Online Pornography: Age Verification
Debate between Chi Onwurah and Matt Warman(4 years, 6 months ago)
Commons ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Urgent Questions are proposed each morning by backbench MPs, and up to two may be selected each day by the Speaker. Chosen Urgent Questions are announced 30 minutes before Parliament sits each day.
Each Urgent Question requires a Government Minister to give a response on the debate topic.
This information is provided by Parallel Parliament and does not comprise part of the offical record
Matt Warman
I am afraid I am too young to recall precisely the experience to which my right hon. Friend refers—and I am sure he was speaking on behalf of others, rather than himself. However, he is absolutely right that what is out there on the internet now pales into insignificance compared with everything that was printed for newsagents. That is precisely why we have to go so much further.
Chi Onwurah (Newcastle upon Tyne Central) (Lab)
For the Minister to say that he will wrap up childhood protection in the online harms legislation is not even a fig leaf to hide the fact that his Government are absolutely naked when it comes to a robust legal framework that deals with privacy, data, age verification and identity. We need measures that put in place protection for children online, not that kick in after they have already been exposed. What is he doing to ensure that children have the same rights online as they do in the real world?
Matt Warman
I think what the hon. Lady is saying is that in many ways prevention is better than cure, and that is why the online harms approach will place a duty of care on website operators to make sure they have to take a preventive approach.
Matt Warman
The hon. Lady shakes her head as though I have misunderstood her question. I am very happy to talk to her outside the Chamber to try to give her a better answer if she wants one.
Internet of Things: Regulation
Debate between Chi Onwurah and Matt Warman(4 years, 7 months ago)
Westminster HallRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Westminster Hall is an alternative Chamber for MPs to hold debates, named after the adjoining Westminster Hall.
Each debate is chaired by an MP from the Panel of Chairs, rather than the Speaker or Deputy Speaker. A Government Minister will give the final speech, and no votes may be called on the debate topic.
This information is provided by Parallel Parliament and does not comprise part of the offical record
Chi Onwurah
My hon. Friend, who is a great champion of innovation and technology—coming from the constituency that he represents, it is appropriate—makes a critical point. I could not have put it better. Although this debate is about regulation of the internet of things, it is impossible to talk about protection and security in the internet of things without talking about the data that is its lifeblood: the flows of data that both drive and enable the internet of things. We are in a confused state about who owns and controls the data and how it can be shared. The Government, for example, had at the last count at least 80 different ways of sharing data with themselves. As long as that is the case, we cannot have real security or integrity within the internet of things.
Last year the Government finally took some action with their Secured by Design voluntary code of practice on the security of the internet of things, as well as guidance for consumers, which was later codified as ETSI TS 103 645. In May this year, the Government announced a consultation on the introduction of some mandatory legislation on labelling. For example, retailers would have to label internet-of-things products as complying with varying levels of the Secured by Design code. Labelling is necessary because the Government will not decide what is secure and make it mandatory—if everything were secure, it would not need to be labelled. We await the outcome of the consultation. However, there are at least five major issues, and many others besides.
First, the tone of the consultation is, “Regulation is very, very bad and stops innovation, so let’s just have as little as possible.” Secondly, there is no enforcement or sanction. Thirdly, while some mandatory requirements are proposed, they would simply be a declaration of adhering to standards. That approach puts a major emphasis on the consumer to understand these increasingly complex problems and does not account for the use of the devices in public spaces.
The fourth major concern is that the regulations deal only with consumer things. The clue is in the name: it is an internet of things. We need an architecture of standards and a regulatory framework that enables security and interoperability across the internet and also considers the lifeblood of the internet of things—data. Fifthly and finally, there are billions of insecure old-generation IOT devices already enmeshed in our digital infrastructure. The regulations do nothing to address them.
