All 6 Baroness Merron contributions to the Telecommunications (Security) Act 2021

Read Bill Ministerial Extracts

Tue 29th Jun 2021
Tue 13th Jul 2021
Telecommunications (Security) Bill
Grand Committee

Committee stage & Committee stage
Thu 15th Jul 2021
Tue 19th Oct 2021
Tue 26th Oct 2021
Mon 15th Nov 2021
Telecommunications (Security) Bill
Lords Chamber

Consideration of Commons amendments & Consideration of Commons amendments

Telecommunications (Security) Bill

Baroness Merron Excerpts
Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

My Lords, new technologies have long transformed the way we work, live and travel, but our experiences during the pandemic have upped the ante on the degree to which we rely on telecommunications networks. Today we have heard an enlightening and probing debate in which noble Lords have considered the number one priority of any Government: our national security.

The risk we face is as significant as it is real. The noble and gallant Lord, Lord Stirrup, spoke with insight about the need for agility and adaptability to meet the risks that we face in a resilient manner. The most recent UK Cyber Security Breaches Survey found that 62% of information and communications companies surveyed identified breaches or attacks in just the last 12 months, compared with 46% across all sectors. Many of us have first-hand experience of these security risks, as described in the Bill’s impact assessment. The noble Lord, Lord Vaux, thoughtfully brought that reality to life by describing the horrors that so many people face, day in, day out, which will be very familiar to many of us in this House.

When O2 suffered a major network failure in 2018 due to an expired software certificate, over 32 million users in the United Kingdom had their data network go down for up to 21 hours. In 2015, hackers targeted TalkTalk, stealing the personal data of over 1 million customers. In the same year, security was undermined when internet traffic for BT customers, including a UK defence contractor that helps deliver our nuclear warhead programme, was illegally diverted to servers in Ukraine. Understandably, these incidents and many others generate deep unease and a lack of national and individual security, which the Bill must address.

We can reflect that a sector that should have been subject to rather more attention over a decade ago is now the subject of this Bill. During this period we have lacked a telecoms industrial strategy and have seen a focus on foreign investors over and above our national security. Since 2010, successive Governments have allowed the sector to be dominated by a high-risk vendor, taking us from what were golden times to the current ice age. Regrettably, competition on price rather than security has become the order of the day, while security has been left to the market.

As the impact assessment identifies, the telecoms industry provides opportunities for new and wide-ranging applications, business models and increased productivity, whereby 5G will be used for everything, from autonomous cars to remote medical examination and health monitoring. This is crucial. Clearly, we will not achieve the Government’s aim of becoming a science and tech superpower by 2030 without it.

Let us also remember that the complex UK telecoms industry contributes £32 billion to the economy and directly provides nearly a quarter of a million jobs. It is therefore important that we legislate for the Government to have the power to act to prevent dependency on high-risk vendors such as Huawei, and to recognise the blurring of the lines in the grey zone, where cyber- attacks on critical infrastructure will become, regrettably, increasingly regular.

This Bill is a necessary step and, in general, we welcome it. However, I have some words of caution, many of which chime with the themes highlighted during this debate. There cannot be a scattergun approach to security, and it is the absence of a joined-up approach that I want to pursue first. I was interested that the noble Lord, Lord Young, raised points about the number of departments that telecoms security touches and the need to resolve this interface in a co-ordinated fashion. I hope that the Minister can explain how this will be resolved and how this Bill interacts with the National Security and Investment Act, which recently passed through this House. How will the Government’s stated intention of having complementary regimes that protect telecommunications’ critical national infrastructure from national security threats be achieved?

The Government have said that the National Security and Investment Act was needed as the Tele- communications (Security) Bill does not extend to investments in the communications providers themselves or investments in other infrastructure used to provide communications. It also cannot prevent the acquisition of vendors by hostile actors. To this end, are the Government actively considering further redrafting of the communications supply chain definition, potentially listing the specific components of the supply chain that should be caught? When will we see the final sector definition for the communications sector?

Concerns have been expressed today, which I share, about what is not in the Bill as much as what is in it. The exclusion of the cross-party Intelligence and Security Committee from oversight of the measures in the proposed legislation, despite its remit in relation to national security, is baffling at best and deliberate at worst. As my noble friend Lord West so ably highlighted, this came up in the National Security and Investment Act and yet the relevant parliamentary committee is well and truly parked out of sight. It is hard not to suggest an unhealthy aversion by the Government to the committee since failing to secure the post of chair for their preferred candidate, which, if so, would be a failure of duty to do the right thing. On the matter of scrutiny, I was interested in the thoughtful considerations from the noble Earl, Lord Erroll, and I am sure these matters will be debated further.

On the continuing theme of what is missing, diversity of suppliers is needed at different points of the chain with sufficient support for the UK’s own start-ups. However, the Bill does not even mention supply chain diversification or the diversification strategy, even though we all agree that we cannot have a robust and secure network with only two service providers, which is the number that we will have left once Huawei is removed from our networks. Support for Britain’s start-ups is needed to deliver this diversity, but the Government’s investment of £250 million will surely not be enough. As the Science and Technology Committee has called for, will the Government produce an action plan with clear targets and timeframes for how that funding will be spent?

This Bill provides a vast and continuing expansion of Ofcom’s remit. It also gives the regulator sweeping new powers and responsibilities. However, Ofcom lacks experience in national security. These changes will demand the recruitment of people with specialist skills and the required level of security clearance. How will this be handled? The impact assessment states that the cost of monitoring compliance for Ofcom is up to £49.4 million from now up to 2029. Can the Minister assure the House that Ofcom will have the relevant resources?

The security of our telecoms network sits firmly within an international context, as my noble friend Lord Maxton said. As the impact assessment states:

“The most significant cyber threat to the UK telecoms sector comes from states. The UK Government has publicly attributed malicious cyber activity against the UK to Russia and China as well as North Korea and Iranian actors”.


This concern is clearly shared with our key allies, as confirmed in the recent NATO summit’s communiqué.

This Bill was published in November—before the integrated review of security, defence, development and foreign policy had concluded. The review states:

“Under the provisions of the Telecommunications (Security) Bill, supported by the 5G supply chain diversification strategy, we will … work with partners, including the Five Eyes, to create a more diverse and competitive supply base for telecoms networks.”


Can the Minister advise how this work is proceeding? How many companies in our supply chain sector have Russian or Chinese owners?

The noble Lord, Lord Alton, made a powerful intervention, echoed by other noble Lords, about the need for due diligence in respect of human rights—something that has been of great and continuing concern to this House. The continuing persecution of the Uighur Muslims and their plight shames the world. I am sure that the Minister will wish to reflect on this matter.

In the course of this debate, your Lordships have heard much about Huawei being the perfect illustration of why this Bill is needed. We support the action to protect the UK from the threats presented by this high-risk vendor that has huge strategic significance. As a Chinese company it could, under China’s national intelligence law of 2017, be ordered to act in a way that is harmful to the UK, and the Government state that,

“the Chinese State (and associated actors) have carried out and will continue to carry out cyber attacks against the UK and our interests”.

Despite this clarity, the telecoms supply chain review of 2018 recommended that Huawei equipment should be removed only from the sensitive part of the core network and could still make up a maximum of 35% of the non-core systems with a deadline of 2023.

In 2020, UK telecoms companies were latterly told by the Government that they would be banned from buying Huawei’s 5G equipment from January 2021 and that the Government want complete removal of Huawei equipment from our 5G networks no later than 2027—as we have heard, at a cost of £2 billion and a delay to 5G rollout by two to three years. Can the Minister indicate how the UK is going to benefit from the costly debacle of ripping out Huawei?

On spreading the risk, the Government’s vendor diversity task force said that the UK must ensure that smaller telecoms equipment makers become key suppliers of Britain’s 5G mobile phone networks once kit from Huawei is stripped out of the infrastructure. It said that smaller equipment manufacturers should provide 25% of the kit used in 5G networks. Have the Government accepted this target? We cannot end up in a similar situation again as we saw with Huawei.

This Bill must be future-proofed and provide for a horizon-scanning function to identify emerging threats and potential weaknesses in UK telecoms providers’ asset registers. We will be seeking amendments to the Bill that fill in the many missing gaps and will work across all parties to do so. As I have said, it is as much about the glaring omissions as it is about what the Bill contains. The UK cannot end up in another costly security debacle as we did with Huawei. The Government need to look to the future rather than letting it continue to overtake us. Let us hope that this Bill can do that job.

Telecommunications (Security) Bill

Baroness Merron Excerpts
Lord Fox Portrait Lord Fox (LD)
- Hansard - - - Excerpts

My Lords, harmony is breaking out across the Room, with the possible exception of the Minister. I will not reiterate my noble friend’s well-put argument but I refer the Minister—I am sure she has already read it—to the impact assessment. I am increasingly of the opinion that the single most useful document that comes with the publishing of a Bill is not the Explanatory Notes but the impact assessment. The department is to be congratulated on the quality of the one produced in this case.

Page 30 of the impact assessment covers the monetised and non-monetised costs of this. At the front of the assessment there is a number. However, point 6.1 says:

“This impact assessment makes an estimation of the costs and benefits of the options”.


It says it brings together “a number of sources” and notes that there are “limitations to the analysis”. The first is the

“lack of robust and specific data”—

that is a fairly serious limitation—

“for example on UK telecoms market size and the size of specific sub-markets”.

Therefore, the number on the front is based simply on—obviously, well-intentioned—estimates of the telecoms market. Furthermore, the costs are quantified based on equipment costs. They are not based on the friction of running a network under the constraints of this Bill, which is itself a glaring error in how one looks at the cost of this Bill in terms of impact.

It is not just about the cost and replacement of equipment—it is about the draft regulations to which my noble friend Lord Clement-Jones referred. They cover all aspects of the operation of the networks in this country. We are looking at a situation in which, if the Minister so chose, the regulations could be made and implemented such that the Minister ran the networks by remote control from the department. That is why these safeguards, parliamentary scrutiny and the affirmative process are an important safeguard to prevent attention—not, I am sure, from this Minister or this Secretary of State, who I am sure can be trusted with these regulations, but we do not know who will follow or what their intentions will be.

As the noble Earl, Lord Erroll, wisely said, to hand over these powers without simultaneously taking significant powers of scrutiny of the statutory instruments that will inevitably follow is the wrong way in which to pass a Bill in your Lordships’ House. For these reasons, along with the huge uncertainty of the cost of what we are doing here, I commend my noble friend’s amendments.

Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

My Lords, I speak to Amendment 11 in my name and welcome Amendments 7 and 12 in the names of the noble Lords, Lord Fox and Lord Clement-Jones. I was interested that the noble Lord, Lord Fox, referred to a chorus of agreement, which I certainly heard ringing out, expressing concerns about the role that Parliament should have in scrutinising on codes of practice that this Bill currently does not provide for. To me, the codes remind us that the Bill can provide us only with something of a framework, and for many areas there is a wait for the details to be filled in later. As the noble Earl, Lord Erroll, said, the devil, as always, is in the detail.

Clause 3 allows the Secretary of State to issue new telecom security codes of practice that will set out to providers the details of specific security measures that they should take. As we have heard referred to, the impact assessment states that these codes are the way in which the DCMS seeks to demonstrate what good security practices look like. However, I note that Ministers are proposing only to demonstrate but not actually to secure good practice, which I am sure is the real intent—and it would be very helpful if, through this debate, we could get to that place.

I am interested also to note and draw the Minister’s attention to the fact that the Government have said that these codes will be based on National Cyber Security Centre best practice security guidance. The Government have said that they will consult publicly, including with Ofcom and the industry, as we read in the Minister’s letter following Second Reading. That public consultation will be on implementation and revision. However, it strikes me as very strange that the National Cyber Security Centre is not a statutory consultee; can the Minister say why it is not?

I particularly make the point that, as the codes of practice will be admissible in legal proceedings, they have to be drafted accurately and we have to ensure that security input and expertise is fed into them. The National Cyber Security Centre, which is described as a bridge between industry and government and is, indeed, an organisation of the Government, would seem to be a body that should be, in a statutory sense, invited to make the input and offer its expertise, along with other departments and agencies. After all, we can see, when reading about the centre, that its whole reason for being is that it provides widespread support for the most critical organisations in the United Kingdom as well as the general public, and they are absolutely key when incidents, regrettably, occur. We are trying to address those incidents in respect of this Bill.

As we have heard from all noble Lords who spoke in this section of the debate today, the input needs to come from Parliament, which is why I tabled Amendment 11. As the Bill is drafted, the current reading is that a code of practice must be published and laid before Parliament, but there is no scrutiny procedure. I put it to the Minister that if codes have legal weight, why is Parliament being denied the chance to scrutinise them? We seem to have a complete mismatch there. I was taken by the words in the Delegated Powers Committee report, mentioned by the noble Lord, Lord Clement-Jones, in his introduction, which stated that this way of being was “unacceptable” and called for the negative procedure for codes. That is what Amendment 11 does. Can the Minister address specifically the words of that committee report? I refer her to paragraph 27, which says:

“In our view, the Department’s reasons are unconvincing … the fact that codes of practice would be produced after consultation with interested parties cannot be a reason for denying Parliament any scrutiny role; and … the Department appears not to have recognised the significance of the statutory effects of the codes of practice”,


as has been highlighted today. I therefore hope that the Minister will both comment on the report and seek to make what is a very important and significant change in this regard.

