Read Bill Ministerial Extracts
Telecommunications (Security) Bill Debate
Full Debate: Read Full DebateLord Fox
Main Page: Lord Fox (Liberal Democrat - Life peer)Department Debates - View all Lord Fox's debates with the Department for Digital, Culture, Media & Sport
(3 years, 4 months ago)
Lords ChamberMy Lords, I thank the Minister for her very clear exposition of the purposes and modus operandi of this Bill. It is a great pleasure to follow the noble Lord, Lord West—Admiral West—and I look forward to working with the noble Baroness, Lady Merron, who is on the Front Bench.
During late summer last year, we debated the Telecommunications Infrastructure (Leasehold Property) Act, when this security Bill was held out as a carrot, largely to try to curtail discussions of a Chinese nature. It did not work, of course, and we had those discussions, but here we are at last with this Bill. As we have heard, it provides the Government with considerable new national security powers to issue directions to privately-held public telecommunications providers, primarily with the aim of managing issues arising from high-risk vendors. As such, the Minister will acquire wide and sweeping powers.
The Bill also gives Ofcom wide duties and legal powers to monitor and assess the security of telecoms providers. For teeth, as we have heard from the Minister, companies that continue to use high-risk vendors could or will face very heavy fines. Perhaps the Bill’s headline outcome is the new controls on the use of Huawei 5G equipment, including a ban on the purchase of new Huawei equipment from the end of 2021 and a commitment to remove all Huawei equipment from 5G networks by 2027.
How will these Benches respond? First, I am happy to confirm that Liberal Democrats are strongly in favour of having secure telecommunications networks. I am sure the Minister is relieved to hear that. Secondly, Liberal Democrats want to see Huawei technology removed as quickly and expediently as possible. However, I note, as the Minister hinted at but did not detail, that the issue is with more than one supplier and more than one country. I add that the issue of the treatment of Muslim Uighurs does not stop with this Bill. The genocide going on there creates much wider implications for our relationship with China than the issue of which technology makes our phones work. These implications are very important, but I understand that they are beyond the scope of this Bill.
Thirdly, Liberal Democrats strongly believe that the Government must now invest in developing telecommunications technology in the UK. We want to see an increase in the diversity of the UK’s telecoms supply chain. We also believe that a strong relationship with the European Union and the intelligence alliance Five Eyes will help us to ensure that security risks are dealt with quickly. Finally, Lib Dems want to see stronger protections for the privacy of people in the UK.
What we will be testing in Committee is threefold. First, does the Bill effectively shut out the technology it is meant to shut out? The trick to making communications secure will be the nuts and bolts of the Bill. Secondly, do the Minister and Ofcom have the right powers, and the necessary checks and balances, to make this Bill work? Thirdly, when it comes to supply chain diversification, can we actually shut out Huawei et al and have an effective communications network?
One at a time, first let us look at the prime intent of the Bill: to keep our networks secure. On the face of it, this is another skeleton Bill. With the presentation of a few statutory instruments here and there, the Government should theoretically be able to react swiftly, but are the Minister and Ofcom placed to pre-empt issues, rather than react to them? There is a technical difficulty here: in 5G particularly, the distinction between the core and edge of networks is blurred. With technology moving faster than government can, that distinction is almost meaningless and the threats will change from week to week. So can the Minister explain how Ofcom can ever successfully be ahead of the game and not chasing issues?
As we know, plans for removing Huawei have been announced, but this does not stop with Huawei. For example, legislation in the US is considerably broader. It identifies specific companies, including Huawei, but also ZTE Corporation, Hytera Communications Corporation Limited, Hangzhou Hikvision Digital Technology Co. Limited and Dahua Technology Co. Limited. Also, US legislation covers telecommunications and video surveillance and services. Given the news this weekend, the Minister might like to review where we source CCTV cameras from in this country—I note that that was discussed in a previous debate. Can the Minister assure your Lordships’ House that this legislation will cover the full range of security threats that we need to cover or will we see another Bill to broaden it yet further into surveillance and surveillance services?
Turning to the powers granted by this Bill, it gives wide-ranging powers to the Secretary of State and next to no oversight to Parliament. Included are sweeping powers to address matters of national security and it is not clear, although the Minister has hinted, how Ofcom will really interact with the intelligence community. Furthermore, as we have heard from the noble Lord, Lord West, the committee, which has express oversight of national security, has been excluded from scrutinising how this legislation will operate. I support the words of the noble Lord, Lord West. In addition, there is no dedicated role for judicial or technical oversight. This is very different from the Investigatory Powers Act 2016, in which such provision exists. I expect my noble friend Lord Clement-Jones to comment more on this issue.
The Bill also gives sweeping powers to Ofcom. We heard from the Minister how Ofcom will be co-operating with the intelligence services, but this creates a conflict of culture within Ofcom and will inevitably lead to more opaque operations which will, in turn, create issues elsewhere. I am still not clear how that interface will work. It will be useful to investigate that in Committee.
Finally, I turn to supply chain diversity. The Minister in the Commons said:
“We must never find ourselves in this position again. Over the last few decades, countless countries across the world have become over-reliant on too few vendors”—[Official Report, Commons, 30/11/20; col. 75.]
Fine words, I am sure, but they come from a Government whose Chancellor and Secretary of State for BEIS have cancelled the industrial strategy and disbanded the Industrial Strategy Council. Undaunted, alongside the Bill the DCMS has published a diversification strategy. I suggest that Oliver Dowden, who adorns that document, is rowing somewhat in the opposite direction from the Chancellor of the Exchequer. Assuming that this strategy makes some headway against a running tide within government, it has three legs: “supporting incumbent suppliers”, “attracting new suppliers” and accelerating “open-interface solutions”.
I will take those legs one at a time, beginning with “supporting incumbent suppliers”. I am bemused by the term “incumbent”. I think it means domestic suppliers, because Huawei is an incumbent supplier and we have heard that it will not be getting support. Assuming domestic suppliers is what is meant—there are world trade rules that make it difficult to preferably treat domestic suppliers, but assuming these can be surmounted —can the Minister give us the current estimate of how many incumbent domestic suppliers are in our network and what percentage, in terms of value, they represent?
To fill that gap, we are going to need pretty rapid innovation. Innovation is not easy and the speedy innovation we have just seen with the Covid vaccine, for example, was helped by two important conditions: first, a very strong existing R&D base in this country and secondly, a guaranteed private sector market for the vaccine. I do not think these conditions exist for telecoms technology. So, what is Her Majesty’s Government’s assessment of telecoms research and development in the UK? How will the private networks be encouraged to guarantee a market for any UK-based and UK-developed products that emerge?
The second strategic leg is “attracting new suppliers”. I suspect this is going to be an easier job than building an industry from scratch in this country. Will the Minister confirm how the vetting process will work? I assume this will be in the code of conduct. Will the networks have to be externally cleared? Will they be subsequently audited, and how deep does approval go? Does every component of every sub-assembly need to go through a process, and how will this all unfold in building the networks? It begins to sound quite cumbersome if there is going to be a nuts and bolts check of the technology.
The third leg is accelerating “open-interface solutions”. The Government are moving ahead at speed with open-access radio networks and open RAN piloting, and should be congratulated. If it goes to plan, when will we start to see this becoming significant? How will the Government get the existing vendors to increase the scope of their interoperability? What, in a sense, is in it for them?
We overwhelmingly support the objectives of this Bill. There are serious issues, particularly in the absence of detail and scrutiny. The regulations remain a mystery until they are published, and the process is potentially pretty bureaucratic. I think the Government have recognised that there are issues, which probably reflects why there are four days in Committee ahead of us. We may need all four of those days.
Telecommunications (Security) Bill Debate
Full Debate: Read Full DebateLord Fox
Main Page: Lord Fox (Liberal Democrat - Life peer)Department Debates - View all Lord Fox's debates with the Department for Digital, Culture, Media & Sport
(3 years, 4 months ago)
Grand CommitteeThis is an interesting debate—one that we started about a year ago. During the summer, on the then Telecommunications Infrastructure (Leasehold Property) Bill, many of these arguments were rehearsed. This Bill was held out, in a sense, as the carrot that would address these issues, and it has been some time coming.
To some extent, the initial issues that came up last year have been discounted, with the Government largely moving on the Huawei issue. However, as we have heard—and will hear over the course of Committee—many questions are unanswered. We should once again thank the noble Lords, Lord Alton and Lord Blencathra, and my noble friend Lady Northover for bringing forward these amendments, as well as the noble Lord, Lord Coaker. I will be interested to hear his perspective as, having been a Minister, he understands some of the trade-offs in decision-making—it is interesting that he chose to sign this amendment none the less.
I thank the noble Lord, Lord Naseby, for his Second Reading speech. He could not give it to us at Second Reading, so we got it anyway. There are some issues around industrial capacity which I will come back to.
The noble Earl, Lord Erroll, picked up a point on which I queried the Minister and did not get a response: at what point are we examining this technology? You have systems, sub-systems, components and software. Frankly, if we are doing this, it must be done at all levels. The capacity to do that and track a chip, a piece of software or something in the software which we do not even know is supposed to be there is a huge task. Do we have the capacity in the intelligence services, and the industrial ability, to do it? It is a very important question, as there is not much point having this if we cannot actually do it.
Before speaking to Amendments 1 and 20, I will say a few words on Amendment 27, the Five Eyes element. As we know, this requires the Secretary of State to review the UK’s security arrangements with companies banned by Five Eyes partners and to decide whether to take similar action on the UK’s arrangements with those companies. As I think my noble friend Lady Northover said, the Minister will no doubt say that we do this anyway. If we do this anyway then, to some extent, we should not be afraid of putting it in the Bill. It is important that we walk in as lock-step a way as we can with our Five Eyes partners, but the point of the noble Earl, Lord Erroll, is apposite; China understands that and will play the Five Eyes against each other. We must be aware of that; we must not be slavish in how we respond but canny, and work with our partners so that they understand why we are moving in the right direction.
Again, this comes down to capacity. The noble Lord, Lord Naseby, asked who does it. The NCSC is supposed to provide the ammunition for the Secretary of State and Ofcom to operate on. There are big questions around the interface between the NCSC and Ofcom and how they relate to each other. How, for example, does the highly secret information the NCSC is dealing with get to DCMS and Ofcom without either breaching security or eroding transparency, or both? We have big concerns about that, and obviously it will come up later.
The noble Lord, Lord Alton, raised Newport Wafer Fab, which until recently I thought was an ice cream firm somewhere in Aberystwyth. However, now I find that, as he set out, it is our only supplier of this equipment. That is an object lesson in itself but it is also completely appropriate to this point. In its response, BEIS confuses manufacturing capacity with technical novelty and has the idea that, because this is not technically novel, that somehow stops it from being valuable to this country. However, manufacturing capacity is central to the delivery of future technical novelty, and if you want somewhere to look, look at the communications industry. We were pre-eminent global leading companies in analogue communications technology; no country could match us. We lost that manufacturing capacity and the ability to innovate in the digital space, and that is why we have the supply chain issues we have today. If the Government have not learned this lesson, and it seems that BEIS has not, we have a long way to travel yet before we get to a sensible place.
In a sense we have heard from the noble Lord, Lord Alton, and others about specific issues but I would like to rise up a bit and look at the bigger picture slightly. In his Mansion House speech on 1 July 2021, Rishi Sunak crystallises the challenge and perhaps the dichotomy, and points us in a number of different directions at the same time. Your Lordships must excuse me, but I will read out a fairly lengthy passage which is appropriate to this debate. He says:
“And our principles will also guide our relationship with China. Too often, the debate on China lacks nuance. Some people on both sides argue either that we should sever all ties or focus solely on commercial opportunities at the expense of our values. Neither position adequately reflects the reality of our relationship with a vast, complex country, with a long history. The truth is, China is both one of the most important economies in the world and a state with fundamentally different values to ours. We need a mature and balanced relationship. That means being eyes wide open about their increasing international influence and continuing to take a principled stand on issues we judge to contravene our values. After all, principles only matter if they extend beyond our convenience. But it also means recognising the links between our people and businesses; cooperating on global issues like health, aging, climate and biodiversity; and”—
here we come to the rub—
“realising the potential of a fast-growing financial services market with total assets worth £40 trillion”.
What does a mature, balanced relationship look like in context? How nuanced are the examples that we have just heard about the Chinese? First, we can see that because of advanced concerns around the security of at least one Chinese vendor, the UK Government are mandating equipment to be torn out of our existing infrastructure and thrown away at the cost of several billion pounds. That is not a nuance. Secondly, we have heard from the noble Lord, Lord Alton, this time and previously, and we have seen the evidence of malevolence within China to its own people on a scale that is, let us say, unusual even for the age in which we live. Thirdly, we can see transparently what is going on in Hong Kong. That in itself is not a nuance either. Fourthly, we have the Chancellor’s stated desire to realise the potential of a fast-growing financial services market.
