Product Security and Telecommunications Infrastructure Bill Debate

Full Debate: Read Full Debate
Department: Department for Digital, Culture, Media & Sport
Moved by
1: Clause 1, page 1, line 17, at end insert—
“(2A) Regulations under this section must, among other things, include security requirements that—(a) prohibit the setting of universal default passwords and the ability to set weak or easily guessable passwords;(b) require the production and maintenance by manufacturers of regular publicly-available reports of security vulnerabilities; (c) ensure the provision of information to the consumer, before the contract for the sale or supply of a relevant connectable product is made, detailing the minimum length of time for which the consumer will receive software or other relevant updates for that product;(d) introduce appropriate minimum periods for the provision of security updates and support, taking into account factors including the reasonable expectations of consumers, the type and purpose of the connectable products concerned and any other relevant considerations.(2B) Regulations under this section must include provision that all security requirements specified in accordance with this Act are included as essential requirements in statutory conformity assessments and marking procedures under the Radio Equipment Regulations 2017 (S.I. 2017/1206), and in any other such assessments and procedures applicable to relevant connectable products.”Member’s explanatory statement
This amendment expressly sets out on the face of the Bill security requirements, which this bill seeks to establish through future regulations, providing specific legal guidance regarding the individual security requirements and obligations on relevant parties.
Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- Hansard - -

My Lords, in moving Amendment 1, I shall speak also to Amendment 13. My noble friend Lord Fox will speak to Amendment 3 in the same group. First, I warmly welcome the noble Lord, Lord Kamall, to his new role in DCMS and join others in that welcome. I am sure he has already found the company of those who speak on DCMS matters very congenial, but he will also note that there are a number of all-purpose vehicles here, so he has probably met quite a number of us already.

In Committee, we called for the three security requirements to be set out expressly in Part 1 of the Bill. At the moment they are promised in secondary legislation without any draft being available, as is, I am afraid, the Government’s consistently bad habit. Customers need absolute clarity on the support period that manufacturers will offer so that they are able to make more informed purchasing decisions. I cannot understand why the Minister’s predecessor insisted in Committee that the minimum security requirements should be stated in secondary, not primary, legislation. He said it was important that technology regulation enables the Government to respond to changes in threat and technology and to the regulatory landscape; surely, these are security principles which should endure.

As for mandating minimum security updates for periods for connectable products, the Minister said that there is no consensus among industry experts on how long security updates ought to last. This is foggy thinking—how can the Government not have taken a view? Contrast the approach of the European Union, which has recently published its own equivalent Cyber Resilience Act. Crucially, the EU has imposed a five-year mandatory minimum period in which products must receive security updates. A rigid five-year period is not necessarily desirable, but the commitment to set out in legislation a mandated period in which products receive security support is very welcome. Before Third Reading the Government really should undertake to look closely at the EU proposals and tighten up the Bill. Why should EU consumers get a better deal than UK ones?

As regards Amendment 13, on computer misuse, the noble Lord, Lord Arbuthnot, introduced this amendment in Committee and this one is exactly the same. Under regulations that will be introduced following the passage of the Bill, manufacturers will be required to provide a public point of contact to report vulnerabilities. However, without a statutory defence in the Computer Misuse Act, it is clear that cybersecurity researchers can still face spurious legal action for reporting a vulnerability to a company which can decide on a whim to ignore its vulnerability disclosure policy—a practice known as “liability dumping”. Amendment 13 seeks to ensure that cybersecurity professionals who act in the public interest in relation to testing relevant connectable products can defend themselves from prosecution by the state and from unjust civil litigation.

In Committee, the noble Lord, Lord Parkinson, seemed to say conflicting things. He said that the key thing is to set professional standards to measure the competence and capability of security testers, and that that is why the Government set up the UK Cyber Security Council last year. On the one hand, he said:

“We should be encouraging this rather than creating a route to allow people to sidestep these important issues.”


On the other, he said that the Government are listening to the concerns expressed by the CyberUp campaign and that the Home Secretary had announced a review of the Computer Misuse Act. The Minister said:

“The evidence which is being submitted to the review is being assessed and considered carefully by the Home Office.”—[Official Report, 21/6/22; col. 212.]


Are the Government positive or negative on this? What approach are they taking? We are past the summer now, in any event. Is there any prospect of change to the Act? I beg to move.

