Telecommunications (Security) Bill Debate
Full Debate: Read Full DebateDepartment: Department for Digital, Culture, Media & Sport
Baroness Barran
Main Page: Baroness Barran (Conservative - Life peer)Department Debates - View all Baroness Barran's debates with the Department for Digital, Culture, Media & Sport
Telecommunications (Security) Bill
Baroness Barran ExcerptsTuesday 13th July 2021
(2 years, 9 months ago)
Grand CommitteeRead Full debate Telecommunications (Security) Act 2021 View all Telecommunications (Security) Act 2021 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 15-II(Rev) Second marshalled list for Grand Committee - (13 Jul 2021)
The Parliamentary Under-Secretary of State, Department for Digital, Culture, Media and Sport (Baroness Barran) (Con)
I thank all noble Lords for these amendments, which seek to strengthen the resilience of our telecoms networks by putting a new monitoring requirement on providers in relation to vendors in other jurisdictions, adding to the list of matters to which a requirement in a designated vendor direction may refer, and requiring the Secretary of State to review decisions taken by Five Eyes partners to ban vendors on security grounds.
We recognise the aim of having a comprehensive approach to telecoms security that includes the provider and government. The Bill follows this approach. A number of your Lordships said that I could be advised that the amendments are not unnecessary, but one issue the amendments raise is that of clarity of responsibility in the Bill. We believe genuinely that these amendments would blur some of that clarity.
The Bill as drafted is clear that it is the responsibility of government, not public communications providers, to set security duties and to designate vendors who pose a national security risk. In doing so, the Government, via the National Cyber Security Centre and other agencies, will monitor companies globally, including, of course, in the Five Eyes countries. It is then up to the providers to implement the security duties placed upon them and to comply with any designated vendor directions issued to them.
Amendment 1 in particular risks blurring these lines of responsibility and requiring telecoms providers to spend disproportionate resources on monitoring vendors internationally. This amendment seeks to place a new duty on public telecoms providers to review vendors of goods or services to those providers which are prohibited from other jurisdictions on security grounds, and to review the reasons for the prohibition. This would require public telecoms providers to monitor the policies and regulations of all other jurisdictions to understand whether those jurisdictions had banned certain companies from operating. This would be an onerous, disproportionate duty to place on industry.
Furthermore, in some cases, it may be impossible for telecoms providers to comply with the duty. The amendment states that telecoms providers must review the reasons for a vendor’s prohibition from a jurisdiction. As noble Lords will be aware, many jurisdictions have opaque decision-making processes, where it may be difficult, if not impossible, for telecoms providers to review the reasons for the prohibition of certain companies. Moreover, new Section 105A, which is inserted by Clause 1, places a strengthened overarching security duty on public telecoms providers. This duty is centred on an appropriately future-proofed definition of security compromises. Clause 1 therefore already ensures that telecoms providers undertake appropriate risk management to guard against any relevant threats to network security. In the light of this, I do not consider that this amendment is either proportionate or necessary, given the burden that it would place on telecoms providers and the duties already contained in the Bill.
Amendment 20 seeks to clarify that a requirement in a designated vendor direction may make provision by reference to the sourcing of goods, services and equipment from a specified country, or from sources connected with a specified country. While it is important that we protect our networks from the threats posed by hostile state actors, I do not consider this amendment to be necessary. As currently drafted, the Bill already allows for requirements to be included with provisions relating to the “source” of goods, services and facilities supplied by a designated vendor. I would consider that countries, and sources connected to countries, would already be captured by this wording.
Further, the list of matters that the noble Lord seeks to amend is explicitly non-exhaustive. The Bill is clear that the provisions of a requirement may refer to matters other than those listed in the Bill. It is therefore already possible for a requirement in a direction to refer to the country from which goods, services and facilities are sourced, if the Secretary of State considers that such a requirement is necessary in the interests of national security and proportionate to the aim that is sought to be achieved. As such, this amendment would not achieve anything that is not already possible under the provisions of the Bill as drafted.
Amendment 27 seeks to add a new section to the Communications Act 2003. This amendment would require the Secretary of State to review decisions taken by Five Eyes partners to ban telecoms vendors on security grounds and consider whether similar action is required in the UK.
