Telecommunications (Security) Bill Debate
Full Debate: Read Full DebateJim Shannon
Main Page: Jim Shannon (Democratic Unionist Party - Strangford)Department Debates - View all Jim Shannon's debates with the Department for Digital, Culture, Media & Sport
(3 years, 6 months ago)
Commons ChamberIt is an honour to contribute to this measured debate, Madam Deputy Speaker. I am fearful of lowering the tone, but I have been speaking to the Minister—I congratulate him on the amount of communication he has had with us Back Benchers about our concerns—and when I was thinking about how best I could sum up our dialogue, I recalled that Ronald Reagan once said:
“The…most terrifying words in the English language are: I’m from the Government, and I’m here to help.”
I think that, for a Minister, the most terrifying words are: “I’m a Back Bencher and I really am just here to help”. So without our removing the momentum, we really are here to help.
First, I need to put on record my thanks to my right hon. Friend the Member for Chingford and Woodford Green (Sir Iain Duncan Smith) for tabling the amendment, which, unfortunately, was not selected today. I also put on record my support for what my right hon. Friend the Member for New Forest East (Dr Lewis) has proposed, with the support and expertise that he can bring to the debate and legislation, and I hope that the Minister can reflect on both those opportunities down the line. There is much to welcome in the Bill, but I fear that technology can sometimes move faster than we can legislate in this country. I want to touch on two issues: one is national security and the other is resilience and diversifying our supply chain.
I will start by being very helpful as a Back Bencher. I know that the Minister may have cast his eyes on a report that I recently produced for NATO. I sit on the Science and Technology Committee and I was tasked to put together a report on science and technology threats, looking particularly at east Asia. In the report, there is a puff box that he may want to reflect on; it talks about South Korea and the amount of work that it has done in innovating and developing new technology so that it is truly resilient in its national 5G infrastructure. I believe that 85 cities will have coverage by the end of 2021, and they are not reliant on any external Government to provide them with that service, so I urge him to go away and look at what South Korea is doing and possibly see how we can become more resilient in this country.
I want to raise the subject of resilience and security because I sit on the Business, Energy and Industrial Strategy Committee and we have been undertaking a report on links back to Xinjiang. However, companies also gave evidence to us that should cause some concern for the Minister, and with regard to this piece of legislation. This is basically about companies headquartered in China that have access to data we are using or manipulating, and to algorithms we are creating here in the UK.
In particular, I want to reflect on the evidence given to the Select Committee from TikTok. We invited TikTok to come in and give evidence about its algorithms and whether it is distorting them to stop information about Xinjiang and Uyghur being out on the platform. Unfortunately, the more we dug into TikTok, the more complex and concerning it got for us.
TikTok is a media company and a platform. Most kids will have access to it, and most people here may have access to it as well. However, it has a very complex ownership structure, which is why it is important that it is reflected somewhere in the Telecommunications (Security) Bill. It is important because TikTok is a subsidiary of a global parent company, ByteDance Ltd, which is incorporated in the Cayman Islands, but there is a China-based subsidiary of the same global parent company called ByteDance (HK) Ltd.
The reason why this should be of some concern is that when we took evidence from TikTok UK’s branch, we were told that ByteDance could in no way have access to UK data and that the two things were completely separate. However, the problem is that we can legislate in this country for what we want to do to keep our country and our people’s data safe, but when a company we are working with has headquarters in China, it has to abide by completely separate sets of rules and regulations, so we end up in a two-tier system.
Let me just reflect on what a company such as ByteDance has to adhere to. I am talking about China’s National Intelligence Law 2017. My right hon. Friend the Member for Chingford and Woodford Green spoke about article 9, and I want to reflect on article 7. It states, and this has been translated into English so it may not be perfect:
“Any organization or citizen shall, in accordance with the law”—
the Chinese National Intelligence Law 2017—
“support, provide assistance and cooperate in national intelligence work, and guard the secrecy of any national intelligence work they are aware of.”
Fundamentally, companies have to hand over data when they are asked, but when they are asked by another Government—say, our Government—they have to deny that they are doing it. I am concerned about how robust our legislation is today or how robust our legislation will be going forward if companies are abiding by separate sets of intelligence laws based in China.
