Telecommunications (Security) Bill Debate
Full Debate: Read Full DebateJohn Hayes
Main Page: John Hayes (Conservative - South Holland and The Deepings)Department Debates - View all John Hayes's debates with the Department for Digital, Culture, Media & Sport
(4 years ago)
Commons ChamberThe Government have acknowledged the need to protect critical communication infrastructure and that is welcome, particularly so as it comes on the heels of the National Security and Investment Bill. Telecoms provision is more important than ever. We have always lived in a data-rich world, but what has changed is how readily we access that data as the way in which we gather, exchange and distribute information has changed. I am left wondering whether T.S. Eliot was not right that wisdom is lost in information. Nevertheless, it is the world in which we live and that world means that the way in which we control or, if necessary, prohibit provision of that data, by which I mean the technology, the networks and those that supply and manage them, is critical to our security. To that end, this Bill is indeed, as the Intelligence and Security Committee was told, an important first step, but only that. We do need to look at other factors, to which I will draw the House’s attention in my brief contribution this evening.
Of course the main purpose of the Bill is to raise telecommunications security standards across the board by means of a new and more rigorous telecoms security framework, but the Bill also gives the Secretary of State particular powers to designate vendors of telecommunications equipment as a risk to national security. All dependence is, by definition, a risk, for dependence creates risk. Over-dependence means unsustainable risks and, in terms of national security and national interest, there are three kinds of risks: monopoly or near-monopoly provision; malevolence; and corporate failure.
Order. I hesitate to interrupt the right hon. Gentleman, and it is for a very unusual reason. I just feel that I ought to point out to the House that, having exhorted the right hon. Member for Vale of Glamorgan (Alun Cairns) to be rather more brief than he was going to be—though I have to say that he took only one minute longer than the eight minutes that Madam Deputy Speaker (Dame Rosie Winterton) had previously asked people to take—I should point out most unusually to the right hon. Gentleman who currently has the Floor that, as four of his colleagues who have immediately preceded him have spoken incredibly —I mean incredibly—briefly, the exhortation to take only eight minutes no longer applies, though I would not recommend taking no more than about 12 minutes.
Not only is that typical of your generosity, Madam Deputy Speaker, but for me it is what amounts to nirvana, and for the House, something similar I hope.
All of those aspects of risk are mitigated by market diversification, but as we have heard from many speakers during this debate, this market is anything but diversified. The concentration of provision has exacerbated the very risk that this Bill seeks to deal with. It is vital that, as well as the taskforce, which we have heard the Minister has established, a strategy emerges on exactly how we are going to diversify this market, because competition not only counters dependence, but competitive pressure drives up innovation and quality. The telecoms supply chain review judged that, should the UK become dependent on a single vendor of telecoms equipment—particularly a high-risk vendor—it would pose a range of risks to the security and resilience of UK telecoms networks.
The issue of national dependence goes beyond high-risk vendors, however. The number of suppliers in the UK telecoms market—as we have heard repeatedly, currently Huawei, Ericsson and Nokia—is already critically low. While the security of the network can be improved by removing Huawei equipment, the wider problem of potential dependence will be exacerbated by the power to designate vendors and introduce directions unless there are new entrants to the market. We really need to hear from the Minister either in his wind-up or later, if he does not have time tonight, precisely when the diversification strategy will be brought to the House for consideration and what legislation will be necessary. I understand that a Bill may be forthcoming, following this one, to give life to that strategy.
My right hon. Friend the Member for New Forest East (Dr Lewis) emphasised that diversification is by far the best way to secure UK telecoms. The Government judged in their assessment that there is a global market failure in the telecoms market. While the Government will intervene to take the measures necessary and facilitated by the Bill, unless we grapple with that global failure, we will, I fear, come back to this House time and again and need to do more. As I said when we spoke a week or a two ago about the Bill that I just mentioned, I suspect that security considerations will increasingly feature in Government strategy and policy and that this House will need to debate security issues with much greater regularity than it has historically, given the dynamism that we now face.