All this is the context in which Amendments 1 and 20 have been tabled. This gives the chance for the Minister to explain where she and the Bill sit on that nuanced scale, as the Chancellor puts it. He clearly sets out that the Government’s principles will guide our relationship with China, so what are those principles?
My Lords, this is my first Grand Committee appearance, and I hope that I do not disappoint the noble Lord, Lord Fox. I have been in a number of committees, but not at this end of the building. I am still getting used to some of the processes and procedures, but I am very pleased to be speaking on this Bill.
From our perspective, the Bill is very welcome. The Government are clearly addressing a very real security concern that our nation has, and, in trying to deal with it, have not just my support but that of every single Member of the House of Lords. It is our country, and we want it looked after and defended properly. Many of the amendments and the comments that have been made so far today, and which will be made throughout the Committee and no doubt at Report and beyond, are about challenging the Government, not from an oppositional point of view but from one of trying to improve the legislation. We want to ask the Government testing questions to see where their thinking is. That is what all the various speakers have done so far today.
There are a number of particular issues. As others have said, the amendments in this group, from the noble Lord, Lord Alton, deal with the international context for the security of the telecommunications sector, however you define that. This is really important, because it affects—not infects—every single part of our lives. The noble Lord, Lord Alton, gave the example of Hikvision and CCTV. Whether it is the hardware or the software, this demonstrates that there are examples of new technology and telecommunications which impact on all our lives but which many of us probably do not view as causing a potential security threat to our country and nation. We have only to look at where that is going—whether you look at this sphere or the defence sphere—to know that we are going to see an increase in telecommunications, and in the use of space, drones, artificial intelligence and all those sorts of aspects.
One thing that I will talk about in other debates on other amendments is how you future-proof this—and that is part of some of the later amendments. Hikvision, which the noble Lord, Lord Alton, raised, is an interesting instance. At the nub of it is that, if our allies, who we depend on for our collective security, are banning companies such as Hikvision, as in the United States, how is it in our interests to defend our own security to not do the same? It is unfair to say that it has not been thought about, but there is something of a disjointed approach when one of our closest allies—if not our closest—has banned a tech company that we use. I am sure that there are very good reasons for it, and the Civil Service and others will no doubt tell the Minister X, Y and Z, but it defies common sense. Whatever the reality of it, it just does not appear to be a sensible option, so I very much support the example that the noble Lord, Lord Alton, gave. That is one of the reasons why I added my name to Amendment 27.
With regard to NATO and Five Eyes on a domestic and international level—I shall return to this point on Amendments 18 and 25—who actually holds the ring? Who is the person or what is the department that co-ordinates all this activity across government? Who holds the ring across government? You could say that it is the Prime Minister, but the Minister will know what I mean. Out of all the various aspects of government, who actually in the end decides? And if there is a conflict of interest between them, who then is the judge of that and how does that work on an international level? But as I say, that is more to do with Amendments 18 and 25.
Amendment 27 in particular, as I said, ensures a review of telecoms companies when a Five Eyes partner bans the operation of a vendor of goods or services to public telecommunications providers in its country on security grounds. That is eminently sensible. It a review. The amendment is, essentially, testing the Government by asking, “Why wouldn’t you have a review?” Why would you not—to use a security term—keep that under surveillance?
I have received a request to speak after the Minister, so I call the noble Lord, Lord Fox.
I congratulate the Minister on introducing the Barran scale of nuance, which will no doubt become a classic in future. She did not address the issue of componentry, if you follow my drift. It seems to me, in analysis, that what tipped the balance in the sense of Huawei was the absence of American-made chips. Were that not to have happened, the NCSC would not have recommended the widescale removal that we have seen. That appears to be the implication. There seems to be an element of component monitoring going on, although in this case the monitoring appears to have been done more by the Americans than by the United Kingdom. It comes back to that fundamental point: at what level is the Bill going to be applied? Will it be applied on the overall capability of the system? In other words, is it a systems capability issue? Is it a subsystem operational outcome view, the individual pieces that go to make those subsystems, or the software that drives the overall system? How will the Bill actually be put into process?
I may need to write to the noble Lord about the technical details he has set out. I think for the approach to be effective it needs to incorporate all elements of that. An overall system cannot be a capable system if the subsystem is not. There needs to be coherence across the equipment that is supplied and our understanding of how it operates in practice and the component parts to inform the judgment about its security or not. I am happy to follow up in writing if he is agreeable.
My Lords, I rather agree with the noble Lord, Lord Clement-Jones, on this matter. The Bill is meant to be about security, not about “anything”. I have seen this happen with other legislation—that it suddenly becomes convenient to take something never intended for another purpose and, because it is very broadly worded, use it to beat some company or someone over the head over something completely unrelated. I am afraid that I agree that the Bill needs to be tightened up and brought down to security issues, not just “anything”.
For starters, a powerful, predominant supplier of routing equipment in the IP network would be a security risk. If anyone relies too much on one supplier—and they may unfortunately be pushed in that direction—it becomes a security risk, and we may have to close down some providers: “Oh dear, that’s our network finished”. That would be stupid. We are going to be anti certain companies. Companies get based or controlled elsewhere as takeovers happen internationally, so I see a certain amount of difficulty with this if it is very wide.
I come to what the noble Lord, Lord Fox, said. The reason we lost our manufacturing, of course, was that BT selected Huawei as the preferred supplier of the 21st-century network rewrite in 2005. That is the point at which we closed down our capability, effectively being blackmailed by America to get rid of Huawei while potentially blackmailed by Huawei, which could get too much control. We need to look at these strategic decisions where private companies that used to be government suddenly make companies that affect UK security. I have never been happy about that.
My Lords, in response to the noble Earl, Lord Erroll, I say that it is also a huge issue when you have, essentially, a near-monopolistic private sector supplier, which makes any decision completely catastrophic for the under-bidder. I am speaking not to that but to Amendments 2, 3, 4, 5 and 6, which, as my noble friend Lord Clement-Jones pointed out, bear my name. He set out a very clear rationale for these amendments, which back up the concerns of the Constitution Committee and, indeed, some suppliers. Rather than reiterate those, I beg noble Lords’ indulgence to illustrate the point, inviting them to join me in a thought experiment. They need not worry—it is not going to hurt and I will not be pushing them into a Petri dish or anything like that. I simply ask your Lordships to imagine things the other way around: imagine that the Telecommunications (Security) Bill did indeed include the words currently proposed by my noble friend Lord Clement-Jones and myself, words that clearly identify that the focus of the Bill should be on the security of telecoms.
I ask noble Lords to continue to use their imagination that it was my noble friend and I who were proposing changes to include the words that are currently there; in other words, imagine that we were proposing to take the word “security” from this imaginary Bill and turn it into “anything”. Broadening the cover, as we have heard, would broaden the problem around any interruption very widely. I do not know but I dare say that, if we tried to do that, the Public Bill Office would have something to say, pointing to the Long Title of the Bill, which is:
“To make provision about the security of public electronic communications networks and public electronic communications services”
—in other words, security. Were we to try to take that word out and put in “anything”, I dare say the PBO would not allow us to do so.
If we did however slip it past the PBO, I guarantee that the Minister of the day would tell us that this would subvert the Bill’s intention and would take away the Bill’s focus from security to some of the imaginary things that the noble Lord opposite suggested—or, indeed, a digger backing into a green box somewhere in Kent. This is not the “Telecoms (Mishaps) Bill” but the Telecommunications (Security) Bill. These simple and modest amendments focus the Bill on its stated objective.
This is a really important discussion. I do not want to speak for too long but the noble Earl, Lord Erroll, was right to say that the Bill is about security and not just “anything”. None of us on the Committee wants to compromise the nation’s security or compromise the ability of our military personnel to conduct necessary operations. However, sometimes in legislation words really matter—they are the law of the land. That is why scrutiny of legislation in Committee like this is so important, word by word and line by line, otherwise—and I will have a series of questions for the Minister on this—down the line in one, two, three or five years, something will happen and everybody will go, “How was the word ‘anything’ included?” The unintended consequence of legislation is something that we need to consider, or people will ask how something happened—how that word was allowed.
With that in mind, it is important that the Minister explains to the Committee how this definition is arrived at. The starting point would be to ask her to explain the differences between having the word “anything” and having the phrase “security issue”. Can she give examples of how the Bill would be weakened by having that term rather than “anything”, and what “anything” means—apart from saying that it means “anything”? What does it actually mean, given that the Bill is supposed to be about security issues, as the noble Earl said?
The Government argue that the duty on providers is appropriate and proportionate to ensure that the effects of compromise are limited and to act to remedy the impacts. I understand why Ministers are keen to keep the definition wide, but on its own it is not good enough. For example, can the Minister explain whether there are any thresholds to what amounts to a security compromise, or is it “anything”, and what does that mean to an individual who might stray into territory that they are not sure about? How was the Bill’s definition arrived at? Who came up with it and what advice did they receive? Were alternatives suggested to it, what did security experts say to the Minister was necessary, and were there dissenting voices?
In seeking clarification, I wonder whether the Minister can explain why the definition does not include, as I understand it, the presence of supply chain components, as the noble Lord, Lord Fox, mentioned on the earlier group of amendments, if they represent a security threat. Maybe it does—but could the Minister clarify that? We need to know that to understand the diversification of the supply chain and how effectively or not it is proceeding. It is important to consider the components of the supply chain, particularly when identifying where they are a threat to our national security. As I see it, that is not included in Clause 1, but perhaps the Minister can tell me that it is and that I have not read the clause correctly. If so, where is it?
I go back to where I started. These amendments are important in testing how the Government have arrived at this use of “anything”. I know it sounds like semantics —what does “anything” mean?—but the point made by the noble Earl, Lord Erroll, is crucial. The Bill is a security Bill. That being so, why does “anything” appear and why is “security issue” not the appropriate way to describe this? Why is it not included in the Bill? It is necessary for the Committee to understand the Government’s thinking on this for us to consider whether we need to bring back this matter on Report.
I have received one request to speak after the Minister, from the noble Lord, Lord Fox.
The Minister brought up the review, which was very clear that there are huge potential market failures within the security and resilience telecoms market, the reason being that security is not valued by the networks. It is other things, such as network connectivity and price, which are of maximum importance to those networks—things that might come under the word “anything”, for example.
Let us be clear about the four reasons given by the review that security is undervalued by networks: insufficient clarity on cyber standards and practices; insufficient incentives to internalise the costs and benefits of security; lack of commercial drivers, because consumers of telecoms services do not tend to place a high value on security; and the complexity of delivering, monitoring and enforcing contractual arrangements in relation to security. All four of those issues, which I think are driving the purpose of this Bill, involve the word “security”. Far from these amendments watering down the intent of the Bill, the Minister is watering it down herself by including the word “anything” and ignoring the word “security”. I do not expect her to accept these amendments now, but I would like the department to go away and think about this very carefully, because a catch-all Bill catches nothing.
I hear the noble Lord’s concerns. We will of course take back his comments and reflect on them again. However, I know that officials working on this Bill have considered these points in enormous detail and would be happy to meet the noble Lord and discuss them, if that would be helpful. We believe that our framework does not water down but balances future-proofing with the precision and specificity that the noble Lord seeks. I hope we can follow up on that in a separate meeting.
My Lords, I can see that it might be useful to avoid scrutiny sometimes when we have to finesse difficult issues—say, balancing effectiveness and public perception of certain other issues, or whatever. We can also end up with an awful lot of SIs in front of both Houses and everyone feeling rather swamped and bored by them and no one really doing anything about them. The trouble is that we get more and more wide-ranging powers in Bills, and this is a particular example of it. The more we do that, the more careful we have to be about the secondary legislation, because that is where the devil resides and that is where the real control is. We have just passed something that enables a takeover by the Executive. In some cases that may be a good thing; in others it could be very dangerous. To be honest, because of the huge, general issues in these Bills, I now come down in favour of the affirmative procedure. We are going to have to scrutinise it.
My Lords, harmony is breaking out across the Room, with the possible exception of the Minister. I will not reiterate my noble friend’s well-put argument but I refer the Minister—I am sure she has already read it—to the impact assessment. I am increasingly of the opinion that the single most useful document that comes with the publishing of a Bill is not the Explanatory Notes but the impact assessment. The department is to be congratulated on the quality of the one produced in this case.
Page 30 of the impact assessment covers the monetised and non-monetised costs of this. At the front of the assessment there is a number. However, point 6.1 says:
“This impact assessment makes an estimation of the costs and benefits of the options”.