On a similar theme, let us take a closer look at Hikvision in particular. There was a very good recent report by Reuters, which basically states that half of London councils are using Hikvision, even though Hikvision is banned in the United States. Last week, Italian media reported that Hikvision equipment in the country was “communicating with servers” in China despite being on a supposedly closed network. I am not quite sure what “communicating with servers” means, but for me alarm bells are ringing.
The points I want to land with the Minister are: how robust is the legislation we have in place for today, let alone tomorrow, and how can we ensure that the processes to legislate in this country keep pace with the threats we are facing? I suppose the fundamental point is that China has its own National Intelligence Law, which completely contradicts what we are trying to do here in the UK. Does the Minister have any thoughts about how we can ensure that our security is not undermined by China’s National Intelligence Law? What guarantees can the Government give to constantly look at, review and update this, and also to hold to account the companies we may be anxious about?
We seem to be setting up a two-tier system: one for us in the west with the countries we work with, and a completely separate system for China and the companies it wishes to work with. I fear that, unless we put down a marker, we are going to lose out to a country such as China, and I hope that the Minister can comment on that when he comes to the Dispatch Box at the end of the debate.
It is a pleasure to speak in this debate and to follow all the right hon. and hon. Members who have made contributions.
First, new clause 1 is designed to ensure that there is an obligation on Ofcom, in legislation, to report on the adequacy of its resources and assess the adequacy of the measures taken annually by telecommunications providers to comply with their duty to take the necessary security measures. The hon. Member for Wealden (Ms Ghani) referred to security, and I will speak briefly about that shortly. It also requires Ofcom to assess future areas of security risk based on its interrogation of network providers’ asset registries. That does seem to me to be standard, but it is essential that there is regulation and control of these providers, on which so many of us—indeed, probably all of us—rely so heavily. The Minister may well believe that this obligation is already included in the Government’s Bill, and if that is the case, perhaps he will confirm that that is the position. If that is the case, I am sure that that will highlighted subsequently.
I have seen, during the privatisation of water services and other public bodies, that private companies have little desire to provide any more information than is legally required. They just give us the basics of what they want us to know. I believe that there is an obligation for Ofcom to actively regulate, and to do this we must provide adequate funding. To make this happen, is it a funding issue or can we legislate to ensure that they tell us all we need to know? I will consider the words of the Minister on this imperative regulatory function.
I want to echo the concerns of the hon. Member for Wealden, who comprehensively addressed the issues that concern us all. She referred to companies that have their headquarters in China and how that impacts on us here in the United Kingdom. Our duty in this House is to our citizens: to the citizens of Strangford, to the citizens of Wealden and to everyone across the whole of the United Kingdom of Great Britain and Northern Ireland, and we probably all seek assurances on these matters. Again I look to the Minister to do that in his summing up.
New clause 2 relates to the provision of information to the Intelligence and Security Committee. Does the Minister agree that it is imperative that the appropriate Committees have the right information on security matters? I am a firm believer in the need for information share. It has always been my policy to ensure that those around me in my political life, my social life and my personal life are aware of all the issues that concern them. It is also important that MPs have all the information on board. I am also a firm believer in the chain of command. This may well be due to years of part-time service in uniform; I spent 14 years as a part-time soldier. It is really important that the chain of command is in place. However, there are also times when it is in the interests of the nation that not all is revealed, and there will be a reason for some things being classified as top level only. I understand that; I often ask the police about things that have happened back home, and I say, “Don’t tell me anything I don’t need to know, but if you can tell me, and I can tell others, let me know that.”
Our job as parliamentarians is to scrutinise the Government, to hold Ministers to account and to strive for the good of the nation, and I ask the Minister to clarify why the Government do not feel that new clause 2 is necessary. Does he, for instance, believe that this is already accounted for? If it is, perhaps he could tell us the position on that. I would like to understand the rationale behind withholding information from a regulated Committee and what constitutes high-level information that should be withheld. Again I look to the Minister, as I often do in debates in this House, for a response to satisfy me that new clause 2 is not needed.
