Telecommunications (Security) Bill Debate
Full Debate: Read Full DebateChi Onwurah
Main Page: Chi Onwurah (Labour - Newcastle upon Tyne Central and West)Department Debates - View all Chi Onwurah's debates with the Department for Digital, Culture, Media & Sport
(3 years, 6 months ago)
Commons ChamberI beg to move, That the clause be read a Second time.
With this it will be convenient to discuss the following:
New clause 2—Provision of information to the Intelligence and Security Committee—
“The Secretary of State must provide the Intelligence and Security Committee of Parliament as soon as is reasonably practicable with a copy of—
(a) any direction or notice (or part thereof) that is withheld from publication by the Secretary of State in the interests of national security in accordance with section 105Z11(2) or (3) of the Communications Act 2003;
(b) any notification of contravention given by the Secretary of State in accordance with section 105Z18(1) of the Communications Act 2003;
(c) any confirmation decision given by the Secretary of State in accordance with section 105Z20(2)(a) of the Communications Act 2003;
(d) any reasons for making an urgent enforcement direction that are withheld by the Secretary of State in the interests of national security in the accordance with section 105Z22(5) of the Communications Act 2003; and
(e) any reasons for confirming or modifying an urgent enforcement direction that are withheld by the Secretary of State in the interests of national security in accordance with section 105Z23(6) of the Communications Act 2003.”
This new clause would ensure that the Intelligence and Security Committee of Parliament is provided with any information relating to a designated vendor direction, notification of contravention, urgent enforcement action or modifications to an enforcement direction made on grounds of national security.
New clause 3—Network diversification—
“(1) The Secretary of State must publish an annual report on the impact of progress of the diversification of the telecommunications supply chain on the security of public electronic communication networks and services.
(2) The report required by subsection (1) must include an assessment of the effect on the security of those networks and services of—
(a) progress in network diversification set against the most recent telecommunications diversification strategy presented to Parliament by the Secretary of State;
(b) likely changes in ownership or trading position of existing market players;
(c) changes to the diversity of the supply chain for network equipment;
(d) new areas of market consolidation and diversification risk including the cloud computing sector;
(e) progress made in any aspects of the implementation of the diversification strategy not covered by subsection (a);
(f) the public funding which is available for diversification.
(3) The Secretary of State must lay the report before Parliament.
(4) A Minister of the Crown must, not later than two months after the report has been laid before Parliament, make a motion in the House of Commons in relation to the report.”
This new clause requires the Secretary of State to report on the impact of the Government’s diversification strategy on the security of telecommunication networks and services, and allow for a debate in the House of Commons on the report.
Amendment 1, in clause 14, page 21, line 27, at end insert—
“(3) The Secretary of State must, in the process of carrying out reviews and drafting subsequent reports, consult the appropriate ministers from the devolved governments.”
It is a great pleasure to speak in this debate on Report. As I may have mentioned before, I am a chartered electrical engineer; before I entered Parliament, I worked for 20 years helping to build out the networks—fixed wireless and mobile—that became the internet. I am proud of that work and of the immense contribution that the telecommunications sector makes to our society, our economy and our security.
I am very pleased that today we are dedicating parliamentary time to our telecommunications sector. I thank all Members across the House who served on the Bill Committee for our many hours of fruitful debate as we strove to secure improvements to the Bill. I also thank the officials of this House, particularly in the Public Bill Office and the Library, who have provided such excellent support.
I declare an interest: many provisions in the Bill deal with the regulator Ofcom, and my last telecommunications role was with Ofcom. I joined it in 2004 just a few weeks after it was born, when it was to be a light-touch regulator, small and nimble. As a consequence of my time in the sector, I have been calling for greater security, particularly for our mobile networks, since I first entered this place in 2010.
The Labour party and I welcome the intention behind the Bill, but a number of areas in it need to be addressed. We are here today because of the Huawei debacle of the Government’s making. The Government have been forced to require the removal of Huawei, at an estimated cost of £2 billion and a delay of two to three years to our 5G roll-out, after overseeing Huawei’s rapid rise to be the foremost supplier to the telecoms company that carries our country’s name and universal service obligation: British Telecom.
