Debates between Chris Elmore and Ruth Edwards during the 2019-2024 Parliament

Product Security and Telecommunications Infrastructure Bill

Debate between Chris Elmore and Ruth Edwards
Chris Elmore Portrait Chris Elmore (Ogmore) (Lab)
- View Speech - Hansard - -

You will be aware, Madam Deputy Speaker, that I have spent at least the last five and a half years as an Opposition Whip encouraging brevity, so I do not intend to keep the House too long. I will keep my remarks short and hopefully to the point. As I said on Second Reading and in Committee, I will not pretend that the Opposition do not support the wider principles of the Bill. I thank the Minister for the constructive way in which she has engaged on it with me from the outset.

I turn to the new clauses and amendments. New clause 1 is an improvement on the Government’s first attempt to change the definition of “occupier”, but the changes put forward are still not watertight when it comes to preventing unintended consequences. The new clause does not address the underlying issue that operators could theoretically use it in situations other than when existing agreements have expired, which could lead to financial consequences for small site providers who have been hard done by since the electronic communications code review in 2017. More work is needed when the Bill moves to the other place to ensure it does not unintentionally punish site providers further. We have no issue with the proposal in new clause 2 that grants the Secretary of State power to make regulations that provide for a function conferred by the code on the court to be exercisable in relation to Wales by the first-tier tribunal.

I will speak to amendment 14 on behalf of my hon. Friend the Member for Hackney South and Shoreditch (Dame Meg Hillier). She sends her apologies to the House; she is chairing the Public Accounts Committee. We have checked with the Clerks and the Speaker’s Office to check that that is appropriate. That amendment, and the consequential amendments 15, 16 and 17, seek to apply a different regime under the electronic communications code to private landlords. They would give operators automatic upgrade rights in respect of properties owned by private landlords, subject to the strict condition that the upgrading imposes no additional burden on the other party to the agreement.

The growing digital divide in our towns and cities has only been exacerbated by the pandemic. The Government’s broadband target has been downgraded twice, and the Digital, Culture, Media and Sport Committee doubts that the current 85% gigabit target will be met. The backlog is due to the difficulty in accessing a high number of properties, a disproportionate number of which are flats, whose absentee landlords have little to no incentive to respond to requests to upgrade and improve connectivity.

Ruth Edwards Portrait Ruth Edwards (Rushcliffe) (Con)
- Hansard - - - Excerpts

I have complete sympathy with the intention behind the amendments and with what the hon. Gentleman is trying to do, but many providers whom we have spoken to throughout the Bill’s passage oppose them on the grounds that they will give the incumbent provider an advantage. Is he concerned that an unintended consequence of his amendments might be to make it more difficult for new competitors to enter the market and provide our constituents with the services that they need?

Chris Elmore Portrait Chris Elmore
- Hansard - -

I welcome competition in the market, but I would say to the hon. Lady that we now have broadband blackspots in parts of central London, and 15% of the constituency of the hon. Member for Hastings and Rye (Sally-Ann Hart) has these MDU blackspots. This is affecting constituents up and down the land, and the demand from all our constituencies, particularly because of the pandemic, is that we require the very best sector-leading broadband. It cannot simply be the case that some operators say this must happen and some say it should not happen, therefore nothing is resolved.

Product Security and Telecommunications Infrastructure Bill (Second sitting)

Debate between Chris Elmore and Ruth Edwards
Chris Elmore Portrait Chris Elmore (Ogmore) (Lab)
- Hansard - -

Q To keep the conversation on consumers, eBay, Amazon and other platforms are not part of this Bill, but an awful lot of research out there suggests that they do not regulate what they sell. There are an awful lot of suggestions from organisations like Which?, whom we are meeting later, that those platforms’ markets are often flooded with devices that are not secure, but are cheaper. Again, to go back to your comment about how security should not just be for the rich, if someone is looking for a cheaper type of product, they can go there and their thought will not be about security, but about how shiny and new, or refurbished, it is—how it looks very good and the same as what the other child in the class has, and so on. What are your views about looking at the online marketplaces? Is that the next step, through secondary legislation or this Bill? Should they be as responsible as the manufacturers, if they are wilfully selling products that they know are not secure?

In that vein, is there something in the idea of a reporting mechanism—either by the Department or some sort of regulator, annually or however long is appropriate—for whether these organisations and manufacturers are working to the standards that you so strongly set out? They have had years to deal with the standards, but many are still not doing it. I am suggesting naming and shaming, if you will, to give consumers better informed decisions.