A number of Members of the Committee, including the noble Lords, Lord Alton and Lord Coaker, and the noble Baroness, Lady Northover, stressed the importance of co-operation. She asked whether this was happening anyway. The short answer is that it is. The UK is already committed to a close partnership, and engages regularly with the Five Eyes. The UK’s telecom networks face similar challenges to networks in other countries.
The Government have engaged with partner countries on the approaches to high-risk vendors throughout the drafting of the Bill and will continue to do so once it is passed. I reassure the Committee that we are in regular contact not only with the Five Eyes nations but with other key partner nations—for example, Japan, France and Germany, to name but a few. Therefore, a requirement to review their decisions to ban a high-risk vendor and consider whether to issue a designated vendor direction in the UK would be unnecessary.
The noble Baroness, Lady Northover, asked more broadly how we worked with other countries in relation to national security. We have always maintained that each country needs to implement the mitigations that are right for their national circumstances. Of course in practice, Governments are adopting similar measures to address the risks, and adapting them to meet their own national circumstances. For example, the Netherlands, Germany and Australia have all either adopted or are planning to adopt security measures comparable to those set out in the UK’s draft secondary legislation, which the Bill would allow us to implement.
In July 2020, following advice from the National Cyber Security Centre, the National Security Council considered the impact of US sanctions in relation to Huawei. It considered that further action was needed, as the new US restrictions made oversight of Huawei products significantly more challenging and potentially impossible. That is another example of how the UK already regularly reviews security advice and requirements in response to international considerations.
Some of the issues raised were closely linked to the Bill, while others were slightly less so. The noble Lord, Lord Fox, asked how Ofcom and the NCSC would work together in practice. To formalise the relationship between the two organisations, they are in the process of developing a memorandum of understanding and have published a statement, available on the Ofcom website, that sets out the three key principles that they will follow. They are: first, that the National Cyber Security Centre will provide expert technical cybersecurity advice to Ofcom to support the implementation of the new telecoms security framework; secondly, that they will exchange information where necessary and permitted by law; and, thirdly, that the National Cyber Security Centre will continue to provide incident management support during serious cybersecurity incidents, both to telecoms operators and to Ofcom as needed.
The noble Earl, Lord Erroll, suggested that our broadband rollout programme had stalled—forgive me if I misheard—but I do not accept that. We as a Government remain committed to delivering nationwide gigabit and mobile connectivity as soon as possible. We have put in place £5 billion of funding to roll out next-generation gigabit broadband and have already connected more than 1 million hard-to-reach homes and businesses. Despite the pandemic, the expansion has been extraordinary, with 40% of premises now having access to gigabit-capable broadband, which will rise to 60% by the end of this year.
Lord Fox (LD)
I congratulate the Minister on introducing the Barran scale of nuance, which will no doubt become a classic in future. She did not address the issue of componentry, if you follow my drift. It seems to me, in analysis, that what tipped the balance in the sense of Huawei was the absence of American-made chips. Were that not to have happened, the NCSC would not have recommended the widescale removal that we have seen. That appears to be the implication. There seems to be an element of component monitoring going on, although in this case the monitoring appears to have been done more by the Americans than by the United Kingdom. It comes back to that fundamental point: at what level is the Bill going to be applied? Will it be applied on the overall capability of the system? In other words, is it a systems capability issue? Is it a subsystem operational outcome view, the individual pieces that go to make those subsystems, or the software that drives the overall system? How will the Bill actually be put into process?
Baroness Barran (Con)
I may need to write to the noble Lord about the technical details he has set out. I think for the approach to be effective it needs to incorporate all elements of that. An overall system cannot be a capable system if the subsystem is not. There needs to be coherence across the equipment that is supplied and our understanding of how it operates in practice and the component parts to inform the judgment about its security or not. I am happy to follow up in writing if he is agreeable.
Lord Alton of Liverpool (CB)
I thank all noble Lords who have participated in the debate and the Minister for her replies. I thought that the intervention just now by the noble Lord, Lord Fox, was important. It drives at one of the issues that we have debated today in the context of Nexperia and what is happening to a British company that has been acquired by a Chinese company through its Dutch affiliate. It is about computer chips. It is about semiconductors. It is about our ability to be able to control what goes into the technology that the Bill is very much about. That is not an on-the-side question; it is a very important central question and I look forward to seeing the response that the Minister gives to the noble Lord, Lord Fox, when she looks at it further.
