Lord Arbuthnot of Edrom
Main Page: Lord Arbuthnot of Edrom (Conservative - Life peer)Digital Economy Bill
Lord Arbuthnot of Edrom ExcerptsTuesday 31st January 2017
(7 years, 6 months ago)
Lords ChamberRead Full debate Digital Economy Act 2017 Read Hansard Text Amendment Paper: Consideration of Bill Amendments as at 28 November 2016 - (28 Nov 2016)
Lord Mitchell (Non-Afl)
My Lords, I support all three amendments on the USO. In my view, anything is better than what we have at present and what the Government are aiming for. In particular, I support Amendment 1 in the names of the noble Lords, Lord Mendelsohn and Lord Stevenson of Balmacara. Theirs is the most ambitious amendment, and ambition is what we desperately need. I do not think that it is pie in the sky; it really is what we have to go for.
In my Second Reading speech, I said that gigabits are the future of connectivity—they are the king—and that megabits are simply history. I stick by that. We cannot have pathetically low connection speeds. As we know, sadly, from its past performance, you can set a target for connectivity as low as you like, and the one thing you can be absolutely certain of is that BT will fail to meet it.
It is very clear that worldwide the goal is gigabit connectivity. South Korea, China, the Baltics and Scandinavia are all racing to the top to ensure that their societies are right at the forefront, and so must we. If the Prime Minister wants an industrial strategy that results in a global Britain leading the world, then she and her Government have to set high targets for 21st-century Britain, and nowhere more so than in connectivity. What the Government propose is like having a man with a flag walking in front of a car to ensure that it does not exceed 4 miles per hour. That is why I support Amendment 1—it flies the flag for digital Britain.
I plead with the Minister: do not settle for a third-rate target lobbied for by BT. It has its own agenda, which is to milk its obsolete copper infrastructure. Its interest is not in the national interest. Will this Government be bold and will they set their sights on promoting a gigabit economy?
Lord Arbuthnot of Edrom (Con)
My Lords, one issue that has not been raised in this debate so far is the effect on small businesses in rural areas of the poverty of mobile telephone networks. That, combined with slow or poor, and sometimes non-existent, broadband speeds, puts rural businesses at a disadvantage. So I have a great deal of sympathy with the amendments that have been spoken to, and I hope that the Minister will show similar sympathy.
Lord Inglewood (Con)
My Lords, I join those who have spoken in support of these amendments. Like some other noble Lords, some weeks I come up from the country to your Lordships’ House. The shortcomings of the infrastructure in rural Cumbria, where I live, is far too frequently a topic of conversation.
As a number of noble Lords have said, connectivity is the crucial aspect here, because it is now part of the essential infrastructure of contemporary life. It is important that we look at this issue from the perspective of what people need, but the reality is that what we need today may not be what we need tomorrow. We have to try to bridge the gap between the digital haves and the digital have-nots, and we achieve that by looking at the issue in the way that I have just described. Therefore, I am not approaching this matter from a kind of nerdy, technical perspective. What matters is the result as much as the means by which you get there.
Over the years, there has been a lot of debate about whether a universal service obligation should be in our law and be statutorily enforceable. I had the good fortune to chair the Communications Committee, and a number of years ago, when we conducted an inquiry into broadband, we debated this issue at length. On that occasion we reached the conclusion that what mattered was the rollout and that it was quite conceivable that a USO would get in the way. With the benefit of hindsight, that was probably a mistake, and therefore it is interesting to see the provisions for such a legal obligation coming into our legislation.
However, at the end of the day I come back to where I started with all this, and it is why I will be interested to hear what the Minister has to say. It is not the detail but the result that matters here. We have got to move into a world where the digital divide is bridged. This is particularly important for areas in the country, and I speak from that perspective, but it is also true for a number of urban areas. We seriously deny people access to a whole range of commercial, and other, aspects of contemporary life if there is not adequate connectivity. As a number of your Lordships have said, we live in a country that is adopting a different approach to industry. It is crucial to appreciate that the key to increasing wealth creation in areas outside the south-east of England—which I think everyone agrees is desirable—is improving connectivity. That is the way, as noble Lords have said, to improve the potential of SMEs outside the south-east.