I will pick up on one additional point. The impact assessment also says that the codes of practice will have a tiering system for different-sized operators. The initial code will apply to tier 1, which serves the majority of businesses of critical importance to the United Kingdom. This will also apply to tier 2 medium-sized operators but with lighter oversight by Ofcom and longer timetables. Can the Minister offer a draft list of the operators in tiers 1 and 2, and can it be shared with noble Lords? I would also be interested to know whether the Minister has any concerns that tier 2 operators will somehow be worse at compliance. If she has those concerns, what support will be provided to small and medium-sized enterprises? I look forward to her reply.

Baroness Barran Portrait Baroness Barran (Con)
- Hansard - - - Excerpts

My Lords, I have heard with interest the contributions of your Lordships regarding the parliamentary oversight of the secondary legislation and codes of practice associated with the Bill. I will try not to disrupt the harmony that broke out so agreeably.

Amendment 7 tabled by the noble Lord, Lord Fox, would apply the affirmative procedure to regulations made under new Section 105B in Clause 1. It would require secondary legislation to be laid in Parliament in draft and to be subject to a debate and a vote in both Houses. Both Amendment 11 tabled by the noble Baroness, Lady Merron, and Amendment 12 tabled by the noble Lord, Lord Fox, would require a statutory instrument to be laid in Parliament for the Secretary of State to issue or revise the codes of practice, under the negative or affirmative procedure respectively.

I will first address Amendment 7 and the procedure for the regulations. The Bill currently provides for the statutory instrument containing the regulations to be laid using the negative procedure. This is the standard procedure for instruments under Section 402 of the Communications Act. The only delegated powers in the Bill currently subject to the affirmative procedure are Henry VIII powers to retrospectively amend penalty amounts set out in the primary legislation.

--- Later in debate ---
Moved by
8: Clause 2, page 4, line 30, at end insert—
“(7) In making regulations under this section, the Secretary of State must take the utmost account of the advice of the Technical Advisory Board and a Judicial Commissioner concerning the proportionality and appropriateness of any measure or description of measure specified in the regulations.”
Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

My Lords, I move Amendment 8 in my name and welcome the similar Amendments 9 and 19 in the names of the noble Lords, Lord Clement-Jones and Lord Fox. The Minister will recognise some similar themes in this group to those in the previous debate. The amendments are to Clause 2, which gives the Secretary of State the powers to make regulations which require providers to take specified measures in response to a specified security compromise and where a security compromise has a specified adverse effect on the network or service. The Minister will not be surprised that the amendments seek to understand what advice the Secretary of State will receive and where that advice will come from when making these regulations.

I am sure that we have all heard concerns about how these regulations are widely shared. For example, Comms Council UK has said that this represents an

“unprecedented shift of power from Parliament to the Minister in relation to how telecoms networks operate”,

and argues that

“the Minister will be able to unilaterally make decisions that impact the technical operation and direction of technology companies, with little or no oversight or accountability.”

Unsurprisingly, there has been a call for technical and judicial oversight, as reflected in these amendments, just as the Investigatory Powers Act 2016 established a Technical Advisory Board to advise the Home Secretary on the reasonableness of obligations imposed on communications providers. There is precedent here to which we can usefully refer.

Other concerns were expressed in Committee in the other place. The Digital Policy Alliance is familiar to a number of parliamentarians, especially the noble Earl, Lord Erroll, who is chair of that august organisation. I am sure that he is aware of the comments of its Dr Louise Bennett, who said:

“There is no mention in the Bill of a technical advisory board focused on the provisions of the Bill, and that would be a very helpful addition.”—[Official Report, Commons, Telecommunications (Security) Bill Committee, 14/1/21; col. 49.]


I agree. Such a board would, for example, be able to point out that new types of components were coming down the track. Does the Minister feel that such a board would be a helpful addition? If not, why not?

Have the Government considered expanding the remit of the current Technical Advisory Board to cover the powers in the Bill? Amendment 19 in the name of the noble Lord, Lord Clement-Jones, gives us a useful steer on how any such new board could be constituted. Without such a board, what technical advice will the Secretary of State receive? Who will it come from, and will it be published? I look forward to the Minister’s reply.

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- Hansard - - - Excerpts

My Lords, I am delighted to be on the same page as the noble Baroness on the insertion of a technical advisory board and judicial commissioner into the process. I note that she quoted Dr Bennett of the DPA; I am proud to be a DPA member and sitting opposite my chair. Others from the industry have made the same points. Comms Council UK has pointed out that there are no clear mechanisms for technical feedback or expertise to be fed into the drafting of the regulations and the codes of practice, which we discussed on the last group. It makes the point that many of the technical requirements that will be placed on its members are not in the text of the Bill but are in the accompanying regulations and the code, which we have heard has yet to be published. It is clear that, in these draft regulations made under Section 105B and 105D—

--- Later in debate ---
Lord Parkinson of Whitley Bay Portrait Lord Parkinson of Whitley Bay (Con)
- Hansard - - - Excerpts

First, if I may, I will take back the point made by the noble Lord, Lord Fox, about new Section 105H under Clause 3; I will write to him to, I hope, alleviate any concerns and confusion. There are certain legal effects set out; I will write to him to clarify the point about legal enforceability.

I am grateful to the noble Lord, Lord Clement-Jones, for his appreciation. Part of the confusion here may be that two technical advisory boards are mentioned in these groups of amendments. As I think he noted, the one set up under RIPA has a different function, but we are certainly not being dismissive of the points that have been raised. Indeed, as I said, we have spoken to the industry and received helpful feedback from telecoms providers on the illustrative draft measures that were published in January. We will also be glad to look at the information that he mentioned—the views that have come his way—to make sure that these are reconciled; if he is happy to share them, we will look at them and come back him.

Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

I thank all noble Lords for their contributions. In view of the pandemic restrictions on the numbers that might sing in a choir inside, it is dangerous now to say that we are singing from the same hymn sheet—as the noble Baroness, Lady Barran, will recall from her time at the Dispatch Box. I do not know whether we would count as amateur or professional, so perhaps I could venture in that direction, but there is a sense among noble Lords of wanting to strengthen the Bill by ensuring that the Secretary of State has the best technical advice.

I thank the Minister, the noble Lord, Lord Parkinson, for his response. However, I take from it that a technical advisory board is not required. I share the confusion that was referred to earlier by the noble Lord, Lord Clement-Jones. On the one hand, in the previous set of amendments, we were advised that this is so technical that it is not appropriate for a particular aspect of parliamentary scrutiny, yet suddenly, it seems, it is not quite as technical but we need further advice. I am reminded of the words of the then Lord Chancellor, Michael Gove, who we will recall commenting in a debate over Brexit that we have “had enough of experts”; I suspect the Minister will have picked up from the amendments today that we feel we have not had enough of experts. I hope he will reflect on the fact that these amendments seek to assist the Secretary of State, and to assist this Bill to do the job it is here to do to very best effect. With that, I beg leave to withdraw the amendment.

Amendment 8 withdrawn.
--- Later in debate ---
Lord Fox Portrait Lord Fox (LD)
- Hansard - - - Excerpts

The undue burden point touched on by the noble Earl, Lord Erroll, is really important. On a previous group I spoke about regulatory friction and the fact that this has not been costed into the impact assessment. Clearly, regulatory friction is harder for smaller companies to deal with than larger companies. I think that is the point that the noble Earl was making. It is one that I would also join up.

We should also not confuse lots of regulations with security. The whole point about people who wish to subvert security is that they understand the regulations and go round them. Indeed, sometimes regulations are a guidebook for security, in a sense, because they show the map around which you seek to find the chinks.

The point in the impact assessment about making the networks value security is right. On that, I completely agree with the Government. I am not sure that some of the measures in the Bill actually do that; what they do is create a regulatory load without necessarily adding value. Some of the measures that we spoke of in the last group of amendments, as well as in this, are about stripping this down to where value is added rather than simply more regulation being loaded up.

One of the great pleasures of speaking after my noble friend Lord Clement-Jones is that he normally says everything better than I would. He simply asked the Minister to repeat what was in the letter and to endorse the 2003 Act. I hope that he is able to grant his wish.

Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

I thank the noble Lords, Lord Fox and Lord Clement-Jones, for these amendments. As before, it is a pleasure to follow their contributions and that of the noble Earl, Lord Erroll.

On the codes of practice and Amendment 10, I understand the importance of not wanting to put undue burdens on businesses. We should make particular reference to the exceptionally difficult and testing times that businesses and the economy have had to suffer over the past year due to the pandemic. Obviously, a balance needs to be considered. We have to ensure that if the codes are going to be used, they are the most effective way of implementing security measures. How will the Government consider the impact of codes on businesses? For example, will there be specific consultation about undue costs in respect of businesses?

The concerns that we have heard in this debate give a further nod to concerns about lack of parliamentary oversight, which is missing from the codes. I again say gently to the Minister that by giving parliamentarians the opportunity to provide scrutiny there might also be the ability to review the impact on businesses.

Amendments 16, 17 and 21 would ensure that Ofcom’s new powers in the Bill were subject to requirements in Sections 3 and 6 of the Communications Act 2003. Section 3 focuses on the general duties of Ofcom, while Section 6 focuses on reviewing regulatory burdens. It would be helpful to hear from the Minister whether the Bill has been deliberately drafted for the new powers to fall out of scope of those sections in the Communications Act and, if so, why.

What review process will be faced in respect of Ofcom’s new powers? It is very important that, when new powers are given, there is an opportunity to review, reflect and amend, and to keep a close eye on whether those new powers are doing the job intended.

Lord Parkinson of Whitley Bay Portrait Lord Parkinson of Whitley Bay (Con)
- Hansard - - - Excerpts

I thank the noble Lords, Lord Fox and Lord Clement-Jones, for these amendments, and all noble Lords who have spoken in the debate. The amendments focus on the need for the regulations and code of practice to be proportionate, and to ensure that the duties of Ofcom are carried out in a transparent and similarly proportionate way.

I turn first to Amendment 10, tabled by the noble Lord, Lord Fox. This amendment to Clause 3 seeks to ensure that codes of practice are necessary and proportionate to what they are intended to achieve, and do not place an undue burden on telecoms providers. The Bill already includes provisions in Clauses 1 and 2 to ensure that security duties placed on public telecoms providers in the primary legislation and specific security measures set out in regulations must be considered to be appropriate and proportionate by the Secretary of State. The code of practice will provide the technical guidance on the steps that public telecoms providers should take to meet their security duties. I certainly agree with the noble Baroness, Lady Merron, about the extra—and indeed extraordinary—work that providers have done over recent months to keep us all in contact during the pandemic.

To help ensure that technical guidance in the code of practice is appropriate and proportionate, Clause 3 requires the Secretary of State to publish a draft version of the code of practice before it is issued, and to consult on its contents. This public consultation will take place after the Bill has attained Royal Assent; it will enable the voices of telecoms providers of all sizes—as noble Lords rightly pointed out—the wider sector, Ofcom, and any other affected groups to be heard and taken into account before the code of practice is finalised. Subsequent versions of the code of practice, which will be revised as technology evolves and new threats emerge, will also be subject to the same process of consultation before being issued.

An impact assessment is also being conducted for proposed secondary legislation to be laid as part of the new framework, which will take into account the initial cost assessments from providers to ensure that the framework is balanced and proportionate. The precise make-up and design of each provider’s network remains a commercial decision. The Bill makes it clear that providers are responsible for the security of their own networks and services; providers also remain responsible for deciding how they recover their costs. As such, we expect the costs of ensuring adequate security to be met by individual providers.

I turn to Amendments 16, 17 and 21, tabled by the noble Lord, Lord Clement-Jones. These seek to apply Sections 3 and 6 of the Communications Act 2003 to Ofcom’s duties and powers under Clauses 5, 6 and 19 of this Bill. Section 3 of the Communications Act sets out Ofcom’s general duties; these include a duty on Ofcom to have regard to the need for transparency, accountability and proportionality when carrying out its functions. Section 6 of the Communications Act requires Ofcom to review the burden of its regulation on telecoms providers. These are all principles that we think are essential to the functioning of the new security regime created by this Bill. I am glad to repeat the reassurance given by my noble friend in her letter, which the noble Lord, Lord Clement-Jones, mentioned, that Ofcom is already bound by its general duties in Sections 3 and 6 of the Communications Act when carrying out its security function under new Section 105M, and when using any of its powers in this Bill. This will include Ofcom’s power to carry out an assessment of public telecoms providers’ compliance with their security duties under Clause 6 of this Bill, and powers for Ofcom to give inspection notices under Clause 19. As my noble friend said in her letter, if Ofcom fails to carry out its security functions in line with these duties, it could be subject to legal challenge.

The provisions in the Bill already ensure that the regulations, code of practice and duties of Ofcom are proportionate. Therefore, we do not think that these amendments are necessary, and we hope that noble Lords will be happy not to press them.

--- Later in debate ---
Moved by
13: Clause 4, page 7, line 26, at end insert “within 30 days”
--- Later in debate ---
Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

My Lords, Amendment 13 seeks to speak up for consumers and to probe possibilities as to how we may act in their interests. After all, they are the ones who are, on an individual basis, and often in very large numbers, at the receiving end of security threats.

Amendment 13 would amend Clause 4, which places a duty on providers to take steps to inform users about security compromises or where there is a significant risk of a security compromise occurring which may adversely affect the user as a result. As we see in the clause, the provider must inform the user about the existence of the risk, the nature of the security compromise, what steps could be reasonably taken by users in response, and of course the name and contact details of a person who may provide further information. All those are welcome, and such a duty being placed on providers to report security incidents is right and proper. After all, for many years, we have heard calls from all sides to place a clearer and more comprehensive duty on providers to share information with users, who should not be kept in the dark. When they are affected by a breach, there are not just practical considerations; as we all know, such security breaches are extremely distressing and worrying, as well as compromising for those affected. It is right for them to have some sort of redress.