I turn now to some of the contributions made today. The noble Baroness, Lady Northover, in a typically powerful and thoughtful intervention, invited us to delve more deeply. That is what we have been doing during this afternoon’s proceedings. She emphasised the importance of countries working together. She regretted, with sadness, that we have been forced to make some of these decisions about our own individual ability to acquire intelligence as a result of our decision to leave the European Union.
I thought it was interesting that, earlier today, the European Commission issued new guidance to combat forced labour in supply chains. It rather puts our laggardly and perfunctory efforts to shame. The guidance provides concrete, practical advice on how to identify, mitigate and address the risks. This issue has been referred to and the noble Baroness has said that she is going to write to us further on modern-day slavery and supply chains. High Representative/Vice-President Josep Borell says that the guidance
“will help EU companies to ensure their activities do not contribute to forced labour practices in any sector, region or country.”
It paves the way for future legislation which will have enforcement mechanisms and should introduce a mandatory due diligence duty, requiring European Union companies to identify, prevent, mitigate and account for sustainability impacts in their operations and supply chains.
Our amendments today would gather that kind of information. I simply do not accept that it is impossible for companies, in partnership with government—a point made by the noble Baroness in opposition to these amendments was that this would place too much responsibility on companies—or countries such as our own to collect this information. Like other noble Lords around the table, I have no staff. The information I gave to the Committee today is publicly available and, with a little bit of research, it can be obtained without too much difficulty. It is absurd to suggest that it is beyond the ability of companies or countries to collect information and share knowledge. The example from the European Union underlines what the noble Baroness said to us today.
The noble Lord, Lord Naseby, was, as always, asking all the right questions. From our many years together in another place, as well as here, I am always happy to stand with the noble Lord, not least because of his experience in many parts of the world. It is important to ensure that our people who are in post in many of our embassies are given the ability to ask these searching questions and to ensure that the information comes back to us, to prevent many of the expensive mistakes that have been made around Huawei, and which have been referred to during the debate, happening all over again.
My noble friend Lord Erroll was right to say that there are human rights abuses in many countries. Like him, I become indignant about some of those abuses; I do not argue, though, that we should no longer trade with those countries. I always prefer that we trade with countries that are on a trajectory to reform, that are law-abiding and that believe in human rights and democracy, but I accept that it would be impossible to take out of supply chains any country that carries out any kind of human rights violation.
However, there are certain markers that we can look to. One of them is our legal duty under the 1948 convention on the crime of genocide. This is not a word to be used lightly. The word “genocide” came into our vocabulary thanks to a Polish Jewish lawyer, Raphael Lemkin, who had seen over 40 of his own family murdered in the Holocaust. During the proceedings on the telecoms infrastructure Bill last year, I gave examples from that period of how companies such as Philips had their own forced labour in the camps where people were dying. I gave the example of Corrie ten Boom, a Dutch woman who had given refuge to escaping Jewish people trying to flee the Holocaust. She and her sister were arrested and sent to work in that factory; her sister died there. Corrie ten Boom wrote a deeply moving book called The Hiding Place. That is the comparison I seek to draw.
It is not just me. In April this year, the House of Commons said that what is taking place in Xinjiang is genocide—it is only the second time that it has ever made such a declaration, so this is of a different order. Where there is genocide, we, as signatories to an international treaty—the 1948 convention on the crime of genocide—have a legal obligation to predict the signs of genocide, prevent it from happening, protect those affected and prosecute those responsible. I accept my noble friend’s argument—we are not going to stop trading tomorrow with Gulf states or whomever it may be who is doing fairly odious things—but the crime of genocide is surely in a different league.
Lord Coaker (Lab)
This is a really important discussion. I do not want to speak for too long but the noble Earl, Lord Erroll, was right to say that the Bill is about security and not just “anything”. None of us on the Committee wants to compromise the nation’s security or compromise the ability of our military personnel to conduct necessary operations. However, sometimes in legislation words really matter—they are the law of the land. That is why scrutiny of legislation in Committee like this is so important, word by word and line by line, otherwise—and I will have a series of questions for the Minister on this—down the line in one, two, three or five years, something will happen and everybody will go, “How was the word ‘anything’ included?” The unintended consequence of legislation is something that we need to consider, or people will ask how something happened—how that word was allowed.