It says it brings together “a number of sources” and notes that there are “limitations to the analysis”. The first is the
“lack of robust and specific data”—
that is a fairly serious limitation—
“for example on UK telecoms market size and the size of specific sub-markets”.
Therefore, the number on the front is based simply on—obviously, well-intentioned—estimates of the telecoms market. Furthermore, the costs are quantified based on equipment costs. They are not based on the friction of running a network under the constraints of this Bill, which is itself a glaring error in how one looks at the cost of this Bill in terms of impact.
It is not just about the cost and replacement of equipment—it is about the draft regulations to which my noble friend Lord Clement-Jones referred. They cover all aspects of the operation of the networks in this country. We are looking at a situation in which, if the Minister so chose, the regulations could be made and implemented such that the Minister ran the networks by remote control from the department. That is why these safeguards, parliamentary scrutiny and the affirmative process are an important safeguard to prevent attention—not, I am sure, from this Minister or this Secretary of State, who I am sure can be trusted with these regulations, but we do not know who will follow or what their intentions will be.
As the noble Earl, Lord Erroll, wisely said, to hand over these powers without simultaneously taking significant powers of scrutiny of the statutory instruments that will inevitably follow is the wrong way in which to pass a Bill in your Lordships’ House. For these reasons, along with the huge uncertainty of the cost of what we are doing here, I commend my noble friend’s amendments.
My Lords, I speak to Amendment 11 in my name and welcome Amendments 7 and 12 in the names of the noble Lords, Lord Fox and Lord Clement-Jones. I was interested that the noble Lord, Lord Fox, referred to a chorus of agreement, which I certainly heard ringing out, expressing concerns about the role that Parliament should have in scrutinising on codes of practice that this Bill currently does not provide for. To me, the codes remind us that the Bill can provide us only with something of a framework, and for many areas there is a wait for the details to be filled in later. As the noble Earl, Lord Erroll, said, the devil, as always, is in the detail.
Clause 3 allows the Secretary of State to issue new telecom security codes of practice that will set out to providers the details of specific security measures that they should take. As we have heard referred to, the impact assessment states that these codes are the way in which the DCMS seeks to demonstrate what good security practices look like. However, I note that Ministers are proposing only to demonstrate but not actually to secure good practice, which I am sure is the real intent—and it would be very helpful if, through this debate, we could get to that place.
I am interested also to note and draw the Minister’s attention to the fact that the Government have said that these codes will be based on National Cyber Security Centre best practice security guidance. The Government have said that they will consult publicly, including with Ofcom and the industry, as we read in the Minister’s letter following Second Reading. That public consultation will be on implementation and revision. However, it strikes me as very strange that the National Cyber Security Centre is not a statutory consultee; can the Minister say why it is not?
I particularly make the point that, as the codes of practice will be admissible in legal proceedings, they have to be drafted accurately and we have to ensure that security input and expertise is fed into them. The National Cyber Security Centre, which is described as a bridge between industry and government and is, indeed, an organisation of the Government, would seem to be a body that should be, in a statutory sense, invited to make the input and offer its expertise, along with other departments and agencies. After all, we can see, when reading about the centre, that its whole reason for being is that it provides widespread support for the most critical organisations in the United Kingdom as well as the general public, and they are absolutely key when incidents, regrettably, occur. We are trying to address those incidents in respect of this Bill.
As we have heard from all noble Lords who spoke in this section of the debate today, the input needs to come from Parliament, which is why I tabled Amendment 11. As the Bill is drafted, the current reading is that a code of practice must be published and laid before Parliament, but there is no scrutiny procedure. I put it to the Minister that if codes have legal weight, why is Parliament being denied the chance to scrutinise them? We seem to have a complete mismatch there. I was taken by the words in the Delegated Powers Committee report, mentioned by the noble Lord, Lord Clement-Jones, in his introduction, which stated that this way of being was “unacceptable” and called for the negative procedure for codes. That is what Amendment 11 does. Can the Minister address specifically the words of that committee report? I refer her to paragraph 27, which says:
“In our view, the Department’s reasons are unconvincing … the fact that codes of practice would be produced after consultation with interested parties cannot be a reason for denying Parliament any scrutiny role; and … the Department appears not to have recognised the significance of the statutory effects of the codes of practice”,
as has been highlighted today. I therefore hope that the Minister will both comment on the report and seek to make what is a very important and significant change in this regard.
I will pick up on one additional point. The impact assessment also says that the codes of practice will have a tiering system for different-sized operators. The initial code will apply to tier 1, which serves the majority of businesses of critical importance to the United Kingdom. This will also apply to tier 2 medium-sized operators but with lighter oversight by Ofcom and longer timetables. Can the Minister offer a draft list of the operators in tiers 1 and 2, and can it be shared with noble Lords? I would also be interested to know whether the Minister has any concerns that tier 2 operators will somehow be worse at compliance. If she has those concerns, what support will be provided to small and medium-sized enterprises? I look forward to her reply.
In quick response to, or doubling up on, the noble Earl, Lord Erroll, my understanding is that the code is enforceable by law. If it is not, perhaps the Minister can explain how the operators are expected to deliver.
This is relatively simple. The Minister has asserted that this is a technical issue. She has asserted that it is too technical for Parliament to be able to manage, but at the same time, as it is currently structured, there will be a self-referential group of people. If the Covid crisis has told us anything, it is that a self-referential group of people is not good at horizon-scanning. Security is a great big horizon scan. You normally know you have not got security only when you lose it and it is essential to take advantage of the diversity of technical opinion that exists in this country and elsewhere. It is extremely arrogant to believe that the sum of human knowledge is contained in one department, and probably one subsection of one department.
For those reasons alone, a technical advisory board is vital to secure the future of this country. That seems to me self-evident, but clearly it is not, so perhaps the Minister can explain. Was this discussed, when was it discussed and why was it dismissed as an option?
Both these amendments have very cunningly taken advantage of existing structures; they have looked at the Investigatory Powers Act 2016 and read across, with ready-made structures that can deliver both the technical advisory board and the benefits that I have just set out and a judicial commissioner to make sure that there is sufficient proportionality and appropriateness in those measures. It seems to me that it is for the Minister to explain, if this was good enough for the 2016 Act, why it is not appropriate to put it in this Bill for these issues.
I call the noble Lord, Lord Clement-Jones—sorry.
I must admit that I am somewhat baffled by the Minister’s response. The argument on the technical advisory board seems to be, “Oh, we’ve got enough technical advice, so we don’t need one”—but, clearly, it seems that there is a need for this. I quoted providers—I can go into the papers that we have received from them—as saying that real issues arise out of the regulations. These are technical and relate to things such as patches and audit and monitoring issues. There is a feeling that the department is just not listening on those issues, and what is needed is someone who is rather more dispassionate and can advise on the technical issues that are arising—perhaps, if it is seen as a conflict, someone like the noble Earl, Lord Erroll, who can genuinely advise on this kind of thing. It seems to me to be extraordinarily dismissive to say, “We’ve got enough advice. We don’t need a board of this kind”.
In the Investigatory Powers Act 2016, there is a very useful technical advisory board—it is not usable for this purpose because its function is rather different under that Act. When the Minister comes to the point about the judicial commissioners, saying, “Oh, no, they are for an entirely different purpose”, I say that, actually, if you read their function, it is four square with the kind of thing that would be useful under this Bill. They are talking about not technical issues but proportionality, appropriateness and so on—very much the kind of thing that they are dealing with under the 2016 Act.
So I am afraid that I do not buy what the Minister has to say, sadly; I just think that it is pushback based on the thinking that, “Well, the Bill’s the Bill and it’s all drafted, so we don’t really want to do very much with it by way of amendment”. That is the time-honoured government response to this kind of suggested amendment, but I believe that, constructively, both these aspects—a judicial commissioner and a technical advisory board—would make a great difference to the functioning of the Bill and would lead to much better regulations and codes of guidance at the end of the day.
I thank the Deputy Chairman and apologise for speaking across him. I am a bit intrigued by the comment of the noble Lord, Lord Parkinson, on the subject of legal enforceability. He is correct to say that, as new Section 105H states, the
“provision of a code of practice does not of itself make the provider liable to legal proceedings”
—but it would not be liable only when the provision was not in force in time or when it was not legal. However, you would not bring a legal case anyway when it was not relevant or in force, so, to all intents and purposes, where the code is in force and relevant, it is legally enforceable. Therefore, it is legally enforceable.
First, if I may, I will take back the point made by the noble Lord, Lord Fox, about new Section 105H under Clause 3; I will write to him to, I hope, alleviate any concerns and confusion. There are certain legal effects set out; I will write to him to clarify the point about legal enforceability.
I am grateful to the noble Lord, Lord Clement-Jones, for his appreciation. Part of the confusion here may be that two technical advisory boards are mentioned in these groups of amendments. As I think he noted, the one set up under RIPA has a different function, but we are certainly not being dismissive of the points that have been raised. Indeed, as I said, we have spoken to the industry and received helpful feedback from telecoms providers on the illustrative draft measures that were published in January. We will also be glad to look at the information that he mentioned—the views that have come his way—to make sure that these are reconciled; if he is happy to share them, we will look at them and come back him.
My Lords, I want to say a few words on this because the key words “undue burden” stand out. It is very important that we do not put too many burdens, particularly unnecessary ones, on companies. In particular—and this is something that I have often looked at because I have done a lot of work with innovative and growing companies—you must not let large corporations stifle innovation. There is an attitude among them that regulations are for your enemies; they are a very good way of stopping up-and-coming competition. I have also noticed that departments tend to consult the companies which have significant market presence already and see them as being the people who know all about it. However, that does not take account of what is up and coming. The other thing is that they often have people on secondment from them or people who have retired from the companies and gone into the departments, so there can be some interesting biases within. With those few warnings, I think the whole undue burden issue is more important than people might think.
The undue burden point touched on by the noble Earl, Lord Erroll, is really important. On a previous group I spoke about regulatory friction and the fact that this has not been costed into the impact assessment. Clearly, regulatory friction is harder for smaller companies to deal with than larger companies. I think that is the point that the noble Earl was making. It is one that I would also join up.
We should also not confuse lots of regulations with security. The whole point about people who wish to subvert security is that they understand the regulations and go round them. Indeed, sometimes regulations are a guidebook for security, in a sense, because they show the map around which you seek to find the chinks.
The point in the impact assessment about making the networks value security is right. On that, I completely agree with the Government. I am not sure that some of the measures in the Bill actually do that; what they do is create a regulatory load without necessarily adding value. Some of the measures that we spoke of in the last group of amendments, as well as in this, are about stripping this down to where value is added rather than simply more regulation being loaded up.
One of the great pleasures of speaking after my noble friend Lord Clement-Jones is that he normally says everything better than I would. He simply asked the Minister to repeat what was in the letter and to endorse the 2003 Act. I hope that he is able to grant his wish.
I thank the noble Lords, Lord Fox and Lord Clement-Jones, for these amendments. As before, it is a pleasure to follow their contributions and that of the noble Earl, Lord Erroll.
On the codes of practice and Amendment 10, I understand the importance of not wanting to put undue burdens on businesses. We should make particular reference to the exceptionally difficult and testing times that businesses and the economy have had to suffer over the past year due to the pandemic. Obviously, a balance needs to be considered. We have to ensure that if the codes are going to be used, they are the most effective way of implementing security measures. How will the Government consider the impact of codes on businesses? For example, will there be specific consultation about undue costs in respect of businesses?
The concerns that we have heard in this debate give a further nod to concerns about lack of parliamentary oversight, which is missing from the codes. I again say gently to the Minister that by giving parliamentarians the opportunity to provide scrutiny there might also be the ability to review the impact on businesses.
Amendments 16, 17 and 21 would ensure that Ofcom’s new powers in the Bill were subject to requirements in Sections 3 and 6 of the Communications Act 2003. Section 3 focuses on the general duties of Ofcom, while Section 6 focuses on reviewing regulatory burdens. It would be helpful to hear from the Minister whether the Bill has been deliberately drafted for the new powers to fall out of scope of those sections in the Communications Act and, if so, why.
What review process will be faced in respect of Ofcom’s new powers? It is very important that, when new powers are given, there is an opportunity to review, reflect and amend, and to keep a close eye on whether those new powers are doing the job intended.
My Lords, I put my name down to speak to this because the problem with putting a fixed time period on having to report security breaches is that it very much depends on what the breach is. We mentioned patches earlier. If it is a vulnerability in the software—or it may be the hardware—which requires a patch to be released, you must have the time to produce it and test it as fully as possible. You do not want the hackers out there to know what the vulnerability is until you can roll out the answer to it. That is what zero-day attacks are based on. Equally—the noble Baroness is absolutely correct here—you do not want this stuff swept under a carpet to sit there unused for years. Could our technical advisory board give advice at an incident level, or something like that?