Lord Fox Portrait Lord Fox (LD)
- Hansard - - - Excerpts

My Lords, I too welcome the Minister to his new role. I think DCMS will be at least as busy as his previous engagements, so we look forward to seeing him on his feet at the Dispatch Box quite a lot.

The unifying feature of these three amendments, which in policy terms are different, is that we are seeking some clarity. So, I support my noble friend in Amendments 1 and 13, and I rise to speak to Amendment 3 in my name. Given that online marketplaces represent the single most popular point of sale for connected products, these platforms should have responsibilities for the security of the products they are selling. That is what we are seeking clarity on today. If online marketplaces are not held responsible under the Bill, these insecure products will continue to be sold and, in all likelihood, their sale would become more prolific.

One of the last things the noble Lord, Lord Parkinson, did as Minister was to dispatch a letter to me in response to queries such as this raised in Committee about the status of online marketplaces—the fear being that channels such as listings platforms and auction sites such as eBay, Amazon Marketplace and AliExpress might present a loophole. The problem is the lack of clear definition for the various players that are part of the internet value chain and the fact that these players have different degrees of insight or control over what is happening online.

As the Minister will see from his predecessor’s letter, dated 21 September 2022, the department’s stated position for online marketplaces is that,

“businesses need to comply with the security requirements of the product security regime in relation to all new consumer connectable products offered to customers in the UK, including those sold through online marketplaces”.

I would appreciate it if the Minister could confirm this from the Dispatch Box. It is paramount that online marketplaces are given this obligation in the Bill to ensure this security, regardless of whether the seller is a third party. It would help very much if the Minister set out what the Government’s definition of an online marketplace is.

How does the Minister’s department plan to deal with the retailers, which are far away, possibly with their real identity obscured on the online marketplaces? Will the department go to the online marketplace first and how will that process be marshalled? In other words, when a customer has a problem, who do they contact?

--- Later in debate ---
Lord Kamall Portrait Lord Kamall
- Hansard - - - Excerpts

We understand that they are two different things, but I am happy to clarify and come back to the noble Lord—I hope to do so before we come to future amendments.

Amendment 3 aims to define what a “distributor” is for the purposes of the PSTI Bill. The Bill requires all UK consumer connectable products to be secure. Where it does not happen, the regulator will act promptly. For e-commerce, given the double-edged sword of technology, reviewing that framework is important. I hope the ambition of the Bill encourages noble Lords to consider not pressing the amendment, but once again I am happy to engage further for clarification and to address any outstanding concerns.

Let me turn to Amendment 13. The Government are listening to and considering concerns that the Computer Misuse Act is constraining activity that would enhance the UK’s cybersecurity. We understand that if you want to test cybersecurity you have to be able to test its breaking point. We are trying to strike the right balance between providing suitable reassurances for well-meaning individuals who want to identify vulnerabilities and not allowing malicious actors to access devices without consent. There are risks here. It is very nuanced, and the Government do not want to rush into legislative change without clear evidence to justify any such change to existing law. As the noble Lord, Lord Clement-Jones, said, the Home Office has been conducting a review of the Act since 2021, and the proposals for statutory defences have been an integral part of this review. I can confirm that a response that sets out how the Government plan to proceed should be published in the coming weeks, and an update will be provided to this House.

I hope that this will provide sufficient assurances on these three amendments, and the noble Lords will consider withdrawing and not pressing their amendments. I repeat the offer of continued engagement and meetings for clarification and to reassure noble Lords.

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- View Speech - Hansard - -

My Lords, I thank the Minister for those three sets of assurances. I should have thanked him too for meeting with us prior to today.

I am interested in the Minister’s change of language in the department: we have got “by the end of the year” and “in the coming weeks” rather than “in due course”. I think we are making some progress, which is very helpful.

I notice too his unwavering commitment—that was very firm—to publish the regulations by the end of the year. It is grossly unsatisfactory not to have the secondary legislation in draft when the primary legislation contains virtually nothing of the real meat. I am afraid that this Bill is not alone in that respect; it is one of the common complaints that we have whenever legislation comes forward.

As regards the online marketplaces, I am grateful for those assurances, which are accepted and are very much in line with the letter. The new consultation on a new set of regulations about unsafe products is interesting, and I hope the Minister will clarify and give us further and better particulars, and more specifics about what that actually involves.

As regards the Computer Misuse Act—I notice the noble Lord, Lord Arbuthnot, is in his place—it is satisfactory that the Home Office is going to divulge what it really thinks about this. We wait with trepidation for what it is going to say on the subject, given some of the negative responses that Ministers have given previously. We can wait and look forward to that. In the meantime, I beg leave to withdraw Amendment 1.