I have spoken about market failure and the need for diversification. Let us speak about malevolence, because much has been said, of China in particular, and Russia has been mentioned too. There is no doubt that, as the Government have acknowledged, there are malevolent powers who seek by a variety of means to disrupt the lawful activities of this country and so endanger its citizenry by whatever method they deem most appropriate. We should not be naive about this and, frankly, for too long successive Governments were. This Bill is welcome but again, as my right hon. Friend mentioned, it has been a long time coming, given the warnings that were issued from the ISC and others.
Let me re-emphasise to the Government that we certainly need a diversification strategy urgently. We need the legislation that supports it but there are other matters, too, that I want to conclude with, Madam Deputy Speaker, despite your invitation to speak at appropriate—I will not say “excessive”— length. These questions are critical but not, in my judgment, designed in any way not to recognise the achievement of the Minister and the progress made by the Government.
When will the strategy come forward? I would like to hear about that as soon as possible. Given that the ISC raised this matter 18 months ago, I think we need a firm timeline and an assurance that there will be no more prevarication. My right hon. Friend the Member for New Forest East is right that national security must be an overriding consideration in this field of work. In being deployed, the powers conferred by the Bill must, at heart, always gauge national security as predominant. How will that be determined? Threats are subtle and dynamic, and yet the means and methods by which the Department will both define national security and apply that definition through the provisions of the Bill to differing circumstances have not been made crystal clear. I am mindful that this is a Department for sport and culture without a security role apart from this one— perhaps more skiing than spying, and more existentialism than espionage. What specific processes, structures and procedures will the Department use to access the expertise of the National Cyber Security Centre and the wider intelligence community in designating vendors?
We heard earlier about the expertise, skills and resources of Ofcom, but given that the Bill gives new powers to Ofcom, how will it be held to account? I know that my right hon. Friend the Member for New Forest East would share my view—I have not discussed this with him so I am making that assumption—that Ofcom ought to be scrutinised by the Intelligence and Security Committee, given the particular nature of its new responsibilities: to proactively assess the security practices of larger telecoms providers; to take action where security is, or is at risk of, being compromised; and to make information available to and provide annual security reports to the Government.
Finally, will the Minister say more about related telecommunications challenges such as Russian involvement with undersea cables that carry comms data and the future security and resilience of satellite technology? The covid crisis emphasises the need to build resilience to risk. It can be done by making more of what we consume, and by recognising that in the fragility and imperfectability of our socioeconomic order, the market is no guarantor of wellbeing, so it must be shaped, guided and, where necessary, constrained by people with power for whom communal interest is the defining purpose. Those people with power are the Minister and others who govern and we here in this House who hold them to account.
It was very concerning that those who govern us were calling a part and parcel of the Chinese state a private firm, which it clearly was not.
The Government claimed that Huawei could be safely limited to the periphery of the network. That is a dubious argument that is still being debated and is not believed by many experts in many other countries. Were there espionage issues with Huawei? Well, as my hon. Friend the Member for Wantage said, we do not expect a state threat to come from Sweden or Finland. But we do expect a potential threat to come from one-party totalitarian states such as China, Russia, Iran and North Korea. China is clearly one of those. So the Nortel example was a good one.
As we know, China has a dreadful reputation for intellectual property theft and cyber-attacks, so there were many reasons to be deeply concerned about what was happening in our relationship with Huawei. Yet at the same time it became incredibly powerful in this country. Why? Because it had a very aggressive lobbying network. It was throwing money at lobbyists and senior people who used to be at the heart of Government, at very senior levels. This really concerns me about the state of our democracy, and it is one reason that I would like to bring in a foreign lobbying Act. We need to have a much clearer idea of what those companies or oligarchs—those who act on behalf of other people and states—are up to in this country. We did not really know the extent of the Huawei lobbying operation.
My hon. Friend is painting a picture of a strategic view of China and other powers that has prevailed under successive Governments. It is born of a kind of determinism: “We can’t stop them, so we’ll have to live with them”. There is a predetermined inevitability about the domination of these states, and that is a misconception that needs to be challenged fundamentally, in the way in which he is doing so tonight.
I look forward to being as eloquent and well dressed as my right hon. Friend one day. Before I come to the point that he mentioned on the need for a consistent approach and better understanding, let me say one more thing about Huawei.