My Lords, this is an interesting and nuanced—to coin a word we used earlier—debate. I am probably the only person here who has had to deal with a national security issue that impacted a consumer brand in real time on television. I must say that 30 days was not an option—30 minutes was not an option. Picking up on the point of the noble Earl, Lord Erroll, the time is entirely dependent on the nature of the crisis or security breach. My fear is that 30 days becomes a target rather than an injunction.
I think the point here is “no burial”. I assure colleagues and others in this Room that our amendments do not intend to bury the issue either, but to introduce some equivocation in the event that not announcing something makes things more secure than announcing them. The point of this is not to protect the reputation or otherwise of the network, but to protect consumers and the integrity and security of the network. That is the decision Ofcom would need to make. That would be its call. Its default position would be that it needs to be communicated to consumers as quickly as is sensible, unless there is a reason not to communicate it, and it would be up to the network providers to put their position forward. However, there are definitely times when it should not be communicated. At the moment the Bill seems rather unequivocal in its approach.
I call the noble Baroness, Lady Barran.
Sorry, I have not quite finished.
I would call Amendment 15 a “good manners” amendment. If Ofcom possesses information that the network provider does not, it simply calls for that network to be brought into the loop before the rest of us are. That seems good manners to me—you do not necessarily have to legislate for that, but these days it always helps. I have now finished.
My Lords, I thank the noble Baroness, Lady Merron, and the noble Lords, Lord Clement-Jones and Lord Fox, for tabling these amendments to Clause 4 and for their considered remarks. As we have heard, these amendments speak to reporting requirements placed on industry in the event of a significant risk of a security compromise and the powers bestowed on Ofcom in the event of a compromise or the risk thereof.
Amendments 13 and 14 amend new Section 105J. As the noble Baroness, Lady Merron, summarised, new Section 105J is designed to give users of telecoms networks and services relevant information when there is a significant risk of a security compromise, including the steps that they should take to prevent such a compromise adversely affecting them. Giving users this information will help ensure that, where possible, they can take swift action to protect themselves. It will also contribute to greater awareness of security issues, supporting users to make more informed choices about their telecoms provider.
My Lords, I saw this and thought that I really did not understand why the Government were doing it. I saw what the Constitution Committee had said and realised that it did not understand why it was needed. I cannot believe that you can have a proper appeal if you ignore the merits of the case. I probably have an overdeveloped sense of justice and I think that to have an appeal where you are not allowed to present half the case or whatever is not a proper appeal. In fact, what you find is that the system can use procedural things to run rings around people who have a very justifiable complaint about something. I did not like the look of it and I entirely agree with everything that the noble Lord, Lord Clement-Jones, said.
My Lords, I am not going to attempt to outlawyer my noble friend Lord Clement-Jones. I may not be a lawyer, but I am suspicious or, indeed, perhaps ultra-suspicious. What is the department seeking to avoid by removing what would seem to be natural justice from this process? What are the Government seeking to protect themselves from in advance? Who are they frightened of?
I do not think I know the answers to these questions, but I know that there is someone or something there that the department is seeking to avoid in advance. For those reasons, we should be extraordinarily suspicious, just as suspicious as I am. I ask the Minister: what is the justification? What are the Government scared of?
My Lords, I have been very interested to hear the arguments put forward by the noble Lords, Lord Clement-Jones and Lord Fox, and the noble Earl, Lord Erroll. As we heard from the noble Lord, Lord Clement-Jones, in his opening remarks, concern about oversight is driving this section of the debate. As we know, Clause 13 ensures that when deciding an appeal against certain security-related decisions made by Ofcom, the tribunal is to apply judicial review principles without taking any special account of the merits of the case.
I understand that this does not apply to appeals against Ofcom’s enforcement decisions and that the Government have said that this ensures that it is clear that the tribunal is able to adapt its approach as necessary to ensure compatibility with Article 6, the right to a fair trial. My questions to the Minister are about the legal advice that the Government have received on this clause. What legal advice has been received? Is this external legal advice as well as internal legal advice?
The clause states that
“the Tribunal is to apply those principles without taking any special account of the merits of the case.”
Can the Minister explain what “special account” is expected to mean?
Telecommunications (Security) Bill Debate
Full Debate: Read Full DebateLord Fox
Main Page: Lord Fox (Liberal Democrat - Life peer)Department Debates - View all Lord Fox's debates with the Department for Digital, Culture, Media & Sport
(3 years, 4 months ago)
Grand CommitteeI have received a request to speak after the Minister, from the noble Lord, Lord Fox.
I thank the Minister and other speakers for this debate, which is really important. The Minister was basically saying in her response, “Don’t worry, we’ve got this covered.” If the Government did indeed have it covered, I suggest that ripping out 40% of the 5G network at the cost of several billion pounds to the industry is a pretty poor cover. The point made by the noble Baroness, Lady Stroud, that it took Back- Benchers to highlight this rather than the Government was particularly apposite.
The Minister portrayed the decision to remove Huawei almost as if it was a success of the process. Will she acknowledge that these billions of pounds are growth that we will not get, that they are investment in this country that has been wasted, and that it has put the country in danger in the process? Will she further acknowledge that there might be others who are able to help in the process of avoiding a repeat of what is a huge debacle?
I tried to present the breadth and depth of approaches that the Government are taking to address this incredibly serious and complex problem. If I may borrow the word used by the noble and gallant Lord, Lord Stirrup, we have tried to show some agility in responding to changing circumstances. The noble Lord will be aware that there were changes to the US foreign-produced direct product rules in May 2020 which changed the risk profile of our engagement with Huawei, and we acted on that, so I do not feel that I have to apologise at this point.
My Lords, I commend the noble Lord, Lord Coaker, and my noble friend Lady Northover for this amendment, which I would have signed had she not done so already. We heard at Second Reading an excellent speech from the noble Lord, Lord West, explaining not only why this amendment is important but why certain figures who would normally speak in this debate are not doing so. He explained that the ISC is seeking to change its MoU. As such, he and others would not speak in this particular debate.
However, we have an analogous debate to refer to, which has already been mentioned. Those of us who are veterans of the National Security and Investment Bill have been through this already. I think the noble and gallant Lord, Lord Stirrup, is the only other person in this Room who was involved in it. I certainly spent some of my life on that Bill.
We sent back to the Commons an amended version of that Bill. Your Lordships adopted an amendment not dissimilar from the one in front of the Committee today. That decision was made, as we heard from the noble Lord, Lord Coaker, because the BEIS Select Committee is not enabled to deal with the level of security information it needs to properly scrutinise the operation of BEIS for the National Security and Investment Act. There is exactly the same situation here. I gather, anecdotally, that the BEIS Committee is already hitting issues with getting the information it needs under that Act.
We also heard anecdotally on Tuesday of the debacle over the Newport Wafer Fab, where the BEIS Secretary of State has failed to use the power given to him by the National Security and Investment Act to do something around national security. The noble Baroness, Lady Stroud, is no longer in her place, but once again the ministry was forced by Back-Bench action to reconsider what it was doing. This should not be how things work. It is beginning to look like these are rhetorical points, rather than actually being usable. I hope the same fate does not befall this legislation and that it actually gets used rather than shelved. But in the same way as BEIS, DCMS will have a Select Committee that cannot access the information it needs to scrutinise the activities covered in this Bill.
The noble Lord, Lord Coaker, notwithstanding the stifling atmosphere of this Committee Room, managed to do a very close approximation of complete incredulity over why the Government should not listen to this fantastic advice. I can say that, having gone through the last Bill and seen how resistant the Government are to advice of this sort, this is neither an accident nor a sin of omission. This is a sin of commission. The Government are very clear that they do not want proper scrutiny of what they are doing, and if this Bill remains as it is, there will not be the scrutiny that is needed. Neutering of that scrutiny is not an accident but a deliberate act of the Government.
My Lords, I thank the noble Baroness, Lady Merron, for tabling this amendment, and the noble Lord, Lord Coaker, for moving it. The role and remit of the Intelligence and Security Committee, as noble Lords have remarked, have been raised a number of times in the other place and at Second Reading of this Bill, so I welcome the opportunity to clarify how appropriate oversight of the Bill’s national security powers will be provided for in the Bill and through existing mechanisms.
Amendment 22 would require the Secretary of State to provide the Intelligence and Security Committee with copies of designation notices and designated vendor directions when such notices, or parts of them, are withheld under Section 105Z11(2) or (3) in the interests of national security. It would also require the Secretary of State to provide copies of notifications of contraventions, confirmation decisions, the reasons for giving urgent enforcement directions when withheld under Section 105Z22(5), and the reasons for confirming or modifying such directions when withheld under Section 105Z23(6).
I will try to correct the suggestion made by the noble Baroness, Lady Northover, and the noble Lord, Lord Fox, that the Government are trying to avoid parliamentary scrutiny on this particular point. That simply is not borne out by the way that the Bill is drafted. We are very clear about where parliamentary scrutiny should take place. I recognise the desire of your Lordships for the Intelligence and Security Committee to play a greater role in the oversight of national security decision-making across government, including in relation to this Bill. As I mentioned earlier, through the oversight of the National Cyber Security Centre, the Intelligence and Security Committee can request information around NCSC advice on, and activities relating to, high-risk vendors.
However, this amendment would extend the role of the Intelligence and Security Committee in an unprecedented way. As noble Lords are aware, the activities of the Department for Digital, Culture, Media and Sport are not within the ISC’s remit. That committee’s remit extends to the intelligence agencies and other activities of the Government in relation to intelligence or security matters, as they are set out in its memorandum of understanding.
The noble Lord, Lord Coaker, asked what he called the “central question” of how this will work in practice in terms of security access. My understanding is that according to the Osmotherly rules detailing how the Government may share information with Select Committees, members of the Digital, Culture, Media and Sport Committee are able to view and handle classified and other sensitive material, subject to agreement between the department and the chair of the committee on appropriate handling. Documents may also be shared with the chair of the DCMS Committee on Privy Council terms, subject to agreement between the committee chair and the department.
The advice of the intelligence agencies will not be the only factor that the Secretary of State will take into account when deciding what is proportionate to include in a designated vendor direction. As well as the advice of the National Cyber Security Centre, the Secretary of State will consider, among other things, the economic impact, the cost to industry and the impact on connectivity caused by the requirements in any designated vendor direction. The ISC does not have the remit to consider non-security issues such as the economic and connectivity implications of the requirements in designated vendor directions. The Digital, Culture Media and Sport Select Committee can consider those wider aspects and that is why it is the correct and appropriate body to see copies of designation notices and designated vendor directions that are not laid before Parliament. Any future changes to the ISC’s remit would be best managed through consideration of the Justice and Security Act 2013 and the associated memorandum of understanding.
For the reasons that I have set out, I am unable to accept the amendment and I hope that the noble Lord, Lord Coaker, will therefore withdraw it.
Once again, this is a short but important debate, and one of a continuing series. In response to the noble and gallant Lord, Lord Stirrup, we had a short discussion that, to some extent, was crying over spilt milk about why industrial capacity in telecommunications in the United Kingdom is where it is. I think the noble Earl, Lord Erroll, largely agrees with me that it is to do with the purchasing decisions made by near-monopolistic private sector companies based on price. If that is not a lesson for the Government to take forward, we are all doomed anyway.
To turn to the detail of these two amendments, as both the noble Baroness, Lady Merron, and the noble and gallant Lord, Lord Stirrup, have set out, they are about people. Without overrepeating it, I come to the point I was talking about earlier, which is that BEIS is going through a similar process. It is setting up a unit that is supposed to scan the entire industrial landscape for supposed security problems and alert the Minister to decisions that should be made about the future of those companies. These people will have many of the same skills and face many of the same issues, going forward.
First, does the Minister think there is a sufficient pool of people available to cover both these units? Is it sensible to have two units operating in parallel to, and probably in isolation from, each other, with the BEIS unit setting up a telecoms capability, which DCMS will also have? Perhaps the Minister can tell us what conversations are going on between DCMS, Ofcom and BEIS to avoid that duplication. We have already heard that there are too few people so, frankly, it does not make much sense to have two departments competing for the same people.
More broadly, the noble Baroness, Lady Merron, is completely correct that there is a huge issue with the availability of people. Unless the Government pick up major programmes to train and retrain people and look at skills that are completely necessary to move forward, we will be left high and dry without the skills we need to create the sorts of industries that the noble and gallant Lord, Lord Stirrup, suggested we need. That will take time, so perhaps the Minister can say what the plan is. What is the process and what discussions are going on with trainers, universities and employers to deliver the skill set we need?