With that in mind, it is important that the Minister explains to the Committee how this definition is arrived at. The starting point would be to ask her to explain the differences between having the word “anything” and having the phrase “security issue”. Can she give examples of how the Bill would be weakened by having that term rather than “anything”, and what “anything” means—apart from saying that it means “anything”? What does it actually mean, given that the Bill is supposed to be about security issues, as the noble Earl said?
The Government argue that the duty on providers is appropriate and proportionate to ensure that the effects of compromise are limited and to act to remedy the impacts. I understand why Ministers are keen to keep the definition wide, but on its own it is not good enough. For example, can the Minister explain whether there are any thresholds to what amounts to a security compromise, or is it “anything”, and what does that mean to an individual who might stray into territory that they are not sure about? How was the Bill’s definition arrived at? Who came up with it and what advice did they receive? Were alternatives suggested to it, what did security experts say to the Minister was necessary, and were there dissenting voices?
In seeking clarification, I wonder whether the Minister can explain why the definition does not include, as I understand it, the presence of supply chain components, as the noble Lord, Lord Fox, mentioned on the earlier group of amendments, if they represent a security threat. Maybe it does—but could the Minister clarify that? We need to know that to understand the diversification of the supply chain and how effectively or not it is proceeding. It is important to consider the components of the supply chain, particularly when identifying where they are a threat to our national security. As I see it, that is not included in Clause 1, but perhaps the Minister can tell me that it is and that I have not read the clause correctly. If so, where is it?
I go back to where I started. These amendments are important in testing how the Government have arrived at this use of “anything”. I know it sounds like semantics —what does “anything” mean?—but the point made by the noble Earl, Lord Erroll, is crucial. The Bill is a security Bill. That being so, why does “anything” appear and why is “security issue” not the appropriate way to describe this? Why is it not included in the Bill? It is necessary for the Committee to understand the Government’s thinking on this for us to consider whether we need to bring back this matter on Report.
Baroness Barran (Con)
My Lords, the Committee will recall that the UK Telecoms Supply Chain Review Report in July 2019 found that telecoms providers lack incentives to apply security best practice. This Bill is our response to its recommendations and takes forward the Government’s commitment in the report to introduce a new security framework, including new legal duties and requirements, to ensure that telecoms providers operate secure and resilient networks and services.
I thank the noble Lords, Lord Fox and Lord Clement-Jones, for tabling these amendments to Clause 1. Before I address them directly, I hope that it will be helpful if I set out some brief context for the clause as it appears in the Bill and try to address the challenges posed by the noble Lord, Lord Coaker.
Clause 1 inserts a new Section 105A into the Communications Act 2003. New Section 105A places a duty on public telecoms providers, first, to identify the risks of security compromises; secondly, to reduce the risks of compromises occurring; and, thirdly, to prepare for the occurrence of security compromises. To support the duty, new Section 105A creates a new definition of “security compromise”. The definition is purposefully broad and includes anything that compromises the availability, performance or functionality of a network or service, or that compromises the confidentiality of the signals conveyed by it. I thank my noble friend Lord Naseby for his support for this approach.
I am genuinely slightly puzzled by the remarks of the noble Lord, Lord Coaker, about what is included and excluded, because Clause 1 goes into great detail—which I shall not read out now, but I know the noble Lord has looked at it. Not only do we define what is included in “compromise” but we are explicit about what is excluded. This comprehensive approach will help ensure that telecoms providers protect their networks and services properly in the future. It creates a new duty on providers to take steps to reduce the risk of incidents and attacks seen globally in recent years.
As we have heard, the amendments tabled by the noble Lords, Lord Fox and Lord Clement-Jones, would narrow the definition of a security compromise. As both noble Lords noted, this was also a matter that the Constitution Committee recommended the House consider in its recent report. As I have said, the definition is designed to support a long-term approach to security. It aims to be focused enough to address risks that are specific to telecoms networks. At the same time, it is broad enough to ensure the Bill is future-proof and has flexibility to enable us to address new and evolving threats.
I appreciate that the noble Lords are seeking to ensure that legal obligations on telecoms providers are targeted and appropriate to specific risks, but it is important to remember that the framework within the Bill is designed to do exactly that. Certainly, we are not aiming, in the words of the noble Earl, to bash suppliers over the head. Rather, the broad definition in the Bill helps future-proof the legislation, whereas the specific security measures which narrow that focus will be set out in secondary legislation. I tried to get my head around the thought experiment from the noble Lord, Lord Fox, but I got stuck at the idea of trying to fit inside a petri dish, which would definitely be impossible.