My final point relates to amendment 1 to clause 14, which proposes:
“The Secretary of State must, in the process of carrying out reviews and drafting subsequent reports, consult the appropriate ministers from the devolved governments.”
As a Member of Parliament, I have always wished to know what the devolved Administrations are doing. In my case, that relates to the Northern Ireland Assembly. When I saw the amendments and new clauses, I assumed that this provision would have been included as a matter of course. Surely it is a matter of the greatest importance—especially in Northern Ireland, which is fast becoming the capital of Europe’s cyber- security—that the devolved Administrations, and in this case the Northern Ireland Assembly, should have a full understanding of any emerging cases. I say with great respect to everyone else in this Chamber that the cyber sector in Northern Ireland is leaps and bounds ahead of other parts of the United Kingdom. Maybe only the south-east of England can match our level of advancement. We have incredible skills and staff available in Northern Ireland, and the cyber-security sector has grown greatly. So can the Minister reference the mechanism by which this information share can take place without any amendment? Can the Minister confirm that the Northern Ireland Assembly will have a key role to play in this, and tell us how that will work within the legislation before us today?
Chillingly, the head of military intelligence recently concluded that the difference between being at war and being at peace is becoming increasingly blurred. In short, Britain is under perpetual attack.
I asked a question to do with the Northern Ireland Assembly and how cyber-security in Northern Ireland will be protected. Can we have an assurance on the Floor of the House today and through Hansard that that will happen?
I will come on to the devolved aspects in amendment 1 in a moment, but it is of course vital that we continue the collaborative relationship with the Northern Ireland Executive and with the Welsh and the Scottish Governments as well.
The Bill places security requirements on individual operators. They are hugely important, but they are not diversification requirements on the Government’s national scale. Defining diversification in legislation would be limiting in a hugely rapidly evolving market. I know that the hon. Member for Newcastle upon Tyne Central understands the need for agility, and putting what she proposes into legislation would run counter to that ambition.
On the devolved Administrations, amendment 1 would require the Secretary of State to consult Ministers from the devolved Governments when reviewing the impact and effectiveness of clauses 1 to 13. As the hon. Member for Aberdeen South (Stephen Flynn) noted, telecoms is a reserved matter under each of the devolution settlements. I say that, however, in the full knowledge that a constructive and close working relationship with each of the devolved Governments is hugely important, be it in Project Gigabit, in the shared rural network, or indeed in matters such as this. I look forward to that collaboration continuing; it will drive forward our connectivity.
I turn briefly to the amendments that were not selected. My right hon. Friend the Member for Chingford and Woodford Green (Sir Iain Duncan Smith) has spoken passionately about these matters, both privately and publicly. I do not want to go into a huge amount of detail on amendments that were not selected, but I simply say that the actions the Government are taking in the Bill speak powerfully for themselves.
On the specific matter of issuing designation notices to vendors headquartered in other countries, it is important to consider not just whether the kinds of laws that my right hon. Friend mentions exist, but how the Government in question intend to use them. A friendly democracy may, as indeed many do, have laws that would enable it to yield information and data from companies headquartered within their territory. The conduct of such a Government, and our relationship with them, may reassure us that they would not use those powers to do harm to the UK, but there are other cases where Governments that have these laws have acted contrary to the national interest of the UK in the past. As we set out in the illustrative notice for Huawei, there is a law in China that enables the Chinese Government to collect information from companies headquartered within its territory. As the Foreign Secretary has stated, we know that the Chinese state has in the past used its power to undertake malicious cyber-activity. The designation notice that I mentioned demonstrates how the Government could take those sorts of laws into account when exercising the powers that are already in the Bill.
I thank my hon. Friend the Member for Wealden (Ms Ghani) for her work on the NATO Science and Technology Organisation. We very much welcome her preliminary draft report. I would like to express the Government’s commitment to deepening our co-operation with partner nations such as Japan and the Republic of Korea.
I thank all hon. Members on the Government Benches, and indeed on the Opposition Benches, for their constructive engagement throughout this debate. This is an important Bill that enjoys strong cross-party support, in the main. The sooner we can pass it, the sooner we can set about the crucial work of ensuring that our public telecoms networks are secure and resilient. I commend the Bill to the House.