Amendment 1 withdrawn.
--- Later in debate ---
Secondly, the amendment makes it clear—rightly, in my view—that the occupier would still need to grant their consent before works on the pole commence. However, I do not think that any of us want to create extra layers of bureaucracy in doing that. Therefore, could my noble friend explain what proof of consent will be needed for an operator to access land to access their paragraph 74 rights? Would, for example, verbal agreement be sufficient? Subject to hearing my noble friend’s response on those two questions, I am pleased with this amendment.
Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- View Speech - Hansard - -

My Lords, I too welcome the noble Lord, Lord Harlech, to the salt mines. He knows little yet of how much work is involved in being a Whip; that is all that I can say. I would also like to echo what the noble Baroness, Lady Harding, said about the noble Lord, Lord Parkinson, and his service as DCMS Minister. We all appreciated that very much.

I congratulate the noble Baroness, Lady Harding, who made a very powerful case for her amendment in Committee. I thank the Government for having agreed to that. CityFibre said, in its original briefing, before we had Committee, that this would make a huge impact, particularly in rural areas and in urban Scotland. I have just come back from the US and have seen, in some rural areas such as New Hampshire, the impact of being able to put these superfast fibre-optic cables on telegraph poles. It is really an effective way of delivering superfast broadband to those areas. CityFibre estimated that 1 million such poles exist across the UK, so we are not talking about a small issue.

Finally, the noble Baroness, Lady Harding, as ever, put her finger on the key issues in this particular new clause, about what constitutes agreement between operator and main operator, and operator and landowner. The more clarity that the noble Lord can give us, the better we will be.

Baroness Merron Portrait Baroness Merron (Lab)
- View Speech - Hansard - - - Excerpts

My Lords, first I also welcome the Minister to his place—long may he continue to be as helpful to your Lordships’ House as he is being today. We welcome this government amendment, in the name of the noble Lord, Lord Kamall, whom again I would like to welcome to his new place on the Front Bench. Again, let us look forward to many other sensible government amendments in response to the points that have been raised. I also thank and pay tribute to the efforts of the noble Lord, Lord Parkinson, who helped get us to this stage.

This is very much an issue, as noble Lords will be aware, that attracted cross-industry support, as well as support from all across the House. I pay tribute to the noble Baroness, Lady Harding, for leading the team. In view of her comments about the select group of us who have an interest in health and telegraph poles, perhaps that is an opportunity for an All-Party Parliamentary Group of some select membership.

This amendment does strike the right balance between speeding up fibre rollout and protecting the rights of landowners when upgrading and sharing pre-2017 poles on private land. It is consistent with the amendment that the noble Baroness, Lady Harding, put forward earlier, which we were very pleased to sign up to when it was tabled at Committee stage. So I do welcome this very much from the Government. I do wonder why, given the considerable cross-party consensus in both Houses, it took so long to bring it before us, but we are here today. I too would welcome the clarity about whether verbal agreement from a landowner is indeed sufficient for operators to then undertake necessary works, but with that, this government amendment is one that finds great favour on these Benches.

--- Later in debate ---
Lord Northbrook Portrait Lord Northbrook (Con)
- View Speech - Hansard - - - Excerpts

My Lords, I declare my interests as a site owner and NFU member. I agree with every word that the noble Lord, Lord Cromwell, has said. I am astonished by this piece of legislation from a Conservative Government.

Amendments 19 and 22 aim to address the issue of valuation, one of the most significant concerns with the code. As other noble Lords have said, the “no scheme” valuation methodology introduced into the code in 2017 prevents courts taking into account sites’ potential use as provision for an electronic communications network. This allows operators to drive down the rents they pay to site providers, often by over 90%.

I was involved in negotiations for one of the two masts on my land and was lucky that I had only a 70% reduction. It was not so important for me, but this forces small businesses, sports clubs, community groups and hospitals to accept derisory amounts for the use of their land. It also reduces the motivation for operators to pursue consensual deal-making, in turn slowing down rollout as they can get greater discounts through the courts. As noble Lords have said, it also reduces the incentives for landowners to offer sites for masts in the first place—not an advantageous outcome for the Government’s mobile connectivity.

