My Lords, I feel that I am trespassing in this debate—on this rather light-hearted blue-on-blue banter over the way there—but I fear that I ought to join in because this is an important and necessary piece of legislation and, like several of the Bills in the Queen’s Speech, it has been much delayed and is long overdue.
For the most part, we on these Benches support the Bill and wish to help it on its way to the statute book. However, we have concerns over its effectiveness and in places we think that it is wrong and in need of amendment. Part 1 of the Bill, as the Minister set out, relates to powers to introduce mandatory security requirements for consumer connectable products such as smartphones, smart televisions and connected speakers. Historically, the UK has relied on European law to help regulate security requirements. We are now in a position where we are likely to follow where the EU leads on product security. What surprises me is that the Government have been so slow to make progress with their own legislation, given how increasingly important cybersecurity has become.
The other obvious and important point is that, given how quickly technology is evolving in this field, we are always likely to be playing a form of catch-up with legislation. I wonder, therefore, whether the eloquent Minister tell us what plans the Government have to future-proof the legislation, apart from relying on bringing forward regulations following on from the Bill. For example, is work being undertaken with tech companies and manufacturers to anticipate changes to products that will change or weaken, in any way, current levels of cybersecurity? Given that the Government consulted in 2019 on introducing mandatory security requirements for connectable products, and given that legislative proposals were consulted on in 2020, do they think that the current list of products is right, and will they be keeping those excluded under review?
We particularly welcome the move to bring forward a ban on default passwords, a requirement for products to have a vulnerability disclosure policy—whereby security weaknesses in a product are identified and notified—and the requirement for transparency about the period for which a manufacturer will provide security updates for the product. However, I wonder what guarantees consumers will have that these policies will be adequately policed and that enforcement will be effective. Will additional resource be committed, and how quickly will this regime be introduced? Surely the failure of the 2017 code suggests that action is needed now if product security is to be taken seriously.
Part 2 of the Bill covers the rollout of sites to extend and improve the digital network—something that we are all signed up to—and to ensure that it is capable of delivering digital connectivity to a level and standard which a modern economy demands. The Government’s approach so far raises questions about their judgment on the balance of power between landlords providing sites for installations and the network providers. Clearly, something is not right when companies can almost unilaterally determine the level of rent that they are prepared to pay for sites, regardless of earlier agreements. We are not convinced that the arrangements set out in the Bill get the balance right. Landlord-tenant relationships are complex matters, subject to laws that are often open to wide interpretation. What appears to be missing here is a process for dispute resolution that takes into account the original agreements and accurately reflects the value of the site to the network providers. We will no doubt, with others, seek to probe this during the course of the Bill, ensuring that principles of fairness and equity are properly written into the legislation and, in particular, that the many charitable and sporting organisations that benefit from rental income are not disadvantaged.
This is legislation worthy of support from these Benches and, like others who have been involved in the debate this afternoon, we look forward to bringing forward practical changes and improvements to the Bill which will ensure that, when it is on the statute book, this legislation is effective and assists in rolling out our digital connectivity in a way which will greatly benefit our society. We are happy to engage in that process.
2: Clause 1, page 1, line 7, leave out “may” and insert “must” Member’s explanatory statement This amendment strengthens the duty on the Secretary of State to publish regulations introducing security requirements.
My Lords, I am happy to move Amendment 2 in this group and will speak also to Amendment 4. I am grateful to the noble Lord, Lord Fox, for signing up to our Amendment 2. Part 1, as we have said, represents a step in the right direction on product security. The Bill is, as is increasingly the case with this Administration, a general framework Bill which will have much of the detail filled in later by regulations—a point that the noble Lord, Lord Fox, among others, has persistently made, and we have made from our Benches.
Noble Lords might say that Amendment 2 is a rather crude way of discussing the processes and timescales attached to the regulation-making powers in this part of the Bill but, as was mentioned in the previous group, we need much more information about when these regulations are going to be brought forward. Have some already been drafted? If so, can we see them in advance of Report and certainly before Third Reading? If not, why not? Do any of them need to be consulted on, and if so, what implications will this have on the implementation of new rules and systems? This is, as we have heard before, a time-critical Bill so the regulations are time critical as well and, we argue, need an early airing.
Colleagues in the Commons expressed concern that it has taken too long to get to this stage. We, too, regret that the Government have not worked to introduce some of these measures at greater speed and that more of the detail is not in the legislation, a point which the noble Lord, Lord Fox, eloquently made earlier. Surely it would have been possible to do this, given that the Bill was carried over from the previous Session.
Turning to Amendment 4, it
“seeks to place certain product security minimum standards, including the prohibition of so-called ‘default” passwords, on the face of the Bill.”
We think this is an important amendment. I credit Which? as where it draws its inspiration from. It is right that we have some core security principles in the Bill. We know that the Government have form on overpromising and underdelivering. Surely these important security matters should not be left to the whim of the Secretary of State at an undetermined point in the future. This process provides a perfectly good opportunity for us to enshrine the requirements in primary legislation, whether in the form of Amendment 4 or Amendment 5 or something else. We believe that there is a strong case for action
I do not think that they are quite analogous. As I say, it is about the requirement to keep the last available updates available to consumers for eight years rather than evolving them. We do not yet consider that there is sufficient evidence to justify minimum security update periods for connectable products, including display equipment—certainly not before the impact of the initial security requirements is known.
It is important to stress that, as consumers learn more, they will expect more. This will drive industry to respond to market pressure. If the market does not respond to this effectively, the Government have been clear that they will consider the case for further action at that point, but we think that consumer expectation will drive the action we want to see in this area.
Amendment 3, tabled by the noble Lords, Lord Clement-Jones and Lord Fox, refers to children. All noble Lords will agree, I am sure, that protecting children from the risks associated with connectable products is vital. I assure noble Lords that the security requirements we will introduce are designed with consideration for the security of all users, including children, alongside businesses and infrastructure. The Bill already gives the Government the flexibility to introduce further measures to protect children, whether they are the users of the products or subject to other people’s use of a product. We therefore do not think that this amendment is necessary as this issue is already covered in the Bill.