Lord Maxton (Lab)
My Lords, I would like to add one category of cost to that: someone who lives in a remote area some distance away from the main telephone service. The cost of BT or another company installing a line up to that property can be outrageous, to be honest. It can be very considerable and much more than most people can afford to pay. So to the list of those who are disadvantaged and cannot get full access, including, quite rightly, the disabled, must be added those who live in a single property at some distance away from the main service. The costs can be prohibitive.
Lord Arbuthnot of Edrom
My Lords, I will address the House on Amendment 5, in the name of the noble Lord, Lord Mendelsohn. We all want to prevent digital exclusion and this is clearly an admirable way of attempting to do so. But the noble Lord suggests that,
“any excess costs … shall not be paid by users of communication service providers”.
So those excess costs need to be paid, presumably by someone other than any of the users of communications service providers. I wonder whether this amendment might be strengthened if it were to set out by whom those excess costs should be paid.
Lord Aberdare (CB)
My Lords, I support Amendments 12 and 13. I have no mobile coverage at all at my home in Wales and would have no broadband worthy of the name if it were not for a small local supplier offering a line of sight wireless service and willing to do so in competition with BT, although “competition” is hardly the word I would use to describe it.
I believe that a more competitive marketplace is essential to increase the speed and quality of broadband rollout, including, or especially for the final few per cent which I hope means household rather than geographic coverage, and who of course tend to be in rural areas. Similarly, my experience in Wales leads me to believe that to achieve a genuinely competitive and open market, it may well be necessary to bring about some sort of separation of Openreach from BT. I hope that the Minister will be able to tell us how the Government plan to promote a more competitive marketplace as a driver of better services across the nation.
Lord Arbuthnot of Edrom
My Lords, these are very important amendments. There is a concern that BT has tended to invest just enough in a particular area to make it uneconomic for competitors to come in and provide services there. This may just be a natural complaint by people who have been beaten fair and square in the marketplace, because BT is a very large and effective company which is, in many respects, a national champion. However, if it is a canard, it is a persistent one. I hope the Minister will be able to say something to reassure the Committee, either that it is untrue or that something is going to be done about it.
Lord Maxton
My Lords, I too support these amendments, which are on the right lines. My only reservation is that if BT is already the owner of the line into a property—it could be a commercial one—who is responsible if a repair needs to be done: Openreach or BT?
Lord Arbuthnot of Edrom
Main Page: Lord Arbuthnot of Edrom (Conservative - Life peer)Digital Economy Bill
Lord Arbuthnot of Edrom ExcerptsThursday 2nd February 2017
(7 years, 6 months ago)
Lords ChamberRead Full debate Digital Economy Act 2017 Read Hansard Text Amendment Paper: HL Bill 80-III Third marshalled list for Committee (PDF, 262KB) - (2 Feb 2017)
Lord Paddick
My Lords, I support the amendment but not necessarily for the reasons articulated by the noble Lord, Lord Stevenson. Our concern is that if the Government started to appoint members of the British Board of Film Classification and therefore it was not independent of government, we would have a situation in which the Government would potentially be involved in deciding which films or material should be censored or not, which is not a path we would like to go down, particularly in the current climate of populism and the historical issues that that raises.
Lord Arbuthnot of Edrom (Con)
My Lords, the noble Lord, Lord Paddick, has just given the speech that I was rather expecting the noble Lord, Lord Stevenson, to give. The amendment suggests that the Government should be completely out of the running of the BBFC, yet in his very interesting and important remarks, the noble Lord, Lord Stevenson, said that he was a bit concerned that the Government should think it right for this private company, over which the Government have very little power, to have such responsibilities.
The noble Lord, Lord Stevenson, was right to say that the current position is that the BBFC appoints itself. The council of management is chosen from leading figures in the film industry; that council chooses the president and the director, and then they do this important work. If we are to change that, we need some evidence that either there is a risk of the Government interfering in these decisions or that these decisions are being got wrong in some respect. I am not aware that these decisions are being badly taken. As far as I can tell, the BBFC is doing a pretty good job, and until we are clear what regime we want to go to, I would rather leave the law as it is.
