All 1 Gary Sambrook contributions to the National Security Act 2023

Read Bill Ministerial Extracts

Thu 7th Jul 2022

National Security Bill (Second sitting) Debate

Full Debate: Read Full Debate
Department: Home Office

National Security Bill (Second sitting)

Gary Sambrook Excerpts
Committee stage
Thursday 7th July 2022

(2 years, 4 months ago)

Public Bill Committees
Read Full debate National Security Act 2023 Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Public Bill Committee Amendments as at 7 July 2022 - (7 Jul 2022)
Sally-Ann Hart Portrait Sally-Ann Hart
- Hansard - - - Excerpts

Yes, carry on.

Carl Miller: Partly it is to do with changing our national knowledge of where these threats are and who is doing them, so the integration of intelligence. Then, as I said, there should be a national risk register and possibly the creation of powers for parts of the intelligence establishment to undertake direct activity against some of the technical architectures that allow this to happen.

Sorry to delve into the technicalities for a second, but for instance residential proxy IP addresses are a very important way in which this stuff happens. Residential proxy IPs are toasters and fridges and stuff. Basically, they each have an IP address and many of them are hijacked. They are the kind of things you that you use if you want to fool a social media platform into thinking that you are 10,000 people from around the planet when you are not—you are one operator sitting in a particular country. These are criminal architectures that have been amassed and rented out and sold to people, and I am sure they are rented out by some of the actors who seek to do influence operations. These are the kinds of things that we need to target. Putting pressure on that kind of asset is the kind of thing that will probably not get rid of them, but will meaningfully increase the costs of this kind of activity.

Gary Sambrook Portrait Gary Sambrook (Birmingham, Northfield) (Con)
- Hansard - -

Q The Government tabled an amendment to the Bill to make “foreign interference” a priority offence in the Online Safety Bill. Do you think that will go some way towards addressing the concerns you have raised today?

Sam Armstrong: Yes, I think so. Imposing a duty on the social media companies is one of the only immediate tools and levers we can pull. I take Carl’s point; I do not think it is going to be sufficient to deal with the hordes of people overseas who are, frankly, conducting quasi-military-type activities against the UK through cyber means here, because criminal law is not the tool for that. Should they exist and are they necessary? Yes. Are they sufficient? Probably not.

Carl Miller: It is just massively insufficient. The reason why is that the platforms, however rich, clever or large they are, cannot reach beyond the platforms themselves. That is the problem. The way we have tried to respond to this problem so far is to have Facebook take down accounts, but take-down is a very weak response. That is essentially being priced in to those kinds of activities. They have developed methodologies for setting up or acquiring new accounts as they go. In principle, I am not hostile to platform regulation across a range of online threats, but for those problems where we are dealing with a set number of actors who have specific capabilities and tap into a specific and constantly evolving tradecraft, I do not think it is going to be the tool to make much difference.

Ben Everitt Portrait Ben Everitt (Milton Keynes North) (Con)
- Hansard - - - Excerpts

Q We have covered a lot of the ground that I wanted to talk about. Several times in your answers, Karl, you have alluded to the fact that whatever we do the pitch is so complex that we cannot deter. What is it in the Bill, which you said you have no problems with, that you like about detecting and prosecuting—if deterrence is not contained in the Bill?

Carl Miller: The main thing I would say that the state can step in to help with is around attribution. That is something that we cannot do without state powers. It is something that, at the moment, only the tech giants do, and that is only linked to take-down. If we were to have any prospect of either taking direct cyber-action, or actually bringing criminal prosecution, it would be something that we need. One big thing here is around data access—I am sure you have had other panellists talk to you about that before. To foreground that, I have come here as a researcher whose job it is to do that kind of research, and one of my main things is that we know so little. We know nothing about TikTok—it makes none of its data available. Facebook makes some of its data available, and that is why we have some picture of it. Twitter makes a lot of its data available, and that is why we have a bigger picture.

TikTok is enormous, likely very influential, anecdotally there is tonnes of Ukraine-invasion activity happening on it now, and it has absolutely no application programming interface available for researchers in any way, whatsoever. By the way, there are also rumours that Facebook is withdrawing some of the data access that it currently gives researchers. I am sorry; I know this is ranging far beyond the scope of the Bill. However, to put this on your radars, I think that legislators may have to step in sooner or later to compel platforms to maintain data availability. Otherwise, even the very small window we currently get is going to continually shrink.