Telecommunications (Security) Bill Debate
Full Debate: Read Full DebateLord Coaker
Main Page: Lord Coaker (Labour - Life peer)Department Debates - View all Lord Coaker's debates with the Department for Digital, Culture, Media & Sport
(3 years, 4 months ago)
Grand CommitteeGood afternoon, everyone. I am looking forward to the Committee session this afternoon. Two days ago was my first Grand Committee sitting as a Member of the House of Lords, and I was impressed by the quality of the contributions. I have been moved by the intellectual power of the people here and I look forward to that. I was grateful to the Minister for her contributions and the way she tried to answer the questions, even if one or two of them were not as well put as her Civil Service brief. I appreciated that, and it helps the Committee enormously when we have that positive, constructive engagement, even if there is a measure of disagreement at times. As I said at the beginning, a Bill like this unites us all in wanting to contribute in a way that defends and secures our country and democracies across the world. It is in that spirit that I move Amendment 18 and table Amendment 25 in my name, and I know the Minister will take it in that spirit.
I also thank the noble and gallant Lord, Lord Stirrup, very much for supporting both the amendments. I know the Committee is looking forward to his informed and experienced contribution to our discussions. Although the noble Lord, Lord Alton, is not present—he will no doubt read Hansard—I also thank him for his support for Amendment 25.
These are probing amendments that challenge the Government to explain to the Committee and the wider public their thinking and why these amendments are not necessary. Their various measures are contained elsewhere in the Bill, but it is an important debate for us to have because, as all of us have said, national security is the first duty of any Government and that includes Her Majesty’s Opposition and other parties. That is what “Government” means in total—the responsibility of us all to our citizens.
These amendments are also saying that, to secure democracies across the world in the face of the autocratic challenges and threats we see, it is necessary for us to work well not only in our own country but with our allies. That is clearly something the Government wish, as well.
Our telecoms infrastructure, as I saw yesterday when I went to Airbus—a brilliant company in Portsmouth—is clearly critical to our defence and security as well as our economic prosperity. The Bill’s impact assessment rightly highlights the threats we face, stating that the
“most significant cyber threat to the UK telecoms sector”
comes from other states. It is not a terrorist threat in the normal sense of a threat from individuals; but when powerful states can take action against us, that is significant for our country and for democracies across the world. The impact assessment continues:
“The UK Government has publicly attributed malicious cyber activity against the UK to Russia and China as well as North Korea and Iranian actors”.
That is worrying and significant for all of us.
Both amendments say that our approach to security has to be co-ordinated domestically and with our allies. That is, frankly, a challenge for any Government. As to the list of bodies I have included in the amendment, I am sure the Minister could say that I have not mentioned this or that body. However, those that I have listed are based on my own research. I am sure that other significant bodies should be on it. However, the point is that the challenge is significant. How will cross-departmental co-ordination on the current security infrastructure work at a domestic and international level? I know that the response is often that we have the National Security Council and that is why it was set up, and the Prime Minister chairs it. It is obviously incredibly important and it would be ridiculous to say that it is anything other than an effective co-ordinating body. However, that does not alter the fact that coming to the table are significant actors in their own right within the sphere. It is right to ask, how do the Government expect the new duties placed on the telecoms sector to work and be policed by all the various bodies?
The amendments also highlight the question of how we future-proof this legislation against current and emerging threats. To be blunt, it is hard enough to deal with the current threats as we understand them. At security levels far higher than those we have in this Committee, there will be those who will not only be trying to deal with the current threats but looking at what might happen, five, 10 or 15 years down the road. That is a real challenge for anyone. How do we stop those threats?
We have come to a view about Huawei. Some may argue that perhaps we should have done so two, three or four years ago but we are where we are and we have now concluded that all Huawei equipment should be out of our country’s networks by 2027. Would it not have been better to have predicted that several years ago, so that we would not have to try to stop that company’s involvement now? How does the Minister believe that the current structures and those envisaged in the Bill will deal with not only current but future threats?
The concern is shared by our allies. The recent NATO summit communiqué stated:
“NATO and Allies…will maintain and enhance the security of our critical infrastructure”,
including “communication information networks” such as 5G. I should say to the Minister—the noble and gallant Lord, Lord Stirrup, will have much greater understanding and awareness of this issue—that one of the most significant moves that the alliance made in that communiqué was to confirm that a cyberattack, including on our own telecoms networks, could trigger an Article 5 response.
With the Committee’s permission, I will read from paragraph 32, as it is so important:
“We reaffirm that a decision as to when a cyberattack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis. Allies recognise that the impact of significant malicious cumulative cyber activities might … be considered as amounting to an armed attack.”