Let us reflect on the high-profile incidents where users have not been told of security incidents. For example, TalkTalk failed to inform 4,500 customers that their personal information, including bank account details, was stolen as part of the 2015 data breach. That was revealed only in 2019, when details were found online. I am sure that, like me, the Minister will completely understand how distressing this must have been for those people, who were not only affected but were given no opportunity by the company to do anything about it.

Clearly, we know that such behaviour by telecoms companies is unacceptable. However—and this is what the amendment seeks to assist with—Clause 4 does not give a timeframe for providers to inform consumers. This probing amendment suggests a 30-day window to do so. I understand that we have to be aware that this cannot lead to further security compromises that could result from informing the public, so that point has to be taken into account.

How quickly does the Minister think providers should inform the public of a security breach? I ask that because under Clause 4, which is very open, it could be months before users find out that their personal data has been stolen. How much worse for people to find out in that way and in that sort of timeframe?

The amendments we are debating today and the Bill we are considering are all about the protection of national security. In all that, let us remember consumers too, whose interests are key to these debates. The public have to know that their data is safe and when to take necessary steps if their privacy has been threatened in some way.

On Amendments 14 and 15, I should be interested to hear from the Minister whether an Ofcom backstop to halt providers speaking to users on security grounds already exists. Does Ofcom have the expertise already to make such a judgment, or would new experts—I use that word carefully but definitely—and new expertise be needed? I look forward not only to the Minister’s reply but to the comments of noble Lords participating in this debate.

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- Hansard - - - Excerpts

My Lords, I shall speak to Amendments 14 and 15. I wanted to say on the last group of amendments that I entirely agree with the noble Earl, Lord Erroll, about regulation. It is entirely possible for regulation to provide certainty, to stimulate innovation and, in the context of this Bill, to ensure that we have the right framework for our providers to ensure that our security is not compromised. So there is certainly no negativity in that respect towards regulation; the question is whether it is appropriate in the circumstances and not unduly burdensome for those subject to it. That is why the question of parliamentary oversight, which has been mentioned throughout this afternoon, continues to be important, and I think that it will come up again in the next group.

This amendment is on rather a different area. I have quite a lot of sympathy with Amendment 13 in the name of the noble Baroness, Lady Merron, but this is more nuanced than the Bill provides for. I want to quote again from the evidence of BT to the Bill Committee in the Commons. It said:

“We agree with the requirements on operators to support the users of their networks in preventing or mitigating the impact of a potential security compromise … In certain cases”—


and this is a sort of “however”—

“the security of the network may be put at greater risk if potential risks are communicated to stakeholders, providing malicious actors with additional information on potential vulnerabilities in the network that they may seek to exploit. We therefore believe that the Bill should explicitly consider such scenarios and not place obligations on communications providers to inform users of risks whereby doing so it will increase the likelihood of that risk crystallising.”

That is where our first amendment is going. BT further stated that

“the Bill also confers powers on OFCOM to inform others of a security compromise or risk of a compromise, such as the Secretary of State or network users. We understand the intention of the Bill in this regard and support the principle. We believe that this would be most effective when done in conjunction with the operator in question to ensure there is clarity and agreement, where possible, on the timing, audience and messaging of such information provision. This would also ensure that this does not cut across any other obligations that an operator may have, such as market disclosures. The Bill currently does not require OFCOM to consult with the operator prior to informing third parties of a security compromise (or risk of one).”

I think these are fair points. The Government must have an answer before Ofcom is faced with that set of issues. In this light, Amendments 13 and 15 make further provision about the duty to inform users of a risk of security compromise and specify that duties to inform others of “significant risks” of security compromises must be proportionate and not in themselves increase security risks.

--- Later in debate ---
Baroness Barran Portrait Baroness Barran (Con)
- Hansard - - - Excerpts

My Lords, I am sorry, as ever, to disappoint the noble Lord, Lord Clement-Jones. With regard to his first point, of course the relationship with providers is important, which is why we have worked so closely with industry throughout the preparation of the Bill. However, as the noble Baroness, Lady Merron, said so eloquently, the relationship with users is also very important; it is that balance that we are seeking to strike. I am sorry if the noble Lord found my remarks grudging or negative; there was a lot of thought behind them.

Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

My Lords, this has been a healthy debate. I thank all noble Lords who have contributed on the various amendments. I certainly noted from her response to Amendment 13 in my name that the Minister shares my understanding of the issues for consumers. The debate has shone a light on the fact that it is not possible to simply put one set of interests above another. I felt in the course of the debate that it has been understood that, while fixed time periods may create an unintended consequence, as the noble Earl, Lord Erroll, said, they do ensure that things are not swept under the carpet. That is really where the amendment was seeking to probe.

I appreciate the point made that, while timescale is at the discretion of telecoms providers, there are certain requirements on them. I still have a sense of nervousness; I hope that, as we proceed with this legislation, the telecoms providers will understand the importance of acknowledging and responding to the very real concerns, interests and threats to consumers when they consider what the words “reasonable and proportionate”, as well as the words “timely manner”, mean. With that, I beg leave to withdraw my amendment.

Amendment 13 withdrawn.
--- Later in debate ---
Lord Fox Portrait Lord Fox (LD)
- Hansard - - - Excerpts

My Lords, I am not going to attempt to outlawyer my noble friend Lord Clement-Jones. I may not be a lawyer, but I am suspicious or, indeed, perhaps ultra-suspicious. What is the department seeking to avoid by removing what would seem to be natural justice from this process? What are the Government seeking to protect themselves from in advance? Who are they frightened of?

I do not think I know the answers to these questions, but I know that there is someone or something there that the department is seeking to avoid in advance. For those reasons, we should be extraordinarily suspicious, just as suspicious as I am. I ask the Minister: what is the justification? What are the Government scared of?

Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

My Lords, I have been very interested to hear the arguments put forward by the noble Lords, Lord Clement-Jones and Lord Fox, and the noble Earl, Lord Erroll. As we heard from the noble Lord, Lord Clement-Jones, in his opening remarks, concern about oversight is driving this section of the debate. As we know, Clause 13 ensures that when deciding an appeal against certain security-related decisions made by Ofcom, the tribunal is to apply judicial review principles without taking any special account of the merits of the case.

I understand that this does not apply to appeals against Ofcom’s enforcement decisions and that the Government have said that this ensures that it is clear that the tribunal is able to adapt its approach as necessary to ensure compatibility with Article 6, the right to a fair trial. My questions to the Minister are about the legal advice that the Government have received on this clause. What legal advice has been received? Is this external legal advice as well as internal legal advice?

The clause states that

“the Tribunal is to apply those principles without taking any special account of the merits of the case.”

Can the Minister explain what “special account” is expected to mean?

Baroness Barran Portrait Baroness Barran (Con)
- Hansard - - - Excerpts

I thank the noble Lords, Lord Clement-Jones and Lord Fox, for tabling this amendment to Clause 13. I am aware that the noble Lord, Lord Clement-Jones, has spoken extensively on the standards of appeal in this House. As the noble Lord remarked, this matter was also raised in the Constitution Committee’s recent report, where it asked for further clarification about the reasoning for the changes made by this clause. I will attempt to address this point today and answer the questions from the noble Lord, Lord Fox, about what we are worried about.

Telecommunications (Security) Bill

Baroness Merron Excerpts
Moved by
23: After Clause 23, insert the following new Clause—
“OFCOM’s Annual Report
After section 105Z29 of the Communications Act 2003 insert—“105Z30 OFCOM’s Annual Report(1) Every report under paragraph 12 of the Schedule to the Office of Communications Act 2002 (OFCOM’s annual report) must include a statement on—(a) the adequacy of OFCOM’s resourcing in fulfilling its functions under the amendments made to this Act by the Telecommunications (Security) Act 2021;(b) OFCOM’s determination of the adequacy of measures taken by network providers in the previous 12 months to comply with sections 105A and 105B of the Communications Act 2003 and regulations made thereunder; and(c) OFCOM’s assessment of emerging or future areas of security risk based on its interrogation of network providers’ asset registries.(2) The statement required by subsection (1)(a) must include an assessment of—(a) the adequacy of OFCOM’s budget and funding;(b) the adequacy of staffing levels in OFCOM;(c) any skills shortages faced by OFCOM.””Member’s explanatory statement
This new Clause introduces an obligation on Ofcom to report on the adequacy of their resources and assess the adequacy of the annual measures taken by telecommunications providers to comply with their duty to take necessary security measures. It also requires Ofcom to assess future areas of security risk based on its interrogation of network providers’ asset registries.
Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

My Lords, I will also speak to Amendment 26, which stands in my name. As I recall raising at Second Reading, the whole point about this legislation is not just its intent but whether it can be delivered in practice. Can it do the job that it intends to do? These amendments are intended to ensure that we know we have the resources, whether in people, funding, infrastructure or whatever, to deliver the protections that the Bill is intended to offer. There are considerable questions about that.

I will focus first on the new responsibilities, remit and powers that are being given to Ofcom. As we know, there has been a vast expansion of Ofcom’s remit over the past 10 years, so it is most important that it is appropriately resourced to carry out its duties and to be very forward-looking. As my noble friend Lord Coaker said earlier, for us, the whole issue of looking forward is a particular concern in the Bill. That has been echoed by many noble Lords this afternoon. I note that reassurance is often given by the noble Baroness, Lady Barran, as the Minister and I am sure that the noble Lord, Lord Parkinson, will also seek to reassure me. But I am sure he will have picked up the feeling in the Room today that we need to go rather further than words of reassurance.

What we know about Ofcom is that experience in national security measures is not its natural and current territory, so the expansion of these duties will absolutely require people with the required level of security clearance and experience. I recall the comments of Emily Taylor of Oxford Information Labs during the debate in the Public Bill Committee in the other place. She has considerable expertise in cyber intelligence and she said at that time that Ofcom

“will have to acquire a very specific set of skills and capabilities, and that will require substantial investment and learning as an organisation”.—[Official Report, Commons, Telecommunications (Security) Bill Committee, 19/1/21; col. 72.]

I also note that a memorandum was published recently by Ofcom and the National Cyber Security Centre about how they will work together as part of the new regulatory regime. On the face of it, I thought that might provide some of the reassurance that I am sure the Minister will wish to give to noble Lords. However, I observe that while the National Cyber Security Centre will indeed be able to provide advice on national security matters, the question is whether Ofcom has the resource and the greater expertise to understand that advice. It is one thing to receive advice but another to be able to work with it. I am sure noble Lords know their own limitations. I certainly know mine when it comes to advice and expertise. For me, that memorandum did not show understanding of the limitations that there are.

Amendment 23 would require Ofcom to report annually on the adequacy of measures taken by network providers to comply with changes introduced in the Bill, empowering the Government to track the effectiveness of the legislation. That seems to be good legislation: to put it in place, to make sure it does the job it ought to do, to resource it and then to track its effectiveness.

Amendment 23 would also ensure that Ofcom will have the human and informational resources to provide an assessment of security risks based on its interrogation of network providers’ asset registers. This needs to include things such as a reference to the adequacy of Ofcom’s budget, funding and staffing levels and any potential skill shortages that might mean that it cannot do the job it is intended to do.

It is interesting to look at the Government’s own impact assessment, which states that the costs of monitoring compliance with the telecoms security requirements could be up to £49.4 million by 2029. Allied to that, Ofcom’s current budget for telecoms security for this financial year has been increased by £4.6 million; that is intended to reflect its enhanced security role under the Bill. The first obvious question to the Minister is whether this funding will be sufficient to meet the demands and to engage those with the right security skills. As a supplementary question to that, what targets does Ofcom have to seek the numbers of new staff it needs?

On staff shortages and funding shortfalls, how does the Minister consider that the Government will be aware of these problems without some kind of annual report? Furthermore, where do the public fit into this? How will they know that everything is in hand without such a reporting requirement being met? In my view, if Ofcom is to do more on security, the Government absolutely have to make sure that it is secure and able in its new role.

We spoke earlier about the absolutely crucial aspects of future proofing and horizon scanning. It seems that Ofcom also needs to be able to assess future risks to the security of UK telecoms. We know that new types of threat have emerged over recent years; for example, attacks on healthcare systems. We are also sensitive to potential future risks; for example, the dependence of cloud computing infrastructure on Amazon Web Services, the dominant vendor in this market. Clearly, dangers could arise if AWS was bought by a hostile foreign state or hacked by a hostile operator. In all these ways, we need to ensure that Ofcom is equipped not just for the present but for the future.

Amendment 26 looks at the very important matter of skills in the wider sector. We know from the Institute of Engineering and Technology that the UK economy is suffering a loss of £1.5 billion per year due to STEM skills shortages, and the Chartered Institute of Personnel and Development has found that two-thirds of employers who have vacancies report that some are proving hard to fill, with engineering being one of the most prevalent.

Amendment 26 seeks to require the Government to publish a review of the implications of skills shortages and training support for the security of the tele- communications network and its supply chain. Again, this amendment looks forward to ensure that we can protect our security capability.

I have a few specific questions for the Minister. I would be interested to know whether he is concerned that the 2027 target for Huawei removal might be delayed due to skills shortages. Can he comment on what skills shortages have been identified as a security risk? What action are the Government taking to fill them? I look forward to hearing from him regarding these amendments. I beg to move.