Lord Ashton of Hyde
My Lords, I am grateful to noble Lords who contributed to this brief debate, especially the noble Lord, Lord Stevenson, who demonstrated his long experience in the world of film trivia.
The BBFC is an independent, not-for-profit, non-governmental body which classifies films and videos. The BBFC operates a transparent, trusted classification regime based on years of expertise and published guidelines that reflect public opinion. It is self-financed through fees from industry for the work it carries out on classification. It protects children and other vulnerable groups from harm through its classification work, which is legally enforceable and empowers consumers, particularly parents and children, through content information and education. In addition, it is the independent regulator of content delivered via the UK’s mobile networks. Using the standards in the BBFC’s classification guidelines, content which would be age-rated 18 or R18 by the BBFC is placed behind access controls and internet filters to restrict access to that content by those under 18 on all non-age-verified phones.
Amendment 71A introduces a new clause which seeks to clarify the position of the BBFC as an organisation independent of the Government. This proposed new clause also seeks that all appointments made by the BBFC be subject to fair and open competition. I am afraid we do not agree with the noble Lord, Lord Stevenson, that it is necessary to make provision for the independence of the BBFC. The role of age-verification regulator will be one that the BBFC carries out alongside its other independent roles. We do not seek this requirement for its work under the Video Recordings Act, where BBFC officials are also designated by the Secretary of State via notification through Parliament.
The Bill sets out clearly the powers of the regulator, and where it is thought appropriate that the Secretary of State should have a role, this is made clear. For example, in relation to ISP blocking it will be important that the Government and the BBFC work together on a deconfliction process. The Bill provides for a parliamentary procedure for the designation of the regulator, as it is right that Parliament should have the opportunity to scrutinise this important appointment. As we have already covered, the DPRRC has made a recommendation on the designation of the regulator and I assure noble Lords that we are currently considering this carefully before responding.
The other requirement in this proposed new clause is that any appointments made by the BBFC should be subject to fair and open competition. The BBFC is an independent body, and it is not the place for government to set prescriptive guidelines on its recruitment practice in a Bill. The BBFC is a well-respected organisation, as my noble friend mentioned, and has unparalleled expertise in classifying content. I have every confidence the BBFC will deliver on its aims.
With that explanation, I hope the noble Lord will feel able to withdraw his amendment this afternoon.
Lord Arbuthnot of Edrom
My Lords, conscious as I am of the time, I shall simply say that I hope that the Minister will be able to respond positively to this for the very good reasons given by both noble Lords who have just spoken. It is a matter of natural fairness; it reflects the convergence issues which have been spoken about in this Committee already; it reflects the technological tsunami that my noble friend Lord Black has spoken about; and it reflects what the Minister Matt Hancock has said in another place.
Lord Maxton
My Lords, I too support this amendment, but—there is a “but” to it—there are of course two types of e-books. There are those physical books which have been transferred over and copied into an e-system, but there are also increasingly a number of authors who write an e-book directly; they do not publish them at all in written form. I am not sure that this amendment takes account of the fact that there are increasingly these two different types of e-books.
Secondly, the fact is that Amazon which, rightly or wrongly, is the major contributor to the e-book revolution—I have a Kindle in my own pocket, which I read, and I have never picked up a book since I bought it—does not take part in the British national library system at all, as far as I am aware, although it does in America. Increasingly, Amazon is setting up its own lending system, where you can borrow an e-book from Amazon for a relatively small sum of money. You can only borrow it for three or four weeks at a time, but you can borrow it directly from Amazon. I have just a quick question to the Minister. Is there any progress in terms of Amazon becoming part of the system? I gather that one of the problems is that it uses a different type of e-book to the one that is used by the public libraries in this country.