Lord Fox (LD)
The Minister brought up the review, which was very clear that there are huge potential market failures within the security and resilience telecoms market, the reason being that security is not valued by the networks. It is other things, such as network connectivity and price, which are of maximum importance to those networks—things that might come under the word “anything”, for example.
Let us be clear about the four reasons given by the review that security is undervalued by networks: insufficient clarity on cyber standards and practices; insufficient incentives to internalise the costs and benefits of security; lack of commercial drivers, because consumers of telecoms services do not tend to place a high value on security; and the complexity of delivering, monitoring and enforcing contractual arrangements in relation to security. All four of those issues, which I think are driving the purpose of this Bill, involve the word “security”. Far from these amendments watering down the intent of the Bill, the Minister is watering it down herself by including the word “anything” and ignoring the word “security”. I do not expect her to accept these amendments now, but I would like the department to go away and think about this very carefully, because a catch-all Bill catches nothing.
Baroness Barran (Con)
I hear the noble Lord’s concerns. We will of course take back his comments and reflect on them again. However, I know that officials working on this Bill have considered these points in enormous detail and would be happy to meet the noble Lord and discuss them, if that would be helpful. We believe that our framework does not water down but balances future-proofing with the precision and specificity that the noble Lord seeks. I hope we can follow up on that in a separate meeting.
Lord Clement-Jones (LD)
My Lords, I see a slight chink of light, perhaps, that may be opened by opened by a meeting with the Minister on this subject—because she will appreciate that none of the amendments tabled to the Bill, which we think is important, has been put down lightly, and definition is crucial.
I was somewhat baffled by the noble Lord, Lord Naseby, flying in his jet—I was thinking of perhaps pressing the ejector button, but I thought better of it. The idea that there is an analogy between flying a jet and what we are talking about here was a bit baffling. The only way that I could think of the analogy for a planned outage, which is exactly what the providers are worried about being subject to under this definition of “security compromise”, is where a jet does a planned manoeuvre and everyone scrambles and treats it as an incident—so I cannot see that his analogy holds at all.
I much prefer and give thanks for the contributions of the noble Earl, Lord Erroll, the noble Lord, Lord Coaker, and my noble friend Lord Fox, who, in doubling down on the points raised about the purposes of the Bill, illustrated exactly why we seek to have a much more precise definition. The big problem is that the flexibility demanded by the Government is effectively at businesses’ cost and causes uncertainty. That is the worry about the way that the Bill is currently drafted.
The Minister talked about future-proofing and doing it more precisely, in a sense, by setting out the duties by secondary legislation—but, of course, there are great concerns about the way that the secondary legislation is to be agreed and the codes of practice. So I suppose that, if I were going to ask for a quid pro quo, if there is to be a loose definition of “security compromise”, there must be a very tight way of agreeing the codes of practice and the secondary legislation—but I wonder whether the Minister will actually agree to that trade-off, as we go through the afternoon. I would like to have all of the amendments that we have tabled for today.
I really think that, when the Minister said that this would “undermine the whole approach”, it is good to have it in her script, but that is absolutely not the case. The last thing that we are doing by trying to tighten this definition is to undermine the whole approach; we are trying to create certainty for the providers so that, when they plan outages and there are other planned events, they are not caught by a sidewind when trying to comply with the terms of the Bill. This is a practical issue.
I understand what the Minister says about resilience and, to some degree, that is the case, but there is clearly a great deal of uncertainty surrounding the providers’ interpretation of the Bill, as it currently stands—and they are the ones that will be subject to this. As I said—without wishing to repeat myself too much—the Government’s impact assessment itself makes it very clear that the costs of this exercise, of having to comply with the Bill, are extremely uncertain at this point, and there is quite a lot of concern about that.
I am sure that, if we have a meeting with the Minister in due course, we will be able to persuade her to accept these amendments, and I look forward to it. In the meantime, I beg leave to withdraw Amendment 2.