The telecoms supply chain review found that there were no incentives for our mobile network operators to provide secure networks. Moreover, successive Tory Governments have squandered the world-leading position on broadband infrastructure left to them by Labour in 2010, as the United Kingdom has fallen down the league table from 27th to 47th in the world for average internet speeds. This lack of sovereign capability and absence of an effective telecoms strategy has resulted in our dependency on high-risk vendors, which the Bill seeks to address.
I am sure that you will be pleased to know, Madam Deputy Speaker, that I will not repeat the same arguments on Huawei that have dominated the debate over recent years. Given where we are now, we support the aims of the Bill. National security is the first duty of any Government, and Labour will always put national security first. Our telecoms infrastructure is clearly critical to our defence and security, as well as our economic prosperity.
We agree that, as the Bill sets out, the Secretary of State should have powers to designate vendors of concern and require mobile network operators to take appropriate action, and that Ofcom should have the power to monitor and enforce those directions. However, we wish to improve the Bill in three key areas, which our new clauses 1, 2 and 3 seek to address.
The first area is national security. Labour prioritises national security, and the sweeping powers that the Bill gives the Secretary of State must be used in the interests of securing our critical national infrastructure. Removing Huawei does not, in and of itself, make our networks secure now or protect them against future threats; that requires a number of additional measures, some of which are in the Bill and some of which are not. For a start, if our telecoms network is to be secure, there must be expert democratic oversight of the measures that make it secure—yet the Bill makes no provision for Parliament’s experts, the Intelligence and Security Committee, to be informed or consulted. We want to fix that.
Secondly, the security of our network depends on an effective plan to diversify the supply chain. We are very concerned that the Bill does not even mention diversification and thus risks short-changing our national security, our technological sovereignty and our telecoms infrastructure. We want to ensure that progress is made in diversification as a prerequisite for the security of the telecoms network and a UK sovereign capability should be a part of that.
Thirdly, the Bill gives many new responsibilities and powers to Ofcom. That follows a vast expansion of Ofcom’s remit over the past 10 years. We want to make sure that Ofcom is appropriately resourced to carry out its duties and to be forward looking, not simply looking back.
One of the great failings of the Bill is that the Government are so fixated on fighting the last battle—the Huawei battle—they are not looking to the future. That is, in part, because various Government Back-Bench Members have very real concerns about the rise of China and its influence on our infrastructure. But these concerns, however well justified, seem to be blinding the Government to threats that are not Chinese in origin. We want to fix that. We want Ofcom to have the resources and the will to monitor the evolution of our telecoms networks, so that future threats, wherever they come from, can be identified and we do not find ourselves forced, as we are now, to make a huge change to our networks, at a huge cost to our economy.
I turn to new clause 1. As I said in my opening remarks, I joined Ofcom in 2004 when it was in its infancy as a slimline regulator. I kept a copy of the Communications Act 2003 on my desk. Since then, that Act has already doubled in size as Ofcom has acquired responsibility for critical national infrastructure: the BBC; the Post Office; online harms—that Bill is coming down the road; and, in this Bill, parts of national security as well. This latest expansion of Ofcom duties will necessarily add a strain not only to its budget, but to its resources. In January, in response to my written question, the Government stated that Ofcom would have the resources that it needs to do the job, in which case the Minister should be keen to support new clause 1, which requires Ofcom to report on the adequacy of its resources in fulfilling its functions under the amendments made in the Bill.
Ofcom lacks experience in national security measures—this was discussed during the evidence stage—and the expansion of duties will require the recruitment of people with the required level of security clearance and experience. That is not going to be easy, as we heard during the evidence sessions. Emily Taylor of Oxford Information Labs said that Ofcom
“will have to acquire a very specific set of skills and capabilities and that will require substantial investment and learning as an organisation”.––[Official Report, Telecommunications (Security) Public Bill Committee, 19 January 2021; c. 72, Q84.]
These skills are rare. The memo from the Minister, for which I am grateful, sets out how Ofcom and the National Cyber Security Centre will work. While it is welcome that they will work together, it did not provide the reassurance that we need. Indeed, it suggests that Ofcom will be entirely dependent on the NCSC for cyber skills and therefore, presumably, unable to understand the advice that it receives from the organisation.