A lot of people borrow money to buy these devices. On Second Reading, I expressed a concern that many people will look in a retailer or online, and go, “If that doesn’t exist for this much time—if it only has two years on it and the loan is three years—why am I bothering to purchase it if it is obsolete in that time?” That is a concern that many people have. Consumers potentially do not know what this or that means, but they know what “security” means, and if they think something is not secure, then, as Professor Carr mentioned, they think, “Well, I won’t bother having that product, because it isn’t safe”, because that is how they view the word “security”, which is logical, but not necessarily the best option given what they are looking for. There are several questions in there, forgive me, but they are interconnected with what the Minister was saying.

Professor Carr: I will try to answer as many as I can, as well as I can. I am sure that David has comments as well.

On educating consumers, that question of “Will the loan outlast my device?” is a very astute one, because consumers do not need to understand—they never will—all the ins and outs of phone or device security, but that is a very pragmatic response: “What actually am I buying? I am spending for three years to buy two years of a phone.” That type of consumer education will snowball when people are presented with information on how long the device will last and asked, “Is that what you want?”

I guess online markets are already regulated. There are things that we cannot buy in the UK and that cannot be shipped here. It would certainly have to be a consideration that, ideally, devices that did not meet UK standards were not able to be shipped to the UK, but I guess that is the case with many consumer goods that we cannot buy online. There is a tendency to blame business in this scenario and to see manufacturers as careless or irresponsible, which surely some of them are. However, it is also the reality that businesses have to make a careful calculation on how they invest. If it costs more to produce a product and they are answerable to shareholders, they have to have a conversation about why they are spending more on a device that is already selling well and returning a profit. I am not saying that that is the way it should be, but that is the way the free market works.

Look at what happened with GDPR. In my work, we work a lot with senior business leaders and talk to them about how they respond to cyber-security regulations. They did not push back against GDPR or see it as terribly negative; they saw that it unlocked budget for them to use, because they could quantify what percentage of their global turnover a data breach would cost or what the fine could amount to. They can take that calculation to the board, and say, “Right—we mustn’t have a breach or it would cost this much. How secure do we feel we are?” That is where such regulations can have a very positive effect on industries that would like to comply but cannot just invest in all the different aspects of a device without some justification. This gives that justification. It unlocks that funding in those board conversations about where investment in products should go.

David Rogers: Just to address the Amazon/eBay question, I have seen all this stuff. I have bought some of it to have a look at. A lot of counterfeit and substandard—the Chinese call them Shanzhai—products are available. I have conversations in which people say, “This is about buyer beware. You’d never buy a £9.99 smart watch. You should know that that’s going to be dodgy,” but as you said, people cannot necessarily afford it. There is a peer pressure element to it, and there is a sort of endorsement by the brand. If you go to Amazon, you expect it to be a quality product, so people are lulled into that sense of security that what they are getting is quality. In some cases, that is not the case. I fully agree that the companies that are retailing this stuff cannot just lay the blame at the door of the companies that are stocking and selling it. If it is on Amazon Prime, surely Amazon has a responsibility over that.

Earlier, Dave mentioned different regulatory regimes and that there may be some fragmentation around the world. I actually think that there is probably a lot of alignment and harmony. There has been a lot of work between DCMS and the National Institute of Standards and Technology in the US, so there is a broad understanding of what good looks like. If, either through some self-declaratory measure or by some endorsed mechanism of compliance, those companies are told to come up with a compliance statement, that helps the likes of Amazon and eBay to select their suppliers appropriately and then to remove them from their stores more easily. At the moment, it is kind of a wild west. They do not have any questions or answers.

Ruth Edwards Portrait Ruth Edwards (Rushcliffe) (Con)
- Hansard - - - Excerpts

Q Professor Carr, you made some really interesting comments about the balance between regulation and innovation, and how it is not always as it is portrayed to be. Do you think the Bill strikes the right balance in those areas? Is there anything missing from it that should be in there?

Professor Carr: I think the Bill would be a hugely positive step. There is a lot more to be done in terms of regulating emerging technologies. As I said earlier, the UK is a country at the forefront of thinking about these issues and taking action. It is new territory, because we are not used to legislating about these things; it seems somehow interventionist, or that it stifles innovation. Actually, digital technologies have become so integrated into every aspect of our lives, from the most personal level to infrastructure, and we have not caught up with that in what we see as the acceptable responsibility of the Government, of individuals and of industry.

There has very much been a narrative that Governments need to stay out of this area. I think that is very dangerous and wrong, because that is how we have ended up in the situation we have been in. It is certainly a balance between those parties—Government, civil society and industry—but we are a long way from having that balance right. Governments are beginning to see that there is a mandate and that they have a responsibility. We see that not just in the UK, but certainly in the US, Australia, the EU. But there is a long way to go.

