Telecommunications (Security) Bill Debate
Full Debate: Read Full DebateJulian Lewis
Main Page: Julian Lewis (Conservative - New Forest East)Department Debates - View all Julian Lewis's debates with the Department for Digital, Culture, Media & Sport
(3 years, 6 months ago)
Commons ChamberThe shadow Minister is a considerable specialist in this field; I particularly endorse what she says about the importance of a non-partisan approach to national security in this and other legislation. As noted on Second Reading, the Intelligence and Security Committee of Parliament has long been concerned about the security of the UK’s telecommunications networks. Our 2013 report “Foreign Involvement in the Critical National Infrastructure” identified serious failings in the way that successive Governments had managed the entry of foreign telecommunications companies into the UK market—Huawei especially—and we urged the Government not to sacrifice security in the pursuit of investment when it came to our critical national infrastructure.
In support of what my right hon. Friend says, he will recall that one of the main reasons why the Government felt it so difficult to rid themselves of Huawei was that there would then be only two remaining possible suppliers, and if one of them got into difficulty, we would have total dependence on a single supplier. If we do not diversify, it really has knock-on effects: we sometimes have to improperly consider using suppliers that are really a risk to our security.
As my right hon. Friend knows, it is not only the Committee on which he and I serve that has highlighted that point; other Committees of this House have, too, and the Government themselves have acknowledged it. We really need to look at how, having accepted the thrust of his argument, the Government intend to respond. What is the action plan? I know that the Minister will have much to say about this, but my right hon. Friend is absolutely right.
This is part of a wider problem of the concentration of power in the hands of what I described earlier as a handful of unaccountable corporate monopolies. There is a curious assumption that somehow those organisations will be intrinsically virtuous, but that is simply not the case. Commercial organisations are just that: they are interested in commerce. They are not there to do what Governments and this Parliament exist for, which is protecting the interests of the whole of the people.
It is a great pleasure to follow my eminent right hon. Friend the Member for Beckenham (Bob Stewart)—if only I were as good.
As the final Back-Bench speaker this afternoon, it is incumbent on me to be supportive of the Government, which of course I am, and this excellent Bill. We are where we are today for two reasons. First, it shows that the Government do listen to Back Benchers. Secondly, the Bill is a pretty good bit of work and it ticks the box, as indeed it should. As defence and national security become ever more virtual and online, it has never been more important to secure our lines of communication, both domestically and internationally, with our allies. I urge all Members to consider the notion of strategic independence, which we have spoken a lot about during the covid crisis. As we go forward, it is really important that we aspire to be able to operate autonomously as a global nation alongside our allies.
I believe that the Bill is important for three reasons. First, it will allow for better security both domestically and internationally. It kicks out the high-risk vendors from our network—what’s not to like? Secondly, it placates our allies. New Zealand, Australia, the USA, Canada and others were quite noisy when Huawei was originally admitted to our network, so let us hope that this will placate them, cement that relationship and, perhaps in time, even enable us to admit Japan and other close allies. Thirdly, it opens the door for other 5G providers to come in, which is a good thing, and I support the UK’s diversification strategy.
Having sat on the Committee for this excellent Bill, it is a pleasure to see it back here on Report. The Bill takes forward the Government’s commitment to the UK telecoms supply chain review, introduces a new security framework, amends the Communications Act 2003, introduces new security duties, brings new powers to the Secretary of State and strengthens Ofcom’s regulatory powers, allowing it to enforce the new framework. That is all very positive. It also introduces new national security powers for the Government to impose, monitor and enforce controls. Again, that is a positive step.
I am pretty happy with the Bill as it stands, but in the interests of objectivity, I will talk to a number of the new clauses and amendments. On new clause 1, the Government are aware that the Bill gives Ofcom significant new responsibilities, and it will need to increase its resources and skills to meet those new demands. Ofcom’s budget is approved by its independent board, and the Minister has today confirmed that the budget limit set by the Government will be adjusted to allow Ofcom to carry out new functions effectively. Ofcom is already engaged in this space—we are already proactively looking over the horizon and scanning for future threats—so I am happy that the Government have got this about right.
New clause 2 would ensure that the Intelligence and Security Committee of Parliament is provided with information relating to a designated vendor direction. I am sympathetic to this, but the Government know what they are doing. As the Minister said, the ISC’s primary focus is to oversee the work of the security and intelligence agencies. Its remit is clearly defined in the Justice and Security Act 2013, so the Bill is not the appropriate place to achieve an overall enhanced role for the ISC.
I am sorry to have to reiterate this point. There are other ways in which our concerns could be addressed, such as by adjusting our memorandum of understanding, rather than putting it on the face of the Bill, so I am with my hon. Friend as far as that is concerned. However, it is very clearly within our remit to oversee not only the agencies but those parts of other Departments where highly classified information is concerned. That is just a matter of fact—it is in the agreement between us and the Prime Minister.
I empathise with my right hon. Friend’s view, and I agree that he has a point. My position is the same as the Government’s: I do not think that this Bill is necessarily the vehicle through which we should look at the future of how the ISC operates. I am a keen follower of the ISC and its output. Its work is eminent, and my right hon. Friend’s point is well made.
I thank all those Members who have contributed to the debate today. It is an important debate because digital connectivity is an integral part of all our lives. For countless people across the country, having fast and reliable broadband and a good mobile connection is vital to our way of life, but for us to truly reap the benefits of the gigabit-capable broadband and 5G, we need to have confidence that they are secure and that means securing the networks on which they are built, the supply chains on which they depend, and the equipment and services that support them. The Bill demonstrates clearly the Government’s commitment to ensuring the security and resilience of our telecoms networks.