A few other Members have touched on this matter: China’s human rights issues. The excellent Australian Strategic Policy Institute has presented credible evidence of significant human rights forced labour issues, with people from Xinjiang province being used not only by Huawei, but by other significant Chinese firms, or by firms producing goods for western consumer markets and western branded goods. This point brings us to the National Security and Investment Bill—although I know that we are not talking about that at the moment—and the need for a definition not only of national security, but of national interest as well. Do we really think it is in our national interest for us to be accepting slave labour products in this country, whether through Huawei—allegedly—or other firms, including well-known branded names? That human rights aspect is well worth playing up.
It seems clear that the China that we had all hoped for —indeed, the golden era that we were meant to welcome under David Cameron and George Osborne—is not the China that we are getting. We need to be realistic. When it comes to international relations, in the west we are effectively liberal internationalists. We take a positive view of humanity—maybe a liberal, rather than a conservative one, if one is being philosophical about these things, but a benign view of humanity. That is not necessarily shared by the hard-nosed realism school of thought that we see in Russia and China, which is much more of a zero-sum game: we win, you lose. China plays that more subtly than Russia, but there are enough similarities between the two that it should be of concern to us. We need a clearer understand that some people out there with whom we do business do not necessarily wish us well and do not wish our values well. Finally on that, we are stumbling towards that understanding, but we need a more consistent approach to how we deal with China, along the same lines of how we deal with Russia. They are not the same—they are very different—but we have been forced to take a more consistent understanding of the Russian threat, and we need to do the same with China.
I congratulate the Minister on his work on the Bill. The “no new install” date is the key now, and that is why everyone is on side with the Bill. We need that September date, because it shuts down any alternatives for Huawei in the short term. We need a consistent approach, whether it is the Huawei Bill or the National Security and Investment Bill, across Government. This is one of the very small number of truly significant policy packages that we will have to get right in this country for the 21st century.
There are two choices for humanity this century. We can go down our route of open, broadly tolerant societies where people control their Governments—that free open model—or there is the closed model of totalitarian or one-party states, which are building up, with Huawei’s help, this Orwellian state, where the state knows what you are thinking before you do. That is not a good avenue for humanity to go down and, without being antagonistic and too hostile to other people, we need to defend our version of the future of humanity with a little more resolve.
I start by thanking Members from all parts of the House for a well-informed debate with many impressive contributions. My first job as a hardware engineer was with Nortel, which has been mentioned by a number of Members. Having spent 23 years in the sector before entering the Commons, I am thrilled that the main debating chamber of our parliamentary democracy should spend so many hours dedicated to our telecommunications infrastructure. I regret that Members who wanted to take part in this debate, particularly from the Opposition Benches, and who could have done so remotely, were not able to do so because of an arbitrary decision by the Leader of the House.
However good the debate is, it cannot make up for the wasted decade under this Government. Successive Tory Governments have squandered the world-leading legacy position on broadband infrastructure left by the last Labour Government. Since then, we have seen delays in the roll-out of networks and the development of a dependency on high-risk vendors. The UK’s sovereign telecoms capabilities and our national security have been neglected, resulting in the Huawei debacle and ultimately this Bill.
My hon. Friend the Member for Cardiff Central (Jo Stevens) put it so eloquently: national security is the first duty of any Government, and Labour will always put that first. The point was made strongly by a number of Members, including the right hon. Members for New Forest East (Dr Lewis) and for Chingford and Woodford Green (Sir Iain Duncan Smith).
Given where we are, we support the aims of the Bill. National security should be the priority of any Government, and our telecommunications infrastructure is clearly critical to our defence, our security and our economic prosperity. That point was made by a number of Members, including the hon. Member for The Wrekin (Mark Pritchard).
We must make sure that we do not find ourselves in a similar position again and that our telecoms network and supply chain are resilient and protected in future, even, critically, as the geopolitical environment evolves. Our telecoms infrastructure lacks security and resilience. We have taken no steps to maintain or develop a sovereign communications capability, and the Government’s broadband strategy, if we can call it that, has far more U-turns, dither and delay than meaningful policies. We want to work with the Government to get issues of national security right, but the Bill is far from perfect.
Members have raised many issues, and I will focus on just three: cost, resource and diversification. I have found telecoms operators to be extremely responsive to the need to take action on the issue of, and in the cause of, national security and to replace high-risk vendors, but six months since the decision to strip out Huawei was finally made, we still do not know how the Government plan to achieve this. They seem to have decided that that is for the private sector to sort out.