Lord Stirrup Portrait Lord Stirrup (CB)
- Hansard - - - Excerpts

My Lords, Amendments 23 and 26 touch on the critical issue of skills, in Ofcom and then more widely in the supply chain. They are right to do so, but in my view they are too constrained and do not go nearly far enough. This is not the fault of the drafters—they have to propose amendments that fall within the scope of this particular legislation, and they have done so admirably—but the problem they expose goes much wider than the field of telecommunication.

We find ourselves in this discussion at least in part because of our current reliance on Huawei technology and on the associated vulnerabilities that this introduces. But why have we become so dependent on Huawei? I said earlier that in the first half of the last decade we made unbalanced decisions about our trade and security relationship with China, and that is true. But it is also a fact that Huawei was—and still is—one of the very few companies to have brought the necessary technology to market. Frankly, there were not many options open to us, so our supply chain is anything but resilient in this area.

There are two elements to this problem. One is the level of industrial commitment to and investment in critical technologies; the other is the skills base to support such industries. Both of these interlinked issues must be addressed if we are to resolve the weakness in our supply chain.

The answer does not, of course, have to be wholly national. Industrial capacity and skills that are sufficiently widespread internationally, particularly among responsible countries that abide by international law, norms and standards, would provide us with an acceptable degree of resilience. This will undoubtedly have to be part of the solution, at least in the short term, but we have to ask ourselves why, in technologies that are so important to our security and that promise such future advantage to the companies involved, we are lagging so far behind. I acknowledge that we cannot lead everywhere and provide everything ourselves, but surely an important part of our national strategy should be to put ourselves in the van of those capabilities that will shape and guard our future.

This is certainly not about direct government involvement in business decisions; that approach already has a quite sufficiently inglorious history. It is, though, about government incentives—not least through a clear strategy and consequent procurement decisions—for the appropriate industries and a national effort to provide the necessary skills base to support those industries.

Amendment 26 makes some modest proposals in this regard and I welcome them, as far as they go, but we need to go much further. Telecommunication is not the only area to be hampered by such problems, and I believe we should take a more holistic approach. I have no doubt the Minister will reject the amendment, although I stand ready to be surprised. If, however, he lives up to my expectations, I invite him to say whether the Government agree with my analysis and, if so, how they propose formally to tackle a problem that is so central to our future security and prosperity.

--- Later in debate ---
Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

I am grateful to noble Lords and to the Minister for his reply, which referred to various items in some detail. What I take from this debate is that, although I am sure that noble Lords are interested to hear of the various initiatives and actions that are in place and which the Minister has rightly emphasised, the question still remains of whether this is enough. Is this exactly what we need? I feel again that this is something of a theme in our debates throughout Committee. Nobody is suggesting to the Ministers that nothing is being done, but is it being done coherently, is it sufficient and is it what is needed? That is again left hanging in the air.

I am grateful to the noble and gallant Lord, Lord Stirrup, who referred to—these are my words—the need for a national strategy which would, in his words, shape and guard our future. That is exactly the point of these amendments. Indeed, the Government do not do everything, but it is only the Government who have a role in bringing all the parties together and have the ultimate responsibility for security in this country, of course.

I note the helpful remarks from the noble Lord, Lord Fox, who referred to the need to work with other government departments. I would feed that into my point about the need for a strategic approach. My sense from this debate is that this is the part that is not quite clear. As the noble Lord, Lord Fox, asked, what is the plan? We have insight into actions, but whether that is a strategy or a plan is hard to make a judgment on. The Minister indicated that 50% of companies in the relevant sector—that seems a lot—are reporting that they have a lack of cybersecurity skills. Something else that I thought was important was when the Minister spoke of a lack of confidence. We all know that a lack of confidence in any sector, particularly this sector, is problematic and must be addressed.

It is disappointing that the Minister’s response is, again, that this is not necessary and we do not need to publish or to report to Parliament, because I feel it is a missed opportunity to satisfy the country and, within that, noble Lords. It is a missed opportunity to satisfy those who have the security of this country at heart, as the Minister does, about whether the measures are enough and whether they will go fast enough, fully meet the needs of the necessary part of the industry and provide the security needed. Although I am disappointed, I beg leave to withdraw the amendment.

Amendment 23 withdrawn.
Moved by
24: After Clause 23, insert the following new Clause—
“Network diversification
(1) The Secretary of State must publish an annual report on the impact of progress of the diversification of the telecommunications supply chain on the security of public electronic communication networks and services.(2) The report required by subsection (1) must include an assessment of the effect on the security of those networks and services of—(a) progress in network diversification set against the most recent telecommunications diversification strategy presented to Parliament by the Secretary of State;(b) likely changes in ownership or trading position of existing market players;(c) changes to the diversity of the supply chain for network equipment;(d) new areas of market consolidation and diversification risk including the cloud computing sector;(e) progress made in any aspects of the implementation of the diversification strategy not covered by paragraph (a);(f) the public funding which is available for diversification.(3) The Secretary of State must lay the report before Parliament.(4) A Minister of the Crown must, not later than two months after the report has been laid before Parliament, move a motion in the House of Commons in relation to the report.”Member’s explanatory statement
This new Clause requires the Secretary of State to report on the impact of the Government’s diversification strategy on the security of telecommunication networks and services, and allows for a debate in the House of Commons on the report.
Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

My Lords, I move the amendment in my name and thank the noble Lords, Lord Fox and Lord Alton—he could not join us today —for their support.

The amendment is about ensuring that the intent of the Bill can be delivered, and the measures that we are all in favour of will actually happen. There is therefore a link to the earlier debates. Throughout these debates it has become clear that diversity of suppliers is needed at different points of the chain, with sufficient support for the UK’s own start-ups. That will be the only way in which we can secure proper telecoms security.

Even the Government’s 5G diversification strategy demonstrates how diversification and security are inherently linked. It states that if the status quo remains with market consolidation, it will lead to

“an intolerable security and resilience risk”.

However, as was said clearly in earlier debates, the Bill does not even mention supply-chain diversification or the diversification strategy, even though we would all agree that we cannot have a robust and secure network with only two service providers—Ericsson and Nokia—which is the number that will be left once Huawei is removed from our networks. I hope that the noble Baroness the Minister will have the opportunity to address that concern.

It is of course right to remove high-risk vendors from the UK’s networks and enable the Government to designate vendors and require telecoms operators to comply with security requirements. However, as seems obvious, our networks will not be secure if the supply chain is not diversified. All that will happen is that there will be a shift of dependency to another point of failure.

Therefore, the amendment requires that network diversification is reported on annually. That can include an assessment of likely changes of ownership of existing market players, new areas of market consolidation and available public funding. The report could also provide proper accountability for the strategy’s progress, which will lead to real action. That is what we need. We know that that was called for by the Science and Technology Committee, which criticised the current diversification strategy for not having an action plan with clear targets and timeframes for how that funding will be spent.

The Minister will expect a question on how the announced £250 million funding will be spent. We all know that there are small start-up suppliers in this sphere which are desperate for this kind of support. I should also refer to the new advisory council, which, as she knows, I will come to in a later group. There are many unanswered questions about the adequacy and independence of its advice.

We cannot have a secure network with only two service providers, which is what we will effectively be left with after the removal of Huawei. So we need a diversified supply chain, which means diversity of supply at different points in the supply chain and networks not sharing the same vulnerability of a particular supplier. That is incredibly important for network resilience. That is why the amendment has been tabled. We are concerned to ensure that national security is not put at risk due to a lack of diversification. I beg to move.

Earl of Erroll Portrait The Earl of Erroll (CB)
- Hansard - - - Excerpts

My Lords, this point is very important and has been put across very well by the noble Baroness, Lady Merron. Network diversification will increase resilience and security for various very obvious reasons. The main thing is not just the supply chain. How the internet works is that messages are split over a whole lot of different routers going all over the place. Two things happen. First, because it is split up, if they are all going across different vendors, it is impossible to intercept the entirety of the messages. If it is all over one vendor and there is a clever way of monitoring that, it might be possible to put it together. Funnily enough, if you have lots of vendors, it does not matter whether Huawei is in there or not, and you will end up with flaws.

Also, the resilience of the internet is such that if you knock out a good chunk of the routers, it will still work and automatically route around the ones that have not been knocked out. If they are all from one vendor and all have the same flaw in them at some point, whether they are friendly vendors or not, you can take the whole lot out at once. The very fact that you have a good mixture gives you greater resilience and security. Everyone seems to think that it still runs over a copper wire from one end to the other, but it does not. The IP world is very different from that. That is the main thing.

Amendment 20 is also about long-term strategy. My noble and gallant friend Lord Stirrup is right about all these things. Although the amendments are not in this group, I might as well say now, rather than waste the Committee’s time later, that this lies with the principle of Amendments 18 and 25, that we need the right advisers, who can then advise on the issues that we are now discussing in Amendment 24. It all hangs together. We should not be chopping this up and structuring the Bill in a way that makes us vulnerable.

We may think that we have got the right people in, but we have clearly failed to do all this so far. This is the place to rectify our blindness. From the Minister’s comment, I think that the major change is the diversification and proliferation of civil service departments that are involved in security. That really does reduce our security. The lack of coherence will cause confusion like nobody’s business and will be very expensive.

--- Later in debate ---
I hope I have set out the reasons why we are unable to accept this amendment. I ask the noble Baroness to withdraw it.
Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

My Lords, this has been a short debate but it has been valuable in shining a light on the requirement for diversification and the need to be sure that we are in the right place. I thank the Minister for her reply and the details she gave in response to various questions, including my own. Of course, as ever—I am beginning to feel like a stuck record—the requests to ensure that there is a reporting facility, so that we know all the things in place actually work, have not been accepted.

I was interested in the confidence of the noble Lord, Lord Fox, when he suggested to the Minister that there could be great creativity employed by all noble Lords. I am sure that is indeed the case, but I say to him that I fear our creativity is perhaps not required on this occasion, although I am sure we will stand ready should it be so.

I welcomed the comments of the noble Earl, Lord Erroll, who spoke about the shifting sands of alliances and allies. That is an important point when we consider diversification. I did of course hear the Minister say, rightly, “Of course, this is not just a UK solution to our security”, for a range of excellent reasons. However, we have to be able to take our place and it is that which is of concern. It is not just that the chain is in reference to the UK but that it should take account of those shifts which the noble Earl referred to.

The noble Baroness, Lady Stroud, again asked: “Why on earth would the Government not want to have more parliamentary oversight?”. I will leave that to others to answer, but it seems that it is not flavour of the month in the debate that we are having.

The Minister referred to my question about how the £250 million would be spent, and I am sure it was of great interest to all noble Lords to hear that. Yet it still leaves the question as to why it cannot be matter of report, of why Parliament cannot be not just reassured but informed, and have the opportunity to interrogate and to add. I have a sense that parliamentary oversight—and not just in this area—is not regarded as something which assists process, when in fact the whole experience is that it does. With that, I beg leave to withdraw the amendment.

Amendment 24 withdrawn.
--- Later in debate ---
Moved by
28: After Clause 23, insert the following new Clause—
“Telecoms Supply Chain Diversification Advisory Council: security function
(1) The Telecoms Supply Chain Diversification Advisory Council must discuss the impact of diversification on the security and resilience of public electronic communication networks and services at their quarterly meeting.(2) The Telecoms Supply Chain Diversification Advisory Council may advise the Secretary of State based on those discussions, and this advice must be published. (3) The membership of the Council must include members with expertise in security.(4) The appointments process for the Council must be transparent and consider the previous security experience of applicants.”Member’s explanatory statement
This amendment aims to probe the function of the Advisory Council in relation to the Bill.
Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

My Lords, I am pleased to speak to Amendment 28, which stands in my name. It is the result of a number of recent developments, which I shall refer to. Noble Lords will be aware that on 2 July the Government published their response to the Telecoms Diversification Taskforce’s report and in it announced that the taskforce was now to transition into the Telecoms Supply Chain diversification advisory council, which came up earlier today. The Minister will recall that in response to a Written Question from me she said:

“The Advisory Council will play a key role in overseeing and offering scrutiny to the delivery of the 5G Supply Chain Diversification Strategy. We will also draw on the expertise of the Advisory Council for wider telecoms supply chain diversification issues beyond the RAN (Radio Access Network).”


That is all well and good. However—and this is the point that the amendment seeks to unravel—the Government have also announced that Mr Simon Blagden will be the new chair of this permanent council. Noble Lords will be aware that Mr Blagden was the non-executive director of Fujitsu UK during the Post Office scandal and has donated more than £215,000 to the Conservative Party.

As we have all discussed, diversification is inherently linked to security, so the new advisory council has to provide sound, expert advice that will secure our telecoms network, and we need confidence in that. The point I want to explore with the Minister, as she is already aware from Written Questions that I have submitted, is that the appointment of Mr Blagden raises a number of serious questions about the council’s independence and how the appointment will be able to benefit national security.

In addition to tabling Amendment 28, I have a number of questions to tease out all these points. It is also worth noting that in the past 24 hours there have been reports of a telecoms company, IX Wireless, having given—it has come to light through correct declarations of course—more than £20,000 to Conservative MPs, while the Secretary of State has given this same company glowing endorsement at a launch event, with a promotional film, which I have seen, showing him in his ministerial office with the executives of that company.

I should say to the Minister that it is a question not just of how things are but of how things look. Of course there will be facts on which I am sure the Minister can enlighten us. I have a number of questions in that regard for her relating to an inquiry about the appointment process that was in place for Mr Blagden. Who was involved and which Minister made the final decision? Will there be payment for Mr Blagden in his role as chair? How will the council give independent advice and what happens if Ministers reject that advice? Will there be security experts as members of the advisory council? What knowledge did Mr Blagden have of the faults with the Horizon system during his time at Fujitsu? Can the Minister confirm that Mr Blagden has no remaining financial interests in Fujitsu?