The Bill, and forthcoming secondary legislation, will cover products specifically designed to be used by or around children, such as baby monitors and connectable toys; they include Hello Barbie, which I was not familiar with but on which I will certainly brief myself further. However, we recognise that the cyber risks to children are not limited to the connectable products in the scope of this Bill; indeed, a lot of the issues referred to by the noble Lord, Lord Fox, were about the data captured by some of the technology, rather than the security of the products themselves. That is precisely why the Government have implemented a broader strategy to offer more comprehensive protection to children—including through the Online Safety Bill, to which the noble Lord, Lord Bassam, referred.
I hope noble Lords will agree that Amendment 3 is not needed to make a difference to the Bill’s ability to protect children from the risks associated with insecure connectable products—this is already provided for—and will be willing either to withdraw their amendments or not move them.
My Lords, this has been a useful and interesting exchange.
In my lordly world, “may” and “must” are sort of interchangeable; they were a useful peg on which to hang our discussion about the statutory instrument nature of this piece of legislation. I am somewhat reassured by what the Minister had to say about that, and acknowledge that some of the regulations were brought forward and consulted on at an earlier stage. However, we on this side of the House—I am sure that I speak for the noble Lord, Lord Fox, as well—want to see increased transparency throughout this process. So much of what is in front of us will be in secondary legislation; it is essential that we, the industry and the sector are properly consulted so that we understand exactly what we are dealing with. I make that plea at the outset.
I was pleased to hear what the Minister said about children as the primary users of particular products. I am glad that we have got beyond the “Peppa Pig” world that the Prime Minister occasionally occupies and are giving this issue proper, serious consideration. It certainly needs to be that way.
I am not entirely convinced by what the Minister said on Amendment 4. I look at our amendment; it is pretty basic, actually. It is hard to argue against setting out a particular prohibition in legislation. The ones that we have picked out for prohibition and restriction are quite important and essential. Of course, the Minister is right that those subjects will change and technology will overtake the words we use. We understand that point but we are trying to secure some basic minimum standards and protections here. Clearly, we will retreat with our amendment and give it some further thought before Report, but we may need some further persuasion on this. That said, I am quite happy to withdraw Amendment 2 and not move Amendment 4.
7: Clause 7, page 5, line 24, at end insert— “(5A) For the purposes of subsection (5), a person who provides an online facility through which a distributor makes a product available in the United Kingdom is also a distributor.”Member’s explanatory statement This amendment brings online marketplaces which allow relevant products to be listed for sale within scope of the security requirements outlined in the Bill.
My Lords, Amendment 7 is also in the name of my noble friend Lady Merron. This amendment, as the notes to the Bill’s amendments set out, brings online marketplaces which allow relevant products to be listed for sale within the scope of the security requirements outlined in the Bill. We wish to express again our gratitude to Which? and others for their work in relation to online marketplaces, including, but not limited to, Amazon and eBay, which facilitate the sale of many of these products.
Research suggests that a significant number of products listed on online marketplaces could have security and privacy risks. This is prior to the introduction of the new rules for producers, importers and distributors, but it does highlight the importance of ensuring that marketplaces are subject to at least some of the new measures. Following Second Reading, the Minister kindly wrote to noble Lords, as he promised he would, and suggested that in many cases these websites will fall under “at least one” of the categories and, even if they do not, earlier parts of the supply chain will be subject to the new duties. On that basis, the Government say they will not explicitly bring marketplaces within scope of these measures but will keep the matter under review. It is disappointing that the Minister decided to rule out this change without even having this Committee debate. I hope the Minister’s response will go into more detail than the letter, and he will outline exactly what this review process will look like. Importantly, if it becomes apparent that obligations need to be imposed on these businesses, can he outline the process for achieving this? Can it be done under existing powers, or would it require an additional, albeit simple, piece of primary legislation?
This may not be a gaping hole in the Bill, but it does feel like a gap that needs to be addressed. We hope the Government will be persuaded of that in the run-up to Report stage. It is important because we do not often get legislation on this subject and we do not often get the opportunity to deal with issues such as this. I say to the Minister that we need considerable reassurance on this point because of that very fact. The Minister may say that it is all going to be down to regulations. That is not really a complete answer but we look forward to hearing his response.
My Lords, I rise to speak to Amendment 8 in my name and that of my noble friend Lord Clement-Jones. These are two ways of doing the same thing so I support the spirit of Amendment 7, about which we have just heard from the noble Lord, Lord Bassam.
This amendment adds the following wording to Clause 7:
“Any person who is a provider of an internet service that allows or facilitates the making by consumers of distance contracts with traders or other consumers for the sale or supply of a relevant connectable product is to be regarded as a distributor for the purposes of this Act, if not a manufacturer or an importer of the product.”
This amends the language that defines a distributor in the scope of the Bill. Online marketplaces are a mainstream form of today’s retail. Which? research in 2019 found that more than 90% of the UK population had shopped through an online marketplace within the month it was polling. That has increased during the pandemic. However, its research also consistently highlighted how online marketplaces are flooded with insecure products. It has previously demonstrated issues with the lack of legal responsibility of online marketplaces for the security and safety of products sold through their platforms.
The Government have recognised the problem, in their response to the call for evidence on product safety, that current safety rules were designed to fit supply chains as they operated before the world of internet shopping. In the realm of product safety, the Government have acknowledged that this can result in the peculiar situation where no actor is responsible for ensuring product safety. This has resulted in organisations such as Electrical Safety First repeatedly finding unsafe and non-compliant products listed on online marketplaces. Therefore, the traditional conception of actors in the supply chain is now outdated.
The Bill defines “distributor” as
“any person who … makes the product available in the United Kingdom, and … is not a manufacturer or an importer of the product.”
At present, it seems unlikely that certain online marketplaces, including eBay, Amazon Marketplace and Wish.com, will be included within the scope of that definition of distributors in the Bill. This will leave, without overstating it, a sizeable gap in the regulatory scope of this market.
Given the amount of insecure tech readily available on online marketplaces, it is paramount that these platforms are given obligations in the Bill to ensure the safety and security of the products sold on their sites, regardless of whether the seller is a third party. However, the Clause 7(5) definition of “distributor” in terms of making products available on the market is in line with existing product safety law, so we know that certain marketplaces are not classed as distributors and hence not obligated to take action. Amazon Marketplace, Wish.com and eBay are marketplaces where other people are selling; this is the issue.
