Draft Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 Debate

Full Debate: Read Full Debate
Department: Department for Science, Innovation & Technology
Lord Mackinlay of Richborough Portrait Craig Mackinlay (South Thanet) (Con)
- Hansard - -

It is always a pleasure to serve on one of your Committees, Mr Hollobone. Usually, pieces of delegated legislation do not create a great deal of interest, but this is one that I am most excited about, as the Minister will be pleased to hear, because this is a topic that I have been discussing in various quarters for some years.

I am concerned about the internet of things—what is actually happening within the clever software and products? Frankly, they go beyond my full understanding and, I am sure, beyond that of many in the room. If I understand it correctly, the whole concept of the statutory instrument is for consumers to have some certainty that the products they are buying are safe as regards their data security and that they will not be hacked through cyber-activity.

The regulations will apply to a multitude of goods. Those goods are expanding exponentially, whether that is the clever fridge that—if one is lucky enough to buy one—says when more milk is needed, or the Ring door camera telling the owner by text message or some app on their telephone that someone is at the door. If I put my hand in the air—I might even be able to make it happen—Siri starts talking to me. What is happening there? What is Siri listening to, and what is Siri listening to that it should not be listening to? One hopes that software from a known, big global brand has more security, surety and safety associated with it, and I hope our trust in some of these bigger organisations, such as Apple, is duly found.

One need only look on Amazon these days—I am not pointing out Amazon for any great reason—to see that the number of internet of things products available is truly vast. I would not even like to go through the whole gamut of what is available. There are speakers, baby cameras and even lightbulbs—I purchased one not too long ago. Obviously, a variety of watches from big brands is available—or smaller brands from China, available at a fraction of the price of the bigger brands but seemingly to the user doing all the same clever things. One wonders at times whether that cheapness is meant to encourage us to buy a product for good or ill.

I raised that very issue with National Trading Standards in the European Scrutiny Committee. Members might think, “Why on earth is the European Scrutiny Committee thinking about these things?” The hearing was on product standards related to Northern Ireland and border issues. Generally, National Trading Standards is interested in whether something will catch fire when we plug it in. Will it be physically safe and not burn the house down, scald someone or catch light? When I raised my concerns about the in-built software, National Trading Standards said it was a very interesting point, but had no great idea about what to do about it, so a few questions arise.

I note that in the SI there is a required statement of compliance by the manufacturer. The Minister referred to the National Cyber Security Centre. When a product arrives from China or elsewhere into the UK via our purchase from Amazon—not necessarily off the Amazon shelf but perhaps through one of the facilitating agents that it allows—I doubt that the National Cyber Security Centre or National Trading Standards entrench themselves in what it does behind the scenes. That is to say, in the clever software that drives it. Even if they did, it would be at a moment in time.

How often do we buy these products—even a phone? I note that my watch OS is on 9.6.2. It upgraded only last week it is already prodding me that it needs 9.6.3. One wonders, “Why couldn’t they get it right in the first place?” That happens regularly. It could be an innocuous product, such as the baby monitor that we can look at on a clever app on our phone. We merrily download those apps, but after a month or two they scurry off to the internet with all sorts of “agree here” boxes and 15 pages of terms and conditions. I am sure not one person in the room reads them before ticking the box and saying, “I accept all that—just give me the thing”. That item might have been safe when it crossed the border, if it was even tested to that point, which I doubt, but we have very little surety about what happens in the software upgrades. It just scurries off and does its software upgrades; we are all very familiar with that.

Last week, I entered the brave new world of lightbulbs. I had some lighting done and decided on an app that lets me put the lightbulb on from this room should I so wish. Amazing—really consumer friendly. Why did I decide on that app? The electrician who did some work in my home said, “I use this one and I rather like it. It has all the features and does all the bits that one wants it to do.” But do I know what is really happening? Do I know what data is being collected?