Amendments 20 and 21 are rather more impactful than Amendments 19 and 22, in that they would stop the Government’s “no scheme” valuation regime being extended to cover the roughly 15,000 telecoms sites governed by the Landlord and Tenant Act 1954 and the Business Tenancies (Northern Ireland) Order 1996. This would have the effect of ensuring that the rent on these 15,000 sites would continue to be set at market value, as is the case today. Importantly, this would prevent them being subject to the issues that have plagued sites governed by the code ever since the 2017 reforms.

Although I suspect the Minister will be opposed to these amendments, they are fully aligned with the Government’s repeated claim that this Bill does not address issues of valuation. How can the Government possibly continue to make that claim if, by their own admission, 15,000 new sites will have their rental value slashed from the moment this legislation comes into force? We are simply trying to ensure that the legislation delivers the Government’s stated policy intent. Parties on all sides of the debate have acknowledged the significant challenges created by the 2017 reforms to the code. It is only right that these changes are not imported wholesale into the Landlord and Tenant Act 1954 and the Business Tenancies (Northern Ireland) Order 1996, when there is no evidence whatever that the 2017 reforms have delivered the Government’s intentions.

I was very grateful, together with the noble Earl, Lord Devon, to the Minister for the meeting yesterday, but one problem seems to be that information provided by the operators, for confidentiality reasons maybe, has not been disclosed to us even though we have asked for it; that is a very frustrating thing. I am also very sad that His Majesty’s Government have paid no attention to influential, independent reports from the IEA and the Centre for Economics and Business Research stating the problems with this legislation. The CEBR report says—

“The government’s ECC changes have not delivered a faster 5G rollout, and it is slower than the pre-2017 status quo. The new proposals do not remedy this. But for the 2017 reforms, 8.2m more people would have had 5G coverage by now than currently can access it. This will persist in the long-term: national 5G coverage by 2022 will be worse than if there had been no changes to the ECC at all. The government’s proposed changes to the ECC will cost UK GDP £3.5bn by 2022, and fail to bring 5G coverage to where it would have been pre-2017.”

The Government want more growth; this legislation does not seem a good way to provide it.

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- View Speech - Hansard - -

My Lords, on these Benches we strongly support these amendments which support changes to the current valuation basis, the flaws in which were so expertly explained by the noble Earl, Lord Lytton, in Committee, and so clearly today by the noble Earl, Lord Devon, the noble Baroness, Lady McIntosh of Pickering, and the noble Lords, Lord Cromwell and Lord Northbrook. As the noble Earl, Lord Devon, has said, the current provisions are a mistake—astonishing from a Conservative Government, as the noble Lord, Lord Cromwell, said—and the motives of many of us were reflected by what the noble Lord, Lord Northbrook, said: that what we are trying to do is to ensure that the ECC delivers the stated policy of the Government. All of us are behind the 1 gigabit policy, as delayed and slow as it may be, but we want it to be delivered. It appears that the Government, as the noble Lord, Lord Northbrook, also said, are completely ignoring the reports of the IEA, the CEBR and others who have pointed out that precisely these changes in valuation in the 2017 changes to the code have not, and those proposed will not, ensured faster rollout than the original valuation methodology.

Under changes to the code made in 2017, a “no scheme” valuation methodology for valuing land was introduced, as we have heard, and this allowed site providers to recover only the raw value of their land, rather than receiving a market price. As the noble Baroness, Lady McIntosh, has highlighted, operators have been able to use the changes made to the ECC to drive down the rents they pay to site providers, often to peppercorn rents. She also highlighted the impact assessment made by the Government which said that rent reductions should be no more than an absolute maximum of 40%. But of course, we know from the data quoted by operators that reductions have at best averaged 63%, a huge sum for many of the people who rent their land for use for telecoms infrastructure, and in many cases as we have heard today, reductions have been much higher—in the region of 90%. As I mentioned in Committee, the Protect and Connect campaign produced some powerful case studies, such as the Fox Lane Sports & Social Club in Leyland, Lancashire, to support this; and we agree that the right solution to get this market moving again is to reinstate a fair valuation mechanism, such as the one envisaged by the Law Commission.

In addition, in principle we entirely support the amendment spoken to today by the noble Baroness, Lady McIntosh, and the noble Earl, Lord Devon, designed to cap cuts to site provider incomes and prevent retrospective lowering of rents. I really do hope that the Government will give these amendments careful consideration, supported as they are by a very strong cross-party coalition—and indeed a country-wide campaign.