This amendment seeks to expand the definition of distributors in Clause 7 to include appropriate online retailers, such as listings platforms and auction sites, including eBay, Amazon Marketplace and AliExpress. I feel sure that the Minister did not intend for the legislation to miss these marketplaces out; rather than risk this loophole going any further, we will work with the Minister and Her Majesty’s loyal Opposition to come up with some wording that absolutely iron-clads the Bill to ensure that these sorts of marketplaces are also included.
I am happy to include my noble friend in the replies and the letter I send. This touches on work which falls under the Department for Business, Energy and Industrial Strategy, and the points he raised, of course, fall to Her Majesty’s Revenue and Customs. We will make sure that, having consulted officials there, we provide some details of the work those departments are doing as well.
My Lords, I am looking forward to the correspondence on this; I fancy that the noble Lord’s civil servants will have a tricky job on their hands. I do not think I quite got a response to what the nature of “being kept under review” really meant, but I await word in the future.
I have been reading the Explanatory Notes, as the Minister will probably be unhappy to hear, and I can see the difficulties. In trying to ensure that the legislation is focused, rightly, on the producers, manufacturers, importers and distributors, it is hard to work round that and not capture people who are simply installers of a product. On the other hand, there are circumstances where installers are primarily responsible for the effectiveness and working of the product, and if it was not for the way they install it, it would not be effective. The terms of the contract are such that it makes that difficult.
I can see the difficulty here, but for now I am happy to withdraw our amendment. In doing so, we are equally supportive of the amendment in the name of the noble Lord, Lord Fox, because the two are contiguous in their formulation.
We support this amendment and look forward to the Minister explaining how the important words of Her Majesty’s Government on reporting vulnerabilities can be carried out without a measure such as this on the statute book.
No, I give credit where it is due. I congratulate the noble Lord, Lord Arbuthnot, on his amendment because the issues that he raised and the questions posed by the noble Lord, Lord Fox, in particular, are legitimate ones.
Although this is not the place to amend or change the Computer Misuse Act 1990, as the noble Lord, Lord Fox, said, it certainly is the place to raise concerns. After all, we are talking about product security and safety. It is vital that we have appropriate safeguards in place to prevent and, if need be, punish cyberattacks and other forms of hostile behaviour online.
However, as we seek to make smart devices safer, clearly there is a role for researchers and others to play in identifying and reporting on security flaws. They need to be able to do this within the safe zone of concern, knowing that they are not themselves going to be captured by those who are responsible for cybersecurity. As I understand it, exemptions exist in similar legislation to ensure that academics and other legitimately interested parties can access material relating to topics such as terrorism. The amendment before us today raises the prospect of granting a similar exemption and defence in this particular field.
I am conscious that the noble Lord, Lord Fox, raised the spectre of auras in the form of the noble Lords, Lord Vaizey, Lord Clement-Jones and Lord Holmes of Richmond—as well as the intent of the noble Baroness, Lady Neville-Jones, who is of course very knowledgeable about the business of security and has had both professional and political responsibility in that field. However, I think that, when those auras and his own say that this is an issue of concern, we as the Official Opposition reflect that concern.
I hope that the noble Lord will engage with the noble Lord, Lord Arbuthnot, and others following Committee on this—I am sure he will—because it is a very important subject. A campaign backed by such an esteemed cross-party group of colleagues in the Committee and in another place cannot be entirely wrong. The Computer Misuse Act 1990 is the framework we have got, but it is right that it is reviewed and that something fresh is brought before us to protect us from cyberattacks in the future.
I am very grateful to my noble friend Lord Arbuthnot of Edrom for representing the other three signatories to this amendment. I was glad to meet him and the noble Lord, Lord Clement-Jones, to discuss this yesterday.
The role of security researchers in identifying and reporting vulnerabilities to manufacturers is vital for enhancing the security of connectable products. The good news is that many manufacturers already embrace this principle, but there are also some products on the market, often repackaged white label goods, where it is not always possible to identify the manufacturer or who has the wherewithal to fix a fault. The Bill will correct that.
As noble Lords have noted, there are legal complexities to navigate when conducting security research. The need to stop, pause and consider the law when doing research is no bad thing. The Government and industry agree that the cybersecurity profession needs to be better organised. We need professional standards to measure the competence and capabilities of security testers, as well as the other 15 cybersecurity specialisms. All of these specialists need to live by a code of professional ethics.
That is why we set up the UK Cyber Security Council last year as the new professional body for the sector. Now armed with a royal charter, the council is building the necessary professional framework and standards for the industry. Good cybersecurity research and security testing will operate in an environment where careful legal and regulatory considerations are built into the operating mode of the profession. We should be encouraging this rather than creating a route to allow people to sidestep these important issues.
As noble Lords have rightly noted, the issues here are complex, and any legislative changes to protect security researchers acting in good faith run the risk of preventing law enforcement agencies and prosecutors being able to take action against criminals and hostile state actors—the goodies and baddies as the noble Earl, Lord Erroll, referred to them. I know my noble friend’s amendment is to draw attention to this important issue. As drafted, it proposes not requiring persons to obtain consent to test systems where they believe that consent would be given. That conflicts with the provisions of the Computer Misuse Act, which requires authorisation to be given by the person entitled to control access. As the products that would be covered by this defence include products in use in people’s homes or offices, we believe that such authorisation is essential. The current provisions in the Computer Misuse Act make it clear that such access is illegal, and we should maintain that clarity to ensure that law enforcement agencies do not have to work with conflicting legislation.
The amendment would also limit the use of such a defence as testers would still be subject to the legal constraints that noble Lords have described when reporting any vulnerability that the Government have not banned through a security requirement. If a new attack vector was identified that was not catered for by the security requirements, the proposed defences would have no effect. The amendment would not protect those testing products outside the scope of this regime, from desktop computers to smart vehicles. If we consider there to be a case for action on this issue, the scope of that action should not be limited to the products that happen to be regulated through this Bill. None the less, the Government are listening to the concerns expressed by the CyberUp Campaign, which have been repeated and extended in this evening’s debate.