The Government need to recognise that technology is not something that happens to us; it is something that we actively participate in, or should do. That does not mean stifling innovation. Instead, it means using Government influence to look forward to the impact of technologies and to shape them for the public good. The Government must understand technologies in terms of social purpose, rather than just profit margins. That must be done with the tech sector, but the Government must recognise that it is their job to protect the interests of the people. During the first and second industrial revolutions, it was the trade unions, organised workers, the nascent Labour movement, feminists, abolitionists and former slaves who pushed law makers into putting legislation in place that would direct the use of technology to more egalitarian ends. I fear that it will be for a Labour Government to ensure that that is what happens here.
Technology can be used for good or ill. My hope is that intervening now to set up a framework for data and the IOT will mean that we do not face problems and resistance further down the line.
Last year, I was at CES, which is the largest computer electronics show in the world, in Las Vegas. An American start-up literally begged me to put in place security regulations for IOT devices, so that it could compete on a level playing field with the cheap but totally insecure exports from less reputable manufacturers. It is cheap and, frankly, lazy to set up a sort of binary choice between regulation and innovation. A clear regulatory framework and strong governance allows good companies that are making socially useful products to succeed without markets being flooded with poor quality and potentially dangerous products that threaten security.
I want to say a little on Labour’s plans as I understand them—I know that the shadow Minister, my right hon. Friend the Member for Birmingham, Hodge Hill (Liam Byrne), will set them out in more detail—and I want to put that in context. I am a technology evangelist. Before becoming an MP, I worked all over the world building out the networks that now form the internet. One of my proudest moments was when I rolled out the first global system for mobile communications network in Nigeria and saw how mobile communications could really make a positive difference to people’s lives. Fisherman in the delta could now know the market price in Lagos and could not be cheated out of the right price for their fish; pregnant women could phone for a doctor instead of having to send vital requests on foot, which took hours. The internet of things will bring more and better benefits.
I have also seen the flip side of new technology. When I worked for Ofcom, I was asked to report to the board on internet security in 2005. When I came back with stories of bot attacks, honey traps, distributed denial of service, white hat wizards, Trojans, worms, phishing and pharming, it was as if I was describing a war in a galaxy far, far away. More than 10 years on, however, those threats are very real. They are part of everyone’s daily lived experience. Online fraud is the most common crime in the country, with almost one in 10 people falling victim to computer misuse or one sort of fraud or another. The same may happen with the internet of things—in fact, to an even greater extent—and we must not allow that.
I talk about the internet of things for everyone, because I believe that technology can be democratising and enabling, but just as cyber-crime seemed so foreign only a decade ago, we do not yet fully understand the new risks posed by the internet of things. To fully realise its benefits, we need to be able to deal with the increasingly pervasive security threats it presents. To address them, we need regulation as well as action in other areas. For example, we need to invest properly in skills and adult learning to help people to become digitally literate citizens. Labour’s pledge to create a free truly universal national education service, the NHS for the innovation age, will help everyone to become part of an innovation nation in which everyone is a creator, not simply a user, of technology.
We also need the power of Government to address our creaking infrastructure, and close the productivity gap at the same time, by enabling businesses across the country to invest in the internet of things. Our national transformation fund will do what it says on the tin—transform our infrastructure to bring it up to OECD levels.
We need to address a critical part of the tech sector that I referred to earlier, which is a lack of diversity. Diversity is not an optional add-on; it is an economic imperative. It needs to be at the heart of economic and technological policy, because we cannot build a more prosperous economy without making use of everyone’s talents. We need a more comprehensive sector-wide approach to diversity, particularly in the tech sector. It is key that the creators of new applications for the internet of things come from diverse backgrounds, so we have technologies that work for all and make use of the full array of talent in our society.
Finally, an internet of things requires the right digital rights and responsibilities to exist across our nation. That is why Labour plans to introduce a bill of digital rights that will provide strong and easily understood protections for citizens and will give us all rights and control over our own data.