I emphasise “armed attack”. We and our allies are saying, quite rightly, that the theory of deterrence is now being applied to the world of cyber. The Minister will understand the principle that an attack on one is an attack on all, so theoretically it could be one of our allies that is subject to that attack and that we come to the defence of. Again, I think that is quite right. Does the Minister have any comment highlighting how the Government see that being taken forward?
Amendment 18 seeks to establish a horizon-scanning body for our telecommunications sector, to identify current and emergent threats and produce an annual report for Parliament. The body would include representatives from the Armed Forces, relevant departments, the intelligence services and the National Cyber Security Centre, as well as industry and security experts. Can the Minister explain how the Government will watch out for future threats without such a body? How will cross-departmental work be managed? Will the new telecoms advisory council include security experts or ex-military personnel?
The Spectator is not a magazine whose political opinions I agree with, but this is so serious. The front page this week features the relationship between China and Cambridge. Whatever the rights and wrongs of it, I am just reporting to the Committee what is said in a well-regarded magazine that I and many other noble Lords read. To have that on its front page, and then inside, significant articles about the relationships and the potential difficulties that they may cause for us on a security level, shows to the Committee and the wider public how difficult this is becoming. You have one of the most brilliant universities in the world being questioned in terms of its relationship with China, in a well-regarded publication. That is a challenge for us as we take this Bill through and what it means for us in maintaining our security to defend our democracy.
Amendment 25 seeks to ensure that the Government publish a long-term strategy for our telecommunications security and resilience. Can the Minister outline how she expects that to happen? We should consider how to collaborate more effectively with our allies—NATO and the Five Eyes—and consider proper resourcing of UK security infrastructure. I believe DCMS is now developing a long-term strategy to consider how international standards can be developed. Can the Minister explain how the UK will work with our allies on R&D or adoption and deployment? This is critical for the security of our nation, so it would be helpful for the Committee to understand.
I hope that the Minister takes my contribution in the spirit in which it is meant, which is to challenge in a way that I hope is helpful to the security of the nation and of our telecoms infrastructure and businesses. The last year or two have been a bit of a wake-up call for all of us, including me, as to the potential threats that there are. Given the security level that we are all at, what some people working at STRAP levels know and understand about the threats to our nation one can only begin to imagine. I look forward to the Minister’s response and to the contributions of the noble and gallant Lord, Lord Stirrup, and other Members of the Committee. This is meant to be a probing, challenging amendment. I hope that the Minister will be able to respond in that spirit, and that we can all look forward to seeing how the security of our nation can be effectively maintained against the threats as we understand them now and as they may emerge in the future. I beg to move.
I tried to present the breadth and depth of approaches that the Government are taking to address this incredibly serious and complex problem. If I may borrow the word used by the noble and gallant Lord, Lord Stirrup, we have tried to show some agility in responding to changing circumstances. The noble Lord will be aware that there were changes to the US foreign-produced direct product rules in May 2020 which changed the risk profile of our engagement with Huawei, and we acted on that, so I do not feel that I have to apologise at this point.
I thank the Minister for her reply and for again seeking to answer the questions. We may well have to come back to some of this, but I take the point that the Government are seeking to address current and emerging threats; I just think that this needs to be more clearly stated in the Bill. The Minister gave examples of cross-government working. We all know that there are examples of cross-government working, but the Committee is saying—I think that there was agreement across the Committee—that sometimes there is a need for a mechanism to ensure that it happens. It may be that another body will do that more effectively in the face of the threats that we face now or may face in the future—it may be that we seek to replace rather than add a body. The Government may want to consider that.
I apologise to the Committee for having to hear so much of me in the first 48 minutes. This is a really important amendment and I will make a couple of general remarks before making some more specific comments.
Concern has been expressed throughout consideration of this Bill about the extent to which the Bill provides for parliamentary scrutiny. Parliamentary scrutiny is the important area that Amendment 22 seeks to address, and I am grateful for the support of my noble friend Lady Merron and the noble Baroness, Lady Northover.
Amendment 22 seeks to improve and prioritise national security. We have all said that we support the intention behind this Bill and the need for national security, but the sweeping powers that the Bill gives the Secretary of State must be used in the interests of securing our critical national infrastructure. Removing Huawei does not in itself do that, so there is a question of accountability here. Amendment 22 is designed to ensure greater scrutiny, focus and transparency and address the deepening hole in accountability presented by the Government. At its heart, it would
“ensure that the Intelligence and Security Committee … is provided with any information relating to a designated vendor direction, notification of contravention, urgent enforcement action or modifications to an enforcement direction made on grounds of national security”
by the Secretary of State, as soon as reasonably possible.