New clause 1 requires Ofcom to report annually on the adequacy of measures taken by network providers to comply with changes introduced in the Bill, empowering the Government to track the effectiveness of the legislation. However, new clause 1 does more than that. It ensures that Ofcom has the human and informational resources to be forward looking. As I said, we are concerned that the Bill is backward looking and does not look to future threats. New clause 1 requires Ofcom to provide an assessment of emerging or future security risks based on its interrogation of network providers’ asset registers.
I am pleased that the Government are taking steps—as I understand it from the Minister—to formalise existing best practice in the telecoms sector and ensure that national providers maintain asset registers. I can tell Members that that has not always been the case. As the Minister said during the Committee stage, asset registers are an
“important part of the existing landscape”––[Official Report, Telecommunications (Security) Public Bill Committee, 21 January 2021; c. 162.]
But I ask him: why does he not take this further? We need to ensure that we have a good understanding of our national assets and so can assess emerging threats. Doing so would have made Huawei’s dominance visible earlier and it would now enable warning signs of future concerns—and there are future concerns. Again, Emily Taylor said:
“I feel a little like we have been fetishising 5G and a single company for the last two years, perhaps at the expense of a more holistic awareness of systemic cyber-security risks… Healthcare systems probably would not have been top of the list two years ago, but now they are. The SolarWinds attack shows that the identity of the vendor is not always the key risk point. SolarWinds is a very trusted vendor from a like-minded, close ally country, and yet it turns out to be a critical single point of failure across key, very sensitive Government Departments, both in the US and the UK.––[Official Report, Telecommunications (Security) Public Bill Committee, 19 January 2021; c. 74, Q88.]
So I want the Minister to consider that in his response on this proposal.
This has been a very well-informed debate. I am sorry if my own digital connectivity did not enable my contribution to be heard as perfectly as it should have been, but I hope we have corrected that.
There were many excellent contributions from both sides of the House. It is important to note that the House is in quite rare agreement on a number of questions regarding the Bill, particularly on the importance of national security. The representatives of each of the parties in the debate—the hon. Members for Aberdeen South (Stephen Flynn), for Caithness, Sutherland and Easter Ross (Jamie Stone) and for Strangford (Jim Shannon), and the Minister himself—shared support for the primacy of national security and recognition of the importance of our telecoms networks in our national security, and I was pleased to listen to their contributions. I thank the Minister for his response and for the tone in which the debate has been conducted.
However, I will say briefly, with regard to new clause 1, which seeks to ensure that Ofcom has the skills and expertise needed to undertake its new duties in the midst of all the other responsibilities that Parliament is asking, as well as reviewing future provision and threats to the network, that the Minister’s comments on the increase in the cap on Ofcom’s budget did not begin to address our concerns. We have, effectively, a snapshot of the financial resourcing available now. The new clause seeks to ensure that we have an understanding of the resourcing as it continues—as threats evolve in the future—and particularly that we are able to look forward to new and evolving threats on the basis of a thorough understanding of the assets in each network operator’s network.
Indeed, the right hon. Member for South Holland and The Deepings (Sir John Hayes) emphasised the step change in the requirements of Ofcom that the Bill represents. The Minister implied that Ofcom would be able to do everything requested in the new clause when it comes to looking at asset registers, for example. I simply do not understand his reluctance to put that in the Bill, given the important role that Ofcom is to play in our telecoms security. I am afraid that I do not feel that he answered my points on new clause 1.
On new clause 2, members of the Intelligence and Security Committee—its Chair, the right hon. Member for New Forest East (Dr Lewis); the right hon. Member for Beckenham (Bob Stewart); and the right hon. Member for South Holland and The Deepings—eloquently articulated many of the arguments for why the ISC needs to be part of the scrutiny of this Bill. Indeed, the right hon. Member for Beckenham was particularly detailed in his description of the very room requirements for assessing national security issues. Having worked at Ofcom, I know its rooms very well, and I do not think that they meet the requirements that he set out.