As I draw to the end of my comments, I want to make sure that the Minister understands the questions that I am asking, so I will list the ones to which I would like him to respond. First, as I have mentioned, who owns and controls the data flowing to and from internet of things devices? Why is it not the people who are generating the data? The Prime Minister said that data is the new oil, but we have seen what the corruption around the oil industry did to many developing economies. Our citizens deserve to be in control of their own data.
Secondly, what steps is the Minister taking to ensure that insecure internet of things devices cannot be sold? Thirdly, will the provisions of the online harms legislation, specifically the duty of care, apply to the internet of things? I asked his predecessor that question, but the answer was not clear. Fourthly, when the internet of things is combined with facial recognition to monitor people, whether in education or on our streets, what requirements are there on consent? Fifthly—this was raised by TechNorthWest—internet of things devices take data for one stated purpose. What prevents its being used for various others? How does consent work in that case? Is the general data protection regulation sufficient?
Sixthly, I believe that all our critical national infrastructure is connected to the internet of things. I have mentioned the blackouts in Ukraine and attacks on an Iranian power station. What regulation is there of the internet of things in critical national infrastructure?
Seventhly, what analysis has been made of how the Government should respond to the misuse of internet of things devices? What scenarios are being considered and what plans are in place?
Eighthly, for the purposes of internet of things regulation, what is the nature of the relationship between the Department for Digital, Culture, Media and Sport, the National Cyber Security Centre, the Cabinet Office and the Information Commissioner’s Office?
I expect the Minister to respond to the five criticisms of the current consultation.
The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
How long do you think we’ve got?
Chi Onwurah
We have an hour and a half, which will be more than adequate. I should perhaps have said that the Minister has a background in technology, as a tech correspondent, so I am sure that he has the answers to all the questions.
The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
I begin by saying that I will not intrude on the private grief of where the industrial revolution began; I am certain that it did not begin in Skegness, so I have no dog in the fight. I congratulate the hon. Member for Newcastle upon Tyne Central (Chi Onwurah) on securing the debate. I well remember the work that we did together in the parliamentary internet, communications and technology forum—PICTFOR—and in other forums.
The hon. Lady says that she is a tech evangelist, and so am I. Although I regret the tone of some of her comments about some aspects of the Government’s policy, I think we agree that there is not a huge amount of partisan disagreement on many of the issues. We want to get it right. The right hon. Member for Birmingham, Hodge Hill (Liam Byrne) and I also agree on a huge number of issues, as he said, particularly around discrimination and what we should do to ensure that the well-known principles that exist in the offline world persist online. I hesitate to use the slogan, but we too want technology to work for the many, not the few.
I will begin by seeking to answer some of the questions of the hon. Member for Newcastle upon Tyne Central, which might be a novel approach, although I am sure she will not be satisfied with all the answers. In many ways, as she identified, this is a debate about data, not the internet of things. On the principle of who owns the data, the general data protection regulation applies to data controllers in exactly the same way whether they are processing data that derives from the internet of things or anywhere else, so the principles that we all subscribe to, of the consumer owning their data, should persist. That is a hugely important starting point, and we should acknowledge that there is agreement on it. The hon. Lady frowns as if she disagrees, so I invite her to intervene.
Chi Onwurah
I thank the Minister for the tone of his opening comments. It is certainly true that there are many areas on which we agree. The reason for my frowning is the idea that the GDPR recognises the right of ownership of consumers or citizens. The fact that there is a data controller who is not the citizen or consumer suggests that it does not. As I have said, the GDPR is progress, but issues of ownership and control are still far from clear. My right hon. Friend the Member for Birmingham, Hodge Hill (Liam Byrne) made some excellent points in this area.