The Minister knows that, during the passage of the National Security and Investment Bill, noble Peers from all sides of this House repeatedly tried to ensure that the Intelligence and Security Committee had oversight of national security issues. To be frank with the Minister, it was difficult to understand why the Government were so determined not to give the committee a role. This amendment says to the Government that the ISC is the appropriate place to discuss matters of national security and that it has a unique role in assessing security implications, as even Ministers accept.
The key point is to ask the Minister how this would work. This is the nub of the amendment and goes to the heart of what many noble Lords have said. The DCMS Select Committee and many of the people who will be looking at these documents do not have the required clearance to scrutinise highly classified evidence, so should the ISC, which does have the necessary security clearance, not have a role? It is the only committee of Parliament that has regular access to documents marked “information sensitive for national security reasons”.
I am sure that many of us simply do not understand that when you look at the state security threats to the telecommunications infrastructure that have been identified by the Government, the level of clearance will not be official-sensitive, STRAP 1 or STRAP 2, it will be STRAP 3. No one in this Committee will see that. Some Members of the Committee may have seen it in the past. So how can Parliament be reassured without knowing that the Intelligence and Security Committee has looked at it? Who has oversight of it? Even the Minister will not have the level of clearance to see all of it, yet she will tell the Committee that Parliament has oversight of these matters, when none of us—or very few of us—have the security clearance to actually look at and scrutinise those threats. So how will Parliament scrutinise it if we do not have the security clearance to do that? It is logically inconsistent. Yet time and again, the Government refuse to allow the committee set up with that express purpose—namely, the Intelligence and Security Committee—the function that it was set up to do on behalf of Parliament. With respect, I simply do not understand why the Government are so resistant to that. On many of the other things that we mention, there is a debate and opinions are exchanged. But this is completely and utterly illogical.
I ask the Committee to consider this. Given that the level of security clearance needed to protect our country, its telecommunications structure and that of our allies from the threats posed by other states is above that of the vast majority of Ministers of the Crown, Members of the House of Lords and civil servants, who is to scrutinise these matters if not the Intelligence and Security Committee? I fail to understand what the answer to that is. Parliament deserves to scrutinise these matters and it should be done by the committee set up to do that because it is the only committee of Parliament that has the necessary security clearance. I beg to move.
My Lords, the noble Lord, Lord Coaker, has summed up an important recurring theme that was raised at Second Reading. The Government should take this very seriously indeed.
Oversight by a body with top-level security clearance is essential. I certainly would sleep safer if I knew this was happening. Part of this comes from the Minister’s reply when I started to query the status of Ofcom and its relationship to the Civil Service department. I gather that the relationship of Ofcom is similar to that of an agency—if it is not actually set up as an agency; it is set up as a regulatory body, I think. I remember the huge problem—debacle would be a better word—when Defra failed to bring in the new mapping system back when we were changing the way of paying farmers. Everyone knew that it was about to be disastrous. Everyone could see the train crash coming. The Minister could not do anything about it except stand at the Dispatch Box and say, “I’m not allowed to interfere. It is a separate company. We can only call it to account at the end of the year.” As a result, when it all went pear-shaped and farmers suffered disastrous and severe financial problems, the Minister was retired—and it was not any fault of his. He knew perfectly well what was going on but had no power under the structure.
This is my problem with the agency structure that was set up, I think under Mrs Thatcher, when she was trying to cut back the Civil Service so she took things off the Civil Service books to make the figures look better. We have to be very careful when we are handing huge powers or these momentous decisions to an agency. Therefore, it is important that we get into the Bill mechanisms by which we can know what is going on at the time and make sure that it is not going wrong. This oversight, certainly by the Intelligence and Security Committee, is essential—a no-brainer.
I will just mention that the same principle applies in Amendment 29 in the names of the noble Lords, Lord Clement-Jones and Lord Fox, which I did not put my name to because I thought that was unnecessary. Exactly the same thing applies to the Investigatory Powers Commissioner. Rather than me wasting time speaking again, I will say it now: please will the Government start looking at this more seriously?
My Lords, I thank the noble Baroness, Lady Merron, for tabling this amendment, and the noble Lord, Lord Coaker, for moving it. The role and remit of the Intelligence and Security Committee, as noble Lords have remarked, have been raised a number of times in the other place and at Second Reading of this Bill, so I welcome the opportunity to clarify how appropriate oversight of the Bill’s national security powers will be provided for in the Bill and through existing mechanisms.