There was a report just last week that even something as basic as the Ring camera that tells us when someone is at the front door is scurrying off and sending out all sorts of data—our email address and whatever else we have provided to get it working. Sometimes there is an intrusiveness in the questions asked by some of these apps, and one wonders why they need that sort of information. Often, there is also the question, “Will you allow this app to track you across other websites?” One wonders whether this is just becoming a very grand data capture exercise. I have no concept of where the data goes—for whom, why or anything else. Have any Members in the room had an experience like this? I was discussing a colour of paint with my wife and, lo and behold, I picked up my iPad and Farrow and Ball and Dulux seemed to come up almost before I started writing in the search engine. One wonders what is going on in the background. I ask the Minister: are we likely to test the underlying software when it comes across the border, or simply to rely on self-certification and certificates of compliance?

I am pleased that my hon. Friend the Member for Windsor raised the point about Northern Ireland, because I want us to have very safe and good legislation so that consumers can be sure about the products that they buy. Perhaps the regulations will represent a greater degree of consumer safety than we currently have or had under the old EU legislation. I think that that was the Minister’s intent—for the measures to be world leading and fleet of foot. I think those were the words that he used. But where does that leave us? Products that can enter the EU or are in the EU market—in the Republic of Ireland, for instance—have free access into Northern Ireland. They then have pretty much free access—because we are a United Kingdom, and we should not forget that—into GB. Could we have a situation in which the safety of goods sourced or provided for the consumer in GB, and potentially NI if they can tick the boxes required under single market rules, is degraded when that route from the EU, through the Republic, into NI and into GB, which is allowed, occurs? Or are we going to accept, as we seem to have done, that if CE markings are acceptable in the EU, they are acceptable here?

I will close—I am sure to the great pleasure of many in the room—by saying that this is an expansive debate about serious things, as we connect ourselves to the internet. One wonders: when we buy cheap, are we buying dangerous?

Stella Creasy Portrait Stella Creasy (Walthamstow) (Lab/Co-op)
- Hansard - - - Excerpts

It is a pleasure to serve under your chairmanship, Mr Hollobone. I do not wish to detain the Committee for long, but it strikes me that it would be useful to make a couple of observations, not least that I find myself in substantial agreement with the previous speaker about the importance of this issue.

Lord Mackinlay of Richborough Portrait Craig Mackinlay
- Hansard - -

First time for everything.

Stella Creasy Portrait Stella Creasy
- Hansard - - - Excerpts

There are so many stopped clocks around this building at this point in time. I am also now fascinated to see what will come up on my Facebook adverts as a result of the hon. Gentleman’s speech. I suspect I will be getting many about lightbulbs, and Farrow and Ball paints—people can make their own jokes out of that.

I have a few simple questions for the Minister. So far, we have talked about products and the regulation of them, but we have not talked about consumers and consumer experiences. The elephant in the room is Brexit. After all, we were signed up to regulations that were shared across a massive consumer group of 550 million consumers, which meant that we had weight when negotiating with manufacturers. Now we are not, and we are bringing in our own regulations. Whatever one thinks of that decision, it means that there will potentially be some anomalies for consumers, unless our consumers never leave this country, whether to go to Northern Ireland or to mainland Europe. Can the Minister say a little about whether the draft regulations will have an impact on guarantees on consumer standards?

In particular, a lot of people will look at the exchange rate and try to get a better deal by buying goods overseas. What will the measures mean for consumers who might want to use any of these items on their holidays? People might take a baby monitor with them, or if their watches break they might walk into an Apple store in a foreign country and ask for help. What will our having a different set of regulations mean? Should we buy an item overseas to use it here? Could the companies tell us that we have voided our guarantees because we have bought a good in a different territory, where there are different regulations and therefore potentially different software components?

Has the Minister had any conversations with his colleagues about the requirements under the Consumer Rights Act 2015? The consumer protection regulations were written at a time when we all abided by a common framework of regulations, which meant that consumers did not need to worry about these things. Now we are going it alone, so when we go overseas or bring things here from overseas, there will inevitably be conflict and confusion. The Minister said a lot about the companies and the regulations; he has not said as much about the actual consumers—our constituents—who might suddenly find that “Computer says no” repeatedly, and not know to whom they can turn to do anything about it.