Matt Warman
The hon. Lady pre-empts my next point: all of this is predicated on consent. The consumer has to understand that they are giving up their data for a particular purpose and a particular benefit. As the hon. Member for Dagenham and Rainham (Jon Cruddas) said in what was a fascinating speech—albeit one where I wondered if I had at times transcended, if not humanity, at least this debate—these are fundamental issues that have effects far beyond what we might think of in an arcane debate about the ownership of data. I commend the approach that says we are dealing with issues that go far beyond a debate about technology, which will have an impact on huge aspects of humanity itself, whether we get them right or wrong. That is why it is important to consider them in that wider way.
The hon. Lady was right to point out that, in some ways, the internet of things represents a whole new chapter of how technology is becoming more common in our homes and making our lives easier and more enjoyable, but potentially also more fraught with decisions that we need to be aware we are making. I will trump the hon. Lady’s numbers: Statista says that by 2025, there will be 75 billion internet-connected devices worldwide—I am sure other analysts are available to provide even higher numbers. In our estimates, that translate to some 15 devices per household by next year. The internet of things is very real; it is already with us.
Matt Warman
The right hon. Gentleman raises a lot of points in one short paragraph. I understand what he accuses me of seeking, when he speaks of having it both ways. Actually the services that are offered digitally, ostensibly free, are different from services in a physical world where we might talk about the kind of monopoly that he has mentioned. In that sense, all he is doing is underlining why we need to get things right, in a way where the digital challenges are understood, without reinventing the wheel and pretending that all online challenges are necessarily different from those in the physical world. It is an emerging picture, which is why I refer back to the technology innovation strategy that we published in June 2019 and that includes new measures, such as the Spark procurement programme, to enable Government and the wider public sector to benefit from new digital technologies and the service that can be provided by stimulating the UK’s world-leading tech sector. It is also why we set up the Centre for Data Ethics and Innovation, which will allow us to consider how we might best benefit from those opportunities and ensure that we seek not to design in the kind of prejudices that the hon. Member for Newcastle upon Tyne Central mentioned. One of its first papers is on smart speakers and voice assistants and on how industry and Government can work together to ensure that the products do what they are supposed to and that users consent to them.
We should also be mindful that the 75 billion devices, or however many there turn out to be, will have a physical environmental impact. I am therefore pleased that as part of its resources and waste strategy, the Department for Environment, Food and Rural Affairs has committed to updating the existing guidance for local authorities on managing the collection of smart items and similar electricals. That might sound like a minor point, but it is probably less minor than others.
The hon. Lady mentioned the Prime Minister’s speech at the United Nations General Assembly. I am not delivering the rhetorical flourishes that he delivered late at night at the UN, but it is important to say that he made that speech in that location because this country is already a world leader in this area in so many ways. It is right that our Prime Minister is addressing these issues and the legitimate public concern.
It is also right that, as several hon. Members have mentioned, when we seek to regulate in this area and on online harms, we in this country and across the parties should be proud that the UK is a liberal democracy that seeks to lead the way. We have an opportunity to shape a global debate, as my Opposition counterpart, the right hon. Member for Birmingham, Hodge Hill, observed.
In some ways, the greatest thing we can do is use Britain’s status in this area and on the world stage to try to develop global standards. The hon. Member for Newcastle upon Tyne Central mentioned those of the ETSI, which in its way is world-leading: it seeks to produce standards that can be replicated or mirrored globally, addressing some of the coherence that risks arising in the area. She says that we are not providing leadership and quotes the Prime Minister’s speech, but I say that his speech demonstrates the existing status of Britain’s leadership in the area already. If I am being kind to her, although we disagree on several minor issues, I should say that she too would agree that Britain has a huge opportunity to capitalise on its place in the world on this issue.
In June, we published a White Paper, “Regulation for the Fourth Industrial Revolution”—we are sticking to that number, although I understand that there is a dispute over whether it is correct. It confirms that the Government will establish the regulatory horizons council to identify the implications of precisely the sort of technological innovation that the hon. Lady spoke about, and to advise the Government on regulatory reform so that we can take exactly the kind of steps that she highlights.