Of course, we would want to review all this annually, which is why these amendments are here, so the Government necessarily come to Parliament to explain how they are getting on and what they are doing. I am sure the Government do not want us to be suspicious of what they are doing, and the best way to avoid that suspicion is to be open and transparent, rather than try to operate in a black box.
My Lords, these amendments, both tabled by the noble Baroness, Lady Merron, highlight the two important issues that our short debate covered—the role of Ofcom in relation to the Bill; and skills and training, and their effect on telecoms security. I am pleased to have the opportunity to outline some of the work that has already been done in these areas, which I hope explains why we consider these amendments not to be needed.
Amendment 26 would require the Government to complete a review of, and publish a report on, the impact of levels of skills and training on the security of the telecoms network and supply chain. It would require the Government to publish the report within six months of Royal Assent.
The Government certainly agree that it is crucial that public telecoms providers and organisations such as Ofcom have access to people with the skills that they need to keep our networks safe. DCMS published research this year as part of its annual survey, Cyber Security Skills in the UK Labour Market, which found that 50% of UK businesses have a basic technical skills gap. It also found that they do not have confidence in their ability to carry out basic cybersecurity functions and do not outsource these skills.
That is why the Government have a range of programmes already in place to support the growth of cybersecurity skills. Over the past five years, work funded by DCMS has supported over 160,000 young people to forge a career in the cyber sphere. The department has also funded a range of schemes to help adults or career changers to acquire new skills, most recently through the Cyber Launchpad initiative and projects sponsored through the fast track digital workforce fund.
Clearly, there is still much more work to be done to close the cyber skills gap. However, we are making progress. When compared with the 2018 survey, Cyber Security Skills in the UK Labour Market 2021 found that organisations were less likely to report a basic cyber skills gap in areas such as firewall configuration, restricting administrator rights and patching.
Specifically on skills in the telecoms sector, we know that telecoms providers need to have access to people with the right skills to ensure that their networks and services are secure, as the noble and gallant Lord, Lord Stirrup, rightly said. That is why we are creating a pipeline of these skills for the future, with telecoms apprenticeships currently available across the sector, and over 4,500 people starting this year alone.
The creation of the UK telecoms lab, as announced by my right honourable friend the Secretary of State in the other place last November, will facilitate knowledge sharing and promote skills development in telecoms security. The lab will collaborate with DCMS, the National Cyber Security Centre, the newly established UK Cyber Security Council and industry. It will develop and deliver training packages and support the establishment of professional bodies and communities. I hope that these initiatives demonstrate how seriously the Government take the task of supporting telecoms skills, and cyber skills in particular, and why we feel that the review proposed in the amendment is not needed.
I will speak more broadly about our skills agenda. The Department for Education has targeted specific investment in key areas of learning, such as science, technology, engineering and mathematics—STEM—and technical and digital subjects, which could support careers in telecoms. That includes: £2.5 billion of investment in the national skills fund to support adults to retrain and gain the skills they need for the future; nearly £2.5 billion made available for high-quality industry-designed apprenticeships; £500 million a year towards T-levels; up to £290 million to establish institutes of technology across the country, which will be the pinnacle of technical training; and a new £18 million growth fund to support further and higher education providers to expand high-quality higher technical education.
The noble Baroness, Lady Merron, asked about the impact of skills on the removal of Huawei equipment. We have no plans or intention to delay the 2027 target for the removal of Huawei equipment from 5G networks. Indeed, BT, for example, has already shared in the media that it is making good progress on removing Huawei from 5G networks, starting in Hull. We believe that we are on track.
Amendment 23 would require Ofcom to publish an additional statement as part of its annual report, under paragraph 12 of the Schedule to the Office of Communications Act 2002. This statement would contain information about the adequacy of Ofcom’s resourcing, and telecoms providers’ compliance with their security duties. It would also contain Ofcom’s assessment of any future or emerging risks to telecommunications networks, identified by interrogating telecoms providers’ asset registries.
I reassure the Committee that this amendment is also not needed. The Bill already contains a range of reporting mechanisms that will ensure that Ofcom’s role can be properly scrutinised. I will address three of these mechanisms in particular.
First, Ofcom will need regularly to report to the Secretary of State under new Section 105Z, providing information to assist him with the formulation of policy on telecommunications security. New subsection (4)(a) makes it clear that this report must include information on providers’ compliance with the duties imposed on them by the Bill.
Secondly, Ofcom will need to report on telecoms security in its annual infrastructure report. Clause 11 specifies that this should include information on the extent to which providers are complying with their security duties under new Sections 105A to 105D. Thirdly, by virtue of Clause 14, the Secretary of State will need regularly to report to Parliament on the effectiveness and impact of the new telecoms security framework.
The amendment would address three issues. I will take each in turn. The first concerns Ofcom’s resources, on which the noble Baroness, Lady Merron, began. As my noble friend the Minister mentioned at Second Reading, Ofcom’s security budget for this financial year has been increased by £4.6 million. This funding will allow Ofcom more than to double its headcount of people working on telecoms security, ensuring it has the necessary capacity to deliver its new responsibilities under the Bill. The noble Baroness asked specifically about staffing. Ofcom will work with a recruitment partner to secure the specific cyber skills needed to implement this work. This will include seconding in technical expertise to develop its capability further.
As we discussed earlier in the Committee, Ofcom will also work closely with the NCSC, which will share its expertise to support Ofcom’s implementation of the new regime. The noble Baroness mentioned the relationship between Ofcom and the National Cyber Security Centre. As she noted, the two organisations are in the process of developing a memorandum of understanding and have published a statement summarising how they intend to work together. The three key principles set out in that statement are, first, that the NCSC will provide expert technical cybersecurity advice to Ofcom to support implementation of the new telecoms security framework; secondly, that Ofcom and the NCSC will exchange information where necessary and permitted by law; and, thirdly, that the NCSC will continue to provide incident management support during serious cybersecurity incidents to telecoms operators and to Ofcom as necessary. That statement can be found on Ofcom’s website.
The second area of the amendment is a requirement for Ofcom’s annual report to include information on providers’ compliance with their duties under new Sections 105A to 105D. This reporting would duplicate provisions elsewhere in the Bill. Ofcom is already required to report publicly on providers’ compliance with those duties in Clause 11.
The final point in the amendment is about publishing information on emerging and future security risks. This has also been accounted for in the Bill. New Section 105Z(4)(f) already requires that Ofcom report to the Secretary of State any emerging risks it becomes aware of in its annual report on security. The noble Baroness asked about informing the public. It would be at the discretion of the Secretary of State whether to publish this information.
I can assure the Committee that Ofcom takes a forward-looking approach to regulation to ensure that it is robust in the face of market and technological developments. For example, its recent Technology Futures report looked at innovative technologies that will shape the communications industry, with input from the world’s leading technologists.
I hope that I have provided assurance that adequate and detailed reporting requirements for Ofcom are already outlined in the Bill. As I have set out, it already includes provision for reporting on Ofcom’s work, so additional requirements about skills and training are not necessary. I hope that the noble Baroness will therefore be content not to press her amendments.
I thank the various noble Lords for their contributions. I will speak to Amendment 24, which bears my name, but I recommend that the noble Baroness, Lady Stroud, reads the Chancellor’s Mansion House speech, in which he calls for a nuanced relationship with China. Failing that, she could read my speech on the first group of amendments, in which I challenged how nuanced a relationship can be with a country threatening both our security and that of its own people. At the heart of the Government’s challenge is to be all things to everyone in this argument. They are doomed to fail if they try to do that.
I turn to the amendment I am supposed to be speaking to. As we discussed at Second Reading, there are essentially three strands to the diversity strategy. The first leg is supporting incumbent suppliers. I was corrected by the Minister: this refers not to domestic suppliers but suppliers we already have, presumably— although it is not explicit—with the ones we do not want having been weeded out. The second is attracting new suppliers into the UK market, and the third is accelerating open interface solutions, which I assume helps the second of those strands in particular.
There is not a strand about growing a domestic industry; some of us—I am one of them—were confused about this. It mostly seems to be about taking advantage of other countries’ businesses that we can trust—or think we can at the moment; I refer the Committee to earlier comments by the noble Earl, Lord Erroll, about today’s allies not always being tomorrow’s allies—rather than massively growing our own national capability. Bearing in mind those three legs, it would be helpful to hear from the Minister how the improvement in the domestic share of this market is planned.
In her letter to many of us on the subject of diversification, the Minister made the point that Vodafone has already attracted six new suppliers, two of which were Samsung and NEC, into the market through the open RAN deployment. I think I asked her at Second Reading when open RAN would become a significant player in telecoms delivery in this country. If she gave an answer then I am afraid I mislaid it, so can she tell us when open RAN will become a significant player or whether it is something of a sideshow? I do not mean that in a bad way; it is a recognition of where it really is in the market at the moment.
The biggest challenge I have with this is that the Government have launched a lot of strategies. They usually come with a glossy document and a picture of a smiling Secretary of State. I can confirm that this strategy is no exception. We have a very nice picture of the Secretary of State, Oliver Dowden, on page 3, but it does not come with a timeline and a delivery plan. The Government would not issue a strategy if they did not have a delivery plan, so I am sure there must be one. I think it would help us all if we understood what the delivery plan is. Perhaps the Minister could share with the Committee the timeline for the delivery of this strategy, otherwise many of us might suspect that it is something that gets only launched, not delivered. I understand that money has been put into it but, again, that does not guarantee that outcomes will be forthcoming.
This amendment has been tabled to reveal how that timeline is going and how the outcomes are being delivered. That is what it is for. It would enable the Government’s spending of taxpayers’ money on delivering this strategy to be tracked by Parliament. That seems a perfectly reasonable function for Parliament to have.
The Minister might come back and say that DCMS is being asked to lay all sorts of things before Parliament. If that is the case, I think that all of us, including me, the noble Baroness, Lady Merron, who spoke very capably on this, the noble Earl, Lord Erroll, the noble Baroness, Lady Stroud, and others are quite capable of coming up with a composite annual report that covers not just the items in Amendment 24, but those in Amendment 25 on strategy, Amendment 23 on Ofcom’s performance, and Amendment 26 on skills. Taken together, I am sure we could put together a composite annual report in the next round of discussions that would save DCMS having to make several different annual reports. I suspect that that might be a way forward and look forward to the Minister embracing this idea, because of course DCMS wants to demonstrate how it is delivering its diversification strategy.
I am grateful to all noble Lords for their contributions to this short debate and consideration of the Government’s ambitious diversification strategy. The amendment tabled by the noble Baroness, Lady Merron, raises the important issue of diversification, which I know is of great interest to your Lordships, as it was to Members in the other place. Diversification is a key part of the Government’s broader approach to ensuring that our critical networks are healthy and resilient. That is why the Government set out their 5G diversification strategy last autumn, and we are fully committed to ensuring that this strategy comes to fruition.
Our long-term vision for the telecoms supply market is one where, first, network supply chains are disaggregated, providing network operators more choice and flexibility; secondly, open interfaces that promote interoperability are the default; thirdly, the global supply chain for components is distributed across regions, creating resilience and flexibility; fourthly, standards are set transparently and independently, promoting quality, innovation, security and interoperability; and finally, security and resilience is a priority and a key consideration in network design and operation. However, the Bill focuses on setting clear security standards for our public networks and services. As the noble Baroness, Lady Merron, pointed out, although diversification is designed to enhance security and resilience, not all diversification activity is relevant to the security and resilience of our networks. That is why we believe the amendment would not be appropriate.
The Government have already made progress since the publication of our strategy, including the creation of the Telecoms Diversification Taskforce, which set out its recommendations in the spring. Work is already under way to implement several of those recommendations. Research and development was highlighted by the task force as a key area of focus in order to promote open-interface technologies that will establish flexibility and interchangeability in the market. As raised by the noble Baroness, Lady Merron, and the noble Lord, Lord Fox, it will also allow a range of new smaller suppliers to compete in a more diverse marketplace.
That is why the Department for Digital, Culture, Media and Sport was delighted to announce the launch of the future radio access network competition on Friday 2 July. Through this, we will invest up to £30 million in open radio access network research and development projects across the UK to address barriers to high-performance open deployments. This competition is part of a wider programme of government initiatives, which includes the SmartRAN Open Network Inter- operability Centre—more friendlily known as SONIC Labs—a facility for testing interoperability and integration of open networking solutions, which opened on 24 June. A number of leading telecoms suppliers are already working together through this facility.