I know that the noble Baroness may not be in a position to answer those questions now. In which case, I hope that she will write to me before we go into the Summer Recess. I beg to move.

Lord Fox Portrait Lord Fox (LD)
- Hansard - - - Excerpts

Before I comment on that excellent speech from the noble Baroness, Lady Merron, I want to return to the answer that the Minister gave on the Newport Wafer Fab issue, which proves the point that we were making on the need for the ISC to be involved. Regarding the ISC issue, the Government furnished themselves with the National Security and Investment Act, which was supposed to deal with issues such as this. However, the Prime Minister has chosen to refer it back not to the people running that unit but to the National Security Adviser, which proves the point that someone with access to national security information is needed to make decisions of this nature, rather than an organisation that does not have access to the information. It absolutely proves the point that our amendment on the ISC is completely appropriate, just as it was appropriate for the BEIS analogue of what is happening here.

The noble Baroness, Lady Merron, made an excellent speech and I am not going to attempt to adorn it either with my normal flippancy or with detail. There is just one issue that I wish to raise regarding Simon Blagden. Are there any outstanding legal liabilities from his time at Fujitsu? In other words, has his activity been fully exonerated or is there potential legal recourse? Other than that, I echo the point that perception of these issues is as important as reality. If the Government continue to operate in a black-box way, everybody will assume that things are going on that they cannot see and that should not be happening. It is therefore in the Government’s interests to be transparent about how that person in particular was appointed and how the advisory council will operate.

--- Later in debate ---
For the reasons I have set out, I am not able to accept this amendment. I hope the noble Baroness will therefore agree to withdraw it.
Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

My Lords, I thank the Minister for her response. I will of course read it carefully so that I can again appreciate her answers to my various questions. There are some questions that I think are still outstanding, which also chime in with the question from the noble Lord, Lord Fox, regarding Mr Blagden’s links with Fujitsu and continuing potential issues in relation to that. I feel there are still some unanswered questions and would be grateful for a reply to those. I am absolutely sure that the Minister will write to me about those points.

I am grateful to the noble Lord, Lord Fox, for making the point, as I did, that there is reality and perception, and they both matter. There are clearly concerns about this appointment and about the need for assurance regarding security advice being impartial and appropriate. It is undoubtedly the case that sunlight is always the best disinfectant so, if there are any chinks of sunlight not yet coming through, I am sure that they will be forthcoming. With that, I beg leave to withdraw this amendment.

Amendment 28 withdrawn.
--- Later in debate ---
Lord Fox Portrait Lord Fox (LD)
- Hansard - - - Excerpts

I am moving this amendment on behalf of my noble friend Lord Clement-Jones, in whose name it is, who unfortunately could not come today. He figured that this would be taken on day three of the process, but we have got ahead of ourselves. I also thank the noble Earl, Lord Erroll, for his support for this amendment when he spoke to the second group. It is appreciated. I know that he has had to leave.

As Comms Council UK has pointed out, new Clause 105E is not the only new clause to give the Secretary of State extensive powers; there are others. New Clause 105Z1, for example, gives powers to the Secretary of State to outlaw the use of individual vendors, potentially with no parliamentary oversight, if the Secretary of State considers that it would be contrary to national security.

Clause 15 creates a scheme for dealing with particularly high-risk vendors by inserting new clauses into the Communications Act 2003. These empower the Secretary of State to give designated vendor directions where they consider it

“necessary in the interests of national security”

and the requirements imposed are

“proportionate to what is sought … by the direction.”

The designated vendor direction can impose wide-ranging requirements on providers on their use of

“goods, services or facilities … made available by a designated vendor specified in the direction.”

While vendors are entitled to notice of their designation if “reasonably practicable” to do so, they are not entitled to be consulted or informed of the reasons for the designation if the Secretary of State considers it contrary to national security. Vendors are also entitled to notice when directions are imposed on providers or when a designated vendor direction is revoked, but this right does not apply if the Secretary of State considers it contrary to national security.

The effect of all this is that, while a vendor may know of its designation, the providers with which it does business can have various restrictions imposed because of their relation to the designated vendor without the vendor knowing the reasons or possibly the existence of such directions. This is complicated but serious, and in several scenarios the vendors would have no real prospect of mounting any legal challenge, even under the closed material procedures provided for in the Justice and Security Act 2013.

Cutting to the chase, this amendment would give the Investigatory Powers Commissioner oversight of the power given to the Secretary of State in the Bill to outlaw the use of individual vendors. Without this, we are telling suppliers that they essentially have to operate without full legal protection. I cannot help thinking that this will discourage the future investment we need. I am interested to hear how the Government think they can mitigate an essentially Orwellian situation in which people find themselves in an adverse legal position but they do not know why, and sometimes they do not even know that they are there. I beg to move.

Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

My Lords, I thank the noble Lords, Lord Clement-Jones and Lord Fox, for tabling this amendment. I do not have too much to add to this brief and interesting debate, but I take the opportunity to thank the Constitution Committee for its report on the Bill.

At Second Reading the Minister said:

“Oversight of the Investigatory Powers Act regime by the Investigatory Powers Commissioner is considered appropriate because of the potential intrusion into the private lives of individuals as a result of the use of covert powers. The national security powers in this Bill are very different from those in the Investigatory Powers Act”.—[Official Report, 29/6/21; col. 747.]


However, she did not say why it would be wrong for the commissioner’s remit to change. This is the one point I put to the Minister, and it would be helpful to have a response.

Lord Parkinson of Whitley Bay Portrait Lord Parkinson of Whitley Bay (Con)
- Hansard - - - Excerpts

My Lords, I thank the noble Lords, Lord Fox and Lord Clement-Jones, for tabling this amendment. As the noble Lord, Lord Fox, says, the noble Lord, Lord Clement-Jones, is a victim of the speedy progress we have made in this Committee.

Like them, I recognise the importance of proper oversight and scrutiny in the use of the Bill’s powers. The amendment they tabled aims to give the Investigatory Powers Commissioner oversight of the Secretary of State’s power to issue designated vendor directions. The Bill already contains effective mechanisms for oversight of the Secretary of State’s use of those powers to give a designated vendor direction or designation notice. It requires the Secretary of State to lay copies of designation notices and designated vendor directions before Parliament. That will provide Parliament with the opportunity to scrutinise their use.

As the Committee has heard, on very rare occasions the Secretary of State may choose not to lay a designation notice or direction before Parliament because to do so would be contrary to the interests of national security. Where this is the case, the Digital, Culture, Media and Sport Select Committee will be able to view such directions and notices, so there will be oversight there.

On the legal point that the noble Lord, Lord Fox, raised, designated vendor directions and designation notices are subject to ordinary judicial review principles. The Secretary of State will issue designation notices and designated vendor directions only where they are necessary in the interests of national security and the requirements in the directions are proportionate.

The Investigatory Powers Act 2016 provides a frame- work for use by the security and intelligence agencies, law enforcement agencies and other public authorities to obtain communications and communications data. The role of the Investigatory Powers Commissioner is independently to oversee the use of these powers, ensuring that they are used in accordance with the law and in the public interest. The regime set out in the Investigatory Powers Act is not directly comparable with the new powers and framework set out by this Bill, as the noble Baroness, Lady Merron, noted. The reason for that is that oversight of activity by the Investigatory Powers Commissioner, as authorised by the Investigatory Powers Act, is considered appropriate because these powers often involve balancing important questions regarding the right to privacy.

The national security powers in this Bill are very different from those in the Investigatory Powers Act. They focus on protecting public telecommunications networks and services from the threats posed by high-risk vendors. That is different from questions about individual citizens, their communications and their communications data. That is why we respectfully disagree with the suggestion by the Constitution Committee of your Lordships’ House and feel that it would not be appropriate for the Investigatory Powers Commissioner to have an oversight role in respect of this Bill.

Briefly, that is why the Government disagree with this amendment and hope that the noble Lords, Lord Fox, will be content to withdraw it.

--- Later in debate ---
Lord Fox Portrait Lord Fox (LD)
- Hansard - - - Excerpts

We are down to the irreducible minimum. During my Second Reading speech, I asked the Minister about the range of technologies covered by the Bill. I do not recall getting a meaningful answer, so I thought I would try again using this as a probing amendment.

The noble Baroness, Lady Merron, talked about the creativity of your Lordships. I am now going to test your memory functions, which I know can sometimes be stretched in this House. I would like your Lordships to cast your minds back to 2003, the year when the Nokia 1100 mobile phone was introduced. Few noble Lords will remember the number, but most of you will remember the phone. It was an iconic phone that took over mobile telephony. For those who would like to see one, I have two and, for as long as 3G is available, they will continue to work. More than 250 million of these basic GSM phones were sold. It was the best-selling consumer electronics device in the world at that time—the state-of-the-art communications device—and was discontinued in 2009.

Meanwhile, at the same time, the Communications Act 2003 was introduced to regulate machines such as the Nokia 1100. This has not been discontinued but has enjoyed several patches along the way. As I have said, this is a probing amendment seeking to clarify the definition of “public electronic communications network” within the 2003 Act. I think you see what I have done; I have tried to illustrate that the world has changed a bit since 2003.

The amendment seeks to amend Section 151 of the Communications Act by adding a contemporary definition of the range of communication networks that increasingly have emerged since the Act was conceived, when Nokia ruled the roost. It would introduce a new clause to the Bill that would define the “public electronic communications network” as

“landline communications systems … mobile data, audio and video networks … digital surveillance networks … satellite delivered networks”.

My first question to the Minister is: in her opinion and that of the department, which of these categories is covered by the Bill and which is not? I also have some specific scenarios that I would like the Minister to consider. The noble Baroness, Lady Merron, will be pleased to note that they are focused on the consumer—an issue she addressed earlier in the week.

First, when broadband or 5G are delivered by satellite, whether by the BEIS-owned OneWeb or the Musk-owned SpaceX, to what extent is the satellite element covered by this legislation?

Secondly, when a facial recognition camera captures an image, sends that image to a database using a closed network and, in turn, contacts either a public sector or private sector operative via a smartphone, which part of this—if any—is covered by the legislation?

Thirdly, data is being relayed back and forth over smart speakers—Alexa and its, or her, colleagues—so do these transactions fall within the purview of the Communications Act or the Bill? For example, with smart speakers, does the Bill cover only the transmission and not the speaker itself? If that is true, what, if anything, covers the security integrity of the speaker and its software?

My fourth question concerns data travelling between smart meters, home thermostats, camera doorbells and the ever-increasing internet of things. How is their security and integrity protected by the Bill? If the answer is that they are not protected, where do these modern manifestations of communications fit in? How is the security of these things being protected for the consumers of today?

This is not just a piece of legislative housekeeping. The noble Lord, Lord Alton, raised other potentially risky companies in his speech on Amendment 1; at Second Reading I raised a range of other companies. I will not repeat them but they are in Hansard. These are just a few of the businesses involved in the sorts of activities that I have just outlined, so by understanding which activities are included in the Bill we may start to understand which companies and technologies it includes. It is about how satellites, cameras, smart speakers and the internet of things fit in the purview of what is now called communications. Times have changed since 2003. Can the Minister please update us? I beg to move.

Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

My Lords, I thank the noble Lords, Lord Fox, Lord Clement-Jones and Lord Alton, for tabling this amendment. The noble Lord, Lord Fox, has set out why they believe this definition of a public electronic communications network is needed. I also appreciated his reference to the importance of consumers, who, after all, are core in all our discussions.

It is important to hear from the Minister whether she believes that this definition is limiting for security purposes and what impact it would have. Perhaps she can advise on whether she feels that anything is missing which should be in there. Would this definition inhibit the future-proofing ability of the Bill? I look forward to hearing from the Minister.

Baroness Barran Portrait Baroness Barran (Con)
- Hansard - - - Excerpts

This amendment seeks to clarify the definition of a public electronic communications network contained within Section 151 of the Communications Act 2003. I thank the noble Lord, Lord Fox, for moving it. It aims to do this by including specific examples of networks and systems covered by that definition.

In response to the noble Lord’s first question, three of the suggested examples in the amendment are already covered by the current definition of public electronic communications network, to the extent that they are electronic communications networks

“provided wholly or mainly for the purpose of making electronic communications services available to members of the public”.

These three examples are: landline communication systems; mobile data, audio and video networks; and satellite-delivered networks.

However, as the noble Lord explained, the amendment also refers to “digital surveillance networks”. I understand that the noble Lord is referring principally to CCTV and other similar technologies of the kind used by law enforcement and local authorities for specific surveillance purposes. These types of technologies have been raised by a number of noble Lords in previous debates, including the noble Lords, Lord Alton and Lord Fox. Such closed networks do not fall within the definition of a public electronic communications network as set out in Section 151 of the Communications Act. That definition refers to an electronic communications network that is provided

“wholly or mainly for the purpose of making electronic communications services available to members of the public”.

I emphasise “wholly or mainly”, because the noble Lord gave examples of where services might be provided which could reach a member of the public, but not “wholly or mainly”.

The powers in the Bill are intended to create a stronger regulatory and legislative framework to protect against the security threats to our public electronic communications networks and services, such as those provided by companies such as BT and Vodafone. Public networks are those most widely used by businesses and the public and it is right that the Bill should focus on the protection of those networks. Furthermore, any change to the definition of public electronic communications networks to include CCTV and other similar networks to which the noble Lord referred would affect other sections of the Communications Act beyond those relating to security. That is because the current definition of a public electronic communications network is used across Chapter 1 of Part 2 of the Act, and not only in Sections 105A to 105D, which this Bill replaces.