It is worth noting that the ISC was one of the first parliamentary organisations to raise issues around Huawei, back in 2013. It seems very wrong that it should be excluded from involvement in scrutinising how the Bill is implemented, given that it is the only parliamentary grouping with the appropriate security clearance. Although I appreciate the Minister’s constructive tone, I do not think that he answered the questions raised or sufficiently justified the Government’s aversion to ensuring a process for ISC scrutiny, so I will press new clause 2 to a vote.
Finally, the most complex of our new clauses is new clause 3, which would ensure that the diversification of our telecoms networks was achieved as a prerequisite for their security. We heard from the right hon. Member for Chingford and Woodford Green (Sir Iain Duncan Smith) about how telecoms markets have been constructed to enable the consolidation and monopoly power of particular players, and particularly Huawei. Unfortunately, he did not go on to say how in the Bill the Government would deliver on a UK sovereign capability, but he was absolutely right about how the market has effectively failed.
The hon. Member for Wealden (Ms Ghani) used her experience on NATO’s science and technology committee and on this Parliament’s Business, Energy and Industrial Strategy Committee to encourage the Minister to truly examine our network resilience. New clause 3 is designed to ensure the ongoing ability to examine network diversification and resilience.
We heard from the right hon. Member for South Holland and The Deepings about the impact of the unaccountable power of monopolies. Again, since the Bill does not mention a diversification plan or diversification strategy, we cannot see that it will do anything to address that issue. The hon. Member for Bracknell (James Sunderland) said that the Bill supports network diversification. I know that that is the intention, but without our new clause I cannot see how it will actually achieve it.
The Minister reiterated the diversification plans, which are not a plan—as I set out, they have no detail and no action. As for his attempt to explain why the Government have omitted from the Bill any reference to diversification, I have to say that I found it entirely incomprehensible. It was as if referring in the Bill to diversification would limit the meaning of diversification; if that were the case, we would be unable to refer in any Bill to many of its intentions or outcomes.
I remain convinced, and there is agreement on all sides of the House, that we need to ensure that diversification of our telecoms supply chain goes hand in hand with ripping out Huawei and reducing our dependence on the two remaining providers. It is very important that we take this opportunity to change the Bill so that the diversification of our telecoms networks is an integral part of Ofcom’s reporting on the progression of those networks, so I will also press new clause 3 to a vote.
As I announced earlier, there will be three Divisions. As usual—if anything is usual these days—the first will take eight minutes and each subsequent Division will take five.
Question put, That the clause be read a Second time.
I thank the Minister for his statement and echo his remarks in thanking all the Clerks and officials of the House and the Department who worked on the Bill, as well as our security services for the protection they provide day and night and for the input of the NCSC and GCHQ to the Bill.
I want to make it clear that the Labour party supports the Bill as a necessary step in protecting our telecoms national security. It is important that we legislate to ensure that Government have the power to act when faced with circumstances such as those presented by Huawei or, even better, to prevent dependency on high-risk vendors from arising in the first place. We will therefore not oppose the Bill on Third Reading. We recognise that national security is the first duty of every Government, and we support the measures to promote national security in the Bill.
At every stage of the Bill’s passage, we have seen an engaged and informed level of debate. As a chartered telecoms engineer, I particularly welcome the time that the House is spending on considering our telecoms infrastructure, even in these circumstances, which are to be regretted: we should not have got here. Parts of our debate have resembled a wake for the telecoms sector we could have had with a UK sovereign capability. The telecoms sector should have been subject to a more active, proactive interest for years now—or, shall I say, 10 years? We have lacked a telecoms industrial strategy and that, together with a focus on foreign investment over national security, is why we are here. Successive Conservative Governments have allowed the telecoms sector in the UK to be dominated by a high-risk vendor. Competition on price rather than security has become the rule for the telecoms operators. The market failed, but Ministers did not notice; they thought that security could be left to the market.
This is at a time when digital has become part of every part of our lives. We now spend a quarter of our waking hours on the internet. The UK telecoms industry contributes £32 billion to the economy and directly provides nearly a quarter of a million jobs. It has an impact on all our lives. As we are experiencing during the pandemic, it is an enabler of almost everything we do, and in the future—by which I mean in the next few years—it will bring about even more significant changes to how we live, work and engage with one another.