We welcome recent announcements from operators including Airspan, Mavenir, NEC and Vodafone to introduce open radio access networks into their infrastructure. This demonstrates that industry is working alongside us, here in the UK, to drive forward the change needed in the sector. We continue to work with mobile operators, suppliers and users on a number of other important enablers for diversification; for example, we are developing a road map for the long-term use and provision of legacy network services, including 2G and 3G. Alongside this, the Government have led efforts to engage with some of our closest international partners, including the Five Eyes, to build international consensus on this important issue.
We are also working to deliver on UK issues in standard- setting bodies, and working with industry, academia and international partners to ensure that standards are set in a way that aligns with our overall objectives. Ensuring that standards are truly open and interoperable will drive market growth and diversification. Through the UK’s G7 presidency, we took the first step in discussing the importance of secure and diverse supply chains among like-minded partners and the foundational role that telecommunications infrastructure, such as 5G, plays.
The noble Baroness, Lady Merron, asked how we were planning to spend the initial £250 million, which we announced to kick off work to deliver our key priorities. These priorities have been informed by the recommendations of the Telecoms Diversification Taskforce and include: establishing a state-of-the-art UK telecoms lab; exploring commercial incentives for new suppliers; launching test beds and trials for new technologies such as open RAN; investing in an R&D ecosystem; and seeking to lead a global coalition of like-minded partners on an international approach to diversification. In response to questions from the noble Baroness and the noble Lord, Lord Fox, about the growth of UK businesses, we have been clear that we are focused on investing in the UK and in UK businesses, but do not think that a UK-only solution is a wise or realistic option.
We are working closely with operators and suppliers to develop targeted measures that address the needs of industry to deliver our long-term vision for the market. We responded to the task force’s findings in July and outlined our next steps and the use of that initial investment. If the noble Earl, Lord Erroll, has not seen the government response, I am sure he would find it interesting. It also sets out our plans to create a diversification advisory council, which will meet quarterly. I hope that responds to his question.
My Lords, I am pleased to speak to Amendment 28, which stands in my name. It is the result of a number of recent developments, which I shall refer to. Noble Lords will be aware that on 2 July the Government published their response to the Telecoms Diversification Taskforce’s report and in it announced that the taskforce was now to transition into the Telecoms Supply Chain diversification advisory council, which came up earlier today. The Minister will recall that in response to a Written Question from me she said:
“The Advisory Council will play a key role in overseeing and offering scrutiny to the delivery of the 5G Supply Chain Diversification Strategy. We will also draw on the expertise of the Advisory Council for wider telecoms supply chain diversification issues beyond the RAN (Radio Access Network).”
That is all well and good. However—and this is the point that the amendment seeks to unravel—the Government have also announced that Mr Simon Blagden will be the new chair of this permanent council. Noble Lords will be aware that Mr Blagden was the non-executive director of Fujitsu UK during the Post Office scandal and has donated more than £215,000 to the Conservative Party.
As we have all discussed, diversification is inherently linked to security, so the new advisory council has to provide sound, expert advice that will secure our telecoms network, and we need confidence in that. The point I want to explore with the Minister, as she is already aware from Written Questions that I have submitted, is that the appointment of Mr Blagden raises a number of serious questions about the council’s independence and how the appointment will be able to benefit national security.
In addition to tabling Amendment 28, I have a number of questions to tease out all these points. It is also worth noting that in the past 24 hours there have been reports of a telecoms company, IX Wireless, having given—it has come to light through correct declarations of course—more than £20,000 to Conservative MPs, while the Secretary of State has given this same company glowing endorsement at a launch event, with a promotional film, which I have seen, showing him in his ministerial office with the executives of that company.
I should say to the Minister that it is a question not just of how things are but of how things look. Of course there will be facts on which I am sure the Minister can enlighten us. I have a number of questions in that regard for her relating to an inquiry about the appointment process that was in place for Mr Blagden. Who was involved and which Minister made the final decision? Will there be payment for Mr Blagden in his role as chair? How will the council give independent advice and what happens if Ministers reject that advice? Will there be security experts as members of the advisory council? What knowledge did Mr Blagden have of the faults with the Horizon system during his time at Fujitsu? Can the Minister confirm that Mr Blagden has no remaining financial interests in Fujitsu?
I know that the noble Baroness may not be in a position to answer those questions now. In which case, I hope that she will write to me before we go into the Summer Recess. I beg to move.
Before I comment on that excellent speech from the noble Baroness, Lady Merron, I want to return to the answer that the Minister gave on the Newport Wafer Fab issue, which proves the point that we were making on the need for the ISC to be involved. Regarding the ISC issue, the Government furnished themselves with the National Security and Investment Act, which was supposed to deal with issues such as this. However, the Prime Minister has chosen to refer it back not to the people running that unit but to the National Security Adviser, which proves the point that someone with access to national security information is needed to make decisions of this nature, rather than an organisation that does not have access to the information. It absolutely proves the point that our amendment on the ISC is completely appropriate, just as it was appropriate for the BEIS analogue of what is happening here.
The noble Baroness, Lady Merron, made an excellent speech and I am not going to attempt to adorn it either with my normal flippancy or with detail. There is just one issue that I wish to raise regarding Simon Blagden. Are there any outstanding legal liabilities from his time at Fujitsu? In other words, has his activity been fully exonerated or is there potential legal recourse? Other than that, I echo the point that perception of these issues is as important as reality. If the Government continue to operate in a black-box way, everybody will assume that things are going on that they cannot see and that should not be happening. It is therefore in the Government’s interests to be transparent about how that person in particular was appointed and how the advisory council will operate.
My Lords, I thank the noble Baroness, Lady Merron, for tabling the amendment and for giving me an opportunity to provide an update on the work of the Diversification Taskforce and the new diversification advisory council.
The Government recently announced the council, building on the work of the Diversification Taskforce, chaired by my noble friend Lord Livingston of Parkhead. I should like to take this opportunity to offer my thanks to him and the taskforce members for volunteering their valuable time and knowledge to their excellent review. Their recommendations and expertise will remain crucial to helping us bring greater resilience and competition to our future networks as the taskforce now transitions to the new diversification advisory council.
The Government recognise that diversification is a broad and complex issue relating to matters of security and resilience, technology and geopolitics. It is for this reason that we sought the advice of the experts appointed to the diversification task force. Many of the task force members will continue to provide advice as part of the new advisory council. In appointing the membership of the advisory council, the Government have followed all standard processes. The Government have ensured that the council comprises experts from both industry and academia across a wide range of subject matters, including security, of course.
I am moving this amendment on behalf of my noble friend Lord Clement-Jones, in whose name it is, who unfortunately could not come today. He figured that this would be taken on day three of the process, but we have got ahead of ourselves. I also thank the noble Earl, Lord Erroll, for his support for this amendment when he spoke to the second group. It is appreciated. I know that he has had to leave.
As Comms Council UK has pointed out, new Clause 105E is not the only new clause to give the Secretary of State extensive powers; there are others. New Clause 105Z1, for example, gives powers to the Secretary of State to outlaw the use of individual vendors, potentially with no parliamentary oversight, if the Secretary of State considers that it would be contrary to national security.
Clause 15 creates a scheme for dealing with particularly high-risk vendors by inserting new clauses into the Communications Act 2003. These empower the Secretary of State to give designated vendor directions where they consider it
“necessary in the interests of national security”
and the requirements imposed are
“proportionate to what is sought … by the direction.”
The designated vendor direction can impose wide-ranging requirements on providers on their use of
“goods, services or facilities … made available by a designated vendor specified in the direction.”
While vendors are entitled to notice of their designation if “reasonably practicable” to do so, they are not entitled to be consulted or informed of the reasons for the designation if the Secretary of State considers it contrary to national security. Vendors are also entitled to notice when directions are imposed on providers or when a designated vendor direction is revoked, but this right does not apply if the Secretary of State considers it contrary to national security.
The effect of all this is that, while a vendor may know of its designation, the providers with which it does business can have various restrictions imposed because of their relation to the designated vendor without the vendor knowing the reasons or possibly the existence of such directions. This is complicated but serious, and in several scenarios the vendors would have no real prospect of mounting any legal challenge, even under the closed material procedures provided for in the Justice and Security Act 2013.
Cutting to the chase, this amendment would give the Investigatory Powers Commissioner oversight of the power given to the Secretary of State in the Bill to outlaw the use of individual vendors. Without this, we are telling suppliers that they essentially have to operate without full legal protection. I cannot help thinking that this will discourage the future investment we need. I am interested to hear how the Government think they can mitigate an essentially Orwellian situation in which people find themselves in an adverse legal position but they do not know why, and sometimes they do not even know that they are there. I beg to move.
My Lords, I thank the noble Lords, Lord Clement-Jones and Lord Fox, for tabling this amendment. I do not have too much to add to this brief and interesting debate, but I take the opportunity to thank the Constitution Committee for its report on the Bill.
At Second Reading the Minister said:
“Oversight of the Investigatory Powers Act regime by the Investigatory Powers Commissioner is considered appropriate because of the potential intrusion into the private lives of individuals as a result of the use of covert powers. The national security powers in this Bill are very different from those in the Investigatory Powers Act”.—[Official Report, 29/6/21; col. 747.]
However, she did not say why it would be wrong for the commissioner’s remit to change. This is the one point I put to the Minister, and it would be helpful to have a response.
I thank the Minister for his response—but not much. There is a tendency, which has come through in this and lots of other Bills, for representatives of Her Majesty’s Government to stand up and completely ignore important committees of this House. The Constitution Committee and the Delegated Powers and Regulatory Reform Committee are not any old committees; they are very serious. The way in which their advice—or rather more than advice—has been dismissed across the board by both Ministers in this debate is a serious development. I implore representatives of Her Majesty’s Government to take those committees more seriously, because their not being observed is somewhat an abuse of process.
That said, I will read the Minister’s response in detail, with a suitably socially distanced lawyer to advise me. I do not think we have heard anything that makes this amendment less needed but, at this stage, I beg leave to withdraw the amendment.
We are down to the irreducible minimum. During my Second Reading speech, I asked the Minister about the range of technologies covered by the Bill. I do not recall getting a meaningful answer, so I thought I would try again using this as a probing amendment.
The noble Baroness, Lady Merron, talked about the creativity of your Lordships. I am now going to test your memory functions, which I know can sometimes be stretched in this House. I would like your Lordships to cast your minds back to 2003, the year when the Nokia 1100 mobile phone was introduced. Few noble Lords will remember the number, but most of you will remember the phone. It was an iconic phone that took over mobile telephony. For those who would like to see one, I have two and, for as long as 3G is available, they will continue to work. More than 250 million of these basic GSM phones were sold. It was the best-selling consumer electronics device in the world at that time—the state-of-the-art communications device—and was discontinued in 2009.
Meanwhile, at the same time, the Communications Act 2003 was introduced to regulate machines such as the Nokia 1100. This has not been discontinued but has enjoyed several patches along the way. As I have said, this is a probing amendment seeking to clarify the definition of “public electronic communications network” within the 2003 Act. I think you see what I have done; I have tried to illustrate that the world has changed a bit since 2003.
The amendment seeks to amend Section 151 of the Communications Act by adding a contemporary definition of the range of communication networks that increasingly have emerged since the Act was conceived, when Nokia ruled the roost. It would introduce a new clause to the Bill that would define the “public electronic communications network” as
“landline communications systems … mobile data, audio and video networks … digital surveillance networks … satellite delivered networks”.
My first question to the Minister is: in her opinion and that of the department, which of these categories is covered by the Bill and which is not? I also have some specific scenarios that I would like the Minister to consider. The noble Baroness, Lady Merron, will be pleased to note that they are focused on the consumer—an issue she addressed earlier in the week.
First, when broadband or 5G are delivered by satellite, whether by the BEIS-owned OneWeb or the Musk-owned SpaceX, to what extent is the satellite element covered by this legislation?
Secondly, when a facial recognition camera captures an image, sends that image to a database using a closed network and, in turn, contacts either a public sector or private sector operative via a smartphone, which part of this—if any—is covered by the legislation?
Thirdly, data is being relayed back and forth over smart speakers—Alexa and its, or her, colleagues—so do these transactions fall within the purview of the Communications Act or the Bill? For example, with smart speakers, does the Bill cover only the transmission and not the speaker itself? If that is true, what, if anything, covers the security integrity of the speaker and its software?
My fourth question concerns data travelling between smart meters, home thermostats, camera doorbells and the ever-increasing internet of things. How is their security and integrity protected by the Bill? If the answer is that they are not protected, where do these modern manifestations of communications fit in? How is the security of these things being protected for the consumers of today?