The consequences of such a change would be wide-ranging. For example, Section 127 creates a criminal offence of improper use of public electronic communications networks, as defined by Section 151. If the definition changed, the scope of those caught by that offence would also change. It would also affect other legislation that makes reference to the Act’s definition, such as the Privacy and Electronic Communications (EC Directive) Regulations 2003 or the Insolvency Act 1986. Any such change to the definition would therefore have substantial unintended impacts for providers of digital surveillance networks and for many other entities, including Ofcom, of course.

The noble Lord also asked how the security of digital surveillance networks could be assured. There is of course already legislation and extensive guidance in place to assure security and prevent the abuse of information gathered by CCTV and surveillance camera networks. As noble Lords will be aware, the Information Commissioner’s Office is the UK’s independent regulator for data protection and is responsible for providing advice and guidance on compliance with the UK’s data protection laws. All organisations in the UK that process personal information must comply with the requirements of the UK General Data Protection Regulation and the Data Protection Act 2018. The Information Commissioner’s Office has issued a specific data protection code that provides recommendations on the use of CCTV systems to help organisations comply with the Data Protection Act.

The Information Commissioner’s Office’s code and the Data Protection Act ensure that any personal data gathered via CCTV and similar networks is kept confidential and subject to the highest protections, including secure encryption of data. Where closed networks, such as CCTV and other similar surveillance technology, are used by public bodies or within critical national infrastructure, there are specific arrangements in place. Lead government departments, advisory partners —including the National Cyber Security Centre—and regulators work with infrastructure owners and operators to manage and mitigate the risk of security issues. There are, therefore, already adequate measures in place regarding safe deployment of CCTV and other similar surveillance technologies within the UK. Indeed, we are strengthening the actions we can take in this area.

Telecommunications (Security) Bill

Baroness Merron Excerpts
Lord Alton of Liverpool Portrait Lord Alton of Liverpool (CB)
- Hansard - - - Excerpts

My Lords, the amendment just moved by the noble Lord, Lord Fox, is about transparency, accountability and parliamentary scrutiny. It puts Parliament into the driving seat. It deserves the support of the whole House, and I hope we will give it.

Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

My Lords, as we start Report, I welcome the noble Lord, Lord Parkinson, to his new ministerial role. I am sure we all look forward to working with him.

I remind the House that national security must be the first duty of any Government, which is why we welcome the intention behind the Bill. As we have said repeatedly throughout the passage of the Bill, we believe that there are a number of issues with the Bill that need to be addressed, including parliamentary oversight of the new powers, which this group focuses on. As Comms Council UK said, the Bill represents an

“unprecedented shift of power from Parliament to the Minister in relation to how telecoms networks operate”

and that

“the Minister will be able to unilaterally make decisions that impact the technical operation and direction of technology companies, with little or no oversight or accountability.”

With reference to Amendment 1, I shall not repeat the arguments made by the noble Lord, Lord Fox. Suffice it to say that we on these Benches appreciate and wish to stress the importance of parliamentary scrutiny, which we have stressed throughout the passage of the Bill.

I thank the Minister for tabling Amendments 3, 4 and 5. They are very similar to our Front-Bench amendments in Committee and reflect a key recommendation from the Delegated Powers Committee. I thank the former Minister, the noble Baroness, Lady Barran, for her work on these amendments. As noble Lords will remember, the Delegated Powers Committee called the powers in Clause 3 unacceptable and called for the negative procedure for the new telecoms security codes of practice. This important change from the Government ensures adequate parliamentary scrutiny, which is a welcome step forward.

Lord Parkinson of Whitley Bay Portrait The Parliamentary Under-Secretary of State, Department for Digital, Culture, Media and Sport (Lord Parkinson of Whitley Bay) (Con)
- Hansard - - - Excerpts

My Lords, I thank the noble Lords, Lord Clement-Jones and Lord Fox, for the amendment standing in their names, and I thank the noble Baroness for welcoming me to the Dispatch Box in my new role.

The question underlying this group is whether the new telecoms security framework will have proper scrutiny. Noble Lords have proposed ways to strengthen that scrutiny throughout the passage of the Bill and your Lordships’ Constitution Committee and Delegated Powers and Regulatory Reform Committee have made their own recommendations, and I thank those committees for their work.

In Committee, the noble Lord, Lord Clement-Jones, invited the Government to make a trade-off, a choice, in his words, between

“a loose definition of ‘security compromise’”

and

“a very tight way of agreeing the codes of practice.”—[Official Report, 13/7/21; col. GC 487.]

With that in mind, I turn first to Amendments 3, 4 and 5 in my name—although I should stress, as the noble Baroness, Lady Merron, kindly did, that they also represent the work of my predecessor, my noble friend Lady Barran. We both listened to the arguments put forward in Committee and these amendments represent her views as well as mine.

We have carefully considered the concerns raised and, as the noble Lord, Lord Clement-Jones, invited us to do, we have proposed how to make that trade-off. The government amendments we have brought forward today affect Clause 3. It provides the Secretary of State with the power to issue and revise codes of practice. The code of practice is a fundamental building block of the new telecoms security framework as it will contain specific information on how telecoms providers can meet their legal duties under any regulations made by the Secretary of State.

In its report on the Bill, the DPRRC noted the centrality of codes of practice to the new telecoms security framework. The committee drew attention to the statutory effects of codes of practice and their role in Ofcom’s regulatory oversight, and because of those factors, the committee recommended that the negative procedure should be applied to the issuing of codes of practice. The noble Baroness, Lady Merron, tabled amendments in Committee to implement that recommendation. We are happy to do that. Our amendments today require the Government to lay a draft of any code of practice before Parliament for 40 days. Your Lordships’ House and the other place will then have that period of time to scrutinise a code of practice before it is issued.

We think that these changes strike the balance that noble Lords have called for today and in previous stages. I hope these government amendments demonstrate that we have listened and are committed to appropriate parliamentary scrutiny across all aspects of the framework.

Amendment 1, tabled by the noble Lords, Lord Fox and Lord Clement-Jones, would apply the affirmative procedure to regulations made under new Section 105B in Clause 1. It would require the regulations to be laid in Parliament in draft and subject to a debate and vote in both Houses.

I share the noble Lords’ desire, echoed by the noble Lord, Lord Alton of Liverpool, to ensure that Parliament has a full and effective scrutiny role in this Bill, but I fear we disagree on the best way to achieve it. The only powers in the Bill that are subject to the affirmative procedure are delegated, or Henry VIII, powers that enable the amendment of penalty amounts set out in primary legislation. The Bill currently provides for the negative procedure to be used when laying the statutory instrument containing the regulations.

In the context of these new powers, the use of the negative procedure is appropriate for three reasons. First, Parliament will have had to approve the clauses in the Bill that determine the scope of regulations—Clauses 1 and 2—and the regulations will not amend primary legislation. Secondly, evolving technology and threat landscapes mean that the technical detail in regulations will need to be updated in a timely fashion to protect our networks. Thirdly and finally, as I noted in Committee, the negative procedure is the standard procedure for instruments under Section 402 of the Communications Act. The negative procedure delivers the right balance between a nimble parliamentary procedure and putting appropriate and proportionate measures in place effectively and efficiently to secure our networks.

The two noble Lords will also be aware that the changes they propose in their amendment are not ones that the Delegated Powers and Regulatory Reform Committee made. I accept that they are keen to explore avenues for scrutiny of this framework, but that committee made its recommendation for increasing the scrutiny of this regime, and the Government have brought forward our amendments to accept it. For these reasons, we are not able to accept the noble Lords’ Amendment 1. I hope that they will be content with what we have proposed in our amendment, and may be minded to withdraw theirs.

In conclusion, the Government were asked to make a trade-off. Through the passage of this Bill, we have been invited to provide greater opportunities for Parliament to scrutinise this regime. We have listened to those concerns and we have brought forward an answer. We feel that our amendments maintain our flexibility to adapt to an ever-changing technology environment and give your Lordships’ House and the other place a greater say in its operation, so I invite the noble Lord to withdraw the amendment.

--- Later in debate ---
Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- Hansard - - - Excerpts

My Lords, in moving Amendment 2 I will speak to Amendment 7. I add my welcome to both the Minister and the noble Lord, Lord Sharpe, in their new roles.

The Minister has now accepted in his Amendment 3 that there needs to be greater parliamentary scrutiny of codes of practice. I welcome that; I am just sad that Amendment 1 did not squeak through. However, he has not accepted the need for greater technical scrutiny of these codes. As the Minister’s predecessor, the noble Baroness, Lady Barran, said in Committee,

“the whole purpose of the regulations was to specify in greater detail what the duties of providers would be.”

Likewise, she said:

“The codes of practice will provide technical guidance to assist public telecoms providers in meeting their legal obligations.”—[Official Report, 13/7/21; cols. GC 488-93.]


However, as the industry has pointed out, there are no clear mechanisms for technical feedback or expertise to be fed into the drafting of the regulations and codes of practice.

The Minister dealt with these amendments himself in Committee. On the Clause 2 regulations, he assured us:

“Advice to the Secretary of State could”—


I emphasise “could”—

“also include relevant representations by public telecoms providers … DCMS continues routinely to engage with telecoms providers about this Bill and telecoms security more widely.”

He also said that

“Clause 3 requires that any codes of practice are finalised only after consultation with affected providers.”—[Official Report, 13/7/21; col. GC 499.]

Again, he gave no assurance of exactly with whom and how the consultation will take place, and he did not explain why he thought that a specific technical advisory board set up under this Bill was not appropriate. For that reason I have no hesitation in retabling these amendments for further consideration on Report.

As the noble Baroness, Lady Merron, pointed out in Committee, there is good precedent in the Investigatory Powers Act 2016, which

“established a Technical Advisory Board to advise the Home Secretary on the reasonableness of obligations imposed on communications providers.”—[Official Report, 13/7/21; col. GC 462.]

The judicial commissioners set up under that Act could be deployed under this Bill.

This is an opportunity for the Minister to demonstrate a much firmer and more inclusive approach to technical consultation. I hope that he will accept this amendment. I beg to move.

Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

My Lords, I thank the noble Lord, Lord Clement-Jones, for tabling Amendments 2 and 7 again on Report. I will not take up much time discussing them, not least because the Labour Front Bench tabled similar amendments in Committee better to understand what advice the Secretary of State will receive and where it will come from when making regulations under Clause 2. As the noble Lord said, we must ensure that the Secretary of State receives advice from the best experts, not just those who support the Government.

As the former Minister, the noble Baroness, Lady Barran, focused only on the incompatibility of a similar board set up by the Investigatory Powers Act, can the Minister today simply answer this question: without such a board, where will the Secretary of State receive advice, and from whom?

Lord Parkinson of Whitley Bay Portrait Lord Parkinson of Whitley Bay (Con)
- Hansard - - - Excerpts

I thank the noble Lord, Lord Clement-Jones, for his welcome, and both him and the noble Lord, Lord Fox, for retabling these amendments. We share the noble Lords’ ambition in this area. We also want to ensure that the telecoms security framework is informed by world-leading expertise, and that all those affected by the framework have appropriate mechanisms to shape it. The noble Lords’ amendments seek to establish a technical advisory board to advise the Secretary of State on matters of telecoms security. They also state that the Secretary of State should give due consideration to this new board’s advice, and that of a judicial commissioner, before making regulations or codes of practice.

I agree with the noble Lords on the importance of the Secretary of State having access to expert advice in the exercising of these new powers. I hope I can reassure them that she can already call upon sufficient advice through existing structures, and that I can demonstrate why, as we have explained previously, these amendments are not necessary, while giving the greater detail that the noble Lord asked for.

It is worth emphasising the level of expertise that DCMS itself retains, both on the telecoms sector and on security policy. DCMS is the lead Government department for the telecoms sector and has telecoms experts embedded in it. The department has established security and resilience teams with suitably cleared individuals, including people with substantial experience in national security. More widely, the department has established procedures through which it can draw upon further expertise across government and industry. Inside government, for example, the National Cyber Security Centre undertakes regular risk assessments of current and emerging threats, and those assessments are used to inform government policy. Regulations and the code of practice made through this Bill will be informed by the NCSC’s assessments. The Government also have fora in which they discuss emerging threats and new technological developments with the industry. The NCSC’s information exchange is one example. This is a trusted community of security professionals from across the telecoms sector who come together on a quarterly basis to discuss and share information on security issues and concerns.

The noble Lord’s amendment also calls for the new board and the judicial commissioner to be consulted before the establishment of new regulations and codes of practice. We share the noble Lord’s view on the importance of consultation. That is why the Bill is clear that any code of practice must be consulted on before it is introduced. However, we still differ in our opinions on who should be consulted. The consultation requirement in the Bill will enable those directly affected by the code of practice, as well as those with an interest in it, to comment and raise concerns without the need for a technical advisory board to be established. Of course, if your Lordships’ House supports the government amendments today, the code of practice itself will be subject to scrutiny both in your Lordships’ House and in another place. Furthermore, we published an illustrative draft of the regulations in January for the purpose of early engagement with the industry, and the feedback it has provided has been invaluable in our development of the policy. We continue to engage regularly and closely with public telecoms providers and trade bodies, ensuring that any concerns are effectively communicated to us. I remind noble Lords that the Secretary of State can make these regulations and measures in a code of practice only where she actively considers that the measures are appropriate and proportionate under the wording of new subsections 105D(2) and 105D(4).