The Home Secretary announced a review of the Computer Misuse Act last year. As my noble friend noted, the Act dates back to 1990. I do not want to stress too much its antiquity as I am conscious that he served on the Bill Committee for it in another place. His insight into the debates that went into the Bill at the time and the changes that have taken place are well heard. The evidence which is being submitted to the review is being assessed and considered carefully by the Home Office. It is being actively worked on and the Home Office hopes to provide an update in the summer.
I hope, in that context, that noble Lords will agree that it would be inappropriate for us to pre-empt that work before the review is concluded and this complex issue is properly considered. With that, I hope my noble friend will be content to withdraw his amendment.
I know. I rise to move Amendment 17 in his name. I am grateful for the tuition that I have also had from the noble Earl, Lord Lytton—more about him shortly. Unfortunately, we are missing his huge expertise, but do not worry, I will be here to channel some of his thoughts.
This amendment seeks to ensure that any new agreements made with reference to Clause 57 and using paragraph 20 of the Electronic Communications Code must have regard to the terms of the existing agreement to ensure continuity and fairness. It aims to address outstanding concerns with the way rights are assigned when there are operators in occupation at a site. This is a complex issue and I am aware that the Minister and his colleagues at DCMS have been grappling with it as the Bill has been developed, but it is vital that the Government get this right.
The issue that the Government are trying to address was brought about by a confusion in the 2017 code. There have been some issues where operators have been prevented from getting the code rights they need to support their networks because they are already in occupation of the land and they cannot grant themselves rights.
The Government’s original consultation response and the first draft of the Bill tried to address this by changing the definition of “occupier” in the Bill. This was at Clause 57 in the original Bill. The stated policy intent made it clear that the change is intended only to address the issue that we have outlined and to ensure that when operators are in occupation of land they are able to obtain new code rights.
However, it was made clear to the Minister and his colleagues at DCMS that the original draft would in fact have much greater implications and would potentially allow operators to misuse Clause 57 as it was originally set out to modify or cancel agreements mid-term. This would be in the operators’ interest, since they could break a contract that had been agreed in good faith and move the new contract on to a new valuation basis under the 2017 “no scheme” provisions for consideration.
The Government tried to address this by removing the original draft of Clause 57 and replacing it with the new Clause 57 that we have before us today. Instead of changing the definition of “occupier” in the Electronic Communications Code, it creates a more specific code right to deal with the underlying problem.
--- Later in debate ---
Governments can, of course, turn long-held understandings on their head, as the Labour Administration in 1963—I am sure none of the Front Bench remembers—did with the residential security of tenure of rent control.
I say to the noble Lord, Lord Bassam, we are coming to the Landlord and Tenant Act 1954.
The residential security of rent control caused a seizing up of the private rented sector for the next 25 years. This is something that the Landlord and Tenant Act 1954 avoided doing in the business sector by providing security of tenure, but on market rental terms. The word of warning here from the noble Earl is that Government should be careful what they wish for and how they go about any significant transition in dealing with human sentiment against actuarial robotics, and be aware of whose voices they lend their ears to.
There are apparently three routes to lease renewal: the 1954 Act, which the noble Earl believes is effectively overwritten in some instances by the 2017 code revision; the immediate pre-2017 code for non-LTA leases; and the situation that pertains for agreements following the 2017 changes. This seems a recipe for confusion, and if the noble Earl is confused, where does that leave the rest of us?
There is a lot of detail in quite a short amendment, but this is an issue. I understand, and I think my noble friend Lord Clement-Jones and the noble Earl, Lord Lytton, understand, that there needs to be some clarity over which measures apply where, and whether the Government really want to sanction wholesale renegotiations of the nature that the noble Earl, Lord Lytton, has set out. I think that is a law of unintended consequence, and it will slow down the implementation of what we want to be implemented rather than allow it to happen more quickly.
19: After Clause 60, insert the following new Clause— “Requirement for operators to notify emergency service sites prior to upgrading or sharing apparatus (1) The electronic communications code is amended as follows.(2) In paragraph 17, in sub-paragraph (1), for the words “sub-paragraphs (2) and (3)” substitute “sub-paragraphs (2), (3) and (4A)”.(3) After sub-paragraph (4) insert—“(4A) The third condition is that, where a site is provided by an emergency service, before the beginning of the period of 21 days, ending with the day on which the main operator begins to upgrade the electronic communications apparatus or (as the case may be) share its use, the main operator provides written notice to the site provider.””Member’s explanatory statement This new Clause would require operators with agreements under the code that are not subsisting agreements to provide written notice to site providers that are an emergency service in advance of apparatus being upgraded or shared. This would allow relevant emergency services to plan around service outages or other forms of disruption.
My Lords, I speak on behalf of my noble friend Lady Merron, who has tabled this amendment. The proposed new clause in Amendment 19 would
“require operators with agreements under the code that are not subsisting agreements to provide written notice to site providers that are an emergency service in advance of apparatus being upgraded or shared”.
This would obviously allow “relevant emergency services” to plan better around things such as
“service outages or other forms of disruption.”
We have tabled this amendment because some hospitals have reported instances where telecoms engineers have arrived to inspect or upgrade equipment, having provided little or no notice of their visit or the need to turn broadband and other data connections off for its duration. As I am sure the Minister will be aware, this amendment was tabled in the Commons and, at that point, the Government insisted that the clarification was unnecessary. The Minister, Julia Lopez, said that paragraph 17 rights authorise a visit only where there is no adverse impact, which probably brings us back to earlier debates.
For visits that go beyond paragraph 17 rights, the Government insist that operators need to obtain permission in advance or potentially face legal repercussions. However, hospitals and other emergency services have far more important things to do than pursue complaints and court orders while they are running important services. The Minister also claimed that introducing this clarification
“would undermine the policy intention of the rights”.—[Official Report, Commons, Product Security and Telecommunications Infrastructure Bill Committee, 22/3/22; col. 121.]
If my noble friend will permit, I will come to the points she raises on consultation shortly.
Clause 72 will allow the Secretary of State to amend the Communications (Access to Infrastructure) Regulations 2016. Sharing infrastructure in the concentration of gigabit-capable networks can greatly reduce the cost and increase the pace of deploying networks, and can reduce the need to dig up streets, preventing unnecessary disruption to the local population and reducing carbon emissions. The 2016 regulations enable sharing of information about access to physical infrastructure across the utility, transport and communications sectors. They also include the right to access that infrastructure on fair and reasonable commercial terms and conditions. The Government published our response to the call for evidence on a review of these regulations last year. We set out that there may be some areas where they could be made easier to use and to understand.