Product Security and Telecommunications Infrastructure Bill

Debate between Chris Elmore and Ruth Edwards
Wednesday 26th January 2022

(2 years, 10 months ago)

Commons Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Chris Elmore Portrait Chris Elmore (Ogmore) (Lab)
- View Speech - Hansard - -

It is a pleasure to close this Second Reading debate. The first job of any Government is to keep their citizens safe, and I am glad that the security elements of the Bill were developed in conjunction with the National Cyber Security Centre and the Department. Her Majesty’s Opposition have the utmost confidence in our national security services, which go to such incredible lengths to keep us all safe in an increasingly difficult online world.

A number of speeches have been made by Members on both sides of the House, but let me deal first with what was said by my hon. Friends the Members for Ealing North (James Murray) and for Luton South (Rachel Hopkins), both of whom spoke about the notspots in their constituencies and the increasing problems with access to tech. People may have the “plumbing” that can provide a good standard of broadband, but they may not have, indeed may not be able to afford, the equipment that would give them access to it.

We in the Labour party put security at the heart of everything we do, and it is owing to that desire to see people in this country safe in cyber-space that we will not oppose the Bill. However, there are issues that we feel should be addressed in it, some of which have already been mentioned today.

The product security measures in part 1 contain proposals that Labour fully supports. They include a ban on devices that come with easy-to-guess passwords such as “default” and “admin”, and oblige firms to make such vulnerabilities public knowledge, with those failing to comply being threatened with large fines. That is especially prudent as it institutes common-sense rules for sellers to follow, and ensures that consumers are more engaged in cyber-security. Basic cyber-hygiene is paramount, and measures such as changing default passwords would do a great deal to improve devices’ security by, in theory, adding an additional layer of protection. However, we agree with many in the industry that certain measures could have gone further, and we will continue to hold the Government to account in the areas where we believe that to be the case.

While the pursuit of increased security on devices is laudable, there are concerns about the practicality of such changes. If each device is now legally bound to have a private password, who will be responsible for managing it? Given the plethora of smart devices that we all use, I am sure that we have all forgotten a password or two; I certainly have. If a device needed to be repaired and the user had forgotten the password, how would the specialist repairing the phone gain access? Many in the industry believe that that could potentially lead to a situation in which manufacturers might have to provide “super-user accounts” or “backdoor access”.

The Bill also introduces the mandating of manufacturers to tell consumers at the point of sale about the product’s lifespan and for how long it will receive security updates. While we can all agree that more transparency is a good thing for customers, if security updates are available for a few years—as is the case with Android phones, for example—surely that will lead to built-in obsolescence, meaning, in this case, smart devices being excluded from key security updates after a relatively short lifespan.

Ruth Edwards Portrait Ruth Edwards
- Hansard - - - Excerpts

The point is that the companies providing the devices will stop giving out security updates anyway. All that the Bill is doing is ensuring that users are informed of when that will happen. It is not forcing in any obsolescence; it is merely giving consumers choice by enabling them to know when those security updates will be stopped.

Chris Elmore Portrait Chris Elmore
- View Speech - Hansard - -

I take the hon. Lady’s point, but not everyone can afford simply to keep on replacing their technology. [Interruption.] I gave way to the hon. Lady, so she should at least give me the courtesy of allowing me to respond. It is quite simple, is it not? [Interruption.] Government Members do not like it, do they? Perhaps this is not an issue in her constituency, but I bet it is. If a company says, “You will not receive security updates after X amount of time”, people will naturally assume that they have to replace their device. We have heard from Members from across the House today that not everyone can afford to keep replacing devices based on the security that is put in front of them.

All I am asking of the Minister is to work with the industry to ensure that if updates could be taken over a longer period, it is not simply a binary issue of saying, “This device will no longer be updated.” It is as simple as that: we are just trying to make sure that people can afford to keep the devices they own. In many cases, people will save for years to pay for devices or do it through hire purchase.

Ruth Edwards Portrait Ruth Edwards
- Hansard - - - Excerpts

Will the hon. Gentleman give way?

Chris Elmore Portrait Chris Elmore
- Hansard - -

I will not, no, because the hon. Lady does not like the answer—that is the problem, is it not?

We must also consider the wider view that part 1 of Bill is limited in scope. However, it is clear to all of us here today that no one nation can legislate the internet. Part 1 does provide some desperately needed security responsibilities for the consumer, combined with giving them the necessary information to make informed choices about how they manage the basics of their own digital lives. The pandemic has only served to accelerate the shift to digital, and with that comes the question of increased security and safeguards online.