Baroness Merron (Lab)
My Lords, I speak to Amendment 11 in my name and welcome Amendments 7 and 12 in the names of the noble Lords, Lord Fox and Lord Clement-Jones. I was interested that the noble Lord, Lord Fox, referred to a chorus of agreement, which I certainly heard ringing out, expressing concerns about the role that Parliament should have in scrutinising on codes of practice that this Bill currently does not provide for. To me, the codes remind us that the Bill can provide us only with something of a framework, and for many areas there is a wait for the details to be filled in later. As the noble Earl, Lord Erroll, said, the devil, as always, is in the detail.
Clause 3 allows the Secretary of State to issue new telecom security codes of practice that will set out to providers the details of specific security measures that they should take. As we have heard referred to, the impact assessment states that these codes are the way in which the DCMS seeks to demonstrate what good security practices look like. However, I note that Ministers are proposing only to demonstrate but not actually to secure good practice, which I am sure is the real intent—and it would be very helpful if, through this debate, we could get to that place.
I am interested also to note and draw the Minister’s attention to the fact that the Government have said that these codes will be based on National Cyber Security Centre best practice security guidance. The Government have said that they will consult publicly, including with Ofcom and the industry, as we read in the Minister’s letter following Second Reading. That public consultation will be on implementation and revision. However, it strikes me as very strange that the National Cyber Security Centre is not a statutory consultee; can the Minister say why it is not?
I particularly make the point that, as the codes of practice will be admissible in legal proceedings, they have to be drafted accurately and we have to ensure that security input and expertise is fed into them. The National Cyber Security Centre, which is described as a bridge between industry and government and is, indeed, an organisation of the Government, would seem to be a body that should be, in a statutory sense, invited to make the input and offer its expertise, along with other departments and agencies. After all, we can see, when reading about the centre, that its whole reason for being is that it provides widespread support for the most critical organisations in the United Kingdom as well as the general public, and they are absolutely key when incidents, regrettably, occur. We are trying to address those incidents in respect of this Bill.
As we have heard from all noble Lords who spoke in this section of the debate today, the input needs to come from Parliament, which is why I tabled Amendment 11. As the Bill is drafted, the current reading is that a code of practice must be published and laid before Parliament, but there is no scrutiny procedure. I put it to the Minister that if codes have legal weight, why is Parliament being denied the chance to scrutinise them? We seem to have a complete mismatch there. I was taken by the words in the Delegated Powers Committee report, mentioned by the noble Lord, Lord Clement-Jones, in his introduction, which stated that this way of being was “unacceptable” and called for the negative procedure for codes. That is what Amendment 11 does. Can the Minister address specifically the words of that committee report? I refer her to paragraph 27, which says:
“In our view, the Department’s reasons are unconvincing … the fact that codes of practice would be produced after consultation with interested parties cannot be a reason for denying Parliament any scrutiny role; and … the Department appears not to have recognised the significance of the statutory effects of the codes of practice”,
as has been highlighted today. I therefore hope that the Minister will both comment on the report and seek to make what is a very important and significant change in this regard.
I will pick up on one additional point. The impact assessment also says that the codes of practice will have a tiering system for different-sized operators. The initial code will apply to tier 1, which serves the majority of businesses of critical importance to the United Kingdom. This will also apply to tier 2 medium-sized operators but with lighter oversight by Ofcom and longer timetables. Can the Minister offer a draft list of the operators in tiers 1 and 2, and can it be shared with noble Lords? I would also be interested to know whether the Minister has any concerns that tier 2 operators will somehow be worse at compliance. If she has those concerns, what support will be provided to small and medium-sized enterprises? I look forward to her reply.
Baroness Barran (Con)
My Lords, I have heard with interest the contributions of your Lordships regarding the parliamentary oversight of the secondary legislation and codes of practice associated with the Bill. I will try not to disrupt the harmony that broke out so agreeably.
Amendment 7 tabled by the noble Lord, Lord Fox, would apply the affirmative procedure to regulations made under new Section 105B in Clause 1. It would require secondary legislation to be laid in Parliament in draft and to be subject to a debate and a vote in both Houses. Both Amendment 11 tabled by the noble Baroness, Lady Merron, and Amendment 12 tabled by the noble Lord, Lord Fox, would require a statutory instrument to be laid in Parliament for the Secretary of State to issue or revise the codes of practice, under the negative or affirmative procedure respectively.