To conclude, I thank the noble Lords for bringing their amendment back. As I have said, I share their ambition to create a robust, well-informed and evidence-led framework for telecoms security. We believe that we already undertake extensive engagement with the affected groups and bodies. The Bill sets out consultation requirements but even if it did not, the Government have strong relationships with those in the sector and would continue to seek their input. That is where the advice referred to by the noble Baroness, Lady Merron, would come from, as well as from across government, the NCSC and others I have mentioned. For the reasons I have set out, we are not able to accept this amendment and I hope the noble Lord will therefore withdraw it.

--- Later in debate ---
Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- Hansard - - - Excerpts

My Lords, a lack of oversight has been a persistent theme through the passage of this Bill. Included within that is judicial oversight and the fact that under Clause 13 any appeal to the Competition Appeal Tribunal cannot take account of the merits of a case against the Secretary of State. The rationale for this, as the Constitution Committee said in its report,

“is unclear and is not justified in the Explanatory Notes.”

It further said:

“The House may wish to ask the Government to justify reducing the powers of the Competition Appeal Tribunal in respect of appeals under clause 13.”


The clause reverses the Competition Appeal Tribunal’s TalkTalk Telecom Group plc and Vodafone Limited v Office of Communications decision, which addresses, inter alia, the standard of review on an appeal to the Competition Appeal Tribunal under Section 192 of the Communications Act.

The Minister’s predecessor, the noble Baroness, Lady Barran, said in Committee in response to the Clause 13 stand part debate:

“It merely changes the standard to which they will be reviewed. Having these cases reviewed on ordinary judicial review principles, rather than taking account of the merits of the case, aims to ensure a smooth regulatory process that focuses on fair decision-making … this should reduce any incentives for providers to litigate solely for the purpose of delaying the regulatory process.”


Note the word “merely”. This is very much for the Government’s convenience. She continued:

“It is particularly important, given that these decisions relate to the security of a provider’s network, that decisions can be addressed swiftly, and providers can get back to the important work of ensuring that their networks are secure.”


This nevertheless tries to give the impression that this is for the benefit of the providers. The noble Baroness then said that:

“Clause 13 applies to appeals only against relevant security decisions … The Government consider this approach to be appropriate to ensure that Ofcom’s regulatory decisions can only be successfully challenged when they are, broadly speaking, unlawful, irrational or procedurally unfair. By reducing providers’ incentives to litigate to delay regulatory action, the provisions in the clause contribute to Ofcom’s effectiveness as a regulator.”—[Official Report, 13/7/21; cols. GC 516-17.]


Surely in these circumstances, particularly on security, the merits of security decisions are particularly important and this is the legislative equivalent of the Government marking their own homework—or perhaps I should say making it much more difficult for it to be marked. I beg to move.

Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

My Lords, I thank the noble Lords, Lord Clement-Jones and Lord Fox, for tabling this amendment and the noble Lord, Lord Clement-Jones, for his remarks. It certainly is key that Ofcom is able to do the job that it has been entrusted to do. On the matter of providers, I would say that their primary duty has to be to ensure that the networks are secure. We should expect no less from them. I will be very interested to hear how the Minister responds to the points that have been made in respect of this amendment.

Lord Parkinson of Whitley Bay Portrait Lord Parkinson of Whitley Bay (Con)
- Hansard - - - Excerpts

I thank the noble Lords, Lord Clement-Jones and Lord Fox, for tabling this amendment to Clause 13. I know the noble Lord, Lord Clement-Jones, in particular, has taken a keen interest in this area, not just in this Bill but in previous ones as well. I am grateful for the way that he set out the debate again today.

Clause 13 makes provision to ensure that the Competition Appeal Tribunal applies ordinary judicial review principles to appeals against certain security decisions made by Ofcom. Under such principles, those decisions can be successfully challenged only where they are unlawful, irrational or procedurally unfair. In setting the standard of appeal in this legislation, we must find a balance between giving telecoms providers a way to challenge Ofcom’s decisions should they be unfair and ensuring that the regulatory regime is effective and efficient.

Ofcom, as an experienced telecoms regulator, believes that changing the standard of appeal to judicial review principles for certain security decisions has the potential to make the regulatory process quicker and more efficient. The Government agree. We want to avoid either Ofcom or telecoms providers spending months in court.

It was never the intention of Parliament to set the standard of appeal, as it is now, to

“duly take into account the merits of the case”,

as this was dictated by EU law. In 2017 the Government changed the standard of appeal for reviewing decisions by Ofcom from a full merits approach to ordinary judicial review principles via Section 87 of the Digital Economy Act, as the noble Lord, Lord Clement-Jones, will well remember.

However, as EU law continued to apply, the Competition Appeal Tribunal subsequently decided that it had to apply a modified approach to

“duly take into account the merits of the case”.

In essence, this has prevented the provision in the Digital Economy Act, which had been approved by Parliament, taking effect. That rather unhappy outcome would continue to be the case for certain security decisions under the Bill should this clause not stand.

To be clear, Clause 13 applies the judicial review standard only to decisions such as those relating to the issuing of an assessment notice, which should be routine and quickly handled rather than being continuously delayed. It is not being applied to decisions about penalties such as those under Section 105T. Public telecoms providers will still be able to appeal those decisions as they do now, and the tribunal will

“duly take into account the merits of the case”.

Ultimately, we want public telecoms providers to spend their time addressing the security of the network. We do not want them to attempt indefinitely to delay an Ofcom decision by bringing cases against the regulator that do not stack up. We are not breaking new ground by changing to this standard of appeal. Judicial review principles are the normal standard by which most decisions of government and public bodies are legally reviewed.

Parliament has already decided that the standard of appeal for similar decisions under the Network and Information Systems Regulations 2018 should be ordinary judicial review principles. That is consistent with our policy approach in this Bill. Therefore, the Government feel that Clause 13 should stand part of this Bill as it will contribute to the efficiency of the regime and ensure that regulatory decisions are not unduly delayed. It will also ensure legislative consistency. I hope that reassures the noble Lord and that he will be content to withdraw his objection to this clause.

--- Later in debate ---
Moved by
8: After Clause 23, insert the following new Clause—
“Network diversification
(1) The Secretary of State must publish an annual report on the impact of progress of the diversification of the telecommunications supply chain on the security of public electronic communication networks and services.(2) The report required by subsection (1) must include an assessment of the effect on the security of those networks and services of—(a) progress in network diversification set against the most recent telecommunications diversification strategy presented to Parliament by the Secretary of State;(b) likely changes in ownership or trading position of existing market players;(c) changes to the diversity of the supply chain for network equipment;(d) new areas of market consolidation and diversification risk including the cloud computing sector;(e) progress made in any aspects of the implementation of the diversification strategy not covered by paragraph (a);(f) the public funding which is available for diversification.(3) The Secretary of State must lay the report before Parliament.(4) A Minister of the Crown must, not later than two months after the report has been laid before Parliament, move a motion in the House of Commons in relation to the report.”Member’s explanatory statement
This new Clause requires the Secretary of State to report on the impact of the Government’s diversification strategy on the security of telecommunication networks and services, and allows for a debate in the House of Commons on the report.
Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

My Lords, Amendment 8 is in my name. I am grateful to the noble Lords, Lord Fox and Lord Alton, for their support. It is, of course, the same as Amendment 24 that we saw in Committee, which requires that network diversification is reported on annually.

As we heard in Committee, there is wide cross-party support for the principle that our networks will not be secure if the supply chain is not diversified. For me, this is at the very heart of the Bill and what it should seek to address. Unfortunately, we still have a Bill that seeks to secure telecoms security yet seems to think it is possible to be silent on diversification. Even though the former Minister said in Committee that

“diversification is designed to enhance security and resilience”,—[Official Report, 15/7/21; col. GC 551.]

the Government have said that this amendment is not appropriate. The importance of the amendment could not be clearer. I remind noble Lords that, once Huawei is removed, the UK will be left with effectively only two service providers. This is a matter of the highest concern. We need and must have a diversified supply chain. That means diversity of supply at different points in the supply chain and that different networks do not all share the same vulnerabilities of a particular supplier. This is absolutely crucial for network resilience. It will also support British companies and grow British jobs.

If the Government fail to amend the Bill on this point by accepting this amendment, they are putting our national security at risk. Therefore, I will listen closely to the reply from the Minister, but I must stress that I am minded to test the opinion of this House on this matter. I beg to move.

Lord Alton of Liverpool Portrait Lord Alton of Liverpool (CB)
- Hansard - - - Excerpts

My Lords, it is a great pleasure to follow the noble Baroness, Lady Merron. Like other noble Lords, I was remiss in not welcoming the noble Lord, Lord Parkinson of Whitley Bay, to his new role earlier on. I think that is because we have all been so familiar with seeing his face throughout the proceedings on this Bill and many others. It is a great pleasure to see him in his new role.

The Government should be convinced by the arguments that the noble Baroness, Lady Merron, just advanced, simply because of what their own advisers have told them: the lack of diversification constitutes

“an intolerable security and resilience risk.”

There was widespread agreement in Committee and elsewhere about that.

I draw the Minister’s attention to the as-yet undebated report of the International Relations and Defence Committee, on which I have the privilege to serve. The report, titled The UK and China’s Security and Trade Relationship: A Strategic Void, was published on 10 September. It refers specifically to the supply chain vulnerability measures in this Bill, but says that

“such vulnerabilities are widespread in the economy.”

It continues:

“In order to retain its freedom of action towards China, the Government should conduct scenario planning on supply chain vulnerabilities and identify where action is needed to mitigate the risks.”


This amendment would give the opportunity for such discussion to take place in the House of Commons. We have to think about only the case of Newport Wafer Fab to see its importance. This was a deal of £63 million regarding the UK’s largest producer of silicon chips, which are vital in products from TVs and mobile phones to cars and games consoles. As we learned in Committee, a group of UK companies has now stepped up to the plate and hopes to acquire Newport Wafer Fab. When the Minister replies, I would be most appreciative if he would say what progress has been made on that.

--- Later in debate ---
Lord Parkinson of Whitley Bay Portrait Lord Parkinson of Whitley Bay (Con)
- Hansard - - - Excerpts

I thank the noble Baroness and the noble Lords, Lord Alton of Liverpool and Lord Fox, for tabling and signing this amendment relating to telecoms diversification. I hope that, during my remarks, I can convince them and other noble Lords that the Bill is not the right place for this amendment for two reasons: first, diversification extends well beyond the security focus of the Bill; and, secondly, legislating for a reporting requirement would be limiting and inflexible as our diversification work evolves. I will also outline the progress made against the diversification strategy, in both government policy and industry outcomes, to seek to reassure noble Lords that progress is being made in this important area.

The Bill will create one of the toughest telecoms security regimes in the world. It will protect our networks even as technologies evolve, future-proofing our critical national infrastructure. Throughout the passage of the Bill, there has been a great deal of debate about how diversification can help to support more secure and resilient telecoms infrastructure. While our work on diversification is intended to support our security and resilience ambitions, not all diversification is necessarily relevant to security and resilience.

The telecoms diversification work that the Government are undertaking moves the market forward by broadening the supplier base in many ways which fall beyond pure security measures; these include boosting quality, innovation, competition and choice within our critical networks. It is for this reason that we have consistently argued that it would be limiting for our 5G diversification strategy to appear on the face of this Bill. Legislating for a reporting element within the Bill, by the same token, would also be restrictive.

Furthermore, as the market and technology evolve, our desired outcomes and areas of focus will evolve too. For example, in the short term, a successful outcome could be a third major vendor in the mobile market. However, once open radio access networks are ready for deployment at scale in urban areas, our measure of success might be the level of interoperability within our networks.

At the moment, we are focusing efforts on diversifying the radio access network, which is where the most critical security and resilience risks are found. In future, a focus on other elements of telecoms infrastructure, including fixed networks, will be necessary to ensure all risks to the ways in which we communicate are tackled. Committing to reporting on specific criteria would limit us to reporting against the risks as we find them today; it would not afford us the flexibility that diversification requires.

While the Government cannot accept this amendment, I hope to reassure noble Lords that our work on diversification progresses—and at pace. The Government’s plans to diversify the market were set out in the 5G Supply Chain Diversification Strategy, which was published in November last year. We also established a diversification taskforce, chaired by my noble friend Lord Livingston of Parkhead, who of course has a wealth of experience in this field having served as the chief executive for BT Group. The taskforce’s role is to provide expert advice to the Government on this important agenda.

The taskforce set out its recommendations in the spring and many of its members have agreed to continue providing expertise as part of the Telecoms Supply Chain Diversification Advisory Council, which had its first meeting last month. Work is already underway to implement many of the taskforce’s recommendations and good progress has been made on the priorities set out in the strategy. For example, research and development was highlighted as a key area of focus, in order to promote open interface technologies that will establish flexibility in the market and allow a range of new, smaller suppliers to compete in a diverse marketplace.

That is why DCMS was delighted to announce the launch of the future radio access network competition on 2 July. Through this competition, up to £30 million will be invested in open RAN R&D projects across the UK to address barriers to high-performance open deployments. This competition is part of a wider programme of government initiatives to foster an open, disaggregated network ecosystem in the UK. This includes the Smart Radio Access Network Open Network Interoperability Centre—or SONIC Labs—a facility for testing interoperability and integration of open networking solutions, which opened in June. A number of leading telecoms suppliers are already working together through this facility.