In addition, we said we would legislate to allow future changes to the regulations via secondary legislation rather than relying on primary legislation. That legislation would be subject to further consultation with Ofcom and other appropriate parties. To expand on that a little, Clause 72 makes clear that
“the Secretary of State must consult … OFCOM; … such other persons as the Secretary of State considers appropriate”
before making such regulations. I cannot conceive of a set of circumstances where the landowner would not be one of the other persons that the Secretary of State considers appropriate—obviously, if I have that wrong I will write to noble Lords. In addition, any regulations made using this power will still be scrutinised as part of the affirmative resolution procedure. Clause 72 therefore grants to the Secretary of State a narrow power to make provision, through regulations, conferring rights on network providers in relation to infrastructure for the purpose of developing communications networks. These provisions include the power to amend, revoke or replace the 2016 regulations.
Finally, my noble friend Lord Vaizey raised some useful points about operator behaviour, which I think we may discuss in more detail in later amendments in group 6 on the Ofcom code of practice. I will leave it till then to address those, if that is acceptable.
My Lords, I am somewhat reluctant to let this go, I must confess. The emergency services in this country have a very difficult job to do, and I think they require better treatment than this.
I am not satisfied with the noble Lord’s explanation. I can envisage a time when an engineer turns up on the basic premise that the task they have to complete is smallish, but it turns out to be a rather larger problem—a bit like when you get a plumber in and they suddenly discover that there is something more fundamentally wrong with your boiler than the dial not working properly, and that it needs repressurising and a part needs to be brought up. This is a practical consideration, as it could cause considerable disruption to a service.
I was thinking of something that recently happened quite close to where I live. The road immediately in front of the local fire station was dug up; I cannot believe that the highways authority was not in contact with the fire station concerned, but I am not entirely sure that it was. I know that the people working in the fire station were put out for the period of time in which their ability freely to come and go in an emergency situation was seriously impacted.
For the purposes of Committee, I will withdraw this amendment, but the Government need to give this further thought. These behaviours can be highly disruptive. They can impact quite adversely on people’s personal security and safety; obviously, we want to make sure that there is a reasonably sensible way for providers to exercise their rights to repair, renew and so on, but we need to get the balance right and the Government need to think about this again. I beg leave to withdraw Amendment 19.
My Lords, I will briefly support the clause stand part amendment and the amendments in the name of the noble Lord, Lord Clement-Jones. They appear entirely sensible, especially the restricting of rent reductions to the date on which a court order is made, rather than being retrospective. Like the noble Earl, Lord Devon, I am not a lackey of APWireless and have done my own negotiations with my solicitors on my contract, which were far from amicable.
My Lords, I shall be very brief. In general, I support the arguments of the noble Lord, Lord Clement-Jones. The arguments on retrospectivity, which the noble Earl, Lord Lytton, addressed, are sound; it surely cannot be right that we have a change that will penalise landlords in the way this does. A reform could lead to a sudden and significant sum of money being owed to telecoms operators by site providers. Some of those who provide sites could even end up in a form of bankruptcy, particularly if courts make a decision that goes back to a point at which the notice was served. Large sums of money will be involved.
Amendment 34, which we have signed, would ensure that interim rent payments could not be backdated to that point, prior to a court order being obtained. That would mitigate the risks of backdated payments causing site providers severe or significant financial difficulties. That is a reasonable and fair principle which should find its way into this legislation. We support the other amendments from the noble Lord, Lord Clement-Jones, in generality as well.
My Lords, even more briefly, the Minister said in responding to the last group that the Government are clear that the cost of rent is too high and the purpose is to drive it down. In different comments, he stated that he felt these costs will eventually find their way to the consumer—I doubt that, but time will tell. What is the purpose of the retrospectivity and who will benefit? When will I receive my refund on my mobile phone bill for the retrospective repayment of this money? The answer is that I will not, so who will benefit from this and why are the Government causing it to happen?
43: After Clause 72, insert the following new Clause— “Local authority nominated persons Within three months beginning with the day on which this Act is passed, the Secretary of State must lay before Parliament a statement outlining the steps Her Majesty's Government intends to take to ensure local authorities—(a) publish the contact details of an officer designated with responsibility for matters pertaining to the exercising of code rights, and(b) publish relevant updates to the information provided under paragraph (a) in a timely manner.”Member’s explanatory statement This amendment is to probe whether the Government is taking any steps to ensure local authorities make the contact details of relevant officers publicly available, in order to assist telecommunications operators and other interested parties.
My Lords, on behalf of my noble friend Lady Merron, I am moving Amendment 43. This amendment is designed to probe the Government and work out whether they are taking any steps to ensure that local authorities make the contact details of relevant officers publicly available so that telecommunications operators and other interested parties can make relevant inquiries. What stimulated this is the simple fact that telecoms operators have said to us that they regularly encounter difficulties identifying the responsible officer in local authorities. That experience is not universal—some local authorities are very good at making contact details available—but where problems are faced, infrastructure rollout is slowed down considerably. DCMS has acknowledged that different authorities deal with digital infrastructure matters in different ways. This amendment is our way of asking the Minister what steps the Government might consider to ensure greater consistency.
My Lords, this was a brief debate. I turn first to Amendment 43. I thank the noble Lord, Lord Bassam, and the noble Baroness, Lady Merron, for raising this important subject.
The Government are committed to delivering policy which helps rollout for everyone, and support the entire telecommunications sector in delivering connectivity. Ensuring that local authorities are ready to facilitate rollout as quickly as possible is a key part of this. It will benefit people across the UK in receiving the best possible service and ensure that all operators are able to compete to provide that service.
Local authorities should have autonomy to serve their communities in the way that they see fit. The difficulties faced by urban communities are likely to be very different from those faced in the highlands, for example. The Government believe that local authorities are best placed to decide how to lead and foster digital rollout in their local area.