I will first address Amendment 7 and the procedure for the regulations. The Bill currently provides for the statutory instrument containing the regulations to be laid using the negative procedure. This is the standard procedure for instruments under Section 402 of the Communications Act. The only delegated powers in the Bill currently subject to the affirmative procedure are Henry VIII powers to retrospectively amend penalty amounts set out in the primary legislation.
Lord Fox (LD)
Sorry, I have not quite finished.
I would call Amendment 15 a “good manners” amendment. If Ofcom possesses information that the network provider does not, it simply calls for that network to be brought into the loop before the rest of us are. That seems good manners to me—you do not necessarily have to legislate for that, but these days it always helps. I have now finished.
Baroness Barran (Con)
My Lords, I thank the noble Baroness, Lady Merron, and the noble Lords, Lord Clement-Jones and Lord Fox, for tabling these amendments to Clause 4 and for their considered remarks. As we have heard, these amendments speak to reporting requirements placed on industry in the event of a significant risk of a security compromise and the powers bestowed on Ofcom in the event of a compromise or the risk thereof.
Amendments 13 and 14 amend new Section 105J. As the noble Baroness, Lady Merron, summarised, new Section 105J is designed to give users of telecoms networks and services relevant information when there is a significant risk of a security compromise, including the steps that they should take to prevent such a compromise adversely affecting them. Giving users this information will help ensure that, where possible, they can take swift action to protect themselves. It will also contribute to greater awareness of security issues, supporting users to make more informed choices about their telecoms provider.
Baroness Barran (Con)
My Lords, I am sorry, as ever, to disappoint the noble Lord, Lord Clement-Jones. With regard to his first point, of course the relationship with providers is important, which is why we have worked so closely with industry throughout the preparation of the Bill. However, as the noble Baroness, Lady Merron, said so eloquently, the relationship with users is also very important; it is that balance that we are seeking to strike. I am sorry if the noble Lord found my remarks grudging or negative; there was a lot of thought behind them.
Baroness Merron (Lab)
My Lords, this has been a healthy debate. I thank all noble Lords who have contributed on the various amendments. I certainly noted from her response to Amendment 13 in my name that the Minister shares my understanding of the issues for consumers. The debate has shone a light on the fact that it is not possible to simply put one set of interests above another. I felt in the course of the debate that it has been understood that, while fixed time periods may create an unintended consequence, as the noble Earl, Lord Erroll, said, they do ensure that things are not swept under the carpet. That is really where the amendment was seeking to probe.
I appreciate the point made that, while timescale is at the discretion of telecoms providers, there are certain requirements on them. I still have a sense of nervousness; I hope that, as we proceed with this legislation, the telecoms providers will understand the importance of acknowledging and responding to the very real concerns, interests and threats to consumers when they consider what the words “reasonable and proportionate”, as well as the words “timely manner”, mean. With that, I beg leave to withdraw my amendment.
Baroness Merron (Lab)
My Lords, I have been very interested to hear the arguments put forward by the noble Lords, Lord Clement-Jones and Lord Fox, and the noble Earl, Lord Erroll. As we heard from the noble Lord, Lord Clement-Jones, in his opening remarks, concern about oversight is driving this section of the debate. As we know, Clause 13 ensures that when deciding an appeal against certain security-related decisions made by Ofcom, the tribunal is to apply judicial review principles without taking any special account of the merits of the case.
I understand that this does not apply to appeals against Ofcom’s enforcement decisions and that the Government have said that this ensures that it is clear that the tribunal is able to adapt its approach as necessary to ensure compatibility with Article 6, the right to a fair trial. My questions to the Minister are about the legal advice that the Government have received on this clause. What legal advice has been received? Is this external legal advice as well as internal legal advice?
The clause states that
“the Tribunal is to apply those principles without taking any special account of the merits of the case.”
Can the Minister explain what “special account” is expected to mean?
Baroness Barran (Con)
I thank the noble Lords, Lord Clement-Jones and Lord Fox, for tabling this amendment to Clause 13. I am aware that the noble Lord, Lord Clement-Jones, has spoken extensively on the standards of appeal in this House. As the noble Lord remarked, this matter was also raised in the Constitution Committee’s recent report, where it asked for further clarification about the reasoning for the changes made by this clause. I will attempt to address this point today and answer the questions from the noble Lord, Lord Fox, about what we are worried about.