Now let us turn to part 2 of the Bill. I do not often say this, but I am in almost complete agreement with the right hon. Member for New Forest West (Sir Desmond Swayne)—that is an odd experience, after so many years in the House with him. A number of Members have spoken about constituency issues relating to the changes to the code in 2017, including the hon. Members for North Dorset (Simon Hoare) and for St Albans (Daisy Cooper). It is a good job I am a Welsh MP, because the hon. Members for Ceredigion (Ben Lake) and for Carmarthen East and Dinefwr (Jonathan Edwards) have also done so. I pay particular tribute to the hon. Member for Stroud (Siobhan Baillie), who spoke honestly about what many community groups, farmers, landowners, churches and many other organisations across her constituency are facing, and I agree with her.

We are asking the Government for a review, for it to be fair and for it to provide assurance to those organisations, many of which were the backbone of supporting communities up and down the land during the pandemic, whether through feeding us, taking us in collective worship or offering support to our children and young people. These community organisations deserve our support and we need to ask the Government to follow through on their commitment to undertake a review this year, which was part of the original commitment from a number of years ago. I pay tribute to the hon. Lady for saying that.

On part 2 and the current state of our country’s telecommunications infrastructure, we do have some concerns, as set out by my hon. Friend the Member for Manchester Central (Lucy Powell), the shadow Secretary of State. Having inherited a world-leading position from the last Labour Government, since 2010 the Conservatives have cultivated a culture of missed targets, stunted ambition, and ultimately, stagnation when it comes to our telecommunications infrastructure. The last Labour Government recognised the central role that connectivity would play in the economy of the future, and rightly placed the issue front and centre. As a result, we delivered first-generation broadband to about 13 million UK households by 2009, which shows that large digital infrastructure projects can be delivered at breakneck speed.

To put it simply, we had a vision that we made a reality. Ambitions can be delivered at this sort of speed only when there is real effort, action and long-term planning on behalf of Ministers. Unfortunately, we are not getting that from the current Administration. As has become the norm with this Government, bold and exciting-sounding targets are made in public, only to be quietly watered down at a later stage. The Prime Minister came into office promising full-fibre broadband “by 2025”. His Government then realised that they were not going to be able to deliver it, so they reduced the target to full gigabit broadband by 2025. Realising they also could not deliver that, they landed at the current target of 85% gigabit broadband by 2025. Several bodies, including the Public Accounts Committee, the Select Committee on Digital, Culture, Media and Sport, and many industry experts, now doubt that the Government are even going to achieve that. Dither, delay, disappointment—this has become the norm under this Conservative Government.

The primary concern is that this Bill fails to address the fundamental flaws introduced in the ECC. The code did not receive the necessary scrutiny, resulting in an imbalance between mobile operators and property owners. The Law Society’s analysis makes it clear that the Bill fails to address fundamental flaws in the code that are holding back the roll-out across the country. We are now concerned that the measures in this Bill may slow the 5G roll-out further by disincentivising small building owners and landowners, such as churches, community groups, sports clubs and farmers, from hosting phone masts.

This all began when the Government introduced the ECC in 2017, permitting telecoms firms to renegotiate rents for phone masts down by as much as 90%. Despite promising that the reductions in rent would, in reality, be no more than 40%, this has not held true and the rent reductions have far exceeded that figure. It was deeply disappointing to hear the Secretary of State say to the right hon. Member for New Forest West that there will be no review, despite there being promises to the contrary—yet another broken promise to the people of this country.

The Government have created a framework that allows telecoms companies to dramatically reduce their costs at the expense of businesses, sports clubs, farmers, small landowners and community organisations. I know the Minister will have heard at first hand from a number of organisations across the country that rely on this small but crucial source of income. It is therefore of the utmost importance that the Government review the Bill to make rental valuations for telecoms masts fairer.

We heard from the hon. Member for Stroud about the David and Goliath issue of a big telecoms company versus a church, sports club or scout hut. It surely cannot be in the Conservative Government’s interest simply to ignore all the groups across the country that are in desperate need of the regular income that has been ripped away from them for reasons they still do not really understand.

I finish with a couple of questions for the Minister. Will the Government stand by their 2017 commitment that rent reductions should be no more than an absolute maximum of 40%? Will she look to make a statement, or at least issue guidance, to establish a clear expectation of land valuation that removes the impasse between telecoms companies and site owners? Finally, will she commit to looking at the evidence base and undertake a full economic review of the code by the end of 2022, as was promised during the passage of the previous Bill?

The Opposition want to ensure that every community across the UK has the very best opportunities when it comes to connectivity, whether it be in people’s homes or to allow small businesses to start up right across the United Kingdom. We want the Government to share in that ambition and to keep their promise to deliver improved digital infrastructure. We ask the Minister to step up and deliver these much-needed improvements across the UK.