Product Security and Telecommunications Infrastructure Bill Debate
Full Debate: Read Full DebateEarl of Erroll
Main Page: Earl of Erroll (Crossbench - Excepted Hereditary)Department Debates - View all Earl of Erroll's debates with the Department for Digital, Culture, Media & Sport
(2 years, 6 months ago)
Lords ChamberThe Minister said earlier that the whole point of the Consumer Rights Act was about unsafe goods. I think that he means “unsafe” as referring to physical harm. Actually, a major security breach could render serious physical harm to someone because having all their money removed from their bank account could affect their mental state and result in the breakdown of their marriage, suicide, failure of business, all sorts of things. Therefore, it may have just as damaging physical effects on someone, though not immediately apparent. Although they are different they are equally unsafe, so this has more merit than he is suggesting.
At the risk of a philosophical debate on the nature of security versus safety, I accept some of the points that the noble Earl makes. There are distinct differences between our approach to product security and existing product safety as set out in consumer legislation, but I will address myself to that philosophical point in the letter, if I may. For now, I ask the noble Lord to withdraw Amendment 14.
My Lords, I speak in support of this amendment. My noble friend has just said that he doubts that the Government will adopt it, but, like him, I want to know where their thinking has got to.
The Computer Misuse Act is one of the first bits of legislation passed in the cyber era. It is old and out of date, and it is fair to say that it contains actively unhelpful provisions that place in legal jeopardy researchers who are doing work that is beneficial to cybersecurity. That is not a desirable piece of legislation to have on the statute book.
Last year, before the consultation that closed over a year ago, I corresponded with my noble friend Lady Williams. The common-sense reading of her reply was that the Home Office was quite aware that the Computer Misuse Act needed updating. I confess that I am a bit disappointed that, a year after the consultation closed, there still has not been a peep from the Government on this subject—either a draft or a statement of intention. It would be good to know where the Government are going, because it is quite damaging for this legislation as it stands to remain on the statute book: it needs modernisation.
Like my noble friend, I recognise that actually getting the drafting right is tricky and complex. Drafting language that strikes the right balance is not all that easy. But inability to find an ideal outcome is not a good reason for doing nothing, so I live in expectation, because the best must not be the enemy of the good. If the Government do not intend to produce legislation that updates that Act, I should like to see something in this legislation, taking advantage of it, at least to move the dial forward and protect ethical hackers to a greater extent than is the case at the moment.
If the Government are concerned about our drafting, I am sure we would be willing to listen to suggestions on a better formulation. In the absence of that, perhaps the Minister will say when and how the Government intend actually to modify a piece of legislation that has served its time and now needs to be superseded.
My Lords, very quickly, I remember well during the passage of the Computer Misuse Act and the Police and Justice Act 2006 trying to tidy up language about hacking tools and so on. It became very complicated and no one could quite work out how to do it, because the same thing could be used by baddies to do one thing and by good people to help maintain systems, et cetera. In the end, I think it went into the Act and they just said, “Well, we won’t prosecute the good guys”. Everyone felt that was a little inadequate. I do not know quite what we are going to do about it but it needs to be looked at. Therefore, this is a good start and I would welcome some discussion around it, because we need something in law to protect the good people as well as to catch the criminals.
My Lords, this amendment is countersigned by my noble friend Lord Clement-Jones. I know he will be very disappointed not to be able to speak to this, because it is an issue he feels particularly strongly about, as do I. Also in their absence are the auras of the noble Lords, Lord Vaizey and Lord Holmes, who spoke at Second Reading on this issue—it is a shame they are not here, but I think they have been ably replaced by the noble Baroness, Lady Neville-Jones, and the noble Earl, in their speeches. I will try not to duplicate the points that have been made by the three speakers before me. At the heart of this, as the noble Baroness confirmed, is the need to address the UK’s outdated Computer Misuse Act to create fit-for-purpose cybercrime legislation to protect national security. Clearly, that is not easy, as she pointed out, but that does not mean we should not do it at some point.
The Computer Misuse Act, as we know, was created to criminalise unauthorised access to computer systems or illegal hacking. It entered into force in 1990, before the cybersecurity industry as we know it today had really developed in the UK. Now, 32 years later, many modern cybersecurity practices involve actions for which explicit authorisation is difficult, if not impossible, to obtain. As a result, the Computer Misuse Act now criminalises at least some of the cybervulnerability and threat intelligence research and investigation that UK-based cybersecurity professionals in the private and academic sectors are capable of carrying out. This creates a perverse situation where the cybersecurity professionals, acting in the public interest to prevent and detect crime, are held back by the legislation that seeks to protect the computer systems: it is an anomaly.
As noble Lords will know, under the guidance that will be introduced following the passage of the Bill, manufacturers of consumer-connectable products will be required to provide a public point of contact to report vulnerabilities. This could be an important step forward in ensuring that vulnerability disclosures by cybersecurity researchers are encouraged, leading to improved cyber resilience across these technologies, systems and devices.
I say to the noble Lord, Lord Bassam, we are coming to the Landlord and Tenant Act 1954.
The residential security of rent control caused a seizing up of the private rented sector for the next 25 years. This is something that the Landlord and Tenant Act 1954 avoided doing in the business sector by providing security of tenure, but on market rental terms. The word of warning here from the noble Earl is that Government should be careful what they wish for and how they go about any significant transition in dealing with human sentiment against actuarial robotics, and be aware of whose voices they lend their ears to.
There are apparently three routes to lease renewal: the 1954 Act, which the noble Earl believes is effectively overwritten in some instances by the 2017 code revision; the immediate pre-2017 code for non-LTA leases; and the situation that pertains for agreements following the 2017 changes. This seems a recipe for confusion, and if the noble Earl is confused, where does that leave the rest of us?
There is a lot of detail in quite a short amendment, but this is an issue. I understand, and I think my noble friend Lord Clement-Jones and the noble Earl, Lord Lytton, understand, that there needs to be some clarity over which measures apply where, and whether the Government really want to sanction wholesale renegotiations of the nature that the noble Earl, Lord Lytton, has set out. I think that is a law of unintended consequence, and it will slow down the implementation of what we want to be implemented rather than allow it to happen more quickly.
My Lords, I would add that I completely trust my noble friend Lord Lytton on these affairs and issues. I have talked to him, particularly when discussing burying fibre and things like that, and he knows a lot about it.
My Lords, this is of course the first of a number of amendments that deal with Part 2 of the Bill. The amendment refers to telecoms infrastructure. This is far from the only debate that we will have on broad issues around property rights, operators, access to land and so on but, as a general point, it is worth restating our belief that this country needs access to better digital infrastructure. Our concern is that the Government have not been hitting their targets for the rollout of gigabyte-capable broadband. There have also been issues around the rollout of 5G technology. Although we want to see decent infrastructure, we also want to see fairness in the system, and that is what this amendment speaks to. It seeks to ensure a degree of continuity and fairness as new agreements are made to replace existing ones.
The principles cited by the noble Lord, Lord Fox, and in the amendments tabled by the noble Lord, Lord Clement-Jones, are reasonable. Again, they are principles that I am absolutely sure we will return to next week, as we have ever-more detailed discussions about rents, dispute resolution and so on.
As has been outlined in this debate, the court is not currently bound to consider the terms of an existing agreement. This feels like a significant oversight. Perhaps the Minister can inform us about what actually happens in practice and what will happen in practice. Both operators and landowners have, or should have, certain rights and responsibilities within this process. I look forward to the Minister’s response to Amendment 17 and to moving some of our own amendments during day two of Committee.