Telecommunications Infrastructure (Leasehold Property) Bill Debate
Full Debate: Read Full DebateDamian Collins
Main Page: Damian Collins (Conservative - Folkestone and Hythe)Department Debates - View all Damian Collins's debates with the Department for Digital, Culture, Media & Sport
(4 years, 9 months ago)
Commons ChamberMy hon. Friend makes a very good point. Huawei seems to have two business models. It either undercuts by 30% to 40%, or it simply supplies 115% of the credit needed to buy an entire system. Either way, it undercuts and drives others out of business. I look forward to addressing that point in a moment.
The true voice of GCHQ, without the spin, is found in the Huawei oversight reports, which have become increasingly disturbing. I repeat: we hear the true voice of GCHQ not in the words of Ministers, but in those of the Huawei oversight board. For any colleagues who wish to access the details, if they join our WhatsApp group, which has well over 40 members, I will happily pass them on.
The board found that it could
“only provide limited assurance that all risks to UK national security from Huawei’s involvement in the UK’s critical networks can be sufficiently mitigated”
over time. In other words, the board is saying, “We can no longer give assurance.” This is the board speaking—it is not political spin. It added that, “as reported in 2018”, its work
“has continued to identify concerning issues in Huawei’s approach to software development…No material progress has been made on the issues raised in the previous 2018 report”.
It also stated:
“The Oversight Board advises that it will be difficult to appropriately risk-manage future products in the context of UK deployments, until the underlying defects in Huawei’s software engineering and”—
critically—
“cyber security processes are remediated
At present, the Oversight Board has not yet seen anything to give it confidence in Huawei’s capacity to successfully complete the elements of its transformation programme”.
If I received that as a bill of health, I would be extremely worried. That is the true voice of GCHQ.
My hon. Friend makes a very important point. A lot of this is about trust: who do we trust? Given that the oversight board has identified cyber-security risks in Huawei’s system and that it has no credible plan to put them right, why should we trust such an organisation and give it yet more work?
My hon. Friend makes an excellent point. If Huawei was bending over backwards to fix its system, all credit to it—but it is not doing that. It is building a flawed system. After eight years, I have been informed that we still do not know whether the source codes that Huawei gives us are the same as those in the system it is establishing. That should cause concern.
Are the security services content? In the report we wrote last summer, Sir Richard Dearlove said that it was “deeply worrying” and
“a risk…we simply do not need to take”.
There are three additional factors that I am concerned about. First, Cheltenham was given a very narrow remit. It was not asked to give Huawei a clean bill of health or, “What do you think in a perfect world?” Cheltenham was given a specific, narrow, technical question. It did not go near the politics of fair and free trade and espionage. Secondly, and probably most worrying—