This is not just a piece of legislative housekeeping. The noble Lord, Lord Alton, raised other potentially risky companies in his speech on Amendment 1; at Second Reading I raised a range of other companies. I will not repeat them but they are in Hansard. These are just a few of the businesses involved in the sorts of activities that I have just outlined, so by understanding which activities are included in the Bill we may start to understand which companies and technologies it includes. It is about how satellites, cameras, smart speakers and the internet of things fit in the purview of what is now called communications. Times have changed since 2003. Can the Minister please update us? I beg to move.
My Lords, I thank the noble Lords, Lord Fox, Lord Clement-Jones and Lord Alton, for tabling this amendment. The noble Lord, Lord Fox, has set out why they believe this definition of a public electronic communications network is needed. I also appreciated his reference to the importance of consumers, who, after all, are core in all our discussions.
It is important to hear from the Minister whether she believes that this definition is limiting for security purposes and what impact it would have. Perhaps she can advise on whether she feels that anything is missing which should be in there. Would this definition inhibit the future-proofing ability of the Bill? I look forward to hearing from the Minister.
My Lords, there are more Bills to follow; I fear that I am being drafted into the purchasing Bill and the other Bill that the Minister just mentioned.
The Minister is wrong to conflate data protection with security—we are talking not about data protection but about security. There is a big difference between the role of the ICO and that of security. I do not think that that helps answer the questions that I was asking.
Perhaps this is for the Bills to come rather than today’s Bill, but there is something about the collective threat. If everybody’s smart meter is shut down that is a national emergency, not a personal emergency. There is a national security issue around personal data devices and somewhere, whether in this Bill or those to come, there needs to be the recognition that collective security happens when everybody’s systems are secure from threat. If I were a terrorist, it would be much easier to do those kinds of things than doing some big, national thing that is protected by the National Cyber Security Centre.
That is the point of what I am putting forward. The internet of things increases the security risk to every home all the time. Similarly, every time someone turns on their GPS locator, they are putting themselves into a system that is followed. The Minister carefully used the phrase wholly or majority use data. Increasingly with cars and satellite navigation systems, and when we move to electric and autonomous locations, all that data is becoming publicly available. In other words, my car is fed into your car, which is fed into her car to make sure that we do not run into each other. The idea that somehow you can draw these lines and say that only 10% of the data is used in a public way and 90% is not starts to become irrelevant, if it is not already. That is what I am trying to highlight.
I did not expect for a minute the Minister to say that the Government would amend Section 105 of the Act. The point was to really highlight this issue, because if the Government do not address it in this way or another then personal security on a mass level is compromised, which then becomes a national security issue. That was the point of the amendment. Having raised it, I beg leave to withdraw the amendment.
Telecommunications (Security) Bill Debate
Full Debate: Read Full DebateLord Fox
Main Page: Lord Fox (Liberal Democrat - Life peer)Department Debates - View all Lord Fox's debates with the Department for Digital, Culture, Media & Sport
(3 years, 1 month ago)
Lords ChamberMy Lords, Amendment 1 applies the affirmative procedure to the regulations made under new Section 105B in Clause 1. It requires secondary legislation to be laid in Parliament in draft and to be subject to a debate and a vote in both Houses. Clause 1 allows the Secretary of State to introduce regulations that have wide-ranging consequences for providers, and there is no provision for any independent or specialist formal oversight of these regulations. This continues a worrying trend whereby the Government make key regulations with no meaningful parliamentary scrutiny. New Section 105A introduced by Clause 1 is wide-ranging. In fact, it covers
“anything that compromises the availability, performance or functionality of the network or service”
—I repeat: “anything”.
This means that the Secretary of State has the means to make regulations that have highly onerous provisions, laying down that any provider must take “specified measures” of any kind. This is currently under the negative procedure, which, as we have noted from these Benches on many occasions, gives a near-certain guarantee of their coming into force with a minimum of scrutiny—none, it is safe to say. In Committee, the Minister’s predecessor was adamant that additional scrutiny was not desirable. She said that this was meant for technical people and had to be explained in technical language, which it was not appropriate for Parliament to discuss. However, there is the rub: the Bill covers a huge range of potential issues and, as I said, there is no formal independent or specialist oversight of these regulations, yet the Government said that they were too technical for Parliament to have its say on them. My noble friend Lord Clement-Jones spoke about the Secretary of State having unfettered power and, as usual, he was right.
Since then, the Government have slightly changed their mind, and this is seen in Amendment 3. We welcome Amendment 3 as far as it goes, which, given that it is effectively a negative process, is not very far. It does demonstrate that the Government now believe that your Lordships’ House can review technical issues and that we are capable of this onerous task, which the Minister’s predecessor deemed us incapable of doing. Clause 1 covers virtually anything the Minister decides, and we are in danger of signing a blank cheque. Amendment 1 addresses this issue and gives Parliament particular scrutiny of how these regulations affect the communications networks that are so vital to the UK’s economy and our public life. I beg to move.
My Lords, the amendment just moved by the noble Lord, Lord Fox, is about transparency, accountability and parliamentary scrutiny. It puts Parliament into the driving seat. It deserves the support of the whole House, and I hope we will give it.
My Lords, I thank the noble Lords, Lord Clement-Jones and Lord Fox, for the amendment standing in their names, and I thank the noble Baroness for welcoming me to the Dispatch Box in my new role.
The question underlying this group is whether the new telecoms security framework will have proper scrutiny. Noble Lords have proposed ways to strengthen that scrutiny throughout the passage of the Bill and your Lordships’ Constitution Committee and Delegated Powers and Regulatory Reform Committee have made their own recommendations, and I thank those committees for their work.
In Committee, the noble Lord, Lord Clement-Jones, invited the Government to make a trade-off, a choice, in his words, between
“a loose definition of ‘security compromise’”
and
“a very tight way of agreeing the codes of practice.”—[Official Report, 13/7/21; col. GC 487.]
With that in mind, I turn first to Amendments 3, 4 and 5 in my name—although I should stress, as the noble Baroness, Lady Merron, kindly did, that they also represent the work of my predecessor, my noble friend Lady Barran. We both listened to the arguments put forward in Committee and these amendments represent her views as well as mine.
We have carefully considered the concerns raised and, as the noble Lord, Lord Clement-Jones, invited us to do, we have proposed how to make that trade-off. The government amendments we have brought forward today affect Clause 3. It provides the Secretary of State with the power to issue and revise codes of practice. The code of practice is a fundamental building block of the new telecoms security framework as it will contain specific information on how telecoms providers can meet their legal duties under any regulations made by the Secretary of State.
In its report on the Bill, the DPRRC noted the centrality of codes of practice to the new telecoms security framework. The committee drew attention to the statutory effects of codes of practice and their role in Ofcom’s regulatory oversight, and because of those factors, the committee recommended that the negative procedure should be applied to the issuing of codes of practice. The noble Baroness, Lady Merron, tabled amendments in Committee to implement that recommendation. We are happy to do that. Our amendments today require the Government to lay a draft of any code of practice before Parliament for 40 days. Your Lordships’ House and the other place will then have that period of time to scrutinise a code of practice before it is issued.
We think that these changes strike the balance that noble Lords have called for today and in previous stages. I hope these government amendments demonstrate that we have listened and are committed to appropriate parliamentary scrutiny across all aspects of the framework.
Amendment 1, tabled by the noble Lords, Lord Fox and Lord Clement-Jones, would apply the affirmative procedure to regulations made under new Section 105B in Clause 1. It would require the regulations to be laid in Parliament in draft and subject to a debate and vote in both Houses.
I share the noble Lords’ desire, echoed by the noble Lord, Lord Alton of Liverpool, to ensure that Parliament has a full and effective scrutiny role in this Bill, but I fear we disagree on the best way to achieve it. The only powers in the Bill that are subject to the affirmative procedure are delegated, or Henry VIII, powers that enable the amendment of penalty amounts set out in primary legislation. The Bill currently provides for the negative procedure to be used when laying the statutory instrument containing the regulations.
In the context of these new powers, the use of the negative procedure is appropriate for three reasons. First, Parliament will have had to approve the clauses in the Bill that determine the scope of regulations—Clauses 1 and 2—and the regulations will not amend primary legislation. Secondly, evolving technology and threat landscapes mean that the technical detail in regulations will need to be updated in a timely fashion to protect our networks. Thirdly and finally, as I noted in Committee, the negative procedure is the standard procedure for instruments under Section 402 of the Communications Act. The negative procedure delivers the right balance between a nimble parliamentary procedure and putting appropriate and proportionate measures in place effectively and efficiently to secure our networks.
The two noble Lords will also be aware that the changes they propose in their amendment are not ones that the Delegated Powers and Regulatory Reform Committee made. I accept that they are keen to explore avenues for scrutiny of this framework, but that committee made its recommendation for increasing the scrutiny of this regime, and the Government have brought forward our amendments to accept it. For these reasons, we are not able to accept the noble Lords’ Amendment 1. I hope that they will be content with what we have proposed in our amendment, and may be minded to withdraw theirs.
In conclusion, the Government were asked to make a trade-off. Through the passage of this Bill, we have been invited to provide greater opportunities for Parliament to scrutinise this regime. We have listened to those concerns and we have brought forward an answer. We feel that our amendments maintain our flexibility to adapt to an ever-changing technology environment and give your Lordships’ House and the other place a greater say in its operation, so I invite the noble Lord to withdraw the amendment.
My Lords, it was remiss of me not to welcome the Minister formally; I have welcomed him personally, but not formally. Also, it was helpful that he was the Whip during the process thus far, and I should also welcome the new Whip to his seat. I thank the noble Lord, Lord Alton, and the noble Baroness, Lady Merron, for their contributions. The fact that this has been a short debate does not mean to say that it is not an important one. The reason it is short is because we have had the same debate so many times on so many different Bills, with not just this department but others. That is why it is an important issue and why, when the Minister says that we should strike a balance, we agree, but we think the balance is in the wrong place. That is why I am unable to withdraw this amendment and I should like to test the will of the House.
My Lords, it is a pleasure to follow the noble Baroness, Lady Merron, and the noble Lord, Lord Alton, in supporting Amendment 8. The Government have talked a good game on diversification but are guilty of much compartmentalisation. They have put diversification on one side and security on the other. As the noble Baroness and the noble Lord suggested, you cannot separate the two. Without a diverse supply chain, there is no security.
The issue of having only two key suppliers, which the noble Baroness, Lady Merron, referred to, is down to the fact that there has been a market failure in this area. If the Government do not intervene proactively to right that market failure, we will not get out of the situation we are in now. The Bill is the only game in town to do that. This amendment is therefore really important. During debates on the Bill, a number of Peers highlighted the words of the Government’s integrated review of security, defence, development and foreign policy. It was clear that a
“diverse and competitive supply base for telecoms networks”
is vital to a secure future. We think these are wise words from the integrated review. As such, we are pleased to support this amendment and will be happy to vote on it in the event that the noble Baroness, Lady Merron, chooses to test the will of the House.
My Lords, veterans of the National Security and Investment Bill—I am not sure there are any—will recognise this amendment: it is exactly the same argument that was put forward then. The response from BEIS was to set up a unit, within BEIS, that the relevant Minister said would have the necessary clearance to review potential national security information. It was quite clear to those in your Lordships’ Chamber at that time that that group of people would not get to see the sort of information that the ISC is cleared to see. We are in the same situation now. The Minister will say that there are people in his department who, if necessary, will be able to see the relevant information. That will not be the case and to some extent, those in the Minister’s department making decisions that refer to national security issues will be flying a little bit blind. If this is not recognised, that is regrettable. This is a really important area of security, and decisions should be made on the best available information, with the best available people reviewing that information. The clue is in the name: this is the Telecommunications (Security) Bill, and it is the Intelligence and Security Committee that is best able to review that information. That is why I support the noble Lord’s Amendment 9.
My Lords, I thank the noble Lord, Lord Coaker, for his kind words of welcome and for tabling this amendment. The important matter of parliamentary oversight has been raised a number of times in both your Lordships’ House and another place. I welcome the opportunity to clarify further how appropriate oversight of the Bill’s national security powers will be provided for both in this Bill and through existing mechanisms. The noble Lord’s amendment would require the Secretary of State to provide the Intelligence and Security Committee with copies of a directional notice when such documents, or parts of them, are withheld under Section 105Z11(2) or (3) in the interests of national security.
As regards enforcement, this amendment would also require the Secretary of State to provide the committee with copies of notifications of contraventions and confirmation decisions. Further, it would require the provision of reasons for giving urgent enforcement directions when withheld under Section 105Z22(5), as well as the reasons for confirming or modifying such directions when withheld under Section 105Z23(6).