Lord Arbuthnot of Edrom
Main Page: Lord Arbuthnot of Edrom (Conservative - Life peer)Department Debates - View all Lord Arbuthnot of Edrom's debates with the Scotland Office
Digital Economy Bill
Lord Arbuthnot of Edrom ExcerptsMonday 6th February 2017
(7 years, 6 months ago)
Lords ChamberRead Full debate Digital Economy Act 2017 Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 80-IV Fourth marshalled list for Committee (PDF, 161KB) - (6 Feb 2017)
“Cyber-security reporting
(1) The Companies Act 2006 is amended as follows.(2) After section 416 insert—“416A Contents of directors’ report: cyber-security(1) The directors of a company must prepare a cyber-security report for each financial year setting out measures the company is taking to address cyber-security risk.(2) This report should include—(a) cyber-security audits undertaken by the company,(b) details of breaches notifiable under the General Data Protection Regulation,(c) measures in place to ensure the confidentiality and integrity of data processing systems, and(d) processes in place to test and evaluate data protection measures and information technology systems.(3) Cyber-security audits must be undertaken by organisations accredited by the Secretary of State.(4) The cyber-security report must be approved by the board of directors and signed on behalf of the board by a director or the secretary of the company.(5) If a report is approved that does not comply with the requirements of this section, the directors commit an offence.(6) A person guilty of an offence under this section is liable on summary conviction to a fine.””
Lord Arbuthnot of Edrom (Con)
My Lords, I draw noble Lords’ attention to my interests in the register, particularly to the fact that I am chairman of the Information Assurance Advisory Council, chair of the advisory board of Thales UK and a member of the advisory board of IRM, among other cyber-interested companies.
This Bill is about the digital economy, but it contains very little mention of security. Yet cybersecurity is essential, both to the proper functioning of the internet, on which we so rely, and to the trust we place in the digital economy. Global research has been done by the Information Systems Audit and Control Association of the United States of America, and I am indebted to it for its help on these amendments. That research has shown that two-thirds of chief executives of major corporations do not have confidence in their workforces to deal with anything beyond the simplest of data breaches. We all know that there has been no shortage of high-profile data breaches on both sides of the Atlantic over the last 12 months. That has damaged the economic performance of companies and their stock price, and has significantly reduced consumer and business confidence.
I congratulate the Government on making real progress in this area. They have introduced Cyber Essentials, which has been helpful in boosting implementation of cyber controls. I suggest, though, that the uptake of Cyber Essentials has been disappointing. It is not always a requirement that companies observe even the relatively low level of assurance that Cyber Essentials suggests. I use the word “suggests” because of course it is not compulsory. Equally, the new cybersecurity strategy has brought £1.9 billion into developing a capability across the whole of society to address everything from the biggest companies to individual citizens. The Minister of State for Digital and Culture recently indicated in another place that the Government intend to implement the General Data Protection Regulation in full. That is a good thing, but I very much doubt that businesses—and probably even government departments—are anywhere near ready for the GDPR, nor as far along as they really should be by this stage.
In view of the existential nature of our reliance on cyber nowadays, I therefore suggest that we need to go further. Consumers, investors, executives and government alike all need confidence that businesses are taking appropriate steps to safeguard their data and their IT systems—and those of their supply chains as well—from malicious activity. So, I have decided to be helpful. I propose these amendments, which introduce the notion of a cyber audit. They are probing amendments: their wording creates obligations that are perhaps more imperative than I would like to see, because I believe we should start with encouragement rather than requirement.
Everyone is now accepting of, and accustomed to, the notion of external independent financial audits, which have become the norm throughout the world. I believe that a similar approach now needs to be followed in relation to cybersecurity. My suggestion is that we should undertake cyber audits—perhaps as part of financial audits, or perhaps separately; it does not really matter. Those audits could be based on standards that could be evolved by industry, rather than by government, because government legislation never manages to keep up with the astonishing pace of technological change. These cyber audits should include external stress tests of a company’s cybersecurity in areas such as email, and possibly even in relation to a company’s products.