The impact assessments, of which there are two, admit that the Government cannot figure out what the impact will be. They have chosen not to give operators any legal protection on existing contracts, but have again not quantified that impact. The Government are apparently happy to pass on the costs of their mistakes, indecision and poor planning to the operators, stating that the costs of removing Huawei are
“commercial decisions that are for the mobile operators to make.”
Yet clearly there was a failure Government here, as 5G security was not sufficiently safeguarded, in the ways that the right hon. Member for South Holland and The Deepings (Sir John Hayes) set out so clearly. Will there be a delay in 5G roll-out? Again, we are not clear, and depending on what is factored in, various research projects have found the costs to be anything from £6 billion to £18 billion. If the Government plan to leave this entirely to the mercy of the market, I would say that all the information-gathering skills Ofcom has will not give us an accurate integrated view of progress and effectiveness. There is no mention of working with local authorities to ease this or to make it quicker, cheaper or more effective.
I joined Ofcom in 2004, just a few weeks after it was born, when it was to be a light-touch regulator, small and nimble. Over the years, it has acquired responsibility for critical national infrastructure; the BBC; the Post Office; soon, we understand, the entirety of online harms; and now, it would appear, national security as well. As Members have pointed out, this Bill refers only to the Secretary of State and Ofcom when it comes to making these key decisions. Of the two, I have to say that I would have more confidence in Ofcom, but the Bill says very little about the resources or the skills that will be provided. This is a huge job, an issue that my right hon. Friend the Member for North Durham (Mr Jones) set out so clearly in what was a truly excellent contribution. One still has to ask: is it sufficiently well scoped? It is a huge job, but is it actually scoped? Is it the role of Ofcom to consider the security of our current networks, or should it be forward-looking? Members have set out what kind of a challenge that would be. Members also touched on the importance of human rights with regard to China’s record. How is that to play on national security decisions?
The real point about Ofcom is whether it acquires those skills or what the processes will be for it to access them from the intelligence community and the National Cyber Security Centre, which would seem to be a much more straightforward way of quickly tooling up to do the job the hon. Member describes.
I thank the right hon. Member for that intervention, and indeed for his contribution to the debate. I agree with him, although I think that is something we need to work out and probe in Committee, because currently there is no reference to that, or no plan to do that. I think we should certainly be taking into account and using our existing resources, and we all know that these kinds of resources and skills are both expensive and hard to find at the moment. The right hon. Member makes an important point.
On 14 July, the Secretary of State, who is not in his place, said in this House that he had
“set out a clear and ambitious diversification strategy.”—[Official Report, 14 July 2020; Vol. 678, c. 1377.]
I asked him repeatedly over the summer when he would publish this clear strategy that he had already set out. Answer came there none, and I could only conclude that he had misspoken. However, I did think that today we would get that strategy, but unfortunately not. Yes, there is actually a diversification strategy, which has been published, but it is neither clear nor ambitious. It is far more concerned with bringing new vendors into the UK than with developing our sovereign technological capability. Indeed, as it diversifies opportunities for Nokia and Ericsson, we could call it an effective Scandinavian industrial strategy. Apart from a vague commitment to link the scale of home-grown suppliers to the Government’s broader growth and productivity agenda, there is no clear plan—no plan at all—to build UK sovereign capabilities, which the right hon. Members for Vale of Glamorgan (Alun Cairns) and for Bournemouth East (Mr Ellwood) emphasised as being important.
Just today, Mobile UK, the mobile operators industrial body, emphasised that the Bill and the 5G diversification strategy are intrinsically linked but not, it would appear, by the Government. The diversification strategy also does not refer to fibre, although the Bill applies to our fibre networks too and may impact the Government’s constantly shifting roll-out targets.
Network operators need to be confident in the maturity, performance, integration and security credentials of new vendors and technologies before they are deployed in their main networks. We agree with the Secretary of State that the Government can help accelerate that process, and in doing so there is potential to create opportunities for the UK to take the lead, as well as much-needed high-skilled jobs. The hon. Members for Totnes (Anthony Mangnall), for Strangford (Jim Shannon) and for Bracknell (James Sunderland) all agreed about the importance of diversification, but all the diversification strategy says about developing UK technology, jobs and capability is that it will be part of the industrial strategy, which we have yet to see. Clearly, we do not have a diversification strategy.