Let me turn to the new clauses and amendments. I shall start by addressing new clause 1. As the UK’s communications regulator, Ofcom already plays an important role in ensuring the ongoing security and resilience of our networks by enforcing the current security duties under the Communications Act. This Bill will build on that experience, giving Ofcom new responsibilities and a range of new powers. What the new clause would do is require it to publish an additional statement as part of its annual report. Happily, I can reassure hon. Members that the Bill already has various reporting mechanisms included within it. Under the new and snappily named section 105Z, Ofcom will need to regularly report to the Secretary of State. Subsection (4)(a) makes it clear that that report must include information on the providers’ compliance with the duties imposed on them by the Bill.
Ofcom will also need to report on telecoms security in its annual infrastructure report, and clause 11 specifies that this should include information on the extent to which providers are complying with their security duties under new sections 105A to 105D. The Secretary of State will also need to regularly report to Parliament on the effectiveness and impact of the new telecoms security framework.
On the final point in the new clause of the hon. Member for Newcastle upon Tyne Central (Chi Onwurah) about publishing information on emerging and future security risks, that is not of itself necessarily the most productive way of handling security risks, but the principle that she is trying to get to is very much part of what the Government are seeking to do and, of course, it would be part of what we intend to make sure that we talk about as much as we can within the bounds of national security.
I turn specifically to budget and resources. The hon. Member has set out her concerns about Ofcom’s access to resources and capabilities. It is an issue that my right hon. Friend the Member for South Holland and The Deepings (Sir John Hayes) also touched on. I can tell the House today that Ofcom’s security budget for this financial year has been increased by £4.6 million on top of its current security budget. This funding will allow Ofcom to more than double its headcount of people working on telecoms security, ensuring that it has the necessary capability and capacity to deliver its new responsibilities under the Bill. The hon. Member for Newcastle upon Tyne Central is aware that I have written to the Intelligence and Security Committee about that security resourcing. It was at a level that I cannot go into on the Floor of this House, but I hope that provides the kind of reassurance that she seeks.
Specifically on the future risks that I alluded to a moment ago, we have ensured that the Bill is looking to the future. For example, clause 12(3)(b) amends Ofcom’s information-gathering powers under section 135 of the Communications Act to ensure that it can request information from providers concerning future developments in their networks that could have an impact on security and, when reporting on security, Ofcom must include any information that assists the Secretary of State in the formulation of security policy, allowing him or her to make an informed decision about what should be published as well in due course.
New clause 2 has been the subject of the majority of this debate, and rightly so. One of the phrases used about the ISC was that it adds value; this Government do not dispute for a second that it adds huge value, and I welcome the tone with which the Chairman of the ISC, my right hon. Friend the Member for New Forest East (Dr Lewis), has approached this. I appeared before the ISC with some trepidation, as is probably appropriate for all Government Ministers, but it was a hugely productive part of this process and something that I am more than happy to do again. I do not think that my right hon. Friend necessarily thinks that piecemeal changes to the ISC’s role are the way to pursue what he seeks, but the annual report that he has mentioned will certainly be looked at closely by the Government.
I am very happy to agree with what the Minister has just said. It would not be necessary to keep trying to put these provisions on the face of each individual Bill every time a new unit is set up in a different Department, or a new duty laid on a different Department, if it could be agreed with the Government that the memorandum of understanding would be adjusted as it is meant to be adjusted when these changes occur. However, sadly, no Front Bencher has yet been able to give us an assurance that that is going to happen, and I know that the Minister will not be able to do so, either.
As I say, I am sure that my right hon. Friend will make that point in the annual report, and the Government will look closely at it. However, Members can take some comfort from the fact that much of the advice in relation to the more sensitive technical and national security matters within the scope of this Bill will be provided by the National Cyber Security Centre, and its activities already fall within the scope of the ISC, as my right hon. Friend knows. However, I welcome his approach to this, and I hope that his mechanism, rather than that of new clause 2, will be the one he will support today.
I turn to the last of the new clauses tabled by Opposition Members. New clause 3 aims to include the diversification strategy in the scope of the Bill. Diversification is crucial to the future of our UK networks, which is why the Government set out their plans to diversify those networks in the 5G diversification strategy in November 2020. That strategy includes steps to invest in research and development, to remove technical and commercial barriers to entry for new suppliers, and to increase our influence in standard- setting bodies—all issues that my right hon. Friend the Member for South Holland and The Deepings and others on the ISC are keenly aware of the importance of.
We are pursuing a huge range of different mechanisms to enable diversification, because the Government are fully committed to ensuring that their strategy comes to fruition. However, the diversification strategy moves the whole market forward by broadening the supplier base in many ways that are beyond the security measures that are the purview of this Bill, including increased innovation and competition and the overall growth of the telecoms supply mechanisms.
To give the House an idea of some of the non-legislative measures that we are already pursuing, they include the investment in R&D development facilities such as the National Telecoms Lab and the SONIC—SmartRAN Open Network Interoperability Centre—lab that is jointly at work with Ofcom. We are also working to remove barriers to entry for vendors such as by co-ordinating the sunsetting of legacy network technologies, working internationally to co-ordinate diversification objectives, and exploring the use of commercial incentives to address the cost of incorporating new suppliers into a network.