Baroness Merron Portrait Baroness Merron (Lab)
- View Speech - Hansard - - - Excerpts

My Lords, the issues addressed in this group of amendments have certainly exercised your Lordships’ House throughout the course of the Bill and have drawn much attention outside this House as well. I am grateful to the noble Earl, Lord Devon, and the noble Baroness, Lady McIntosh, for introducing their amendments with such clarity. I believe that all the amendments in this group seek to bring fairness, balance and efficiency to the task before us. The noble Lords, Lord Cromwell and Lord Northbrook, also spoke to these points, again with great clarity, in illustrating the challenge before us.

As we have outlined at previous stages, we are sympathetic to the concerns around the changes to the valuation of sites that host telecoms infrastructure. A point I have always found somewhat perplexing—I hope the Minister can assist on this—is that industry itself admits that reductions to rents have on average been far above the 40% promised by government, yet the 40% figure continues to be put before us. I would welcome some insight into that from the Minister.

We understand the importance of getting infrastructure rolled out swiftly to improve the availability of 5G and high-speed broadband and, as I have said, we all understand that a balance has to be struck. The amendments in this group would make a number of changes to the current regime to try to redress the loss of landowner rights. I certainly understand the motivation for these changes but suggest to your Lordships’ House that an independent review of the whole system would perhaps offer a more useful way forward. That is something we will return to in a later group of amendments.

Delivery, balance and fairness are key here. I hope that the Minister will take these points on board and find us a way forward, because that is what we are seeking.

--- Later in debate ---
Lord Cromwell Portrait Lord Cromwell (CB)
- View Speech - Hansard - - - Excerpts

My Lords, I was in two minds about these amendments, but I will support them in the final analysis. ADR is of course a good thing if it avoids lengthy and costly court proceedings. My concern is that it can also become a token activity, backed by the threat of subsequent court action to intimidate site owners, reflected in the inequality of arms between the parties, which others have already referred to.

I would greatly prefer an outcome where disputes can be resolved between the parties, and perhaps their respective agents, where the balance of negotiation is fair. I made a proposal in my earlier remarks on this, to which I have received no response.

The Bill, as drafted, sets site owners and operators needlessly on a collision path. No disputes will be resolved; they will simply be won by brutal compulsion that will lead to delay and protracted proceedings. If the Bill goes ahead as is, ADR should be mandatory as a first step in at least seeking some resolution. I therefore support the amendments in this group.

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- View Speech - Hansard - -

The view of these Benches is that throughout the passage of the Bill it has been clear that a strong case has been made for better protection for landowners against the power of telecoms operators. However, the ADR process that the Government are providing under Clause 68 is non-binding. Telecoms companies need to show only that they have considered it to avoid costs. This will not make them engage with the spirit of the process, and we expect telecoms companies to take matters to court as quickly as possible instead, with all the consequences that entails of costs on both sides.

As the noble Baroness, Lady McIntosh, stated, to address this the Government should make ADR compulsory for any dispute and issue guidance about reasonable terms. Properly enforced, we believe it would reduce operators’ reliance on litigation through the courts, which sometimes takes the rather oppressive form of threats, and encourage better behaviour by both parties. Given the potential benefits to both parties and the wider public interest, it is difficult to see the case for this process remaining advisory. In principle, we very much support Amendments 25, 26 and 27, so well advocated by the noble Baroness, Lady McIntosh, the noble Lord, Lord Cromwell, and the noble Earl, Lord Devon.

Lord Bassam of Brighton Portrait Lord Bassam of Brighton (Lab)
- View Speech - Hansard - - - Excerpts

My Lords, this has been an interesting short debate. It was an interesting debate in Committee and I congratulate the noble Baroness on retabling her amendments. I do so because I am not completely convinced by the Government’s arguments here. There are real concerns from some that the tribunal system favours operators due to the experience and size of their legal teams. They are very powerful organisations and we should not overlook that. The legal system is there to protect all from overweening power. I understand that the ADR system is intended to prevent cases going to tribunal and court, with all the costs that come with that, and, given the timescales involved, there is clearly a benefit to reaching agreements under an alternative framework. However, if it is voluntary, where is the incentive for its use?

I shall ask one final question; I think this is the most important point. If ADR as a voluntary means of dispute resolution does not work, what will the Government do? Will they step in again and reconsider this issue? Will they give careful consideration to making it mandatory, because then it would have a more powerful effect?

I do not think this issue will go away. I do not find the Government’s arguments entirely compelling and the noble Baroness has made a very good case. I look forward to hearing what the Minister has to say.