I think the entire House knows that, in 2013, the Target chain of 1,800 stores in the United States of America was hacked by people who broke into its air conditioning system, which was supplied by a third party. Everybody knows about last autumn’s botnet attack by rogue webcams. So if we did this and went for cyber audits, we could gradually begin to address the issue of cybersecurity, so that over time no longer would it create quite the existential threat that it does now. It would need to start on a voluntary basis and be driven by business, not by government, but, in time, I believe it would spread internationally, so that the United Kingdom would not be disadvantaged in competitive terms. It would also ensure that the United Kingdom was in the vanguard of global best practice. I beg to move.
The Advocate-General for Scotland (Lord Keen of Elie) (Con)
My Lords, Part 5 of the Bill requires public authorities and specified persons to specify and meet specific legislative conditions and controls on the handling of personal information. As I have said on a number of occasions this evening, these provisions will be underpinned by codes of practice setting out data security requirements, including cybersecurity. A body that fails to meet these could be prevented from using the data-sharing powers. That is the context in which I turn to Amendments 105 and 106.
Amendment 105 would require all but the smallest of companies to conduct audits on their cybersecurity and to report annually on it and their data protection measures. Clearly, the Government recognise that effective cybersecurity risk management is important to the success of the economy and, indeed, to ensuring the safety and integrity of private citizens’ data. The Government conducted the Cyber Security Regulation and Incentives Review in 2016 to consider whether we need additional regulation or incentives to boost cyber risk management in the wider economy and it showed strong justification for regulation to secure personal data.
The Government will seek to improve cyber risk management through our implementation of the EU general data protection regulation in May 2018. Its requirement to report breaches to the Information Commissioner and individuals affected, and the fines that can be issued under it, will represent a significant improvement. These will be supplemented by a number of measures to more clearly link data protection with cybersecurity, including through closer working of the Information Commissioner and the National Cyber Security Centre. However, we will not seek to pursue further general cybersecurity legislation for the wider economy as would be required by Amendment 105.
We believe that mandating the inclusion of cyber risk information in annual reports, or the introduction of legal provisions for cyber audit, is unlikely to be an effective way of encouraging large-scale change in cyber risk management. Instead, the National Cyber Security Centre plans to work with stakeholders to develop guidance for investors. The long-term aim of the organisation is to include cybersecurity in the guidance it provides to businesses on the kind of information it wants to see in an annual report, and in the reports it provides to investors each year on every listed company.
Amendment 106 is very broad in its aims and, as such, could have unintended consequences for the diverse range of grants that the Government fund each year. The supporting audit and insurance regime would be costly and challenging to enforce given the diversity of grant recipients, including those from voluntary and research communities. Furthermore, this amendment is unnecessary as many of these checks are in place as a matter of routine. The level of cybersecurity risk in grants will continue to be monitored and consideration given to how recently launched grant standards could be used to strengthen guidance in this area. This provides a far more flexible and proportionate solution than legislation.
With respect to subsection (2) of the proposed new clause in Amendment 106, the Government are already taking tangible steps to reduce the level of cybersecurity risk in their supply chain. As of October 2014, suppliers of central government contracts that involve the handling of personal data or the supply of IT products and services must demonstrate they have met the technical requirements set out as part of either the government-owned Cyber Essentials scheme or a suitable equivalent. The scheme was developed jointly with GCHQ and industry to support organisations of all sizes and across all sectors in getting a good, basic level of online security in place. In response to my noble friend Lord Arbuthnot I would observe that, as of the end of December 2016, nearly 5,500 certificates had been issued under the scheme, and we have a strategy in place to significantly increase the adoption of the scheme over the coming year. With that explanation, I hope my noble friend will withdraw his amendment.
Lord Arbuthnot of Edrom
My Lords, I am grateful to my noble and learned friend for his comments. From what he says I suspect that the Government are not quite there yet. However, I hope that my amendments will help to encourage them along a path of some form of regulation in this area. I suspect that the arguments my noble and learned friend used were similar to those that were first used when financial audit was suggested. However, I am grateful for what he has said. I am also particularly grateful to the noble Baroness, Lady Jones, for what she said and for the gracious way in which she said it. However, my amendments were aimed not so much at government as at business. I suspect that this will be part of a long-term campaign, so, with those words, I beg leave to withdraw the amendment.