Amendment 22 would require the Secretary of State to provide the Intelligence and Security Committee with copies of designation notices and designated vendor directions when such notices, or parts of them, are withheld under Section 105Z11(2) or (3) in the interests of national security. It would also require the Secretary of State to provide copies of notifications of contraventions, confirmation decisions, the reasons for giving urgent enforcement directions when withheld under Section 105Z22(5), and the reasons for confirming or modifying such directions when withheld under Section 105Z23(6).
I will try to correct the suggestion made by the noble Baroness, Lady Northover, and the noble Lord, Lord Fox, that the Government are trying to avoid parliamentary scrutiny on this particular point. That simply is not borne out by the way that the Bill is drafted. We are very clear about where parliamentary scrutiny should take place. I recognise the desire of your Lordships for the Intelligence and Security Committee to play a greater role in the oversight of national security decision-making across government, including in relation to this Bill. As I mentioned earlier, through the oversight of the National Cyber Security Centre, the Intelligence and Security Committee can request information around NCSC advice on, and activities relating to, high-risk vendors.
However, this amendment would extend the role of the Intelligence and Security Committee in an unprecedented way. As noble Lords are aware, the activities of the Department for Digital, Culture, Media and Sport are not within the ISC’s remit. That committee’s remit extends to the intelligence agencies and other activities of the Government in relation to intelligence or security matters, as they are set out in its memorandum of understanding.
The noble Lord, Lord Coaker, asked what he called the “central question” of how this will work in practice in terms of security access. My understanding is that according to the Osmotherly rules detailing how the Government may share information with Select Committees, members of the Digital, Culture, Media and Sport Committee are able to view and handle classified and other sensitive material, subject to agreement between the department and the chair of the committee on appropriate handling. Documents may also be shared with the chair of the DCMS Committee on Privy Council terms, subject to agreement between the committee chair and the department.
The advice of the intelligence agencies will not be the only factor that the Secretary of State will take into account when deciding what is proportionate to include in a designated vendor direction. As well as the advice of the National Cyber Security Centre, the Secretary of State will consider, among other things, the economic impact, the cost to industry and the impact on connectivity caused by the requirements in any designated vendor direction. The ISC does not have the remit to consider non-security issues such as the economic and connectivity implications of the requirements in designated vendor directions. The Digital, Culture Media and Sport Select Committee can consider those wider aspects and that is why it is the correct and appropriate body to see copies of designation notices and designated vendor directions that are not laid before Parliament. Any future changes to the ISC’s remit would be best managed through consideration of the Justice and Security Act 2013 and the associated memorandum of understanding.
For the reasons that I have set out, I am unable to accept the amendment and I hope that the noble Lord, Lord Coaker, will therefore withdraw it.
I thank the Minister for her reply. The Government are going to have to reconsider this matter. The explanation of what can or cannot be looked at is very unclear. The purpose of the amendment is to make it clear through the legislation that the Intelligence and Security Committee would have an automatic right to look at some of the threats, rather than it being the judgment of someone, who has to consult someone else to make a decision. That is the whole point. It should not be a question of someone deciding after discussion whether the matter should go forward; there should be a requirement in the Bill that that be done.
The point that I keep making is that at security clearance level 3, hardly anyone in the country could look at this matter, but there may well be aspects of a threat to telecommunications from a state that are at that level. All that any of us is saying is that of course Parliament should not be openly told about it, but that does not mean that there should be no scrutiny by the committee set up with that express purpose, so that we have oversight and scrutiny of even the most highly classified information. It would be a great credit to our democracy if the even highest level of security threat were subject to a check, set up by Parliament.
I and the Committee are saying to the Minister that this matter needs to be reconsidered. Even the Government, in response to the debate in the other place, have said that they are going to look at the next annual report of the Intelligence and Security Committee to see whether its remit should be extended to include the DCMS Committee. The Government are therefore aware that there is a problem here and say that they will look at this issue. We are trying to horizon-scan here and are saying that this will be a problem if this proposal is not included in the Bill.
I honestly believe that the Government really are going to have to look at this. I am going to repeat that because it is so important. The Minister herself, even the Secretary of State, will not know of some of this. The noble and gallant Lord, Lord Stirrup, knows how many people know, but it is very few. Yet the Intelligence and Security Committee was set up to consider this issue and we are saying that there should be measures in the Bill to deal with it.
The reason why the noble Lord, Lord Fox, and I are incredulous is that this just does not logically hold together. This is not an opinion but a fact: if the Bill goes through unamended, we in Parliament will not be able to look at the security threats that people are making decisions about. It is accepted that not everybody should be told about such things—of course not—but I doubt whether Parliament thinks that this situation is acceptable. I ask the Minister to reconsider that.