Product Security and Telecommunications Infrastructure Bill (Second sitting) Debate
Full Debate: Read Full DebateDepartment: Department for Digital, Culture, Media & Sport
Kevin Brennan
Main Page: Kevin Brennan (Labour - Cardiff West)Department Debates - View all Kevin Brennan's debates with the Department for Digital, Culture, Media & Sport
Product Security and Telecommunications Infrastructure Bill (Second sitting)
Kevin Brennan ExcerptsTuesday 15th March 2022
(2 years, 9 months ago)
Public Bill CommitteesRead Full debate Product Security and Telecommunications Infrastructure Act 2022 View all Product Security and Telecommunications Infrastructure Act 2022 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Public Bill Committee Amendments as at 15 March 2022 - (15 Mar 2022)
The Chair
Can I bring in Kevin Brennan, as we only have four minutes before this panel comes to an end?
Kevin Brennan (Cardiff West) (Lab)
Q
Professor Carr: Yes, I would.
Kevin Brennan
Why not?
Professor Carr: Because I do not trust them. There we go. I will not have one, because I do not trust it.
Kevin Brennan
Q
Professor Carr: No, to be honest.
Sally-Ann Hart (Hastings and Rye) (Con)
Q
Professor Carr: It is impossible to answer that. That is what makes this type of legislation difficult. We do not know how the threats will emerge or change. A couple of years ago we could not have imagined that ransomware would be the threat that it has become, but the fact that we cannot anticipate the future with certainty does not mean that we cannot act now. Nothing will be sufficient to fix the insecurity of the digital world that we live in. No Bill will change that, but small bits of legislation beginning to address these vulnerabilities is the right way to go. I do not think that anyone should be afraid of doing this. This is the beginning of the future. Governments will not stand by forever and watch the damage and destruction that can be done by digital devices. We have to start somewhere, and I think that this is it.
David Rogers: I am coming from a slightly different position, but obviously I would like to see all 13 requirements implemented. I think that it does provide future proofing, because this provides the foundation of future trust for everything. Everything that we have written in there provides future underpinnings. If we are allowing industry-based organisations such as the European Telecommunications Standards Institute to maintain the specification for the future, that allows organisations to improve and add things. I think Dave mentioned biometrics, for example. They can go to ETSI and add to it, and let’s allow industry to develop that. Organisations such as NCSC and DCMS are also there to input into those standard bodies. I think it is a really strong start.
Shailesh Vara
Sixty-three per cent. is still a significant sum for a small farmer who is counting every penny in his budget. The Committee can understand your reasoning in terms of policy and so on, but as far as the individual is concerned, I maintain—we will have to agree to disagree—that the 85% figure is somewhat misleading if taken in its individual context. I have made my point. Thank you.
Kevin Brennan
Q
Catherine Colloms: That is the current target.
Kevin Brennan
The manifesto target was for full gigabit by 2025, but that was dropped to 85% in November 2020, wasn’t it?
Catherine Colloms: I think you are right.
Kevin Brennan
Q
Juliette Wallace: When the new code came into effect, it set out how sites should be valued for the use of mobile infrastructure. Previously, there was no mention of how sites should be valued. Pre-2017, we had an industry that had been built up over the previous 20 years or so and that had got somewhat out of hand. Rather than paying a fair price to install infrastructure on land, a fair price being one that recognises what else the landowner could rent the land for—
Kevin Brennan
Q
Juliette Wallace: We have learned from the past. My comment about being over-enthusiastic related to the suggestion of David and Goliath with respect to the valuations. The valuations that were proposed very early, in 2018, were much lower than we are going out with now. As this Bill does not intend, currently, to adapt the valuation methodology, there should be no reason to think that the valuations that are currently being offered will change.
Kevin Brennan
Q
Mark Bartlett: It was 63%.
Kevin Brennan
That is the average. Could you tell us some of the figures for those who were worst affected? If 63% is the average, what were some of the biggest drops in income for people affected?
Mark Bartlett: At this point I obviously do not know—
Kevin Brennan
Would anybody have suffered a 90% reduction?
Mark Bartlett: I was about to say that at this point I can only talk about Cellnex UK, because obviously I am not aware of the commercial agreements of any other members of Speed Up Britain. I can be clear that there have, in a handful of cases, been—we have been open about this—90%-plus reductions in rent. But in the main, that normally means the rent itself was over-rented at the point of agreement—that is, we were paying drastically too much. On average, 63% is in line with the Cellnex UK achievement. We have to understand that we have an ongoing relationship with our landlords above and beyond a renewal. There is no interest in the industry for us to behave in a way that alienates our landlords.