The Government also continue to work with mobile operators, suppliers and users on a number of other important enablers for diversification, for example by developing a road map for the long-term use and provision of legacy network services, expected to be announced later this year. Alongside this, the Government have led efforts to engage with some of our closest international partners, through both multilateral and bilateral mechanisms, to build international consensus on this important issue. Through the UK’s G7 presidency, the Government made the first step in discussing the importance of secure and diverse supply chains among like-minded partners, and the foundational role that telecommunications infrastructure such as 5G plays in underpinning wider digital and technology infrastructure.

We have also seen movement in the market towards diversification objectives. The industry has taken steps to adopt open radio access networks, such as the European memorandum of understanding, co-signed by Telefónica and Vodafone. Furthermore, organisations such as Airspan, Mavenir, NEC and Vodafone have now announced UK-based open radio access network facilities. This demonstrates that the industry is working alongside the Government here in the UK to drive forward the change needed in the sector. That was further evidenced in Vodafone’s commitment to deploy 2,500 open radio access network sites using equipment provided by leading suppliers, including Samsung and NEC. This is the largest deployment of its kind anywhere in Europe and an important first step in delivering the goal of more open networks.

These commitments show a genuine and significant change in the diversification of our mobile networks. I hope they also demonstrate why placing strict legislative reporting requirements on this area of work would be premature. We are at a point of rapid exploration and experimentation in this work, and I hope that noble Lords would not want to inhibit that work before it has had time to mature.

The noble Lord, Lord Alton of Liverpool, asked about the committee report. It will not fall to me to respond to that report, as I perhaps would have done in my previous role as a Whip covering the Foreign Office, among other departments. We will, of course, reply to it in full in due course. He also asked about Newport Wafer Fab. As I am sure noble Lords will appreciate, I am not able to comment on the detail of commercial transactions or of any national security assessments on a particular case. We will continue to monitor the situation closely and, as part of this, the Prime Minister has asked the National Security Adviser to review this case. Separately, work is under way to review the wider semiconductor landscape in the United Kingdom. The National Security Adviser’s review is ongoing, drawing on expertise from across government as necessary. We will continue to monitor the situation closely and will not hesitate to take further action if needed. The Government are, of course, committed to the semiconductor sector and the vital role it plays in the UK’s economy.

For the reasons that I have set out, therefore, I am not able to accept this amendment. I hope noble Lords have been reassured by what I said, and that the noble Baroness will withdraw her amendment.

Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

My Lords, I thank the Minister for his reply. I am, of course, disappointed that the Minister cannot see that this amendment seeks to strengthen the Bill. It gives the Government an opportunity to showcase all the things of which the Minister has apprised the House. It is important to look at this proposed new clause. It would require the Secretary of State to report on the impact of the diversification strategy, something of which the Government are proud, and it allows for a parliamentary debate, something I would have hoped the Government would welcome, but this is clearly not the case.

As the noble Lords, Lord Fox and Lord Alton, have indicated, the absence so far of an effective plan to diversify the supply chain is what makes us concerned about security in this country. The Bill is the opportunity to put that right. Therefore, I feel it is only right and proper, in the interests of the security of the country, that we press this matter to a vote and test the opinion of the House.

Telecommunications (Security) Bill

Baroness Merron Excerpts
Lord Parkinson of Whitley Bay Portrait The Parliamentary Under-Secretary of State, Department for Digital, Culture, Media and Sport (Lord Parkinson of Whitley Bay) (Con)
- Hansard - - - Excerpts

My Lords, I thank noble Lords from all sides of the House who have contributed to our debates during the passage of this Bill so far. Although that journey is not complete, their work has certainly helped us to interrogate the Bill and improve it. In particular, I would like to use this opportunity to thank my noble friend Lady Barran, who so expertly guided the Bill up to Committee; I was pleased to hear the tributes and thanks to her on Report a few days ago.

Throughout the passage of the Bill, the noble Baroness, Lady Merron, and the noble Lord, Lord Coaker, have helpfully challenged the Government’s approach from the Opposition Front Bench. I thank them for the constructive way they have done so and for their diligent approach, along with the noble Lords, Lord Fox and Lord Clement-Jones, from the Liberal Democrat Benches, who have also applied keen-eyed scrutiny throughout the Bill’s passage so far. Although we have not always agreed on the fine detail, it is clear that we all share the same ambition: to keep our telecoms networks secure.

I also thank my noble friends on these Benches, particularly my noble friends Lady Morgan of Coates, Lord Vaizey of Didcot, Lord Holmes of Richmond, Lord Young of Cookham, Lady Stroud, Lord Balfe and Lord Naseby for their contributions. The scrutiny that has been applied has already resulted in legislation that will allow the UK to protect our telecoms networks for years to come. It would be remiss of me not to extend my thanks also to parliamentary counsel for their usual brilliance in drafting the Bill, and to the House authorities for ensuring that the parliamentary stages could take place so seamlessly, including during the challenging circumstances of recent months.

I close by thanking the officials within my department, most of whom have been working on this Bill for well over a year now. Their knowledge, organisation and patience has allowed me, and I hope all noble Lords, to understand and scrutinise with relative ease what is a technical but very important Bill. It is a large Bill team and I make no apology for listing their names; it illustrates the breadth of work that has gone into what is quite a technical Bill. I thank Kathryn Roe, John Peart, Byron Grant, Thea Macdonald, Euan Onslow, Alex Walford, Malcolm Campbell, Dan Tor, Rosemary Buckland, Chris Frampton, Charlotte Carew, Will Jones, Yohance Drayton, and our lawyers, Sean Murray, Martha Hartridge, Simon Gomes, Luke Emmons, Richard Lancaster, May Wong, Harriet Preedy, Julia Clayson, Sean Wilson and Matthew Smith. All of them have supported the passage of this Bill excellently.

As my predecessor said at Second Reading:

“The Bill will … protect our telecoms networks even as technologies grow and evolve, shielding our critical national infrastructure both now and for the future.”—[Official Report, 29/6/21; col. 707.]


I am encouraged that your Lordships’ House agrees that the Bill will achieve this, and I beg to move.

Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

My Lords, this has been my first Bill since I joined your Lordships’ House a little over six months ago. Some would say that I was thrown in at the deep end but in my view, I was simply given the opportunity to swim in rather warm and pleasant parliamentary waters. It has been fascinating and enjoyable and I am very glad that my first Bill has been such an important one for the security of the nation.

The Minister has of course been a constant throughout consideration of this Bill, and we saw his worth recognised as he was promoted from the important role of Whip to the Minister tasked with bringing the Bill home. I thank him for the courteous and professional manner in which he has conducted himself throughout, and I also express my thanks to the former Minister, the noble Baroness, Lady Barran. From these Benches, we also express our gratitude to the Bill team, the clerks, the staff of the House—indeed, all those who have worked front of house as well as behind the scenes to make this Bill possible.

Throughout, it has been my pleasure to work with my noble friend Lord Coaker, who has brought his valuable experience and knowledge to proceedings. We have been blessed to have the highly professional support of Dan Harris, our excellent adviser who has guided and advised us throughout, to whom we express our thanks. Her Majesty’s Opposition strongly believe that our nation’s security is above party politics, and I thank all noble Peers who have worked cross party on this Bill.

New technologies have long transformed how we work, live and, of course, travel. Our experiences during the pandemic have upped the ante on the degree to which we rely on telecommunications networks. At the same time, it has reinforced how intertwined these networks are with issues of national security, including the top priority of any Government: to protect its citizens from risk. This Bill is a necessary step to protect us.

I am very glad to welcome the Government’s acceptance of our arguments that codes of practice, to be issued by the Secretary of State to telecoms providers, must first come before Parliament. However, the Bill raised key questions and concerns, especially given the absence of an effective plan to diversify the supply chain and in respect of our telecom security depending on strengthening our international bonds, in particular through the Five Eyes, involving the UK, the United States, Australia, Canada and New Zealand. I thank the noble Lord, Lord Alton, for his work on that issue.

I hope that the other place will give sympathetic consideration to the changes we have made on both those matters, and that the Minister will recognise that the amendments passed by your Lordships’ House make serious and important improvements to the Bill and have widespread support across the Chamber. My concluding wish for this Bill is that the Government will reflect and feel able to support these improvements to the Bill and the security they provide.

Lord Fox Portrait Lord Fox (LD)
- Hansard - - - Excerpts

My Lords, as the Minister said, this Bill entered the other place a year ago. It has variously been urgent, in the long grass, urgent again and now quite close to passing. I will not delay its passage many more seconds. I have shelved my inner churl, but I absolutely sign up to the comments of the noble Baroness, Lady Merron. There are outstanding issues that your Lordships commented on and put into the Bill as amendments that I hope can be picked up. I hope that when this Bill is finally put to bed, it really does protect the security of this country, and we will work, on these Benches, to help make that happen. There is a lot of unfinished business in this area. I fear that the Minister himself, or one of his successors, may very well be bringing other Bills before your Lordships quite soon.

I thank the Ministers, first the noble Baroness, Lady Barran, and then the noble Lord, Lord Parkinson, for their work and their willingness to communicate with those of us who were seeking to scrutinise this Bill. I join the noble Lord in congratulating the DCMS Bill team, and I hope he did not leave anybody out. I congratulate the noble Baroness, Lady Merron, and the noble Lord, Lord Coaker, on their legislative debuts. I also thank the noble Lord, Lord Alton, for his spirited, highly principled and really important, contributions on the Bill.

Finally, I thank my noble friends Lord Clement-Jones and Lady Northover, without whom this scrutiny would not have been complete, and Sarah Pughe, our legislative officer, for her invaluable support. With that, we wish this Bill onwards, with speed and effectiveness, because it has a very important job to do.

Telecommunications (Security) Bill

Baroness Merron Excerpts
Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- Hansard - - - Excerpts

My Lords, I hope my noble friend Lord Fox has given his apologies to the Minister for being unable to be here due to a Select Committee engagement. However, that does not mean that on these Benches we are any less disappointed—or indignant, as I think my noble friend Lord Fox would put it—about the Government having turned down both amendments, which my noble friend signed. The Minister is developing a fine turn of phrase in turning down amendments that appear perfectly sensible. On Report he talked about sharing the ambition and warmly welcoming the intent and then said that they did not quite fit the Bill and the Government could not accept these amendments. It is rather baffling since both are built very firmly on the Government’s expressed intentions —indeed, ambitions—set out in the integrated review. That was very clear in our debates on Report. It seems that the Government’s motives are much more firmly based on resistance to scrutiny and the idea that, somehow, they would be constrained in their work on diversification by having to report, in the case of Lords Amendment 4. However, the words he used were:

“legislating for a reporting requirement would be limiting and inflexible.”—[Official Report, 19/10/21; col. 86.]

Having reread the debate and heard again what the Minister had to say, I still cannot understand the Government’s rationale for this.

The rejection of Lords Amendment 5 is equally baffling because the Minister talks again about the limitation of the amendment to a particular set of countries. Surely, one of the reasons we are where we are, and the Government had to backtrack on their treatment of high-risk vendors, is precisely that they were not in step with their other Five Eyes allies. Therefore, the Government are not even learning from experience. We are where we are, however, and clearly we are not going to take this further, but I believe that the Government will regret not accepting both amendments.

Baroness Merron Portrait Baroness Merron (Lab)
- Hansard - -

My Lords, the matters under consideration today are about not party politics but the first duty of any Government: to ensure the security of our citizens and the United Kingdom. Following majorities in this House and considered debate in this and the other place, it is regrettable that the Government have rejected sensible amendments to this important Bill, which I still believe would have improved and enhanced our collective security. The arguments against these amendments have been somewhat wanting, generally conveying the message, throughout the passage of the Bill, that it is all being take care of—a view that this House, on all sides, has not shared.

Our extensive use of new technology throughout the pandemic shone a very bright light on the degree to which we rely on telecoms networks and our experience has reinforced how intertwined these networks are with issues of national security. So, to ensure our security, diversification is crucial and thus far an effective plan to diversify the supply chain has been absent. As I recall, we do, however, have broad agreement that we cannot have a robust and secure network with only two service providers, which is what will remain when Huawei goes. This is why we need to ensure diversity of suppliers at different points of the chain, with sufficient support for the UK’s own start-up businesses. I, too, will quote, from the debate in the other place, the words of Dr Julian Lewis MP, the chair of the Intelligence and Security Committee, who is obviously much quoted today. He said, of Lords Amendment 4:

“For the life of us, we cannot understand why the Government are opposing it. We believe it would strengthen parliamentary scrutiny and provide a valuable annual stocktake on the progress being made on the diversification strategy and how it is helping to improve national security.”—[Official Report, Commons, 8/11/21; col. 119.]


The Government have said that they are serious about protecting our telecoms security and they respect the vital role that diversification plays in achieving that. I would therefore have thought that the Government would welcome the added layer of diversification scrutiny that Lords Amendment 4 provided. It is disheartening, therefore, that the amendment is rejected by Motion A.

On Motion B, our telecoms security also depends on strengthening our international intelligence bonds and the Five Eyes provides the perfect opportunity to do so. It is therefore similarly disappointing that the Government, having promised to work with this alliance in the integrated review, have resisted introducing a requirement that the Government should automatically review vendors—and by that we meant only “review” vendors when others in the Five Eyes ban companies from their networks. This was provided for by Lords Amendment 5. Such a response, as outlined in Motion B, flies in the face of common sense and it is very disappointing to see this rejection.

I accept that on this occasion we have reached the end of the parliamentary road with the Bill. However, as time goes on and the provisions of the Bill take effect, I hope that the Minister will reflect on the debates in the House and the other place concerning the intent and practical considerations that would contribute to security improvements, as provided by Lords Amendments 4 and 5. I hope the Minister will not feel constrained when he further considers making improvements in this area.