Mandating local authorities to designate a particular officer responsible for digital connectivity would be too prescriptive. However, we recognise the considerable benefits of having a dedicated lead on digital infrastructure in local and regional authorities, which is why we strongly recommend this approach in our digital connectivity portal, DCMS’s official guidance for local authorities concerning connectivity. The portal provides a huge amount of practical information for local authorities—for instance, on debunking myths around 5G, making assets available for hosting equipment, and the application of the Electronic Communications Code and planning regulations. The digital connectivity portal is a vital enabler for local authorities to facilitate digital infrastructure deployment.
In May last year, the then Minister for Digital Infrastructure also wrote to all chief executives of local authorities to encourage them to appoint a digital champion and to engage with DCMS. I understand that as many as 80 authorities have responded and officials have been able to offer support to them. We have also provided £4 million of funding for the Digital Connectivity Infrastructure Accelerator programme, designed to foster increased collaboration between local authorities and the telecommunications industry. Local authorities can take advantage of these tools and funds to take the steps most appropriate in their area to encourage and facilitate rollout. I hope that gives reassurance on how seriously the Government take local authority engagement, and that the amendments will not be pressed.
If I might anticipate a possible comeback, it sounds like we very much agree with the noble Lord, so to be consistent about my inconsistency, we are not going further and mandating this because the Government seek to balance the national objective of accelerating digital infrastructure rollout with the need to allow local authorities to make the best choices for their communities. Each local authority will have a different approach to its specific local challenges. We feel that further imposition of rules from central government in these spaces risks disrupting environments that are already encouraging investment in infrastructure rollout.
Amendment 46 asks whether the Government intend to introduce a streamlined subsidy scheme for telecommunications infrastructure to reduce administrative burdens on public authorities. To provide some context, the new Subsidy Control Act, which has not yet fully come into force, gives the Government the ability to create streamlined subsidy schemes for all public authorities to use. The streamlined schemes are intended to provide a way of granting subsidies quickly, with little administrative burden, while also providing legal certainty to both the public authority awarding the subsidy and the beneficiary of the subsidy. The Government intend that these should facilitate the award of low-risk and uncontentious subsidies in areas of policy that are strategically important to the United Kingdom. Streamlined subsidy schemes will be considered for categories of subsidy where they will add clarity for public authorities and make the assessment of compliance simpler.
Although the Government currently have no plans to create a streamlined subsidy scheme for the installation of telecommunications infrastructure, we remain committed to delivering and supporting the rollout of such infrastructure as soon as possible. BDUK’s Project Gigabit is delivering gigabit-capable broadband across the UK, working closely with public authorities, including the devolved Administrations and local authorities, to help refine procurement boundaries, validate the market’s local investment plans and stimulate demand for gigabit vouchers.
The work we have undertaken so far has shown that the model is effective at responding to changing market conditions by refining or combining procurement boundaries to reach efficient scale and secure value for money for public subsidy. DCMS will continue to engage and consider how to support public authorities as best as possible to reduce administrative burdens, including on any considerations on subsidy control or future streamlined subsidy schemes.
I hope that explains why the Government consider that a streamlined subsidy scheme for telecoms infrastructure is not needed at this time. However, this will be kept under review. I ask noble Lords not to press their amendments.
My Lords, local government is always a question of discretion and flexibility versus providing a more rigorous approach to getting local authorities to deliver and perform. I accept the parameters of the argument. There is some merit in central government doing more to encourage local authorities to appoint a specific officer to help manage the rollout of digital. I think we are fairly in agreement on that point; 80 authorities out of 360-odd is not a lot but it is progress. Perhaps the Government could, or should, reinvigorate their drive to get authorities to come up with an identified official, particularly for the planning authorities.
I was very interested in what the Minister had to say about the second amendment. It seems that there is the emergence of a plan. I will read very carefully what the noble Lord had to say in Hansard and we will reflect further, but for now, I am more than happy to withdraw our probing amendment.
My Lords, I too welcome the Minister to his new role. I think DCMS will be at least as busy as his previous engagements, so we look forward to seeing him on his feet at the Dispatch Box quite a lot.
The unifying feature of these three amendments, which in policy terms are different, is that we are seeking some clarity. So, I support my noble friend in Amendments 1 and 13, and I rise to speak to Amendment 3 in my name. Given that online marketplaces represent the single most popular point of sale for connected products, these platforms should have responsibilities for the security of the products they are selling. That is what we are seeking clarity on today. If online marketplaces are not held responsible under the Bill, these insecure products will continue to be sold and, in all likelihood, their sale would become more prolific.
One of the last things the noble Lord, Lord Parkinson, did as Minister was to dispatch a letter to me in response to queries such as this raised in Committee about the status of online marketplaces—the fear being that channels such as listings platforms and auction sites such as eBay, Amazon Marketplace and AliExpress might present a loophole. The problem is the lack of clear definition for the various players that are part of the internet value chain and the fact that these players have different degrees of insight or control over what is happening online.
As the Minister will see from his predecessor’s letter, dated 21 September 2022, the department’s stated position for online marketplaces is that,
“businesses need to comply with the security requirements of the product security regime in relation to all new consumer connectable products offered to customers in the UK, including those sold through online marketplaces”.
I would appreciate it if the Minister could confirm this from the Dispatch Box. It is paramount that online marketplaces are given this obligation in the Bill to ensure this security, regardless of whether the seller is a third party. It would help very much if the Minister set out what the Government’s definition of an online marketplace is.
How does the Minister’s department plan to deal with the retailers, which are far away, possibly with their real identity obscured on the online marketplaces? Will the department go to the online marketplace first and how will that process be marshalled? In other words, when a customer has a problem, who do they contact?
My Lords, before I make any comments on this group, I join noble Lords in welcoming the noble Lord to his new position on the Front Bench. I think this Bill is a gentle introduction, and this afternoon will probably give voice to that sentiment. I do welcome him. We have been delighted by the general response we have had from the department on the Bill and the open way in which the noble Lord’s predecessor approached things. I am sure the noble Lord will continue very much in that vein.
This amendment was resisted when we were discussing these matters in Committee, on the basis that minimum requirements will swiftly be set out in regulations. Regulations are not always swift in coming, so perhaps it would be useful for the Minister to remind us how quick that will be. Is he in a position today to commit to a timescale for the full details to be brought forward? This is, after all, an important piece of protective legislation, as noble Lords around the House today have made clear, and, given that it is about protecting customers and consumers, it is important that we have some assurance on that point.