I am not going to engage too heavily with my hon. Friend’s trousers, but I will say to him that, as I said a minute ago, we are committed to taking forward an ambitious package of changes to strengthen and future-proof the Modern Slavery Act 2015, and that is one of several significant avenues that are open to him.
On the important matter of diversification, the telecoms supply chain review asked how we can create sustainable diversity in our telecoms supply chain. That question is addressed by the new diversification strategy that we published today, which is crucial to ensuring that we are never again in a situation in which we are dependent on just a handful of vendors who supply the networks on which so many of us have come to depend. I wish to spend a little time on this issue. The Government have been working at pace to develop the 5G supply chain diversification strategy, which sets out a clear vision for a healthy, competitive and diverse supply market for telecoms and the set of principles that we want operators and suppliers to follow.
The strategy is built around three key strands: first, securing incumbents; secondly, attracting new suppliers; and thirdly, accelerating the development and adoption of open and interoperable technologies across the market. That is why, in the diversification strategy that we published today, we commit to exploring commercial incentives for new market entrants as we level the playing field; to setting out a road map to end the provision of older legacy technologies that create obstacles for new suppliers; and to investing in R&D to grow a vibrant and thriving telecoms ecosystem here in the UK.
I say gently to the hon. Member for Newcastle upon Tyne Central (Chi Onwurah) that we have directly addressed a number of the issues that she raised in Westminster Hall last week. I look forward to engaging with her more on the strategy because it is important that we should work together to try to make sure that we all derive the benefits of a serious £250 million Government commitment that will drive early progress and ensure that our 5G diversification strategy not only bolsters the resilience and security of our digital infrastructure but creates opportunities for competition, innovation and prosperity.
It is wonderful that the strategy has emerged, but will my hon. Friend be just as clear about legislative change associated with that strategy? I understand that a further Bill may come forward; given the urgency of this issue and the concentration that his Department is applying to the strategy, when can we expect that legislation?
We do not anticipate legislation as a direct result of the diversification strategy, but of course there are other important avenues to explore as part of the broader industrial strategy. A lot of what is in the diversification strategy does not need to be delayed by the legislative programme, and I think my right hon. Friend would welcome that.
A number of Members raised the role of Ofcom. Ofcom will monitor, assess and enforce compliance with the new telecoms security framework that will be established by the Bill. It will report on compliance to the Secretary of State alongside publishing the annual reports that he mentioned on the state of the telecoms security sector. I want to be absolutely clear: we have had productive conversations with Ofcom already. Ofcom will continue to have the resources it needs. We appreciate that those needs will be affected by the changes that we are bringing in today, and we will agree their precise nature with Ofcom. We will make sure that Ofcom has all the security clearance that it needs to do the job, and all the resources, external or otherwise, to do the job, because this is an important new power.
Ofcom may also play a role in gathering and providing information relevant to the Secretary of State’s assessment of a provider’s compliance with a designated vendor direction, and it may also be directed to gather further information to comply with the requirements specified in a direction. The Bill already enables Ofcom to require information from providers and, in some circumstances, to carry out inspection of the provider’s premises or to view relevant documents. Ofcom’s annual budget, as I say, will be adjusted to take account of the increased costs it will incur due to its enhanced security role.
Let me turn to a couple of issues raised by the hon. Member for Newcastle upon Tyne Central. We will of course be working with local authorities and with networks to minimise any disruption, but we do not anticipate that the decisions that we have made over the past few months will have a direct impact on existing commercial decisions. As the Secretary of State said, we do not expect the two to three-year delay to be extended by what we have said today, but we will keep in close contact with the networks and continue to make sure that we do everything we can to remove the barriers to the roll-out of the networks as far as we possibly can. I do, however, expect companies to do as much as they can to minimise the effects. These are commercial decisions that have been made by companies over a number of years. We have already seen, as a result of the Government’s approach over the past few months, significant changes to decisions. I welcome the neutrORAN project that my right hon. Friend the Member for Vale of Glamorgan mentioned, as well as a number of others that have been taken by networks that already see important changes to how they procure their networks.