From driverless cars to advanced manufacturing, digital connectivity is essential. Indeed, we can argue that the pandemic has given us a taste of the future and moved the future closer. It has shown us how important good, fast, stable connectivity is, with millions still depending on it to work from home and stay in contact with friends and family. The pandemic has encouraged—indeed, required—a mass migration online, with businesses that were not digital-ready suddenly forced to operate online. It is salutary to recall that before covid there was a question of whether broadband was a vital utility. That was a matter of debate; it was debated as part of the Telecommunications Infrastructure (Leasehold Property) Act 2021. The pandemic has since proved beyond doubt that telecoms is an essential utility, but, although our telecoms infrastructure has held up during the pandemic—I congratulate telecoms operators on that—it could have been so much better. Many in rural areas or unable to afford decent broadband will not thank me for praising our telecoms networks.
When Labour left office, we had world-leading infrastructure. That is no longer the case. We are now 47th in the world for broadband speeds. I say that to emphasise the significance of the upheaval that the sector is facing after the Government’s decision to strip Huawei out of the network, at a cost of £2 billion and two to three years delay to 5G roll-out. It is a decision that we supported and continue to support, but we cannot let solving one problem give rise to numerous more. Unfortunately, the holes that remain in this Bill will do just that. Let me emphasise how important this Bill is in ensuring that we get regulation and investment right for a sector that contributes so much to our economy, as well as to our work and social lives.
We must make sure that we do not find ourselves in a similar position again, and that our telecoms network and supply chains are resilient and protected in future—even, critically, as the geopolitical environment evolves. Our telecoms infrastructure lacks security and resilience. The Government have taken no steps to maintain or develop a sovereign telecommunications capability, and their broadband strategy—if we can call it that—has far more U-turns, dither and delay than meaningful policies.
The Bill is passing to the other place with significant failings. The first is national security. Labour prioritises national security. The Secretary of State and the Minister both agreed during the proceedings that the Bill needed to include sweeping powers to address matters of national security, so we remain concerned that the Committee that provides parliamentary oversight on matters of national security is being excluded from oversight of the measures in the Bill.
Secondly, the security of our networks depends on an effective plan to diversify the supply chain. As our amendments have fallen, the Bill still does not even mention supply chain diversification or the diversification taskforce, even though we all agree that we cannot have a robust and secure network with only two service providers, which is the number that we will have left once Huawei is removed from our networks.
I am going to say this once more for the Minister: we need a diversified supply chain and that means a diversity of suppliers at different points of the supply chain. Britain has great start-ups that are just desperate to help address this issue. Where is the support for them? The future of telecoms networks is moving away from closed, proprietary boxes to open interfaces and innovation in the cloud. That provides a real opportunity for some of our innovative companies, but the Government have still not laid out how this is to be realised, as their own diversification taskforce report recently made clear. Is the UK going to benefit from the costly debacle of ripping out Huawei—an integrated supplier? Right now, the only beneficiaries would appear to be Ericsson, Nokia and lawyers. We put the Government on notice that we will be holding them to account on that.
Thirdly, the Bill gives sweeping new powers and responsibilities to Ofcom. This follows a vast and continuing expansion of Ofcom’s remit. Ofcom lacks experience in national security, and changes to its duties will require the recruitment of people with the required level of security clearance and experience. The Minister and the Government have sought to evade scrutiny on that. We will seek to hold them to account. As part of that, we are very concerned that the Bill in its current form is not forward thinking enough. It lacks the processes to provide the foresight needed to ensure that we are not in this same position again. Where is the horizon-scanning function to identify emerging threats and potential weaknesses in UK telecoms providers’ asset registers? If our networks became dependent on one cloud service provider, such as Amazon Web Services, how would we know?
To conclude, we support the Bill as a necessary measure to protect our telecoms national security interests, but we are concerned that the Government have allowed ideology to undermine effectiveness when it comes to this Bill, and we will continue to seek to improve it.