Cybersecurity Debate

Full Debate: Read Full Debate
Department: Home Office

Cybersecurity

Lord Clement-Jones Excerpts
Monday 3rd July 2023

(1 year, 4 months ago)

Lords Chamber
Read Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Asked by
Lord Clement-Jones Portrait Lord Clement-Jones
- View Speech - Hansard - -

To ask His Majesty’s Government what progress has been made in implementing the recommendations on cybersecurity made by Sir Patrick Vallance in his report Pro-innovation Regulation of Technologies Review: Digital Technologies, published in March.

Lord Sharpe of Epsom Portrait The Parliamentary Under-Secretary of State, Home Office (Lord Sharpe of Epsom) (Con)
- View Speech - Hansard - - - Excerpts

My Lords, in the Government’s response to the review, we set out that the Home Office is taking forward work to consider the merits and risks of the proposals made. We have created a group that includes law enforcement agencies, prosecutors, the cybersecurity industry and system owners to consider these issues and reach a consensus on the best way forward.

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- View Speech - Hansard - -

My Lords, Sir Patrick made a very clear recommendation to amend the Computer Misuse Act to include a statutory public interest defence for cybersecurity researchers and professionals carrying out threat intelligence research. This has been extremely long awaited. We finally had a review, which started in 2021 and reported this year; we had a consultation, which concluded in April; and now we have the steps that the Minister talked about. What conclusion can we expect at the end of the day? Progress on this has been totally glacial given the importance to innovation and growth of this change to legislation.

Lord Sharpe of Epsom Portrait Lord Sharpe of Epsom (Con)
- View Speech - Hansard - - - Excerpts

My Lords, I agree that there is an enormous necessity to get this right, but that is part of the problem of why things are perhaps not happening as fast as the noble Lord would like—progress is far from glacial. These issues are incredibly complicated because, as the noble Lord noted, the proposals would potentially allow a defence for the unauthorised access by a person to another’s property, and in this case their computer systems and data, without their knowledge and consent. We therefore need to define what constitutes legitimate cybersecurity activity, where a defence might be applicable and under what circumstances, and how such unauthorised access can be kept to a minimum. We also need to consider who should be allowed to undertake such activity, what professional standards they will need to comply with, and what reporting or oversight will be needed. In short, these are complex matters, and it is entirely right to try to seek a consensus among the agencies I mentioned earlier.

--- Later in debate ---
Lord Sharpe of Epsom Portrait Lord Sharpe of Epsom (Con)
- View Speech - Hansard - - - Excerpts

The noble Viscount makes a good point. I am obviously unable to comment on the scheduling of parliamentary business but, when the group that I referred to in my initial Answer has finished its consultations and considerations and come to a consensus, we will of course report back to Parliament. I imagine that will include a debate.

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- View Speech - Hansard - -

My Lords, does not everything that has been said on this Question today demonstrate the importance of fresh intelligence work and, therefore, the importance of changing the Computer Misuse Act?

Lord Sharpe of Epsom Portrait Lord Sharpe of Epsom (Con)
- View Speech - Hansard - - - Excerpts

I do not think that anybody disagrees with that. I am just saying that we need to get it right and do it properly.