We thoroughly agree with the need for effective scrutiny of the use of the Bill’s national security powers—that is why we have included measures to facilitate parliamentary oversight of the use of those powers. The Bill requires the Secretary of State to lay before Parliament copies of designation notices, designated vendor directions, and variations or revocations of either, unless doing so would be contrary to the interests of national security. We would expect in the vast majority of cases to lay copies of the directions and notices before Parliament. However, on very rare occasions there may be instances where the Secretary of State chooses not to do so because laying the documents would be contrary to the interests of national security. This would only be done in extremis.
We have already demonstrated our commitment to transparency with the publication of the illustrative draft designated vendor direction and designation notice last November. Indeed, it is in the Government’s interest to publish such documents as it sends a clear message to industry of our intent to use the powers in the Bill where necessary. However, while the presumption is to publish the directions and notices, it is right that we have the option to protect the UK if our national security could be put at risk through their publication.
It is worth noting that, under Section 390 of the Communications Act 2003, the Secretary of State is required to prepare and lay before Parliament annual reports on their functions under that Act. Those reports will show when the Bill’s national security powers have been exercised, whether or not copies of directions or notices are laid before Parliament. This will ensure that Parliament will always be made aware of the Secretary of State’s use of the national security powers to issue designated vendor directions and designation notices.
Having thus been made aware, the Intelligence and Security Committee will be able to request relevant information from the vital organisations it already oversees, such as the National Cyber Security Centre. Moreover, the ISC will be able to request such information at any time from the NCSC in relation to its assessment of high-risk vendors. The noble Lord is right to point to the importance of the committee. Given the cross-party support he enjoys, he knows better than most, as a former Security Minister, the important work it undertakes. The ISC will be able to do the work I have just outlined in line with its remit, as set out in the provisions of the Justice and Security Act 2013 and accompanying memorandum of understanding.
At Second Reading, the Noble Lord, Lord West, noted that the ISC had made a request for its memorandum to be formally reviewed. I understand that the chairman of the ISC has written to the Cabinet Office on these matters and that they are under consideration. Discussions and decisions regarding any changes to the ISC’s remit are of course for the Cabinet Office and the ISC to agree. That is the appropriate route for the ISC’s remit to be considered, not this Bill.
As I am sure noble Lords will appreciate, however, the advice of the security services will not be the only factor that the Secretary of State will take into account when deciding what is proportionate to include in a designated vendor direction. As well as the NCSC’s advice, the Secretary of State will consider, among other things, the economic impact, the cost to industry and the impact on connectivity of the requirements in any designated vendor direction. Those go beyond security matters and indeed fall under the work of DCMS; therefore, the Digital, Culture, Media and Sport Committee is best placed to consider those wider impacts. Hence, that is the appropriate body to oversee the Government’s use of the powers to issue designation notices and designated vendor directions, including where those directions and notices are not laid before Parliament. The Government will work with the committee to ensure that it has access to all the information it needs to carry out that oversight.
Those are the reasons why the Government cannot accept the amendment. I hope that the noble Lord will be content to withdraw it on that basis.
My Lords, I am used to hearing powerful speeches from my noble friend Lord Alton of Liverpool, but what a delight it was to hear also the speech of the noble Lord, Lord Coaker. He spelled it out exactly: it beggars belief. I cannot believe that my noble friend, a wise and intelligent Minister, will reject this amendment.
I support Amendment 11, which does not detract from the Bill in any way; it does not sabotage the Bill or pull the guts out of it, it merely adds to our arsenal. All it asks the Government to do, as the noble Lord, Lord Coaker, pointed out, is to review the security arrangements with a telecoms provider if one of our vital, strategic Five Eyes partners bans its equipment. We are not calling for a similar immediate ban, or an eventual ban, we are just saying let us review it and come to a conclusion.
Why do I want this added? My motivation is quite simple: I believe this will be another small warning shot to China that we will start to stand up to its aggression. I share the view of the new head of MI5, Mr Ken McCallum, that Russia is an irritation but China is a threat to world peace and our whole western way of life. Yes, Russia—or Putin, more accurately—is nasty and will happily kill opponents, as we saw in Salisbury, and attempt to interfere in elections, but Russia is not capable and is afraid of the consequences of waging a world war.
China, I believe, does not share that view. It is building that massive economic and military capacity to dominate the whole world. It will overtake the USA in military capability in the next few years and has already overtaken all western powers in its attitude to using force. It is not that China wants war: it believes that war will not be necessary, since it will win when we surrender without firing a shot. If it attacks Taiwan, will the USA and the UK rush to support it? I hope so, but I do not hold my breath. China believes we do not have the moral guts to do as we did with plucky little Belgium before the First World War or Poland before the second, and guarantee their security.
To return to this amendment, it is a small symbol of our intention to begin our moral fightback—to say that we will not be bullied by China, either in our universities and supply chains or in the freedom of the seas. China has been achieving world domination by small incremental steps: making the WHO its puppet; infiltrating universities; subtly taking over international organisations; robbing African countries of all their minerals as payback for loans; and stealing every bit of technology that it can. It is, therefore, by incremental steps, such as this little amendment, that we will show that we will not be cowed—that we will resist and not become China’s slaves.
My Lords, there are many merits to the plans, set out by the noble Lord, Lord Coaker, in Amendment 10, for the Secretary of State to publish a long-term strategy on telecommunications security and resilience. However, in the interests of time, I will quickly shift my focus to Amendment 11 and disappoint the House by saying that my words will be brief. The House has heard very strong speeches, not just from the noble Lord, Lord Coaker, but from the noble Lords, Lord Alton and Lord Blencathra, and it is a pleasure to see my name alongside theirs on this amendment.
The point has been made three times: this is a very small ask of the Government. Referring back to the point made by the noble Lord, Lord Coaker, working closely with our Five Eyes partners was identified as the whole point—certainly a key objective—in the integrated review. It is one of the central pillars of our security planning. So we are not asking for something outrageous. There is a strong theme of working with our Five Eyes allies across the field of security. The UK has to work with other countries to be effective—and if not with these countries then which?
The UK’s telecoms networks face the same challenges as those of our key allies, and this amendment simply ensures that when it comes to this most crucial component of security—increasingly, communications are at the heart of all our security decisions, whether we are finding things out, transmitting information or looking at what others are doing—we take into consideration what those allies are doing. If we were not doing this, there would be a strong danger of putting a wedge between us and them. Indeed, we began to see that happening with the United States, before this Government decided to change their mind over the Huawei decision—for which some noble Lords present should take a lot of credit.
The question we have to ask ourselves, therefore—it is very difficult to understand the answers, so I look forward to the Minister’s reply—is why the Government are not adopting this amendment. The Minister may take the stance that it is not necessary. If so, it is not a problem and could be included. More worryingly, does the Minister know that this is perhaps the thin end of a wedge, and that there is a lot more technology already installed in our infrastructure across the country that the Government would have to start to remove? If there is, it would be expensive but important to do. Or perhaps the reason is the worst of all excuses: that the Government did not think of it and so are resisting suggestions from others, which is the worst sort of institutional resistance, of a kind that we see all the time.
We on these Benches, therefore, support this amendment from the noble Lord, Lord Alton, and if he sees fit to lead us through that virtual Lobby, we will be virtually beside him.
I thank the Minister, and perhaps I am pre-empting what he is about to say, but it seems that, although he has clearly said the answer that I predicted—“not necessary”—the fact that this amendment was brought shows that it is not clear from this legislation that that is what the Minister will be doing. At the very least, whether this gets voted through or not, there is a conversation to be had when this comes back on Report that takes into consideration whether it just limits itself to Five Eyes or goes broader. Will the Minister undertake to think about those things as well, and perhaps comment on that?
Telecommunications (Security) Bill Debate
Full Debate: Read Full DebateLord Fox
Main Page: Lord Fox (Liberal Democrat - Life peer)Department Debates - View all Lord Fox's debates with the Department for Digital, Culture, Media & Sport
(3 years ago)
Lords ChamberMy Lords, this has been my first Bill since I joined your Lordships’ House a little over six months ago. Some would say that I was thrown in at the deep end but in my view, I was simply given the opportunity to swim in rather warm and pleasant parliamentary waters. It has been fascinating and enjoyable and I am very glad that my first Bill has been such an important one for the security of the nation.
The Minister has of course been a constant throughout consideration of this Bill, and we saw his worth recognised as he was promoted from the important role of Whip to the Minister tasked with bringing the Bill home. I thank him for the courteous and professional manner in which he has conducted himself throughout, and I also express my thanks to the former Minister, the noble Baroness, Lady Barran. From these Benches, we also express our gratitude to the Bill team, the clerks, the staff of the House—indeed, all those who have worked front of house as well as behind the scenes to make this Bill possible.
Throughout, it has been my pleasure to work with my noble friend Lord Coaker, who has brought his valuable experience and knowledge to proceedings. We have been blessed to have the highly professional support of Dan Harris, our excellent adviser who has guided and advised us throughout, to whom we express our thanks. Her Majesty’s Opposition strongly believe that our nation’s security is above party politics, and I thank all noble Peers who have worked cross party on this Bill.
New technologies have long transformed how we work, live and, of course, travel. Our experiences during the pandemic have upped the ante on the degree to which we rely on telecommunications networks. At the same time, it has reinforced how intertwined these networks are with issues of national security, including the top priority of any Government: to protect its citizens from risk. This Bill is a necessary step to protect us.
I am very glad to welcome the Government’s acceptance of our arguments that codes of practice, to be issued by the Secretary of State to telecoms providers, must first come before Parliament. However, the Bill raised key questions and concerns, especially given the absence of an effective plan to diversify the supply chain and in respect of our telecom security depending on strengthening our international bonds, in particular through the Five Eyes, involving the UK, the United States, Australia, Canada and New Zealand. I thank the noble Lord, Lord Alton, for his work on that issue.
I hope that the other place will give sympathetic consideration to the changes we have made on both those matters, and that the Minister will recognise that the amendments passed by your Lordships’ House make serious and important improvements to the Bill and have widespread support across the Chamber. My concluding wish for this Bill is that the Government will reflect and feel able to support these improvements to the Bill and the security they provide.
My Lords, as the Minister said, this Bill entered the other place a year ago. It has variously been urgent, in the long grass, urgent again and now quite close to passing. I will not delay its passage many more seconds. I have shelved my inner churl, but I absolutely sign up to the comments of the noble Baroness, Lady Merron. There are outstanding issues that your Lordships commented on and put into the Bill as amendments that I hope can be picked up. I hope that when this Bill is finally put to bed, it really does protect the security of this country, and we will work, on these Benches, to help make that happen. There is a lot of unfinished business in this area. I fear that the Minister himself, or one of his successors, may very well be bringing other Bills before your Lordships quite soon.
I thank the Ministers, first the noble Baroness, Lady Barran, and then the noble Lord, Lord Parkinson, for their work and their willingness to communicate with those of us who were seeking to scrutinise this Bill. I join the noble Lord in congratulating the DCMS Bill team, and I hope he did not leave anybody out. I congratulate the noble Baroness, Lady Merron, and the noble Lord, Lord Coaker, on their legislative debuts. I also thank the noble Lord, Lord Alton, for his spirited, highly principled and really important, contributions on the Bill.
Finally, I thank my noble friends Lord Clement-Jones and Lady Northover, without whom this scrutiny would not have been complete, and Sarah Pughe, our legislative officer, for her invaluable support. With that, we wish this Bill onwards, with speed and effectiveness, because it has a very important job to do.
My Lords, before we pass this Bill, may I add to a comment to what the noble Lord, Lord Fox, and the noble Baroness, Lady Merron, said? I express my thanks as well to everyone who was on the long list that the noble Lord, Lord Parkinson, gave us, but also to his predecessor, the noble Baroness, Lady Barran. As Ministers, I do not think they could have been more helpful and more responsive to the points we made both in Committee and on Report.
My noble friend also mentioned the all-party amendment moved last week by myself and the noble Lord, Lord Blencathra, which we also raised in Committee. It raises the need for reviews to take place when another jurisdiction—specifically, in this case, many of us cited the United States of America—had banned a particular company which was not banned in the United Kingdom but working within the telecommunications sector.
One example the noble Lord, Lord Coaker, and I gave in our debates was Hikvision, which is banned in the United States. It makes the surveillance cameras that are used punitively against the Uighur people in Xinjiang but are also used in our own high streets and public buildings. That amendment called for a review: that when any such company is banned in another Five Eyes jurisdiction, it is to be reviewed in the United Kingdom. It is a very reasonable all-party amendment, but it was opposed by the Government. Before the Minister completes his remarks today, could he tell us what has happened to that amendment and how the Government intend to respond to it?