In that process, security should not be an afterthought; it has to be embedded. Thus far, we have taken the approach of working with industry, and industry is now saying to Government—the hon. Lady will have heard these calls as well—that greater clarity, particularly in regulation, will help consumers and the industry itself. Many of the internet-connected devices that are currently on the market still lack even the most basic cyber-security provisions. Some 90% of 331 manufacturers that supply the UK market and that were reviewed in 2018 did not use a comprehensive vulnerability disclosure programme up to the level that we would expect; I think that hon. Members on all sides would agree that that is unacceptable. Organisations have a duty of care to their customers, to help make sure that they can access and use their internet-connected products safely.
Although Government have previously encouraged industry to adopt a voluntary approach, it is now clear that decisive action is needed to ensure that stronger cyber-security is built into these products by design. That is why we launched our consultation on secure consumer IOT in May. That consultation built on the extensive work to which I have referred. It allows us to talk about minimum security principles for connected devices, which my Department elaborated on in the document published last year. Our focus will be on ensuring that there is a baseline of cyber-security built into all consumer IOT products by design, to eliminate the most harmful practices.
These are, I freely admit, low-hanging fruit. We wish we did not have to tackle issues such as forbidding the use of universal default passwords, ensuring that manufacturers provide a contact point for security researchers, and making sure that consumers are informed at the point of sale of the minimum length of time for which security updates are provided for their device. Those measures address some of the issues raised by the hon. Member for Newcastle upon Tyne Central, and we would like to go further in due course. We will respond on what that will look like as soon as possible after the consultation.
We are advocating a staged approach to enforcing those principles through regulation. Obviously, there is always a balance to be struck between regulation and legislation, and in this case I think it will be a bit of both. We will publish the formal response to our consultation on the regulatory approach later this year, but we are mindful of the urgency of this work. Our approach must keep pace with the technological change identified by the hon. Lady. We have said that we will review the code of practice every two years. The development of the code of practice may not sound exciting, but as the hon. Lady acknowledged, and as the hon. Member for Dagenham and Rainham said, these things are hugely far reaching, even if they do not sound as exciting as some people might wish, because then they would attract the attention they perhaps deserve.
There is major business support for our approach, including from the signatories to the cyber-security tech accord. I always hesitate to say “major business support”, because businesses will not always necessarily greet with enthusiasm the actions of a sensible regulator. Some would say that this is a sign of success. We will develop the strategy, but ultimately the security of the internet of things is a global challenge and it requires a global effort to get it right and to shape those norms.
In February 2019 we worked closely with international standards bodies and the National Cyber Security Centre to make sure that we publish the ETSI standard to which the hon. Lady referred, though without the complementary tone it deserves. None the less, I understand her point.
We do not think it is right to expect all users of all internet-connected devices to become cyber-security experts, and we recognise the need to take from them the burden of differentiating between good and bad. That is why we have been clear with industry what good practices will look like, and we wish to support manufacturers of all sizes to embed them and to support retailers to make sure that they are obvious.
Chi Onwurah
I thank the Minister for giving way. In the absence of any time to sum up, I want to thank him for his comments and to confirm that I will write to him with my list of questions so that he can answer them in full. Will the regulatory horizons council cover all regulation with regard to technology or only that relating to manufacturing, and does he agree that this is about not only consumer data but citizen data, because it relates to Government as well?
Matt Warman
I absolutely agree with the hon. Lady’s second point. The council will, of course, be wide ranging. I look forward to answering her comprehensive list of questions, and I will be grateful to Hansard for providing clarity on them.
Finally, in response to the intervention from the hon. Member for Cambridge, this Government do not think there is a choice between innovation and security. We have to make those two complement each other. That is at the core of our strategy and will continue to be so, and I would hope that we can move forward together with the cross-party consensus to which the hon. Member for Newcastle upon Tyne Central alluded.
Question put and agreed to.
Resolved,
That this House has considered regulating the internet of things.