble Lords who wish to talk about any particular issues related to the Bill to contact me or my officials, and I look forward to debating this further in Committee.