The questions that our noble friends on the Lib Dem Benches have asked are very important ones and they require to be answered. Although the Minister will no doubt resist these amendments, it would help us if we had some further reassurance, perhaps before we get to Third Reading. However, we are grateful for the written assurances that the Minister’s predecessor offered in relation to online marketplaces, and we hope that the current provisions will prove effective. I ask the Minister to outline how the Government would amend those provisions should that need arise in future. The noble Lord, Lord Parkinson, was always willing to provide us with some written responses, and that would probably suffice for us for today’s debate and deliberations. I look forward to hearing what the Minister has to say on this.
My Lords, Amendments 2, 4 to 12 and 14 very much reflect amendments that I tabled in Committee, and in that regard, I am very pleased to see them reappearing with the Minister’s name on them.
The Minister was mercifully spared one of my longer speeches in Committee where the full set of concerns raised by the Delegated Powers and Regulatory Reform Committee was discussed. For that, he may be truly grateful. We are pleased that these amendments have come back, but I am disappointed that the Minister feels that the Government still need the breadth of powers claimed in Clauses 11, 18, 19, 24 and 25. These are justified, as usual, by the need for flexibility. However, if our working during the Covid crisis showed nothing else, it demonstrated that Parliament could move swiftly and that we were not an impediment to flexible action. I am sure that in his former role the Minister saw us demonstrate that across the Floor many times in dealing with statutory instruments quickly and clearly. It seems that departments have grown very accustomed to using primary legislation to create generously for themselves the ability to act in wide-ranging ways without further or significant recourse to Parliament, and we have to spend an awful lot of time reining that back.
Without sounding too churlish given that the Minister has conceded on a number of things, I think this is a generally avoidable process. I feel sure that the people drafting legislation and the Ministers know what the DPRRC will say about this almost continuous stream of legislation that seems to take power from Parliament, yet each time we do the same dance between the department, the draft, the DPRRC and your Lordships. This is an avoidable process. That said, I thank the Minister for retabling the amendments.
The removal of Clause 57 via Amendment 15 is of course very sensible given the judgment of the Supreme Court, and we support that.
I am pleased that the Minister has clarified which body will be dealing with this in terms of empowerment. On the OPSS, the Minister talked about capacity. This is a big new job for that body, and it needs not just the capacity that it has but future resources. Can the Minister assure your Lordships’ House that that body will have the resources to be able to do what is a really big job? If you look at what is going out on the internet-enabled markets, this is a huge job. Can that body be assured that it will get the resources it needs to ensure that consumers’ security is not jeopardised?
My Lords, I am reflecting on the points that the noble Lord, Lord Fox, made about statutory instruments. I guess that I have heard those arguments over much of the 25 years that I have been here, and I have a lot of sympathy with them. I had less sympathy when we were in government, but I have more sympathy now.
I too am pleased to see these amendments, which in part reflect the debate we had in Committee and the amendments that were moved by our colleagues on the Liberal Democrat Benches. They in turn were of course a reflection of the comments made by the Delegated Powers and Regulatory Reform Committee, and for that reason we welcome their tabling. It ill behoves any Government to ignore the wise words of the DPRRC. Not all the amendments are in response to its report—Amendments 15 to 17 are not—but they are a sensible response and reaction. We would expect the Government to do no less.
As our colleagues on the Lib Dem Benches have said, the removal of Clause 57 comes as the result of the recent Supreme Court ruling on the same topic. We are aware that operators have very much welcomed the clarity offered by that ruling. We welcome the DCMS withdrawing the clause. If it had not, we would have been left in a very confused position.
We welcome these amendments. We are pleased to see the Government being responsive. We are grateful that they have reflected on our earlier debates. With that, we offer our support for these amendments.
I thank noble Lords who have spoken in this debate. The noble Lord, Lord Fox, asked about the OPSS. When we considered the options, we looked at who had the potential capacity and who could bridge the gap in knowledge as quickly as possible.
The vast majority of products in scope of the Bill, such as mobile smart lightbulbs, wearables, kitchen appliances—the internet of things—are also in scope of the product safety legislation. Given that the OPSS has already introduced the Electric Vehicles (Smart Charge Points) Regulations 2021, which impose some security requirements in relation to these products, based on the same international standard that we felt most appropriate, the OPSS’s published strategy aims to bring these product regulations together to protect people and to enable responsible business to thrive. We feel it is effective and we intend to give it the resources it needs.
The noble Lord, Lord Fox, said that he was disappointed. I heard this a number of times when I was Health Minister in your Lordships’ House. I completely understand. The noble Lord, Lord Bassam, said he was less sympathetic when he was in government. I am sympathetic being in government. I am happy to try to push as much as we can. The noble Baroness, Lady Merron, asks me to remember that point, so no doubt it will be used against me one day. This is the nature of parliamentary democracy. I beg to move.
My Lords, the noble Lord, Lord Kamall, has demonstrated a prodigious ability to outsource the responsibility for presenting the government amendments. We welcome the noble Lord, Lord Sharpe, to this Bill.
As the noble Earl, Lord Devon, pointed out, this is late to the party. It is also the first time we have heard the explanation for this Bill, though others may have been lucky in having it. We had a meeting with the noble Lord, Lord Kamall. No one from the Home Office was there to give us the information we have just received, so I am absorbing it for the first time—a relatively unsatisfactory process. That said, this is an important area. I am surprised that the code has somehow been allowed to continue for as long as it has without this issue cropping up. Have there been specific issues which have caused this to happen, or is it still a hypothetical matter that the Government are seeking to deal with?
Everybody can appreciate the problems of sticking a 5G tower on top of GCHQ. No one wants to see it, but I can imagine that the reality is a more subtle set of problems. We on these Benches seek a better sense of the real-life cases which the new clause seeks to stop. The Minister singled out technical risks in particular. Those exist beyond the site itself, on the environs. I am interested to hear from the Minister how the clause deals with a 5G site put adjacent to a security site. What thresholds are the Government going to expect its security services to run when it comes to implementing the clause? It will not just be on the site itself.