Kevin Brennan
Q
Juliette Wallace: I was going to pretty much echo the Cellnex example. We have a handful that are towards 90%—in that sort of area. We also have some sites where the rent has gone up as a result of the new code.
Kevin Brennan
But the average has been a reduction.
Juliette Wallace: The average is a reduction, but it is creating a fair environment that says, “We will reimburse you for the land that we’re utilising.” As I say, we have a lot of sites where there has been no reduction and we have a small number where the rent actually increased.
Kevin Brennan
Thanks. I think everyone understood there was going to be a reduction, but I cannot remember those sorts of figures ever being mentioned at the time of the 2017 Bill.
Sally-Ann Hart
Q
Catherine Colloms: Effectively—let me take a multi-dwelling unit and then I will take a pole—we need to put a new fibre cable over some of these pieces of infrastructure. I actually have my kit behind me, which I can show you in a second. With an MDU, there is often fibre outside a premises; we will build to the curtilage. What we have inside an MDU is the existing cable—the existing hybrid fibre—that is going up inside the risers. You basically cannot see it. It then kind of pops on to a room. We would reinstall the new part of the full-fibre kit in the classic plant room downstairs, so that it is all with the maintenance bits. We then need a new small cable—this one is basically it; it is called InvisiLight—which we would run up through the risers. This is what you would see, or not see, running through corridors or along the wall. When you put this on a wall, you cannot find it because it is absolutely tiny. This cable has all the fibres running through it.
Kevin Brennan
Q
Rocio Concha: Yes, we would support that. If it is not possible to include it in the Bill, we would ask that the Bill allows for it to be included in secondary legislation in the future. We would be very supportive of introducing minimum supporting periods for products.
Kevin Brennan
Q
Rocio Concha: No, we have not, but we have provided amendments in other areas. We have provided an amendment to allow the Bill to introduce this through secondary legislation in the future, and there is an amendment there. We would be happy to discuss that in more detail.
Kevin Brennan
Q
Rocio Concha: It depends. On these baseline security requirements, we firmly believe that the Bill should list them and be very clear that they will be included. In terms of the minimum security periods you provide to different products, it will depend on the different products and we do not want to delay the legislation to get to the bottom of that. It would be preferable to allow that legislation to be introduced as secondary legislation.
Kevin Brennan
Q
Jessica Eagleton: Some of the most common devices we see reported to us include your smart home hubs, smart voice assistants, smart TVs, plugs, light switches and fitness trackers. Those are some of the most commonly misused. I myself have various different connected products at home.
Perpetrators quite often set up a host of different devices in the home. Recently, we supported a woman whose former partner had bought a whole host of devices, including smart cameras, a smart doorbell, a smart thermostat—all those kinds of things. She and her child felt like they were constantly being monitored; they talked about how exhausted they were by that constant surveillance.
Kevin Brennan
Q
Jessica Eagleton: It is definitely a big consideration. That is why we advise that people get in touch with us and then we can help with safety planning. If a perpetrator has access to those devices and a survivor moves to take back control of them and change the settings, that can be detected by someone with that access. We would work with a survivor to safety-plan how to control her technology.
Kevin Brennan
Q
Jessica Eagleton: My fellow panellist may have some thoughts here as well, but that could certainly be useful for industry. Thinking about the general low awareness of tech abuse, it could be useful to provide industry with some certainty. It could play into that broader awareness piece, as well.
Ruth Edwards
Q
Rocio Concha: Is this about the length of time a product will be supported for? That information should be provided clearly at the point of sale, before you make a decision, so that you know you are going to buy something that may be supported for only two years, versus another product that may be supported for longer. That will hopefully provide everyone with the incentive to extend the number of years for which a product is supported.
We also need to make sure that that information is very clear. We should avoid “up to three years” and “for the lifetime of the product”, which do not really mean much for the consumer. For the consumer to be able to act on that information, it has to be very clear and easy to find when they are making that decision. That is what I would say.
On changing the security, I am a little worried about the industry saying that it may change the period during which a product will be supported. If that change is to extend that period—great; if it is to reduce it, that is very bad. At that point, the consumer has made a decision and bought a product because that product was going to be supported for longer.
If someone was told that a product would be supported for four years, and they later found out it was two years, that product would not be fit for purpose. Under the Consumer Rights Act, you have a right on the same grounds as the Consumer Protection Act 1987.