I understand that quite a lot of this will be enshrined in a digital toolkit. It would help us all if the process of developing that digital toolkit was one with a collaborative approach. The noble Earl, Lord Devon, also highlighted that this problem of overriding access from the operators extends beyond the security environs. This is not just a security issue; it spreads into other places. Like many other Peers, I received a letter from the fire and rescue service. While this is not a security issue, it falls within the purview of the noble Lord, Lord Sharpe, and the Government should consider it, because it raises the problems of putting network equipment on fire and rescue service land and the fact that it would impede the training and preparation of that service.
This is even later than the Government’s amendment, and I recognise that it is not even part of this amendment, but it is a specific concern, and the Minister would do well to undertake to your Lordships’ House to talk to the fire and rescue service, to understand their problem and, if necessary, I am sure that we would all tolerate a late insertion at Third Reading. I say this without having spoken to the Opposition, but if it was an issue, I think that we would discuss it.
We understand that national security issues must be taken into consideration. We do not understand how this will work, what the thresholds will be, and what sort of cases it is seeking to avoid. More explanation is required.
My Lords, I welcome the noble Lord, Lord Sharpe, to the Dispatch Box on this Bill. We have had to deal with an increasingly large cast of Ministers, but he is a very astute and wise owl and I am sure that he will bring his insights to bear on this. I thank him for the meeting that we were facilitated to have on this issue and thank the officials for their close attention.
We on the Labour Benches entirely understand the need to protect national security and other key sites across the UK. We take the point that we should not allow equipment to be installed in places where it may interfere or enable the interception of sensitive data. However—and it is a big however—it is not desirable to introduce a power such as this at the last substantive stage of a Bill, when the elected House and our own scrutiny committees have already considered the legislation. It is not best practice. I have a bit of sympathy because I too have been a Home Office Minister. In my time I did something like 19 Bills in a two-year period. Home Office officials have a nasty habit of dreaming up late amendments which are absolutely essential for the safety and security of people at the last minute. However, it is not good practice and should not go unremarked on. We hope that the DCMS and the Home Office will acknowledge that and reflect on how this has been brought forward.
We are grateful to Ministers and officials for answering questions over recent days. That has, to a large extent, assured us that this power is not only necessary but is appropriate and will not be widely used. The Minister said “rarely” and “in extremis”, two very important guiding phrases to be used. Under this draft, the power is not subject to any formal checks. We hope that the Minister can make commitments again from the Dispatch Box. There are the possible reporting approaches to Parliament, perhaps to an appropriate Select Committee and maybe to the Intelligence and Security Committee, even if these reports are confidential. We would be grateful if the Minister could repeat, for the record, the various other steps to be exhausted before the Secretary of State would resort to this blunt instrument.
The Lib Dems made an interesting suggestion at the end of their contribution on this. I would be very interested to hear if this power will impact on adjacent sites, and whether those adjacent sites might in themselves be a security risk. It is right to draw attention to the needs of fire and rescue services, and the police service, where their services might be interfered with by adjacent-site issues.
It is not desirable, not good practice, and really not right to introduce something like this in your Lordships’ House, but we understand why and are happy to support this amendment because of its security implications.
The view of these Benches is that throughout the passage of the Bill it has been clear that a strong case has been made for better protection for landowners against the power of telecoms operators. However, the ADR process that the Government are providing under Clause 68 is non-binding. Telecoms companies need to show only that they have considered it to avoid costs. This will not make them engage with the spirit of the process, and we expect telecoms companies to take matters to court as quickly as possible instead, with all the consequences that entails of costs on both sides.
As the noble Baroness, Lady McIntosh, stated, to address this the Government should make ADR compulsory for any dispute and issue guidance about reasonable terms. Properly enforced, we believe it would reduce operators’ reliance on litigation through the courts, which sometimes takes the rather oppressive form of threats, and encourage better behaviour by both parties. Given the potential benefits to both parties and the wider public interest, it is difficult to see the case for this process remaining advisory. In principle, we very much support Amendments 25, 26 and 27, so well advocated by the noble Baroness, Lady McIntosh, the noble Lord, Lord Cromwell, and the noble Earl, Lord Devon.
My Lords, this has been an interesting short debate. It was an interesting debate in Committee and I congratulate the noble Baroness on retabling her amendments. I do so because I am not completely convinced by the Government’s arguments here. There are real concerns from some that the tribunal system favours operators due to the experience and size of their legal teams. They are very powerful organisations and we should not overlook that. The legal system is there to protect all from overweening power. I understand that the ADR system is intended to prevent cases going to tribunal and court, with all the costs that come with that, and, given the timescales involved, there is clearly a benefit to reaching agreements under an alternative framework. However, if it is voluntary, where is the incentive for its use?
I shall ask one final question; I think this is the most important point. If ADR as a voluntary means of dispute resolution does not work, what will the Government do? Will they step in again and reconsider this issue? Will they give careful consideration to making it mandatory, because then it would have a more powerful effect?
I do not think this issue will go away. I do not find the Government’s arguments entirely compelling and the noble Baroness has made a very good case. I look forward to hearing what the Minister has to say.
I thank my noble friend Lady McIntosh for this amendment and for explaining making ADR—alternative dispute resolution—compulsory so eloquently. Where there is disagreement, it is always good if there can be a mechanism, but we have to remember that ADR is not one sort of ADR. There are many different types, which I shall go into.
I shall reiterate the Government’s position of not supporting the approach and supply more information that I hope will convince your Lordships that these amendments are not only unnecessary but could be actively counterproductive. As my noble friend Lord Parkinson mentioned in Committee, ADR not being mandatory is a deliberate policy choice, made for the following reasons. First, where ADR is appropriate, mandatory ADR would compel some parties to participate in a process in which they do not want to be involved, which would make them less inclined to engage actively. This would increase the risk of failure and the parties would then have to go to court anyway. It would serve only to add an additional layer of time and cost to landowners.
On this point, I return to my noble friend Lord Parkinson’s previous comments highlighting the counter- productive incentives that mandatory ADR risks creating. There are many types of ADR with different formats, timescales and costs. For example, mediation and arbitration are both types of ADR. In a situation where mandatory ADR has forced a party into ADR against its will, the party may seek an inappropriate form of ADR to frustrate the process and force the matter to proceed to court. This would result in the parties incurring additional time and costs for no practical benefit.